PRIVACY POLICY
Website: https://100autoratu.lt/
1. GENERAL PROVISIONS
1.1. This Privacy Policy (hereinafter – the Policy) governs the processing of personal data of users of the website https://100autoratu.lt/ (hereinafter – the Website).
1.2. By using the Website and providing their personal data, the User consents to their processing under the conditions set forth in this Policy, in accordance with Regulation (EU) 2016/679 (GDPR) and the Law on Legal Protection of Personal Data of the Republic of Lithuania.
1.3. If the User does not agree with the terms of the Policy, they must immediately cease using the Website.
2. DATA CONTROLLER
2.1. The controller of personal data is the representative of Chongqing Huanyu Automobile Sales Co., Ltd. in the Republic of Lithuania (hereinafter – the Administration).
2.2. Contact details of the Data Controller:
Website: https://100autoratu.lt/
Email: Arturborisevich@gmail.com
3. TERMS AND DEFINITIONS
3.1. Website – an internet resource located at https://100autoratu.lt/ and its subdomains.
3.2. Administration – official representatives authorized to manage the Website and process personal data.
3.3. User – a natural person who has access to the Website and uses its functionality.
3.4. Personal data – any information relating to an identified or identifiable natural person (data subject) as defined in Article 4 of the GDPR.
3.5. Processing of personal data – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.6. Confidentiality – the obligation not to disclose personal data without the consent of the data subject, except in cases expressly provided for by applicable law.
4. LEGAL BASIS FOR PROCESSING
4.1. Personal data is processed on the following legal bases (Article 6 of the GDPR):
consent of the data subject (Article 6(1)(a) GDPR);
processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR);
processing is necessary for compliance with a legal obligation (Article 6(1)(c) GDPR);
processing is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) GDPR).
5. COLLECTION AND PROCESSING OF PERSONAL DATA
5.1. The Administration collects and processes personal data exclusively for specific, explicitly stated, and lawful purposes:
identification of the User;
provision of services and interaction with the client;
processing of requests and appeals;
sending information about products, promotions, and news (exclusively with the explicit consent of the User);
conducting statistical research to improve the quality of services (in anonymized form).
5.2. By filling out forms on the Website, the User gives explicit and informed consent to the processing of their personal data in accordance with the GDPR.
5.3. Categories of data processed:
surname, first name;
phone number;
email address;
data on interest in products/services;
IP address, cookie data;
other information voluntarily provided by the User.
5.4. Consent to receive marketing messages (email, SMS, Viber, WhatsApp, Telegram) is provided by the User separately and may be withdrawn at any time without giving reasons.
6. RIGHTS OF THE DATA SUBJECT
6.1. In accordance with the GDPR, the User has the following rights:
the right to access their personal data (Article 15 GDPR);
the right to rectification of inaccurate or incomplete data (Article 16 GDPR);
the right to erasure ('right to be forgotten') (Article 17 GDPR);
the right to restriction of processing (Article 18 GDPR);
the right to data portability (Article 20 GDPR);
the right to object to processing (Article 21 GDPR);
the right to withdraw consent to processing at any time (Article 7(3) GDPR);
the right to lodge a complaint with a supervisory authority (Article 77 GDPR).
6.2. To exercise their rights, the User may contact the Data Controller by email: Arturborisevich@gmail.com.
6.3. The Administration considers requests from the data subject without undue delay and in any case no later than one month from receipt of the request. If necessary, this period may be extended by a further two months with notification to the User.
6.4. The Administration is not responsible for inaccurate information provided by the User.
7. DATA RETENTION PERIODS
7.1. Personal data is kept for no longer than is necessary for the purposes for which it was collected, in accordance with the storage limitation principle (Article 5(1)(e) GDPR).
7.2. After achieving the processing purposes or withdrawal of consent, data is deleted or anonymized, except in cases where legislation requires data to be kept for a certain period.
8. SECURITY OF PERSONAL DATA
8.1. Data processing is carried out in accordance with Regulation (EU) 2016/679 (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts of the European Union and the Republic of Lithuania.
8.2. Data confidentiality is maintained, except in cases:
when the data is publicly available at the initiative of the data subject;
when processing is necessary for the performance of a contract with the User;
when processing is necessary for compliance with the legal obligations of the Controller;
when data transfer is required by law or at the request of an authorized state body.
8.3. The Administration applies appropriate technical and organizational measures to protect personal data in accordance with Article 32 of the GDPR:
data encryption;
access control;
regular backup;
ensuring the confidentiality, integrity, availability, and resilience of processing systems;
regular testing and assessment of the effectiveness of security measures.
8.4. Data is stored on secure servers, access to which is only available to authorized employees who are obliged to maintain confidentiality.
8.5. In the event of a personal data breach, the Administration notifies the State Data Protection Inspectorate of the Republic of Lithuania (Valstybinė duomenų apsaugos inspekcija) within 72 hours, and in the case of a high risk to the rights and freedoms of natural persons – also the data subjects without undue delay (Articles 33-34 GDPR).
9. TRANSFER OF DATA TO THIRD PARTIES
9.1. The Administration does not transfer personal data to third parties, except in cases:
when transfer is necessary for the performance of a contract with the User;
when transfer is required by law;
when the User has given explicit consent to the transfer;
when transfer is made to data processors who provide sufficient guarantees of GDPR compliance (Article 28 GDPR).
9.2. Transfer of data to countries outside the European Economic Area (EEA) is carried out only with appropriate safeguards (standard contractual clauses, adequacy decisions, etc.) in accordance with Chapter V of the GDPR.
10. COOKIES
10.1. The Website uses cookies to ensure the functioning of the website, analyze traffic, and personalize content.
10.2. By continuing to use the Website, the User consents to the use of cookies in accordance with the cookie notice.
10.3. The User may disable or block cookies at any time through browser settings, however, this may affect the functionality of the Website.
11. LINKS TO EXTERNAL RESOURCES
11.1. The Website may contain links to third-party resources. The Administration does not control their content and is not responsible for the privacy policies of these sites. We recommend that you review their rules before using them.
12. POLICY UPDATES
12.1. The Administration reserves the right to change the Privacy Policy unilaterally.
12.2. The new version comes into force from the moment of its publication on the Website.
12.3. The current version of the Policy is always available at: https://100autoratu.lt/
12.4. The User undertakes to independently monitor changes by periodically reviewing this page.
13. FINAL PROVISIONS
13.1. The law of the Republic of Lithuania and the European Union applies to this Policy.
13.2. All disputes arising from these legal relations shall be considered in the court of the Republic of Lithuania in accordance with applicable law.
13.3. All correspondence with the Administration is conducted by email. A message is considered received on the day it is sent.
13.4. If any provision of the Policy is found to be invalid, this shall not affect the validity of the remaining provisions.
13.5. The supervisory authority in the field of personal data protection in the Republic of Lithuania is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija), L. Sapiegos g. 17, 10312 Vilnius, www.ada.lt.
Last updated: 2026