Color SHOCK
Home/Privacy Policy
Legal information

Privacy Policy

Information about the processing of Your personal data in accordance with GDPR requirements.

Last updated: 2026-04-20

1. General Information

This Privacy Policy explains how Dažai Kirpėjams (the “Seller”, “we”) processes the personal data of buyers and visitors of the website www.dazaikirpejams.lt. The policy is based on the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Lithuanian Law on Legal Protection of Personal Data.

2. Data Controller

  • Name: Džiuljetos Vėbrės individuali veikla (sole proprietorship)
  • Activity registration code: 47003130637
  • Address: Taikos pr. 32, LT-50246 Kaunas, Republic of Lithuania
  • Email: info@dazaikirpejams.lt
  • Phone: +370 680 47667

A Data Protection Officer (DPO) has not been appointed, as the Seller does not meet the mandatory designation criteria under Art. 37 GDPR. For all data protection enquiries please use the contacts above.

3. What data we process and on what legal basis

We only process personal data where we have a lawful basis under Art. 6 GDPR:

  • Order fulfilment (performance of a contract, Art. 6(1)(b)) — first name, last name, email, phone, delivery address; for B2B: company name, registration code, VAT code; order details and payment data.
  • Accounting and legal compliance (Art. 6(1)(c)) — order and invoice data we are required to retain under the Lithuanian Law on Accounting.
  • Customer account administration (performance of a contract) — email, password (hashed), login history, order history.
  • Newsletter and direct marketing (consent, Art. 6(1)(a)) — email address. You may withdraw consent at any time via the unsubscribe link or by contacting us.
  • B2B enquiries (legitimate interest, Art. 6(1)(f)) — contact person's name, email, phone, salon details.
  • Site analytics and security (consent for analytics cookies; legitimate interest for security) — IP address, browser information, browsing data, cookie identifiers.

We do not use Your data for automated decision-making or profiling that produces legal effects on You.

4. Retention periods

  • Order and invoice data — 10 years (under the Lithuanian Law on Accounting).
  • Customer account data — for as long as the account is active; up to 1 year after account deletion.
  • Newsletter subscription — for as long as consent is valid; deleted immediately upon withdrawal.
  • Contact form messages — up to 1 year after the last correspondence.
  • Cookies and analytics data — according to each cookie's lifetime (see section 6).

5. Recipients and processors

The Seller does not disclose Your data to third parties on its own behalf, except to the following key processors with whom data processing agreements have been concluded:

  • Supabase, Inc. (USA / EU) — database and authentication. Data stored in the EU region.
  • Vercel Inc. (USA) — website hosting. Transfers to the USA take place under EU Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework (DPF).
  • Resend, Inc. (USA) — transactional email delivery (order confirmations). Transfers under SCCs.
  • Paysera LT, UAB (Lithuania) — payment processing. The Seller does not receive full payment card details.
  • Google LLC (USA) — Google Analytics 4 (anonymous visitor statistics, with consent only); Google Maps (map display on the contacts page). Transfers under SCCs and the EU–US DPF.
  • Courier and parcel locker services (LP EXPRESS, Omniva, etc.) — parcel delivery (name, address, phone).
  • Public authorities — where required by law.

6. Cookies

We use cookies and similar technologies on the website. Cookies are grouped into categories:

  • Essential cookies (always on) — necessary for site operation: cart state, login session, consent record (cookie-consent-v1). Legal basis: legitimate interest.
  • Analytics cookies (with consent only) — Google Analytics 4 (_ga, _ga_*) — anonymously measure traffic and popular pages. Lifetime up to 2 years.
  • Marketing cookies (with consent only) — currently not in use; if introduced in the future, separate consent will be requested.

Consent is managed via the cookie consent bar (Consent Mode v2). You may withdraw consent at any time via the link at the bottom of the site or in Your browser settings.

7. International data transfers

Where data is transferred outside the European Economic Area (Vercel, Resend, Google), this is done only subject to the safeguards set out in Chapter V of the GDPR: EU Standard Contractual Clauses (SCCs) and/or participation in the EU–US Data Privacy Framework (DPF).

8. Your rights

Under the GDPR You have the right to:

  • Be informed about the processing;
  • Access Your personal data (Art. 15);
  • Rectify inaccurate data (Art. 16);
  • Erasure (“right to be forgotten”, Art. 17);
  • Restrict processing (Art. 18);
  • Data portability in a structured, machine-readable format (Art. 20);
  • Object to processing, including direct marketing (Art. 21);
  • Withdraw consent at any time (without affecting the lawfulness of prior processing);
  • Lodge a complaint with the supervisory authority — the State Data Protection Inspectorate of the Republic of Lithuania (L. Sapiegos g. 17, 10312 Vilnius, vdai.lrv.lt).

We will respond to Your request within 30 calendar days of receipt.

9. Data security

We implement organisational and technical measures to protect personal data from unauthorised access, disclosure, destruction or alteration: HTTPS encryption, access control, password hashing, regular backups.

10. Is providing data mandatory

Order data (name, contact details, delivery address) is necessary for concluding and performing the contract. If not provided, we cannot fulfil the order. Newsletter subscription is voluntary.

11. Changes to this policy

The Seller reserves the right to amend this Privacy Policy. Material changes will be announced on the Store website and, where appropriate, communicated separately by email.

12. Contact

For all questions regarding personal data processing, please contact us by email at info@dazaikirpejams.lt or by post at Taikos pr. 32, LT-50246 Kaunas.