0zł

PRIVACY POLICY

The purpose of the privacy policy is to inform how personal data of data subjects is collected and processed, to explain how long it is stored, to whom it is provided, what rights data subjects have, and where to apply for the exercise of those rights or for other questions related to the processing of personal data.

Personal data is processed in accordance with the European Union General Data Protection Regulation (EU) 2016/679 (hereinafter – the Regulation), the Law of the Republic of Lithuania on the Legal Protection of Personal Data, and other legal acts regulating the protection of personal data.

UAB „JW Trade“ follows these main data processing principles:

  • personal data is collected only for clearly defined and lawful purposes;
  • personal data is processed only lawfully and fairly;
  • personal data is continuously updated;
  • personal data is stored securely and no longer than required by the established data processing purposes or legal acts;
  • personal data is processed only by those Company employees who have been granted such right according to their job functions or by duly authorized data processors.

1. DEFINITIONS

  • 1.1. Data controller – UAB „JW Trade“ (hereinafter – the Company), legal entity code 302709067, registration address Radviliškio g. 49, Šiauliai.
  • 1.1.1. The Company has not appointed a data protection officer, as this is not mandatory under Article 37 of Regulation (EU) 2016/679 (GDPR) of the European Parliament and of the Council of 27 April 2016. For matters related to the processing of personal data you may contact us by e-mail: [email protected]
  • 1.2. Data subject – any natural person whose data is processed by the Company. The data controller collects only those data of the data subject that are necessary for carrying out the Company’s activities and/or when visiting, using, browsing the Company’s websites, “Facebook”/“LinkedIn” “Instagram”/“YouTube”/“Strava”/ “TikTok” Company social network accounts, etc. (hereinafter – the Website). The Company ensures that the collected and processed personal data will be secure and will be used only for a specific purpose.
  • 1.3. Personal data – any information directly or indirectly related to the data subject whose identity is known or can be directly or indirectly determined by using the relevant data. Processing of personal data means any operation performed on personal data (including collection, recording, storage, editing, modification, granting access, submission of requests, transfer, archiving, etc.).
  • 1.4. Consent – any freely given and informed confirmation by which the data subject agrees that their personal data would be processed for a specific purpose.

2. SOURCES OF PERSONAL DATA

  • 2.1. Personal data is provided by the data subject themselves. The data subject contacts the Company, uses the services provided by the Company, purchases goods and/or services, leaves comments, asks questions, subscribes to newsletters, contacts the Company requesting information, etc.
  • 2.2. Personal data is obtained when the data subject visits the Company’s Website. The data subject fills in the forms available there or for some reason leaves their contact details, etc.
  • 2.3. Personal data is obtained from other sources. Data is obtained from other institutions or companies, publicly available registers, etc.

