PRIVACY POLICY

PURPOSE OF THE PRIVACY POLICY

1.1. This Privacy Policy sets out the terms and conditions governing the processing of Users’ Personal Data when using the Website. By submitting Personal Data through the Website, the User confirms that they have read this Privacy Policy and understand how the Data Controller processes Personal Data in accordance with the procedures specified herein.

1.2. These provisions apply each time a User accesses or uses the Website operated by the Data Controller.

1.3. The Data Controller ensures the confidentiality of Personal Data and takes appropriate technical and organisational measures to protect Users’ Personal Data against unauthorised access, disclosure, loss, alteration, destruction, or other unlawful processing.

1.4. The provisions of this Privacy Policy have been prepared in accordance with the applicable legislation of the Republic of Lithuania and the requirements of the General Data Protection Regulation.

 

DEFINITIONS

2.1. For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

2.1.1. “Personal Data” or “Data” means any information relating to an identified or identifiable natural person (data subject).

2.1.2. “Data Processing” means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

2.1.3. “Data Controller” means MB LFI Components, company code 307402976, with its registered address at Laisvės al. 110, LT-44253 Kaunas, Lithuania, which determines the purposes and means of processing Personal Data.

2.1.4. “Website” means the website operated by the Data Controller, available at www.lficomponents.com.

2.1.5. “Privacy Policy” means this document setting out the Data Controller’s basic rules for the collection, storage, processing, and retention of Personal Data in relation to Users’ use of the Website.

2.1.6. “Regulation” means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which became applicable in the European Union on 25 May 2018 and repealed Directive 95/46/EC.

2.1.7. “Cookies” are small text files stored on the User’s device when visiting the Website, which help ensure the proper functioning of the Website, improve the user experience, and collect statistical information about Website usage.

2.1.8. “Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to them.

2.1.9. “User” means a natural person (data subject) who has visited the Website operated by the Data Controller and has provided their Personal Data through the Website.

 

PERSONAL DATA PROCESSED

3.1. In order to respond to inquiries and provide information about its products or services, the Data Controller processes the following Personal Data:

3.1.1. Personal Data provided by the User through the contact form: name, surname, e-mail address, company name, country, and message.

3.1.2. Automatically collected Data: the Website may use Cookies to collect information about the use of the Website or automatically generated visit statistics. For more information about the use of Cookies on this Website, please refer to the Cookie Policy.

 

PRINCIPLES FOR PROCESSING PERSONAL DATA

4.1. The Data Controller processes Personal Data in accordance with the following principles:

4.1.1. Lawfulness, fairness, and transparency – Personal Data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.

4.1.2. Purpose limitation  Personal Data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.

4.1.3. Data minimisation – Personal Data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

4.1.4. Accuracy – Personal Data is accurate and, where necessary, kept up to date. All reasonable steps are taken to ensure that inaccurate Personal Data is erased or rectified without delay.

4.1.5. Storage limitation – Personal Data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data is processed.

4.1.6. Integrity and confidentiality  Personal Data is processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organisational measures.

 

PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

5.1. Personal Data provided by Users through the Website may be processed for the following purposes:

5.1.1. To respond to Users’ inquiries submitted through the contact form and to communicate with Users regarding their requests.

5.1.2. To provide information about the Data Controller’s products or services at the User’s request.

5.1.3. To manage and maintain the Website and ensure its proper functioning.

5.1.4. To analyse Website usage and improve the Website and its content (based on aggregated statistical information collected through Cookies).

5.2. The legal basis for processing the User’s Personal Data is the User’s consent when submitting the contact form and the legitimate interest of the Data Controller in responding to inquiries and communicating about its products.

 

DISCLOSURE OF PERSONAL DATA

6.1. The Data Controller ensures that Users’ Personal Data will not be sold or disclosed to third parties without a lawful basis and will not be used for purposes other than those for which it was collected.

6.2. The Data Controller may disclose or transfer the User’s Personal Data to third parties only in the following cases:

6.2.1. To service providers (data processors) who provide services to the Data Controller, such as website hosting, IT maintenance, or other related services. These processors process Personal Data only in accordance with the instructions of the Data Controller and applicable data protection legislation.

6.2.2. If the User has provided separate consent for the disclosure of their Personal Data.

6.2.3. When the transfer of Personal Data is required by competent public authorities or law enforcement authorities in accordance with the legislation of the Republic of Lithuania.

6.2.4. In other cases provided for by applicable legislation or the Regulation.

 

DATA RETENTION PERIODS

7.1. The Data Controller stores Users’ Personal Data only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by the applicable laws and regulations of the Republic of Lithuania.

7.2. Personal Data submitted through the Website’s contact form will be stored for the period necessary to respond to the User’s enquiry and for no longer than 12 (twelve) months after the final communication, unless a longer retention period is required or permitted by applicable law.

