1.1. This Privacy Policy (hereinafter – the “Policy”) sets out the principles and procedures of personal data processing carried out by Barefoot.lt (hereinafter – “we”, “us”) and the terms of operation of our website www.barefoot.lt (hereinafter – the “Website”).
1.2. We aim to ensure that our customers, Website visitors, and other individuals whose personal data we process can fully trust our services and are transparently informed about how we process their data. In this Policy you will find information about how we collect and use (or intend to collect and use) your personal data.
1.3. In our activities, we adhere to the following data processing principles:
1.3.1. Personal data must be processed lawfully, fairly, and transparently in relation to the data subject (lawfulness, fairness and transparency).
1.3.2. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving in the public interest, scientific or historical research or statistical purposes is not considered incompatible with the initial purposes (purpose limitation).
1.3.3. Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation).
1.3.4. Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy).
1.3.5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; longer storage is permissible for archiving in the public interest, scientific or historical research or statistical purposes, provided appropriate technical and organisational measures are implemented to safeguard the rights and freedoms of the data subject (storage limitation).
1.3.6. Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).
1.3.7. We are responsible for and must be able to demonstrate compliance with the principles above (accountability).
1.4. This Policy is drawn up pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR), the Law of the Republic of Lithuania on Legal Protection of Personal Data, and other EU and Lithuanian legislation. Terms used in the Policy have the meanings given in the GDPR and the Lithuanian law.
2.1. Please read this Policy carefully, as it applies directly when you visit the Website and use our services to the collection, processing and, in cases set out herein, transfer of your personal data to data recipients.
2.2. If you do not agree with this Policy and the processing described herein, please do not visit the Website and/or do not use our services.
2.3. You are responsible for ensuring that the data you provide are accurate, correct and complete. Knowingly providing incorrect data constitutes a breach of this Policy. If the data you provided change, you must inform us. We are not liable under any circumstances for damage caused to you and/or third parties due to your provision of incorrect and/or incomplete personal data or failure to request their supplementation and/or amendment after changes.
2.4. The categories of recipients to whom we may disclose your personal data are described under each data processing activity.
2.5. In certain cases, we may disclose your information to recipients other than those indicated:
2.5.1. In order to comply with the law or respond to a mandatory court process (e.g., upon receipt of a court order to provide data);
2.5.2. To establish, exercise or defend the lawfulness of our actions;
2.5.3. To protect our rights, property, or ensure their security;
2.5.4. In other cases with your consent or upon your lawful request.
3.1. To enable you to shop in the online store on the Website, for the purposes of order processing, issuing financial documents, resolving issues related to the provision or delivery of goods, and fulfilling other contractual obligations, we process the following personal data:
3.1.1. First name;
3.1.2. Surname;
3.1.3. Phone number;
3.1.4. Email address;
3.1.5. Residential address;
3.1.6. Delivery address;
3.1.7. Where necessary, additional information provided by the recipient required for delivery (e.g., courier notes).
3.2. The legal bases for processing for e-commerce are GDPR Article 6(1)(b) (processing necessary for the performance of a contract) and Article 6(1)(c) (processing necessary for compliance with a legal obligation).
3.3. For the above purposes we provide data to our partners that render delivery or other services related to proper order fulfilment. IT maintenance providers may also gain access as data processors, processing personal data in a limited scope strictly according to our instructions.
4.1. With your consent, we may provide what is considered “direct marketing” – send newsletters and/or special offers to you by email. The legal basis is your consent.
4.2. You may give consent during checkout by ticking the box to receive direct marketing offers.
4.3. You may also subscribe by entering your email address in the newsletter subscription field on the Website and clicking the adjacent subscribe link.
4.4. Data processed for direct marketing are not provided to third parties; however, IT maintenance providers acting as data processors may access them to a limited extent strictly according to our instructions.
4.5. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
5.1. We enable Website visitors to submit enquiries. For the purpose of responding, we process the following personal data provided by visitors:
5.1.1. First name;
5.1.2. Surname;
5.1.3. Phone number;
5.1.4. Email address.
5.2. Data processed for responding to enquiries are not transferred to third parties; however, IT maintenance providers acting as data processors may access them to a limited extent strictly according to our instructions.
5.3. The legal basis is GDPR Article 6(1)(f) – our legitimate interest to respond and contact persons interested in our products and/or services.
6.1. When processing and storing your personal data, we implement organisational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, as well as any other unlawful processing.
6.2. We apply different retention periods depending on the purpose for which your specific personal data are processed.
6.3. Retention terms:
| No. | Purpose of Processing | Retention Period |
|---|---|---|
| 1 | E-commerce (order processing, issuing financial documents, resolving supply/delivery issues, performance of contractual obligations) | 10 years from the date of purchase |
| 2 | Registration of online store visitors | 3 years from the last login |
| 3 | Newsletters (direct marketing) | 5 years from giving consent |
| 4 | Responding to enquiries | 6 months from receipt of the enquiry |
6.4. Exceptions to the above terms may be set insofar as such deviations do not infringe your rights, comply with legal requirements, and are justified and properly documented.
6.5. If certain personal data are required to establish, exercise or defend legal claims, we will store them for as long as necessary to achieve such purposes in judicial, administrative or extrajudicial proceedings.
7.1. You have the right at any time, by submitting a request, to access your personal data we process and learn how they are processed; to request rectification of incorrect, incomplete or inaccurate data; and to request the suspension of processing (except storage) where data are processed in violation of legal requirements.
7.2. Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
7.3. You may exercise your rights by submitting a written request by email to info@barefoot.lt.
8.1. For questions related to personal data protection, please contact info@barefoot.lt.
8.2. If you are not satisfied with our response or believe we process your data contrary to legal requirements, you have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.
9.1. When you visit the Website, we aim to provide content and functionality that meet your needs. For this purpose, we use cookies. Cookies are small text files stored in your browser or device (computer, mobile phone, tablet).
9.2. Cookies help ensure a better browsing experience on the Website and improve the Website itself.
9.3. Cookies used on our Website can be grouped as follows:
9.3.1. Strictly necessary cookies – enable core functions of the Website (e.g., access to secure areas).
9.3.2. Performance (analytics) cookies – collect anonymous information about how visitors use the Website (visited sections, time spent, error messages) and help us improve performance.
9.3.3. Functional cookies – enhance your experience on the Website; for example, to view your shopping cart or use third-party services such as social media features.
9.4. You can delete or block cookies by selecting the appropriate settings in your browser to refuse all or some cookies. Note that using settings that block cookies (including strictly necessary cookies) may cause issues with the use of all or part of the Website’s functionality.
10.1. When using third-party services, for example visiting our page on the social network “Facebook”, third-party terms may apply. “Facebook” applies its Data Policy to all users and visitors. Therefore, when using such services, we recommend that you review their applicable terms.
11.1. The legal relations related to this Policy are governed by the law of the Republic of Lithuania.
11.2. This Policy is reviewed and, where necessary, updated at least once every two years. Amendments enter into force on the day they are published on the Website.
11.3. If you use the Website and our services after the Policy is updated, we will assume that you do not object and are familiar with the changes made.