INFORMATION

Privacy Policy

UAB „Seilas“ (brand name Mande Spa) is committed to protecting your personal data and handling it responsibly and transparently, in full compliance with the EU General Data Protection Regulation (GDPR) and applicable Lithuanian law. We want you to feel confident that your data is safe and used only for the purposes described in this policy.

Data Controller

Company: UAB „Seilas“ (brand name: Mande Spa)
Company code: 305304387
Registered address: Serbentų g. 86, LT-78136 Šiauliai 
Email: info@mandespa.lt

What Data Do We Collect?

Depending on how you interact with us, we may collect the following categories of personal data:

  • Contact details – name, surname, email address, phone number, delivery address.
  • Order and purchase information – products purchased, payment details, delivery address.
  • Enquiry data – information submitted via contact forms regarding our services or products.
  • Browsing data – IP address, cookies, pages visited, forms submitted, time spent on site.
  • Customer service correspondence – records of communication via email, phone, or live chat.
Purposes and Legal Bases for Processing

We process your data only where we have a valid legal basis. The table below sets out our purposes and the corresponding legal grounds under GDPR:

Processing purpose

  • Processing and fulfilling your orders, coordinating production and delivery – legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • Accounting, invoicing and tax obligations – legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).
  • Customer support, warranty handling and after-sales care – legal basis: legitimate interests (Art. 6(1)(f) GDPR).
  • Sending newsletters and direct marketing communications – legal basis: your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
  • Website analytics and marketing optimisation via cookies – legal basis: your consent (Art. 6(1)(a) GDPR).
Retention Periods

We retain personal data only for as long as necessary for the purpose it was collected, or as required by law:

  • Order and purchase data – 10 years (statutory accounting requirement).
  • Newsletter subscription data – until you withdraw your consent.
  • Contact form enquiries – up to 2 years.
  • Cookies – up to 12 months (unless deleted earlier by you).

Once data is no longer needed and no legal obligation requires its retention, it is securely deleted.

Who We Share Your Data With

We do not sell your personal data. We may share it only with the following categories of recipients, strictly for the purposes described in this policy:

  • Courier and logistics providers – for order delivery.
  • Payment processors – such as Paysera or Stripe, for secure transaction handling.
  • IT, hosting and website maintenance providers – to ensure the technical operation of our services.
  • Email marketing platforms – such as MailerLite, for sending newsletters (only with your consent).
  • Public authorities – where required by law or a binding legal request.

All third-party processors are bound by data processing agreements and must comply with GDPR. Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Cookies

Our website uses cookies and similar tracking technologies. We use the following types:

  • Essential cookies – required for the website to function correctly. No consent needed.
  • Analytical cookies – used to understand how visitors interact with our site (e.g. Google Analytics).
  • Marketing cookies – used to deliver relevant ads and track campaign performance (e.g. Facebook Pixel, Google Ads).

Analytical and marketing cookies are only placed with your consent, which you can give or withdraw at any time via our cookie consent banner on the website. You may also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:

  • Access restrictions – data is accessible only to staff who require it to perform their duties.
  • Individual login credentials and secure password practices for all staff.
  • Regular staff training on data confidentiality and GDPR compliance.
  • Physical security – paper documents stored in locked premises.
  • Secure deletion of data that is no longer required.

In the event of a personal data breach, we will notify the relevant supervisory authority and, where required, the affected individuals without undue delay, in accordance with GDPR obligations.

Your Rights

As a data subject under GDPR, you have the following rights:

  • Right of access – to obtain a copy of your personal data and information about how it is processed.
  • Right to rectification – to have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”) – to request deletion of your data where there is no legal basis for continued processing.
  • Right to withdraw consent – at any time, without affecting the lawfulness of prior processing.
  • Right to restriction of processing – to request that we limit how we use your data.
  • Right to object – to processing based on legitimate interests or for direct marketing purposes.
  • Right to data portability – to receive your data in a structured, commonly used format and transfer it to another controller.

To exercise any of these rights, please contact us at: info@mandespa.lt

You also have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania: https://vdai.lrv.lt. If you are located in another EU/EEA member state, you may contact your local data protection authority.

Links to Third-Party Websites

Our website may contain links to third-party websites that we do not operate or control. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The latest version will always be published on our website. We encourage you to review it periodically.