Privacy policy

PRIVACY POLICY

UAB “EUSTILITA (“Data Controller”, also referred to aswe”, “our”, “us) is the data controller of your personal data. We respect your privacy and are committed to protecting your personal information.

1. Data Controller Details:

Legal entity:  UAB “EUSTILITA 

Registered Address: Bijūnų str. 12, LT-48399 Kaunas, Lithuania

Company code: 302325796

Phone: +370 699 97137

Email: info@natutui.com

This Privacy Policy explains how UAB “EUSTILITA” collects, uses, and protects personal data when you visit or shop at www.natutui.com (“Website”), in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable requirements of the European Union and the laws of the Republic of Lithuania.

The Privacy Policy provides essential information about how we process the personal data of our visitors, clients, business partners and their representatives, ambassadors, and other individuals. If you wish to obtain more detailed information, please contact us using the details provided in this Privacy Policy.

 

If you are over 14 but under 18 years of age, you must ensure that you have permission from a parent or legal guardian before providing us with any personal data. If you provide personal data that is not your own, you must have the other person’s consent. Upon our request, you will be required to prove that such consent has been obtained. Individuals under the age of 14 are prohibited from providing their personal data on this website without prior consent from their parents or other legal guardians and without submitting such consent to us.

 

2. Personal data we collect about you

We may collect, use, store and transfer different kinds of personal data about you, which is necessary to operate an e-commerce business, which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. Order information.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, visited pages (using cookies).
  • Usage Data includes information about how you use our website, products.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences, inquiries, comments, feedback, messages via email or contact form.
  • Customer support communications.

3.  How we will use your personal information

  • To register you as a new customer: create an account for you, provide our products,manage our systems,prevent fraud, send you marketing communications,share this information with third parties if you have provided your consent to this.

To understand the way you use our products: identify products/services that may be of interest to you, monitor usage of website, provide location-based functions,upload your photos and videos, send notifications, personalise our service, statistical analysis and research,improve our services, develop new products and services.

  • To process and deliver your order including: manage payments, fees and charges, collect and recover money owed to us, foreign money exchange.
  • Information when you communicate with us whether in person, through our website or app, via email, over the phone, through social media or via any other medium. We use this to:
  • answer any of your issues or concerns,monitor customer communications for quality and training purposes, develop new services,improve our services based on the feedback you provide.
  • To manage our relationship with you which will include: notifying you about changes to our terms or privacy notice, resolving technical issues,asking you to provide feedback on our service.
  • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data, and anti-money laundering checks).
  • To deliver relevant website content.
  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
  • To make suggestions and recommendations to you about services that may be of interest to you.
  • Information that we collect incidentally from other sources or public sources, including information presented on our social media or wider social media platforms including Facebook, Youtube and Instagram. We use this information, including to:maintain market awareness, build and maintain social media branding.

4. Legal basis on processing your personal data

We process your personal data on the following legal bases:

  • for the conclusion, intention, performance, amendment, and administration of a contract (GDPR - Article 6(1)(b));
  • for compliance with our legal obligations and requirements established by law (GDPR- Article 6(1)(c));
  • for the purposes of pursuing our or third parties’ legitimate interests (GDPR - Article 6(1)(f));
  • on the basis of your consent (GDPR - Article 6(1)(a))- for marketing and cookies.

 

5. Cookies


 We use automated non-personalised data analysis to conduct research on the market, customer behaviour and statistics, and to generate reports for the development of our business. The data analysis allows us to make important business decisions. On the basis of the performed analysis, we form an assortment of goods that meet the needs of our customers, create pricing, improve the operation of the Electronic Store, etc.

 

We reserve the right to store information (commonly known as a cookie) on your computer when you visit the online store www.natutui.com  Cookies are designed to display items that you have recently viewed and/or want to compare with other items. You can delete this information from your computer or block it by resetting the settings on the web browser on your computer.

 

Due to the cookies used, the website may "remember" certain options for a certain period of time: registration name, language and the like. It is also one of the tools for collecting statistics on the website traffic.

A cookie is sent to your computer or other device to store data, and we may identify you as a visitor at the Online Store when you are visiting our Online Store. With the help of cookies, we may also link your purchase history and other data collected while you were using the Online Store to your online browsing. The information collected by cookies allows us to ensure your ability to browse more conveniently, provide you with attractive offers and learn more about the behaviour of our Electronic Store users, thus improving both the website and your service.

 

Third-party cookies (e.g., Google Analytics) are set by data controllers who are not operators of the website visited by the website user and are used for data analysis purposes. Our website also sets cookies belonging to third parties that have been installed with your prior consent. Such third parties may have access to information collected through the cookies they use.

 

Our website uses cookies:

  • Necessary cookies – ensure the website's functionality.
  • Analytics cookies – help analyze website usage.
  • Advertising cookies – advertising and remareting, show personalized ads (using Facebook Pixel, Google Ads, if applicable).

6. Third-party data processors (DPAs)

We use trusted service providers under GDPR-compliant Data Processing Agreements.

Common tools include:

  • Google Analytics / Google Ads – Website analytics and advertising
  • Meta (Facebook & Instagram) – Advertising and conversion tracking
  • Omnisend – Email marketing and transactional messages
  • Service providers: IT, hosting, e-commerce, logistics, and accounting providers, payment processors.
  • Government institutions when required by law.
  • Data processors under the contract.

Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this privacy notice.

Data is processed within the EU or transferred using EU Standard Contractual Clauses (SCCs).

7.  Transfer of Personal Data Outside the European Economic Area

We process and store your personal data within the European Union (EU) and the European Economic Area (EEA). However, in certain cases, data may be transferred outside the EEA, for example when:

  • we use services provided by international companies (e.g., Google, Facebook, LinkedIn) whose servers may be located outside the EEA;
  • we engage IT, marketing, or cloud service providers operating outside the EEA;
  • such transfer is necessary to perform a contract with you or comply with legal obligations.
  • In these situations, we ensure that the transfer of your data complies with GDPR requirements. Data are transferred only under the following conditions:
  • the recipient is covered by a European Commission adequacy decision recognising that the country ensures an adequate level of data protection; or
  • we conclude Standard Contractual Clauses (SCCs) approved by the European Commission with the recipient;
  • the recipient applies other appropriate safeguards as provided by the GDPR.

 

In this way, we ensure that your personal data is protected at a level equivalent to that applied within the EU/EEA.

8.Data Security
 When processing your personal data in the online store www.natutui.com, we use secure organisational and technical measures that adequately protect this data from accidental or unlawful destruction, alteration, disclosure, as well as from all other illegal actions. We apply appropriate technical and organisational measures, including: SSL encryption,secure hosting,limited access controls.

We implement and continuously update appropriate organisational and technical security measures. 

9. Data Retention

Personal data is stored only as long as necessary:

  • Orders and invoices: as required by law.
  • Account data: until account deletion.
  • Contract data – 10 years (acccording to Lithuanian law).
  • Inquiry information- up to 2 years.
  • Marketing data: until consent is withdrawn.
  • Cookie data- according to their expiration period.

Data is then deleted or anonymised.

10. Your Rights

 

Under the General Data Protection Regulation (GDPR), you have several important rights related to your personal data. Below we explain what these rights mean and how they may apply in our activities.

  • Right of access your data. You have the right to know whether we process your personal data and to receive information about what data we collect, for what purposes it is used, and to whom it is disclosed. For example, you may request access to your order history or account information. In such cases, we will provide you with a copy of your data; however, if the documents contain other individuals’ data, those details may be redacted to protect their rights.
  • Right to request a correction of inaccurate data. If the information we hold about you is inaccurate or outdated, you have the right to have it corrected or updated. For example, if your delivery address or phone number has changed, we can update it. In some cases, we may ask for additional proof to confirm that the requested change is accurate.
  • Right to request a deletion of your data (“right to be forgotten”). You may request the deletion of your data when it is no longer needed for the purposes for which it was collected (e.g., when deleting your account), when you withdraw your consent (e.g., for newsletter subscriptions), or when the data is processed solely for marketing purposes. However, we cannot delete data that we are legally required to retain - for example, invoices that must be kept for accounting purposes for 10 years, or data needed for resolving legal disputes.
  • Right to restriction of processing. In certain cases, you may request that your data be stored but not actively used. This may apply when you contest the accuracy of the data or when we no longer need it, but you do - such as when you need it to support a claim regarding a purchased product. During the restriction period, data will only be processed minimally - for example, only with your consent or when necessary to defend legal claims.
  • Right to object to processing. You may object to the processing of your data carried out on the basis of our legitimate interests, for example when we use it for website analytics or personalised offers. In such cases, we will stop processing unless we can demonstrate compelling legitimate grounds to continue (e.g., to ensure service security or defend legal claims).
  • Right to object to direct marketing. You may object at any time to the use of your data for sending newsletters, reminders about abandoned carts, or notifications about restocked items. In such cases, we will immediately stop sending these messages and cease using your contact details for marketing purposes.
  • Right to data portability. When your data is processed based on consent or a contract (e.g., account information or purchase history), you have the right to receive it in a structured, commonly used, machine-readable format or request that it be transferred to another service provider. This right does not apply if it would disclose another person’s data or otherwise infringe their rights.
  • Right to withdraw consent. If you have given consent for data processing (e.g., for newsletters, size recommendation functionality, or other additional services), you may withdraw it at any time. This means that from that moment onward, your data will no longer be used for that purpose. However, withdrawing consent does not affect the processing carried out before the withdrawal.
  • Right to file a complaint. If you believe that your personal data is being processed unlawfully or your rights are being violated, you may contact the State Data Protection Inspectorate (https://vdai.lrv.lt, L. Sapiegos g. 17, LT-10312 Vilnius, ). However, we encourage you to contact us first - most issues can be resolved quickly and amicably.

 

We will respond to all your requests regarding the exercise of your rights no later than within one month. If a request is complex or we receive multiple requests, this period may be extended by up to two additional months - in such cases, you will be informed of the extension and the reasons for it. Requests can be sent to: info@natutui.com

11. POLICY UPDATES

We may update this Privacy Policy from time to time. The latest version will always be available on the Website.