3. PROCESSING OF PERSONAL DATA

  • 3.1. By providing personal data to the Company, the data subject confirms that they have familiarized themselves with this Privacy Policy. The Company processes personal data only on lawful grounds and only to the extent necessary to achieve specific purposes.
  • 3.2. The Company processes personal data for the following purposes:
  • 3.2.1. Ensuring and maintaining the continuity of the Company’s activities. For this purpose, the following data is processed:
    • For the purpose of concluding and performing contracts, personal data of suppliers (natural persons) may be processed: name(s), surname(s), personal code or date of birth, place of residence (address), telephone number, e-mail address, workplace, position, signature, data contained in a business certificate (type of activity, group, code, name, periods of performance of activity, date of issue, amount), individual activity certificate number, data on whether the data subject is a VAT payer, bank current account and bank, service/goods amount, currency, and other data provided by the person themselves, which the Company receives under legal acts when carrying out the Company’s activities and/or which the Company is obliged to process by laws and/or other legal acts.
    • For the purpose of concluding and performing contracts, data of suppliers’ representatives is processed: name(s), surname(s), telephone number, e-mail address, company name, address, position, authorization data (number, date, authorized person’s date of birth, signature).
    • Contracts, VAT invoices and other related documents are stored in accordance with the terms specified in the General Document Retention Index approved by the order of the Chief Archivist of Lithuania.
    • Legal basis for data processing – necessity to perform a contract to which the client as the data subject is a party, or in order to take steps at the client’s request prior to entering into a contract with them (GDPR Art. 6(1)(b)), and when certain personal data is required to be processed by legal acts (GDPR Art. 6(1)(c)).
  • 3.2.2. Wholesale and retail trade in bicycles, bicycle parts and accessories, providing bicycle preparation for riding and repair services; administration of the Company’s debtors. For this purpose, the following data is processed:
    • When carrying out wholesale and retail trade in bicycles, their parts and accessories, providing bicycle preparation for riding and repair services, personal data of clients (natural persons) may be processed: name(s), surname(s), personal code, telephone number, e-mail address, residential address, bank account data, bank, goods delivery address, other personal data related to the sale of goods and/or provision of services.
    • When administering the Company’s debtors and transferring debts for recovery, personal data of clients (debtors, natural persons) may be processed: name(s), surname(s), personal code, place of residence (address), e-mail address, amount of debt, information about provided services and/or sold goods, other data related to the debt.
    • Contracts, VAT invoices and other related documents are stored in accordance with the terms specified in the General Document Retention Index approved by the order of the Chief Archivist of Lithuania.
    • Data related to the administration of the Company’s debtors is stored no longer than is necessary for the purposes for which personal data is processed.
    • Legal basis for data processing – necessity to perform a contract to which the client as the data subject is a party, or in order to take steps at the client’s request prior to entering into a contract with them (GDPR Art. 6(1)(b)), when certain personal data is required to be processed by legal acts (GDPR Art. 6(1)(c)), as well as the necessity to pursue the Company’s legitimate interests in improving its activities and business performance indicators (GDPR Art. 6(1)(f)).
  • 3.2.3. Performance of internship agreements. For this purpose, the following data is processed:
    • Name(s), surname(s), personal code, if not available – date of birth, signature, telephone number, e-mail address, address, educational institution, internship period, activity.
    • Personal data of interns which is contained in the texts of relevant documents (in contracts, orders, requests, etc.) (in electronic space, paper document, or other form of media) is stored in accordance with the terms specified in the General Document Retention Index approved by the order of the Chief Archivist of Lithuania.
    • Legal basis for data processing – necessity to perform a contract to which the intern as the data subject is a party, or in order to take steps at the intern’s request prior to entering into a contract with them (GDPR Art. 6(1)(b)) and when certain personal data is required to be processed by legal acts (GDPR Art. 6(1)(c)).
  • 3.2.4. Administration of inquiries, comments and complaints. For this purpose, the following data is processed:
    • Name(s), surname(s) and/or username, e-mail address, telephone number, address, subject of the inquiry, comment or complaint, text of the inquiry, comment or complaint.
    • Data of inquiries, comments and complaints is stored for 1 calendar year from the date of submission.
    • Legal basis for data processing – processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (GDPR Art. 6(1)(f)) and the data subject’s consent (GDPR Art. 6(1)(a)).
  • 3.2.5. Sale of gift vouchers. For this purpose, the following data is processed:
    • Name(s), surname(s), gift voucher value, gift voucher buyer’s name(s), surname(s), sale date, gift voucher number, e-mail address, telephone number, gift voucher validity date, payment data.
    • Personal data is stored until the day the gift voucher is used.
    • Legal basis for data processing – necessity to perform a contract to which the client as the data subject is a party, or in order to take steps at the client’s request prior to entering into a contract with them (GDPR Art. 6(1)(b)).
  • 3.2.6. Conducting games and contests. For this purpose, the following data is processed:
    • Name(s), surname(s) and/or username, telephone number, e-mail address.
    • Personal data of winning participants is stored for 6 (six) months after the end of the game or contest.
    • Personal data of non-winning participants is not stored.
    • Legal basis for data processing – the data subject’s consent (GDPR Art. 6(1)(a)).
  • 3.2.7. E-commerce. For this purpose, the following data is processed:
    • Name(s), surname(s), telephone number, e-mail address, purchase history, goods delivery address, goods/service payment data.
    • Personal data is stored only to the extent and for as long as is necessary to achieve the established purposes. When the client’s personal data is no longer needed, a decision is made regarding its destruction, except for those which in cases established by law must be archived in accordance with the requirements of legal acts or the Company’s internal local legal acts.
    • Legal basis for data processing – necessity to perform a contract to which the client as the data subject is a party, or in order to take steps at the client’s request prior to entering into a contract with them (GDPR Art. 6(1)(b)).
    • Necessity of providing data – in certain cases, provision of personal data is necessary in order to conclude and perform a contract (e.g., when placing an order in an online store). If the required personal data is not provided, the contract cannot be concluded or properly performed.
    • When personal data is processed on the basis of consent (e.g., for direct marketing purposes), provision of data is voluntary, however if data is not provided, the person will not be able to receive the relevant services (e.g., newsletters).
  • 3.2.8. Ensuring the quality of telephone consultations about the services provided by the Company, improving customer service quality, controlling that information is provided in a qualified and prompt manner (recording telephone conversations). For this purpose, the following data is processed:
    • Telephone conversation recording, telephone number from which and to which the call is made, date of the telephone conversation, duration of the telephone conversation.
    • Telephone conversation recordings are stored for 1 (one) month.
    • Legal basis for data processing – the data subject’s consent (GDPR Art. 6(1)(a)).
  • 3.2.9. Direct marketing. For this purpose, the following data is processed:
    • Name(s), surname(s), e-mail address, telephone number.
    • Data is stored for 5 years from the date consent is received. This period may be extended if personal data is used or may be used as evidence or a source of information in a pre-trial or other investigation, including an investigation carried out by the State Data Protection Inspectorate, in civil, administrative or criminal proceedings, or in other cases established by law. In such a case, personal data may be stored for as long as necessary for these data processing purposes and destroyed immediately when it becomes no longer necessary.
    • Legal basis for data processing – the data subject’s consent (GDPR Art. 6(1)(a)).
    • The Company may apply profiling elements for direct marketing purposes (e.g., adapting newsletter content and offers according to purchase or browsing history, using marketing automation tools).
    • The Company does not apply automated decision-making as understood under Article 22 of the GDPR that would produce legal or similarly significant effects for the data subject.
  • 3.2.10. For the purpose of ensuring the security of the Company’s employees, other data subjects and property (video surveillance). For this purpose, the following data is processed:
    • Video image. Video surveillance systems do not use facial recognition and/or analysis technologies; the video data recorded by them is not grouped or profiled according to a specific data subject (person). The data subject is informed about ongoing video surveillance by information signs with a video camera symbol and the Company’s details, which are provided before entering the monitored territory and/or premises. The field of view of video cameras does not include premises where the data subject expects absolute protection of personal data.
    • Personal data (video data) obtained by video surveillance cameras is stored up to 14 (fourteen) calendar days from the moment of recording, after which it is automatically destroyed, except in cases where there is a basis to believe that a violation, a criminal act or other unlawful actions have been recorded (until the end of the relevant investigation and/or case examination).
    • Legal basis for data processing – processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (GDPR Art. 6(1)(f)).
  • 3.2.11. For other purposes for which the Company has the right to process the data subject’s personal data, when the data subject has expressed their consent, when data must be processed due to the Company’s legitimate interest, or when the Company is obliged to process data by relevant legal acts.

