PRIVACY AND DATA PROTECTION POLICY

This Privacy and Data Protection Policy ("Policy") outlines the methodology by which Shipify UAB (the "Company," "Data Controller," "we," "us," or "our") manages, collects, uses, and safeguards the personal data obtained from users ("you" or "Data Subject") accessing our website, located at https://shipifyuab.org/ (the "Platform," or "Site") and associated services.

We are fully committed to ensuring the confidentiality and integrity of your personal information and processing it in strict compliance with the Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR") and the national data protection legislation of the Republic of Lithuania.

By continuing to use or access the Platform, you explicitly acknowledge that you have reviewed, understood, and consented to the data processing practices described in this Policy.

1.1. GDPR Definitions

For clarity and in alignment with Article 4 of the GDPR, the following terms apply:

• Personal Data: Any information relating to an identified or identifiable natural person (Data Subject).
• Processing: Any operation performed on Personal Data (e.g., collection, storage, use, disclosure, or erasure).
• Controller: The entity that determines the purposes and means of processing Personal Data.
• Consent: A freely given, specific, informed, and unambiguous indication of the Data Subject's wishes.

1.2. Data Controller Details

The legal entity responsible for the collection and processing of your data is:

• Legal Entity: Shipify UAB
• Registered Address: Vilniaus m. sav., Grigiškės, Šviesos g. 3-72, LT-27115, Lithuania
• Official Contact Email (for data inquiries): team@shipifyuab.org

We collect and process personal information that you knowingly and actively provide, as well as data automatically transmitted by your devices when interacting with our Platform.

2.1. Data Provided Voluntarily

This data is collected when you contact us, submit forms, or register for services:

• Identifiers: Name, surname, email address, physical address, and contact telephone numbers.
• Commercial Information: Details related to products or services requested, obtained, or considered.
• Voluntarily Submitted Data: Any other Personal Data included in communications, support requests, or surveys.

2.2. Automatically Collected Technical Data

When you visit the Platform, our servers automatically record data supplied by your browser:

• Network & Device Data: IP address, browser type and version, operating system, time zone settings, and referring URLs.
• Usage Data: Pages viewed, time spent on pages, navigation paths, interaction metrics, and performance errors.

All processing activities are conducted lawfully, fairly, and transparently, adhering to the principles of Article 5 GDPR.

3.1. Lawful Basis (Article 6 GDPR)

We process your data only when one or more of the following legal bases apply:

• Consent: You have given explicit, freely given consent for a specific purpose.
• Contractual Necessity: Processing is necessary for the performance of a contract or to take steps at your request prior to entering a contract.
• Legal Obligation: Processing is required to comply with a legal or regulatory obligation in Lithuania or the EU.
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement, internal analytics), provided such interests do not override your fundamental rights and freedoms.

3.2. Purposes of Data Use

We use your Personal Data exclusively to:

• Provide, operate, maintain, and continuously improve the Platform and our Services.
• Fulfill contractual or pre-contractual obligations and process transactions.
• Respond to your inquiries, feedback, and support requests.
• Send administrative notices, service updates, and relevant product information.
• Monitor system security, prevent fraudulent activity, and ensure compliance.
• Perform internal analytics, research, and technical service optimization.

4.1. Security Measures (Article 32 GDPR)

We implement robust administrative, technical, and organizational measures to safeguard Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These safeguards include data encryption, restricted access controls, regular auditing, and secure storage solutions.

N.B.: While we strive for absolute security, you acknowledge that no electronic system or transmission over the Internet can be guaranteed 100% secure. Data transmission is undertaken at your own risk.

4.2. Data Retention (Article 5(1)(e) GDPR)

We retain Personal Data only for the minimum period required to fulfill the purposes outlined in this Policy, or as mandated by Lithuanian law (e.g., for accounting or legal compliance). Once data is no longer necessary, it is securely deleted or rendered permanently anonymized.

5.1. Disclosure to Third Parties

We do not trade, sell, or commercially exploit your Personal Data. We may disclose limited data only when necessary to:

• Processors: Share data with trusted third-party service providers (e.g., hosting, IT support, analytics vendors) who act strictly on our behalf and are bound by confidentiality agreements compliant with GDPR Article 28.
• Legal Authorities: Comply with valid legal obligations, court orders, or lawful requests from Lithuanian or EU law enforcement agencies.
• Protection: Protect the vital interests, rights, property, or safety of Shipify, our Users, or the public

5.2. Transfers Outside the EEA

In the event that Personal Data must be transferred outside the European Economic Area (EEA), Shipify will ensure that such transfers are conducted in strict compliance with GDPR standards, utilizing legally approved mechanisms such as the European Commission's Standard Contractual Clauses (SCCs) to guarantee an adequate level of data protection.

Under Articles 12–23 of the GDPR, you possess the following comprehensive rights regarding the Personal Data we hold about you. Shipify fully respects and facilitates the exercise of these rights:

• Right of Access (Art. 15): The right to obtain confirmation and a copy of your Personal Data undergoing processing.
• Right to Rectification (Art. 16): The right to correct inaccurate or incomplete data.
• Right to Erasure (Art. 17 - "Right to be Forgotten"): The right to request the deletion of your data, subject to legal obligations.
• Right to Restriction of Processing (Art. 18): The right to limit the processing of your data under specific conditions.
• Right to Data Portability (Art. 20): The right to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object (Art. 21): The right to object to processing, including for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3)): The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please submit your request in writing to team@shipifyuab.org.

If you have concerns about our data handling, you have the right to lodge a complaint with the State Data Protection Inspectorate (Lithuanian Supervisory Authority) or the relevant authority in your EU Member State.

We utilize cookies and similar tracking technologies (e.g., web beacons) to analyze user behavior, improve Platform performance, and customize your experience. Cookies are small data files placed on your device.

You have the ability to manage or disable cookies through your browser settings. Be advised that disabling cookies may impair the functionality of certain sections of the Platform.

8.1. Minors and Children's Data

Our Platform and Services are not intended for, nor directed at, individuals under the age of 16. In accordance with Article 8 GDPR, we do not knowingly collect Personal Data from minors. If we become aware that we have collected such information, it will be deleted immediately and securely.

8.2. External Websites

The Platform may contain links to external websites that are not operated by Shipify. We are not accountable for the content, security, or privacy practices of these third-party websites and strongly recommend that you review their specific privacy policies before providing any personal data.

We reserve the right to modify or amend this Policy at any time to reflect changes in our technological practices, service offerings, or Lithuanian and EU legal requirements. Material updates will be published directly on this page. Your continued use of the Platform after the effective date of the revision constitutes your acceptance of the updated Policy.