Publication Date: September 20, 2025
This Privacy Policy (hereinafter referred to as the Policy) defines how MB “MYSTIC SPA” (hereinafter referred to as we or the Data Controller) collects, uses, and protects the personal data that You (hereinafter referred to as the Visitor or Buyer) provide while using the website www.mysticspa.lt (hereinafter referred to as the Website).
We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable laws.
1. Data Controller Details
MB “MYSTIC SPA”
Company Code: 306761346
Phone: +370 659 11173
Email: mysticspavilnius@gmail.com
2. What Personal Data Do We Collect and For What Purposes?
We collect and process the following personal data:
2.1. Purchase Data (for purchasing services or gift vouchers):
Data collected: Name, surname, email address, phone number, delivery address (if delivery via parcel terminal is selected).
Purpose: To conclude and execute the purchase-sale agreement, issue an invoice, deliver your order, and contact you regarding order details.
Legal Basis: Conclusion and performance of a contract (GDPR Art. 6(1)(b)).
Retention Period: 10 years from the date of purchase, as required by laws regulating accounting.
2.2. Payment Data:
During the purchase process, you are redirected to the system of our payment partner, “Paysera LT”, UAB. We do not collect or store your bank card details or banking login data. We only receive confirmation of a successfully completed payment. The data processing policy of “Paysera” is available on their website.
2.3. Website Browsing Data (Cookies):
Data collected: IP address, browsing history on the Website, device type, browser information.
Purpose: To ensure the functionality of the Website, improve the browsing experience, and collect statistical information about Website traffic using the Google Analytics tool.
Legal Basis: Your consent (GDPR Art. 6(1)(a)), which you express by agreeing to the use of cookies in the Website’s cookie banner.
Retention Period: Depends on the specific type of cookie (ranging from the end of the session up to 2 years).
2.4. Inquiry Data:
Data collected: Name, email address, phone number, and the content of your message when you contact us via email or the contact form.
Purpose: To answer your questions and provide necessary information.
Legal Basis: Our legitimate interest in providing high-quality customer service (GDPR Art. 6(1)(f)).
Retention Period: 1 year from the last communication.
3. Who May Your Data Be Disclosed To?
We undertake not to transfer your personal data to third parties, except in the following cases:
To payment partners (“Paysera LT”, UAB) for the purpose of processing your payment.
To companies providing delivery services (e.g., parcel terminal operators), if you have chosen physical delivery of a voucher.
To providers of statistical and analytical services (Google LLC), who help us analyze Website traffic. This data is anonymized.
To law enforcement authorities, if required by applicable laws.
4. Your Rights as a Data Subject
You have the following rights regarding your personal data:
Right to access: To request and receive a copy of your personal data.
Right to rectification: To demand the correction of inaccurate or the completion of incomplete data.
Right to erasure (“Right to be forgotten”): To demand the deletion of your data if it is no longer necessary for the purposes for which it was collected, or if it is being processed unlawfully.
Right to restriction of processing: To restrict the processing of your data under certain circumstances.
Right to withdraw consent: To withdraw your consent to process data at any time, where processing is based on consent (e.g., opting out of cookies).
Right to lodge a complaint: If you believe that your rights have been violated, you have the right to lodge a complaint with the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija).
To exercise these rights, please contact us via email at mysticspavilnius@gmail.com.
5. Use of Cookies
Our Website uses cookies – small text files saved on your device. We use:
Strictly Necessary Cookies: These ensure the main functions of the Website, such as the shopping cart. Without them, the Website would not function properly.
Analytical Cookies (Google Analytics): These collect anonymous information about visitor behavior on the Website, helping us understand how to improve it.
Functional Cookies: These remember your choices (e.g., language) to make browsing more convenient.
When you visit the Website for the first time, you can choose which cookies you agree to use. You can change your choice at any time in your browser settings.
6. Changes to the Policy
We reserve the right to update this Privacy Policy at any time. We will inform you of any significant changes on the Website. The latest version of the Policy will always be available in this section of the Website.