4. USE OF SOCIAL NETWORKS

  • 4.1. All information that you provide through social media tools (including messages, the use of “Like” and “Follow” fields, and other communication) is controlled by the administrator of the respective social network.
  • 4.2. Currently, our Company has an account on the social network “Facebook”, whose privacy policy is provided at https://www.facebook.com/privacy/explanation;
  • 4.3. Currently, our Company has an account on the social network “Instagram”, whose privacy policy is provided at https://help.instagram.com/519522125107875;
  • 4.4. Currently, our Company has an account on the social network “LinkedIn”, whose privacy policy is available at https://www.linkedin.com/legal/privacy-policy;
  • 4.5. Currently, our Company has an account on the social network “YouTube”, whose privacy policy is available at https://policies.google.com/privacy?hl=en-US.
  • 4.6. Currently, our Company has an account on the social network “Strava”, whose privacy policy is available at https://www.strava.com/legal/privacy.
  • 4.7. Currently, our Company has an account on the social network “TikTok”, whose privacy policy is available at https://www.tiktok.com/legal/page/eea/privacy-policy
  • 4.8. We recommend reading third-party privacy notices and contacting service providers directly if you have any questions about how they use your personal data.

5. NEWSLETTER SENDING

  • 5.1. For sending newsletters, the Company uses third-party “Omnisend” services. The third party “Omnisend” uses only the recipient’s e-mail address for successful delivery of newsletters. “Omnisend” privacy policies are provided at:
  • “Omnisend” privacy policy: https://www.omnisend.lt/privacy/;
  • 5.2. You can unsubscribe from newsletters at the bottom of each received e-mail by clicking the “Unsubscribe from newsletter” button, by replying to the received e-mail, or by contacting the Company directly by e-mail and expressing the wish to no longer receive newsletters sent by the Company.