 

USER RIGHTS

8.1. In accordance with the General Data Protection Regulation (EU) 2016/679, the User has the following rights in relation to the processing of Personal Data:

8.1.1. To obtain information about what Personal Data is processed and for what purposes;

8.1.2. To access their Personal Data processed by the Data Controller and receive a copy of such data;

8.1.3. To request the correction or updating of Personal Data if it is inaccurate or incomplete;

8.1.4. To request the erasure of Personal Data under the conditions provided in this Privacy Policy (right to be forgotten);

8.1.5. To request restriction of the processing of Personal Data under the conditions specified in Section 8.7 of this Privacy Policy;

8.1.6. To file a complaint with the supervisory authority in Lithuania, the State Data Protection Inspectorate, regarding unlawful processing of Personal Data;

8.1.7. To object to the processing of Personal Data where such processing is carried out for direct marketing purposes.

8.2. The User has the right to submit requests regarding the processing of their Personal Data to the Data Controller in writing using the contact details specified in this Privacy Policy (e-mail or postal address). The Data Controller may request additional information necessary to confirm the identity of the User before responding to the request.

8.3. Upon receiving a request from the User, the Data Controller shall provide a response without undue delay and in any event within one month from the date of receipt of the request. If necessary, taking into account the complexity and number of requests, this period may be extended by a further two months. In such a case, the Data Controller shall inform the User within one month of receiving the request about the extension and the reasons for the delay.

8.4. The User has the right to obtain confirmation from the Data Controller as to whether Personal Data relating to them is being processed and, where that is the case, the User has the right to access the Personal Data and the following information:

8.4.1. The purposes of the processing;

8.4.2. The categories of Personal Data concerned;

8.4.3. The recipients or categories of recipients to whom the Personal Data has been or will be disclosed, including recipients in third countries or international organisations;

8.4.4. The envisaged storage period for Personal Data or, if not possible, the criteria used to determine that period;

8.4.5. The existence of the right to request rectification, erasure of Personal Data, or restriction of processing;

8.4.6. The right to lodge a complaint with a supervisory authority;

8.4.7. Where Personal Data is not collected from the User, any available information about its source.

8.5. Upon a request by the User, the Data Controller shall erase Personal Data without undue delay where one of the following grounds applies:

8.5.1. The Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed;

8.5.2. The User withdraws consent and there is no other legal basis for processing;

8.5.3. The User objects to the processing based on the legitimate interests of the Data Controller and there are no overriding legitimate grounds for the processing;

8.5.4. The Personal Data has been unlawfully processed;

8.5.5. Erasure is required to comply with a legal obligation under EU or Lithuanian law.

8.6. If the Data Controller refuses to erase Personal Data, it shall inform the User of the reasons for such refusal and explain the applicable legal basis.

8.7. In cases where the erasure of Personal Data is not possible or appropriate, the User has the right to request restriction of processing under the following conditions:

8.7.1. The User contests the accuracy of the Personal Data for a period enabling the Data Controller to verify its accuracy;

8.7.2. The processing of Personal Data is unlawful and the User does not request erasure but requests restriction instead;

8.7.3. The Data Controller no longer needs the Personal Data for the purposes set out in this Privacy Policy, but the User requires the Personal Data to establish, exercise, or defend legal claims;

8.7.4. The User has objected to the processing of Personal Data based on the legitimate interests of the Data Controller, pending verification of whether the Data Controller’s legitimate grounds override those of the User.

8.8. The Data Controller may refuse to comply with a User’s request where such refusal is permitted under applicable legislation, including where it is necessary to:

  • Comply with legal obligations;
    • Ensure public security or prevent crime;
    • Protect the rights and freedoms of other persons; or
    • Comply with other requirements established by the legislation of the Republic of Lithuania or theGeneral Data Protection Regulation.

8.9. The Data Controller shall provide information on actions taken in response to the User’s request free of charge. Where requests are manifestly unfounded, excessive, or repetitive, the Data Controller may charge administrative costs or refuse to act on the request.

8.10. If the User believes that their Personal Data is processed unlawfully or that their rights have been violated, the User has the right to file a complaint with the supervisory authority in Lithuania, the State Data Protection Inspectorate, in accordance with the procedure provided on its official website.

 

CHANGES TO THE PRIVACY POLICY

9.1. The Data Controller may change this Privacy Policy at their discretion. The Data Controller recommends that Users regularly visit the Website to review the latest version of the Privacy Policy.

9.2. The Data Controller may notify the User of significant changes to the Privacy Policy in accordance with the contact information provided by the User. The Data Controller may also take additional measures to the extent required by applicable law, including obtaining the User’s consent for substantial changes. The Data Controller is the sole judge of whether changes are considered substantial. Changes to this Privacy Policy take effect as of the “Last updated” date indicated. Continued use of the Website after such changes have been made means that the User accepts the updated Privacy Policy.

 

CONTACT INFORMATION

10.1. All documents and questions relating to this Privacy Policy may be sent to the following contact:

E-mail: info@lficomponents.com

 

Last updated: 13 March 2026