Privacy Policy

This policy explains how Chiromantija.com collects, uses, stores, and protects your personal data under GDPR and applicable Lithuanian laws.

1. Data controller and contact details

Chiromantija.com is operated by ETK IT Studio, MB (data controller).

  • Legal name: ETK IT Studio, MB
  • Company code: 307200519
  • Address: Trinapolio g. 3-36, LT-08337 Vilnius, Lithuania
  • Phone: +370 63420465
  • Email: [email protected]
  • Privacy contact: [email protected] (if a Data Protection Officer is appointed, their contact details will be published on this page).

2. Personal data we collect

  • Order data: email address, selected reading type, language, order metadata.
  • Uploaded files: palm photos used to deliver the service.
  • Payment data: processed by payment providers (we do not store card details).
  • Technical data: IP address, device/browser data, logs, and cookie identifiers.
  • Communications: messages you send to support.

3. Purposes and legal bases (GDPR Article 6)

  • Contract performance (Article 6(1)(b)): to process orders, deliver reports, and provide support.
  • Legal obligation (Article 6(1)(c)): to keep accounting and transaction records.
  • Legitimate interests (Article 6(1)(f)): to secure services, prevent fraud, and improve product quality.
  • Consent (Article 6(1)(a)): to use optional analytics/marketing cookies and similar tracking tools, where required.

4. Data source and requirement to provide data

Most personal data is provided directly by you. Some technical data is collected automatically. If mandatory order data is not provided, we may be unable to deliver the service.

5. Data recipients and processors

We share data only when necessary with trusted service providers, including hosting/infrastructure providers, payment processors (Paysera, PayPal), email delivery providers, analytics tools (such as Google Analytics), advertising platforms (such as Meta, where consent is given), and anti-spam/security providers. Processors are contractually required to protect personal data. We do not sell your personal data.

6. International data transfers

Data is primarily processed in the European Union. If data is transferred outside the EEA, we apply safeguards required by GDPR (such as adequacy decisions or standard contractual clauses).

7. Data retention periods

  • Order and service data: up to 90 days after delivery unless a longer period is required for dispute handling.
  • Uploaded photos and analysis materials: up to 90 days after service delivery, then deleted earlier on request where legally possible.
  • Financial/accounting records: 10 years, as required by Lithuanian law.
  • Cookie preferences and technical logs: for periods defined by technical necessity and cookie settings.

8. Data security

We use organizational and technical measures, including access control, secure hosting environments, encrypted transmission where applicable, and restricted access to personal data based on need-to-know principles.

9. Automated decision-making

We do not use fully automated decision-making that produces legal or similarly significant effects under GDPR Article 22.

10. Your rights under GDPR

  • Right of access to your personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten"), where applicable.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time, where processing is based on consent.

11. Consent withdrawal and marketing choices

Where processing is based on your consent, you can withdraw that consent at any time using Privacy Choices or by contacting us. Consent withdrawal does not affect the lawfulness of processing carried out before withdrawal. You can also opt out of direct marketing at any time.

12. How to exercise your rights

Send your request to [email protected]. We may ask for identity verification before processing requests. We respond within one month, unless GDPR allows an extension.

13. Right to complain

You can file a complaint with the State Data Protection Inspectorate of Lithuania (Valstybine duomenu apsaugos inspekcija, VDAI): vdai.lrv.lt, or with the supervisory authority in your EEA country of habitual residence.

14. Cookies and privacy controls

We use essential cookies and optional analytics/marketing cookies. You can manage your choices through Privacy Choices. More details are available in our Cookie Policy.

15. Children

Our services are intended for adults (18+). We do not knowingly collect personal data from children.

16. Policy updates

We may update this policy from time to time. The latest version is always published on this page.

Last updated: 2026-02-10