6. E-COMMERCE

  • 6.1. The UAB „JW Trade“ online store is created using “PrestaShop” platforms. Data collected for e-commerce purposes is stored also on “PrestaShop” servers. The privacy policy of the e-store platform is provided at:
  • “PrestaShop” privacy policy: https://www.prestashop.com/en/privacy-policy.
  • 6.2. For accepting payments, the Company uses the “Artea”, “Paysera”, “Kevin”, “Esto” and “Inbank” platforms. The privacy policy of the payment acceptance platforms is provided at:
  • “Artea” privacy policy: https://www.artea.lt/lt/apie/svarbus-dokumentai/privatumo-politika
  • “Paysera” privacy policy: https://www.paysera.lt/v2/en-LT/legal/privacy-policy-2020;
  • “Kevin” privacy policy: https://www.kevin.eu/docs/privacy-policy/;
  • “Esto” privacy policy: https://esto-lt-public.s3.eu-central-1.amazonaws.com/docs/lt-lt/ESTO%20Privatumo%20politika.pdf;
  • “Inbank” privacy policy: https://inbank.lt/documents/lt/lt/privacy_policy.pdf.
  • 6.3. Security of personal data
  • 6.3.1. The Company implements appropriate technical and organizational measures designed to protect personal data from unlawful or accidental destruction, loss, alteration, disclosure, or unauthorized access.
  • 6.3.2. Organizational measures:
  • 6.3.3. – employees’ confidentiality commitments;
  • 6.3.4. – granting access to personal data only according to job functions;
  • 6.3.5. – internal procedures and data processing control;
  • 6.3.6. – selection of data processors ensuring their compliance with GDPR requirements.
  • 6.3.7. Technical measures:
  • 6.3.8. – information systems protected by passwords;
  • 6.3.9. – antivirus protection and firewalls;
  • 6.3.10. – regular system and software updates;
  • 6.3.11. – making backup copies of data.
  • 6.3.12. Access control:
  • 6.3.13. – limiting access rights according to positions;
  • 6.3.14. – control of administrator rights;
  • 6.3.15. – revocation of access upon termination of employment relationships.
  • 6.3.16. Encryption:
  • 6.3.17. – data transmission using the SSL/TLS security protocol;
  • 6.3.18. – secure login to the website administration environment.
  • 6.3.19. Server protection:
  • 6.3.20. – hosting data on secure servers;
  • 6.3.21. – physical and technical protection of data centers;
  • 6.3.22. – protection against unauthorized access and cyberattacks.
  • 6.4. Cookies. Cookies are used on the Company’s website to ensure proper functioning of the website, analyze visitor traffic, and provide personalized content and advertising. Detailed information about the cookies used, their types, storage periods, and cookie management is provided in a separate Cookie Policy, which you can find here: https://bikko.lt/pagalba/slapuku-politika . Cookie settings and/or consent for non-essential cookies can be changed at any time in the manner specified in the Cookie Policy.

7. DISCLOSURE OF PERSONAL DATA

  • 7.1. The Company undertakes to comply with the duty of confidentiality towards data subjects. Personal data may be disclosed to third parties only if it is necessary to conclude and perform a contract for the benefit of the data subject, or for other legitimate reasons.
  • 7.2. The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only according to the Company’s instructions and only to the extent necessary to properly perform the obligations set out in the contract. The Company engages only those data processors who provide sufficient guarantees that appropriate technical and organizational measures will be implemented in such a way that processing will meet the requirements of the Regulation and ensure protection of the data subject’s rights.
  • 7.3. The Company may also provide personal data in response to requests of courts or state institutions to the extent necessary to properly comply with applicable legal acts and instructions of state institutions.
  • 7.4. The Company guarantees that personal data will neither be sold nor rented to third parties.
  • 7.5. In certain cases, data may be transferred outside the EEA when the Company uses services of international service providers (e.g., information technology, marketing, or analytics services). In such cases, data transfer is carried out in compliance with the requirements of GDPR Chapter V and by applying appropriate safeguards, e.g., the European Commission approved standard contractual clauses (SCC) or other lawful measures.

8. PROCESSING OF MINORS’ PERSONAL DATA

  • 8.1. Persons who are younger than 14 years may not provide any personal data through the Company’s Website. If a person is younger than 14 years, in order to use the Company’s services, before providing personal information it is mandatory to provide written consent of one representative (father, mother, guardian) for the processing of personal data.

