1. Data Controller
Your personal data controller is:
MB Elektronikos Taisykla is not required to appoint a Data Protection Officer; however, data protection enquiries may be directed to info@efix.lt.
2. Legal Basis
- ›GDPR (Regulation (EU) 2016/679) — applicable since 25 May 2018.
- ›Republic of Lithuania Law on Legal Protection of Personal Data — supplements GDPR in Lithuania.
- ›Lithuanian Law on Electronic Communications — governs cookie use and electronic privacy.
- ›Lithuanian Law on Accounting — sets financial document retention periods.
- ›Lithuanian Civil Code — governs contractual relations and limitation periods.
3. Personal Data Processed
Identification and contact data
- ›Name and surname
- ›Phone number
- ›Email address
- ›Home address (for postal delivery)
Service data
- ›Repair order information
- ›Device model and fault description
- ›Parts and materials information
- ›Repair history and notes
Financial data
- ›Payment fact and amount
- ›Invoice data
- ›For businesses: company code, VAT number, IBAN
Technical and browsing data
- ›IP address
- ›Browser type and version
- ›Visit time and pages viewed
- ›Cookie data (see section 8)
4. Processing Purposes and Legal Basis
| Purpose | GDPR basis | Type |
|---|---|---|
| Provision of repair services | Art. 6(1)(b) | Contract performance |
| Issuing invoices | Art. 6(1)(c) | Legal obligation |
| Handling complaints and warranties | Art. 6(1)(b) | Contract performance |
| Tax and accounting | Art. 6(1)(c) | Legal obligation |
| Direct marketing (existing clients) | Art. 6(1)(f) | Legitimate interest |
| Marketing newsletters | Art. 6(1)(a) | Consent |
| Website analytics | Art. 6(1)(f) | Legitimate interest |
| CCTV in premises | Art. 6(1)(f) | Legitimate interest (security) |
5. Data Retention Periods
- ›Repair documents and invoices — 10 years from issuance.
- ›Client contact data — 5 years after the last service (if no active warranty).
- ›Warranty cards — during the warranty period and 1 year after expiry.
- ›Marketing consents — until withdrawn or 5 years from last contact.
- ›CCTV recordings — no more than 30 days, then automatically overwritten.
- ›Server logs — 90 days for security and diagnostics.
- ›Cookies — per each cookie's expiry period (see section 8).
6. Your Rights as a Data Subject
Under GDPR Chapter III, exercisable by contacting info@efix.lt:
Right of access
Right to obtain confirmation of whether we process your personal data and to receive a copy.
Right to rectification
Right to have inaccurate or incomplete data corrected without undue delay.
Right to erasure ("right to be forgotten")
Right to request erasure when data is no longer necessary or was processed unlawfully. Does not apply where retention is legally required.
Right to restriction of processing
Right to request restriction while accuracy is verified or an objection is resolved.
Right to data portability
Right to receive data in a structured, machine-readable format and transfer it to another controller.
Right to object
Right to object to processing for direct marketing purposes at any time.
Right to withdraw consent
Consent may be withdrawn at any time without affecting prior lawful processing.
7. Data Recipients and Transfers
- ›Parts suppliers — only necessary technical data for warranty claims.
- ›Accounting services — invoice data passed to our accountant as data processor.
- ›Courier operators — name, address, phone for postal delivery.
- ›Payment systems — Paysera and banks process payments as independent controllers.
- ›IT service providers — hosting and infrastructure providers acting as data processors.
- ›Competent authorities — only upon a legally valid request.
Data processing agreements under GDPR Art. 28 are in place with all processors. No data is transferred outside the EU/EEA without appropriate safeguards.
9. CCTV in Premises
- ›Monitoring covers the service area only — not changing rooms, toilets, or other private spaces.
- ›Notices are displayed at premises entrances.
- ›Recordings retained for no more than 30 days, then automatically overwritten.
- ›Access restricted to authorised staff and, where legally required, law enforcement.
10. Complaints and Supervisory Authority
Contact us first at info@efix.lt — we will respond within 30 days. You may also lodge a complaint with:
🏛️ State Data Protection Inspectorate (VDAI)
Amendments. This policy may be updated when legislation changes or data processing practices evolve. Material changes will be published on this page. Continued use constitutes acceptance.