Privacy policy

PRIVACY POLICY

Last updated: 2025 December 4th

1. INTRODUCTION

Monelita MB ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or purchase products from Doshiva.

This policy complies with:

  • EU General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
  • Lithuanian Law on Legal Protection of Personal Data
  • EU ePrivacy Directive (Cookie Law)

Data Controller:

Company name: Monelita MB
Registration code: 305743167
Address: Pušyno g. 32, LT-45185 Kaunas, Lithuania
Email: info@monelita.com
Phone: +370 663 77457

2. WHAT PERSONAL DATA WE COLLECT

We collect and process the following categories of personal data:

2.1 Information You Provide to Us

When you place an order:

  • Full name
  • Email address
  • Phone number
  • Billing address
  • Shipping address (if different)
  • Payment information (processed by our payment providers - we do not store complete card details)

When you contact us:

  • Name
  • Email address
  • Phone number (if provided)
  • Message content
  • Any other information you choose to provide

When you create an account (if applicable):

  • Username
  • Password (encrypted)
  • Order history
  • Saved addresses

When you subscribe to our newsletter:

  • Email address
  • Name (if provided)
  • Subscription preferences

2.2 Information Collected Automatically

When you visit our website:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring website
  • Pages viewed and time spent on pages
  • Geographic location (country/city level)
  • Cookies and similar tracking technologies (see Section 10)

2.3 Information from Third Parties

Social media: If you interact with us on social media platforms (Facebook, Instagram, etc.), we may receive information according to those platforms' privacy policies.

Payment processors: We receive confirmation of payment status but not complete payment card details.

3. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds under GDPR Article 6:

Purpose Legal Basis
Processing and fulfilling orders Contract performance (Article 6(1)(b)) - necessary to fulfill our contract with you
Payment processing Contract performance (Article 6(1)(b))
Customer service and support Contract performance (Article 6(1)(b)) and legitimate interest (Article 6(1)(f))
Sending transactional emails (order confirmations, shipping updates) Contract performance (Article 6(1)(b))
Marketing emails and newsletters Consent (Article 6(1)(a)) - you can withdraw at any time
Fraud prevention and security Legitimate interest (Article 6(1)(f)) and legal obligation (Article 6(1)(c))
Analytics and website improvement Legitimate interest (Article 6(1)(f))
Legal compliance (tax, accounting) Legal obligation (Article 6(1)(c))

4. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

4.1 Order Processing and Fulfillment

  • Process and complete your orders
  • Arrange shipping and delivery
  • Send order confirmations and shipping notifications
  • Handle returns, refunds, and exchanges
  • Provide customer support

4.2 Communication

  • Respond to your inquiries and requests
  • Send important updates about your orders
  • Send administrative information about our services
  • Provide customer service support

4.3 Marketing (with your consent)

  • Send promotional emails about new products, special offers, and discounts
  • Send newsletters (you can unsubscribe at any time)
  • Personalize marketing content based on your interests

4.4 Legal and Security

  • Prevent fraud and abuse
  • Comply with legal obligations (tax, accounting, consumer protection)
  • Enforce our terms and conditions
  • Resolve disputes

4.5 Analytics and Improvement

  • Analyze website usage and traffic patterns
  • Improve our website, products, and services
  • Conduct market research
  • Test new features and functionalities

5. WHO WE SHARE YOUR DATA WITH

We may share your personal data with the following categories of recipients:

5.1 Service Providers (Data Processors)

We work with trusted third-party service providers who process data on our behalf:

E-commerce platform:

  • Shopify Inc. (Canada) - website hosting and e-commerce infrastructure
  • Privacy policy: https://www.shopify.com/legal/privacy

Payment processors:

  • Stripe (USA/Europe) - credit card processing
  • PayPal (USA/Europe) - payment processing
  • These providers process payment information according to PCI-DSS standards

Shipping and logistics:

  • Postal services and courier companies (varies by destination)
  • These providers need your name, address, and contact information for delivery

Email service providers:

  • For sending transactional and marketing emails (e.g., Klaviyo, Mailchimp, or similar)

Analytics providers:

  • Google Analytics - website analytics (anonymized where possible)
  • Facebook Pixel - marketing analytics (if applicable)

Customer support tools:

  • Help desk and customer service platforms

5.2 Legal Requirements

We may disclose your personal data if required by law or in response to:

  • Court orders or legal processes
  • Requests from law enforcement or government authorities
  • Protection of our legal rights or the safety of others

5.3 Business Transfers

If we sell, merge, or transfer any part of our business, your personal data may be transferred to the new owner, subject to this Privacy Policy.

5.4 With Your Consent

We may share data with other third parties if you give us explicit consent to do so.

Important: We never sell your personal data to third parties for their marketing purposes.

6. INTERNATIONAL DATA TRANSFERS

Our service providers may be located outside the European Economic Area (EEA), including in the United States and Canada.

When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with service providers in countries without adequate data protection.

Adequacy Decisions: Some countries (e.g., UK, Canada, Switzerland) have been recognized by the EU as providing adequate data protection.