9. PERSONAL DATA RETENTION PERIOD

  • 9.1. Personal data collected by the Company is stored in printed documents and/or the Company’s information systems. Personal data is processed no longer than necessary to achieve the purposes of data processing or no longer than required by data subjects and/or provided for by legal acts.
  • 9.2. Although the data subject may terminate the contract and refuse the Company’s services, the Company must still store the data subject’s data due to possible future claims or legal demands until the data retention periods expire.

10. RIGHTS OF THE DATA SUBJECT

  • 10.1. The right to receive information about data processing.
  • 10.2. The right to access processed data.
  • 10.3. The right to request rectification of data.
  • 10.4. The right to request deletion of data (“Right to be forgotten”). This right does not apply if the personal data requested to be deleted is processed on another legal basis as well, such as processing necessary for the performance of a contract or compliance with obligations under applicable legal acts.
  • 10.5. The right to restrict data processing.
  • 10.6. The right to object to data processing.
  • 10.6.1. The data subject has the right to object at any time to the processing of their personal data when data is processed on the basis of legitimate interest.
  • 10.6.2. When personal data is processed for direct marketing purposes, the data subject has the right to object at any time to such processing of personal data, including profiling related to such marketing. In such a case, personal data will no longer be processed for these purposes.
  • 10.6.3. If the data subject objects to direct marketing, the Company may store a minimal amount of data in order to ensure that the person no longer receives marketing messages.
  • 10.7. The right to data portability. The right to data portability must not adversely affect the rights and freedoms of others. The data subject does not have the right to data portability in respect of those personal data which are processed by non-automated means in structured files, for example, in paper files.
  • 10.8. The right to request that a decision based solely on automated data processing, including profiling, not be applied.
  • 10.9. The right to lodge a complaint about the processing of personal data with the State Data Protection Inspectorate. The data subject also has the right to lodge a complaint with the supervisory authority in the state of their habitual residence or place of work.

11. RIGHTS OF THE DATA SUBJECT

  • 11.1. The Company must create conditions for the data subject to exercise the above-mentioned rights of the data subject, except in cases established by law when it is necessary to ensure state security or defense, public order, prevention, investigation, detection or prosecution of criminal offenses, important state economic or financial interests, prevention, investigation and detection of violations of official or professional ethics, protection of the rights and freedoms of the data subject or other persons.

12. PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT

  • 12.1. The data subject, regarding the exercise of their rights, may contact the Company:
  • 12.1.1. by submitting a written request in person, by mail, through a representative or by electronic communications – by e-mail: [email protected];
  • 12.1.2. orally – by phone: +370 604 18102;
  • 12.1.3. in writing – at the address: Radviliškio g. 49, Šiauliai.
  • 12.2. In order to protect data from unlawful disclosure, the Company, upon receiving a request from the data subject to provide data or to exercise other rights, must verify the identity of the data subject.
  • 12.3. The Company’s response to the data subject is provided no later than within one month from the day the Company receives the data subject’s request, taking into account the specific circumstances of personal data processing. This period may, if necessary, be extended by a further two months, taking into account the complexity and number of requests.

13. RESPONSIBILITY OF THE DATA SUBJECT

  • 13.1. The data subject must:
  • 13.1.1. inform the Company about changes in the information and data provided. It is important for the Company to have correct and valid information about the data subject;
  • 13.1.2. provide the necessary information so that, upon the data subject’s request, the Company could identify the data subject and ensure that it communicates or cooperates only with the specific data subject (provide an identity document or in the manner established by legal acts or by electronic communications means that would allow proper identification of the data subject). This is necessary to protect the data subject’s and other persons’ data so that disclosed information about the data subject is provided only to the data subject without violating the rights of other persons.

14. FINAL PROVISIONS

  • 14.1. By providing personal data, the data subject confirms that they have familiarized themselves with the Privacy Policy.
  • 14.2. In developing and improving the Company’s activities, the Company has the right to unilaterally change this Privacy Policy at any time. The Company has the right to unilaterally, partially or fully change the Privacy Policy by announcing it on the website www.bikko.bike.
  • 14.3. Supplements or amendments to the Privacy Policy enter into force from the day of their publication, i.e., from the day they are posted on the website www.bikko.bike.

Privacy policy version: 2.0
Last update date: 2026-02-12
Effective date: 2026-02-12