Privacy Policy

  1. GENERAL PROVISIONS

Amsterdam LAB UAB (hereinafter referred to as the Company), respecting the right to privacy of its customers, including visitors and buyers of the website Sora Nora (hereinafter referred to as the Website), commits to ensuring the protection of their personal data and the rights of data subjects.

This privacy policy regulates the main principles and procedures for collecting, processing, and storing personal data of all Company customers.

By using the Company’s Website or services or purchasing products offered by the Company, thereby providing your personal data to the Company, you agree to the provisions of this Privacy Policy. Customers are considered to be familiar with the Privacy Policy when they check the box below the text of this policy when registering on the Website or in the customer system. The privacy policy can be reviewed again on the Website at this address: https://soranora.com/privacy-policy/.

In processing your personal data, we comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as LLPPD), the Law on Electronic Communications of the Republic of Lithuania (hereinafter referred to as LEC), and other applicable legal acts regulating the protection of personal data.

  1. TERMS USED IN THE PRIVACY POLICY

Personal Data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Subject – a natural person – a Company customer (including Website visitors) whose personal data is collected by the Company.

Data Subject’s Consent – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.

Data Controller – Amsterdam LAB UAB, a company established under the laws of the Republic of Lithuania, company code 306711293, registered office address J. Jasinskio g. 4-15, Vilnius.

Cookie – a small piece of textual information that is automatically created when browsing the Website and is stored on your computer or other device.

Direct Marketing – activities aimed at offering goods or services to individuals by mail, telephone or other direct means and/or inquiring about their opinion on the offered goods or services.

  1. WHAT PERSONAL DATA WE PROCESS

Depending on your interaction with our e-shop, we may process the following personal data that you provide yourself when registering, ordering services and/or purchasing products on the Website or ordering services in other ways:

Registration data: name, surname, email address, phone number, address, personal identification number.

Purchase history: ordered products, payment method (without payment details), delivery information, invoice numbers.

Loyalty program data: date of birth, purchase history, accumulated points or discounts.

Comment and feedback data: author’s name, email, comment content.

Consents/non-consents for direct marketing, newsletter subscriptions.

Browsing and behavior data on the website that you indirectly provide when registering, ordering services and/or purchasing products on the Website, the Company continues to process, i.e., this data is automatically collected from your computers and/or mobile devices when you log in to the Website: login IP addresses and times, browser used by the user and its version, websites you visited before entering our Website, data on service usage, etc. This data is stored by the Company during our cooperation period and, depending on the data, up to one year from the end of this period. This data may be stored for a longer period if there are other legal grounds for such storage period.

Any other customer data provided in inquiries, correspondence.

  1. FOR WHAT PURPOSES WE USE YOUR DATA

To fulfill orders, deliver products, provide services, issue invoices. To ensure user account functionality, improve service quality. To administer the loyalty program, provide discounts and offers. To identify Company customers in its information systems.

To send direct marketing messages with separate consent. To administer documents related to service or product orders. To ensure Website operation, improve experience using cookies. To administer and publish customer comments and feedback. To contact you, fulfill contractual obligations. To investigate and prevent possible legal violations, fraud.

  1. DATA STORAGE AND PROVISION TO THIRD PARTIES

We store data as long as it is necessary to achieve the stated purposes or as required by legal acts. Registration data is stored until the account is deregistered. Purchase data is stored for 10 years from order fulfillment (requirements of the Republic of Lithuania legal acts). Loyalty program data is stored until the end of the program or member’s withdrawal from it. Consents/non-consents for marketing are stored until their revocation or for 5 years from the last interaction. Comments and feedback are published until their removal by the administration or the user themselves. Cookie usage data is stored for up to 2 years (or depending on the cookie’s validity).

We may provide data to: delivery service providers, couriers for order delivery; payment, accounting service providers for order processing; companies belonging to the Boring Investments UAB group of companies, in order to provide full-fledged services, best offers, best buyer experience and for business purposes; marketing, communication, advertising, research service providers; legal, financial, business consultants, auditors; IT, website administration, data center, cloud service providers; state institutions (e.g., State Tax Inspectorate, law enforcement) according to legal requirements; other data recipients with customer consent. Access to your personal data by Company employees is granted only when necessary to perform their duties and only after the employee has committed to maintaining confidentiality requirements. We engage only those data processors who ensure that appropriate technical and organizational measures are implemented in such a way that data processing meets the requirements of the Regulation and ensures the protection of your rights as data subjects.

  1. HOW YOUR PERSONAL DATA IS PROCESSED

The Company ensures that your personal data will be: processed lawfully, fairly and in a transparent manner, collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, accurate and, where necessary, kept up to date, processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

  1. YOUR RIGHTS AS A DATA SUBJECT

You have the following data subject rights, which we will implement upon receiving your request (by email to ask@soranora.com; by mail to J. Jasinskio g. 4-15, Vilnius) after properly verifying your identity: to access your personal data and how it is processed; to request correction of inaccurate personal data related to you; to request completion of incomplete personal data related to you; to request that the Company restrict the processing of your personal data; to receive personal data concerning you, which you have provided to the Company, in a structured, commonly used and machine-readable format (you also have the right to request the Company to transfer your personal data to another data controller); to object to the processing of personal data related to you (e.g., for direct marketing or other purposes).

To request that the Company erase personal data related to you if: it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent, and there is no other legal ground for processing your personal data; the personal data has been unlawfully processed; on other grounds established in the Regulation.

We inform you that if you believe that your rights as a data subject have been violated, you can file a complaint with the State Data Protection Inspectorate. More information about the State Data Protection Inspectorate and complaint handling can be found here: https://www.ada.lt/. More about data subject rights can be found at https://soranora.com/data-subjects-rights/.

  1. COOKIES

We use the following types of cookies: essential cookies necessary for website operation, session maintenance; functional cookies for convenience features, personalization; analytical cookies for collecting traffic statistics, website improvement; targeting and advertising cookies for monitoring advertising campaign effectiveness. You can see the full list of specific cookies in their confirmation window by selecting the processing and application function.

  1. DATA SECURITY

To ensure the security of personal data, we apply the following measures: data encryption when transmitting it through external channels; strictly limiting access to personal data, granting it only to those employees and service providers who need it to perform their functions; regularly conducting security, intrusion testing; applying other technological measures that meet industry standards; employee education, internal procedures and rules for secure data processing.

  1. FINAL PROVISIONS

The Policy is effective from 01-05-2024. We regularly, but not less than once a year, review and update this Privacy Policy. Its changes take effect upon publication on the Website.