Privacy policy

MGK Prekyba, MB (hereinafter – “the Company” or “we”) cares about your privacy and the protection of your personal data. Therefore, personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter – “GDPR”) of the European Parliament and Council, as well as other applicable legal acts regulating personal data protection. To ensure fair and transparent information about the processing of your personal data, the Company publishes this Privacy Policy (hereinafter – “Privacy Policy”).

In this Privacy Policy, the term “personal data” means any information that can be used to identify a person, as well as any information about a person who has already been identified. The term “online store” means the online store located at gymstar.store.

Why is this Privacy Policy needed?

This Privacy Policy provides information on what personal data we collect and for what purposes we process it when you visit our online store, create a personal account, purchase the products we offer, agree to direct marketing, or communicate with us. The Privacy Policy also provides other important information about personal data processing, your rights, and how you may exercise them.

Who is the controller of your personal data?

The controller of your personal data is MGK Prekyba, MB
Legal entity code: 306669684
Address: Vaižganto g. 11D-10, LT-44225 Kaunas
Email for inquiries regarding data processing: info@gymstar.lt

For what purposes and what personal data do we process?

1. Creating and managing an account in the online store

  • Personal data processed:

    • Mandatory registration data: email address, password.

    • Optional registration data: name, surname, phone number, address, postal code.

    • Data for account management: registration data, date and time of account creation and login, your orders and history (products, price, date, order number), actions in the account (including technical data such as login info), payment confirmation.

  • Legal basis: Legitimate interests of the Company (GDPR Art. 6(1)(f)): to create and properly manage your account.

  • Storage period: For the entire active use of the account, stored for 3 years and 14 calendar days from the last login, or until you request deletion or withdraw consent (if data is processed on consent basis).

2. Logging into the account

  • Personal data: email, password.

  • Storage period: Same as above (3 years and 14 days after last login, or until deletion/withdrawal).

3. Purchase–sale agreement and fulfillment

  • Personal data:

    • Required for contract: name, surname, email, phone number, delivery address.

    • If the buyer differs from the recipient: recipient’s name, surname, address, phone number.

    • Payment info (e.g., bank account number, payment confirmation), delivery, returns, complaints.

  • Legal basis:

    • Contract performance (GDPR Art. 6(1)(b)).

    • Legitimate interests (GDPR Art. 6(1)(f)): enabling later completion if order placement was interrupted.

  • Storage period: 3 years after contract execution. Unpaid orders are stored for 14 calendar days.

4. Direct marketing

  • Personal data: name, email, date of consent.

  • Legal basis: Your consent (GDPR Art. 6(1)(a)).

  • Storage period: As long as consent is valid.

5. Statistics

  • Personal data: IP address, country.

  • Legal basis:

    • Consent (for Google Analytics cookies).

    • Legitimate interests: collect statistical info on countries of visitors.

  • Storage period: 26 months.

6. Communication with customers or potential customers

  • Personal data: name, surname, phone, email, home address, date of birth, query/complaint content, related documents (e.g., purchase data, photos).

  • Legal basis:

    • Contract performance (GDPR Art. 6(1)(b)).

    • Legal obligation (GDPR Art. 6(1)(c)): Consumer Rights Act of Lithuania.

    • Legitimate interests: responding properly to inquiries.

  • Storage period: Duration of communication plus 2 years.

7. Administration of social media accounts

  • Personal data: name, surname, nickname, photo, communication content, comments, reactions, shares, other data provided.

  • Legal basis: Legitimate interests (GDPR Art. 6(1)(f)): managing social media accounts.

  • Storage period: Until deletion of the account on that platform (or earlier if user deletes content).

8. Legal claims

  • Personal data: information from previous sections, communication, documents, court decisions.

  • Legal basis: Legitimate interests (GDPR Art. 6(1)(f)): defending rights and interests in legal proceedings.

  • Storage period: 10 years after the purchase–sale contract is fulfilled.

9. Tax and accounting obligations

  • Personal data: name, surname, address, personal ID, VAT code, purchase data, invoices, accounting and tax records.

  • Legal basis: Legal obligation (GDPR Art. 6(1)(c)).

  • Storage period: As required by applicable laws.

Data provision

  • Mandatory personal data must be provided for contract conclusion and fulfillment. Without it, we cannot sell you products or respond to inquiries.

  • Account registration requires mandatory registration data. Without it, account creation is not possible.

Sources of personal data

  • Usually received directly from you (during registration, order, or inquiry).

  • In some cases, from third parties (e.g., when using Google/Facebook login, courier delivery status, payment confirmations).

Sharing of data

Personal data may be transferred to:

  • Delivery service providers (couriers).

  • IT, hosting, website administration, and maintenance providers.

  • Marketing service providers.

  • Legal service providers (if defending interests).

  • Authorities (Consumer Rights Authority, Data Protection Inspectorate, law enforcement) as required by law.

Some providers (Google, Facebook) may process data outside the EEA (e.g., US). Data transfers are safeguarded by adequacy decisions or Standard Contractual Clauses.

Automated decision-making

We do not use automated decision-making, including profiling, that may have legal or significant effects on you.

Your rights

As a data subject, you have the right to:

  • Know if we process your data and access it.

  • Correct inaccurate or incomplete data.

  • Request deletion under certain GDPR circumstances.

  • Restrict processing in specific cases.

  • Object to processing based on legitimate interests.

  • Receive or transfer data processed on consent or contract basis.

  • Withdraw consent at any time (without affecting prior lawful processing).

To exercise your rights, contact: info@gymstar.lt

If unresolved, you may contact the State Data Protection Inspectorate (L. Sapiegos g. 17, 10312 Vilnius, email: ada@ada.lt, phone: +370 5 271 2804).

Cookies

What are cookies?
Small text files created when browsing our website and stored on your device. They help personalize browsing, analyze trends, and improve the website.

Types of cookies used:

  • Functional cookies: remember your choices and personalize features.

  • Targeting cookies: record visits, pages viewed, and links used, to adapt ads.

Cookies are set only with your consent (except those strictly necessary).

We use Google Analytics for statistical tracking. You may opt out via browser add-ons or cookie settings.

Cookies used in the online store:

  • _ga: Google Analytics, unique ID, 2 years.

  • _gat: Google Analytics, limits requests, 1 day.

  • _gid: Google Analytics, distinguishes users, 1 day.

  • _gcl_au: Google AdSense, experiments with ad efficiency, 3 months.

Managing cookies:
You can manage or delete cookies via browser settings. Blocking cookies may affect website functionality. More info: www.allaboutcookies.org.