Specific providers:

  • Shopify (Canada): Canada has an adequacy decision from the EU
  • US-based providers: We use Standard Contractual Clauses and ensure compliance with EU data protection standards

7. HOW LONG WE KEEP YOUR DATA

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data Type Retention Period
Order and transaction data 10 years (Lithuanian tax and accounting law requires 10-year retention)
Customer account data Until account deletion or 3 years of inactivity
Marketing email lists Until you unsubscribe or we close the list
Customer service communications 3 years after last interaction
Website analytics data Anonymized after 26 months (Google Analytics default)
Cookies See Section 10 (Cookie Policy)

After retention periods expire, we will securely delete or anonymize your personal data.

Legal obligations: Some data may be retained longer if required by law (e.g., for tax audits, legal disputes).

8. YOUR RIGHTS UNDER GDPR

As a data subject in the EU, you have the following rights:

8.1 Right of Access (Article 15)

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data in certain circumstances:

  • Data is no longer necessary for the original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • Data has been unlawfully processed

Exceptions: We may refuse deletion if we need the data for legal obligations, defending legal claims, or other lawful reasons.

8.4 Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data in certain situations.

8.5 Right to Data Portability (Article 20)

You can request a copy of your data in a structured, machine-readable format to transfer to another service provider.

8.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Marketing: You can opt out of marketing emails at any time by clicking "unsubscribe" in any email or contacting us.

8.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or significant effects.

Note: We do not use automated decision-making or profiling.

8.8 Right to Withdraw Consent

Where we process data based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

8.9 How to Exercise Your Rights

To exercise any of these rights, please contact us:

Email: info@monelita.com
Subject line: "GDPR Data Subject Request"
Include: Your full name, email address, and description of your request

Response time: We will respond within 1 month (may be extended by 2 months for complex requests).

Verification: We may ask for identification to verify your identity before processing your request.

No fee: Exercising your rights is free of charge, unless requests are manifestly unfounded or excessive.

9. RIGHT TO LODGE A COMPLAINT

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority:

State Data Protection Inspectorate of Lithuania:
Website: https://vdai.lrv.lt
Email: ada@ada.lt
Phone: +370 5 279 14 45
Address: L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania

Alternative: You may also contact the data protection authority in your country of residence.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how our site is used.

10.2 Types of Cookies We Use

Essential/Strictly Necessary Cookies:

  • Required for website functionality (e.g., shopping cart, checkout)
  • Cannot be disabled
  • Legal basis: Legitimate interest (necessary for service provision)

Performance/Analytics Cookies:

  • Google Analytics - tracks website usage and traffic
  • Helps us improve website performance
  • Legal basis: Consent (where required) or legitimate interest

Functional Cookies:

  • Remember your preferences (e.g., language, region)
  • Enhance user experience
  • Legal basis: Consent or legitimate interest

Marketing/Advertising Cookies:

  • Facebook Pixel, Google Ads (if applicable)
  • Used for targeted advertising and measuring campaign effectiveness
  • Legal basis: Consent (required)

10.3 Cookie Duration

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Remain for a set period (usually up to 2 years)

10.4 Managing Cookies

Cookie consent banner: When you first visit our site, you can choose which non-essential cookies to accept.

Browser settings: You can block or delete cookies through your browser settings:

  • Chrome: Settings > Privacy and Security > Cookies
  • Firefox: Settings > Privacy & Security > Cookies
  • Safari: Preferences > Privacy > Cookies
  • Edge: Settings > Cookies and site permissions

Note: Blocking essential cookies may affect website functionality.

Third-party opt-outs:

  • Google Analytics: https://tools.google.com/dlpage/gaoptout
  • Facebook: https://www.facebook.com/settings?tab=ads

10.5 Do Not Track

Some browsers have "Do Not Track" (DNT) features. Our website does not currently respond to DNT signals, as there is no universal standard.

11. DATA SECURITY

We take the security of your personal data seriously and implement appropriate technical and organizational measures:

Technical measures:

  • SSL/TLS encryption for data transmission (HTTPS)
  • Secure servers and databases
  • Regular security updates and patches
  • Firewalls and intrusion detection systems
  • Access controls and authentication

Organizational measures:

  • Limited access to personal data (need-to-know basis)
  • Employee training on data protection
  • Data processing agreements with service providers
  • Regular security audits

Payment security:

  • We do not store complete credit card information
  • Payment processing complies with PCI-DSS standards
  • Payment data is handled by certified payment processors

Data breach notification: In the unlikely event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

12. CHILDREN'S PRIVACY

Our website and products are not intended for children under 18 years of age.

We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information.

13. THIRD-PARTY LINKS

Our website may contain links to third-party websites (e.g., social media, payment processors, review platforms).

Important: We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing any personal information.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in:

  • Our practices
  • Legal requirements
  • Service providers

Notification:

  • Material changes will be notified via email or prominent notice on our website
  • The "Last updated" date at the top will be revised
  • Continued use of our website after changes constitutes acceptance

We encourage you to review this policy periodically.

15. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Data Protection Contact:

Email: info@monelita.com
Subject: "Privacy Inquiry" or "GDPR Request"
Phone: +370 663 77457
Mail: Monelita MB, Pušyno g. 32, LT-45185 Kaunas, Lithuania

Customer service hours: Monday - Friday, 9:00 AM - 6:00 PM (EET/EEST)

We will respond to your inquiry within a reasonable timeframe, typically within 1 month for GDPR-related requests.

16. LANGUAGE

This Privacy Policy is available in multiple languages for your convenience. In case of any discrepancy between language versions, the English version shall prevail.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy.