Privacy Policy

This Privacy Policy sets out the main rules, principles and procedures for how UAB “Siuntų fabrikas”, legal entity code 302929490, with its registered office address at Juodvarnių sodų 16-oji g. 33, Vilnius, e-mail: [[email protected]](mailto:[email protected]) (hereinafter – the Data Controller or NoParcels), processes users’ personal data when using the websites it operates:

• www.noparcels.com,
• app.noparcels.com

(hereinafter – the Websites).

This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), the Law of the Republic of Lithuania on the Legal Protection of Personal Data, and other applicable legal acts governing the protection of personal data.

The personal data provided and processed on the Websites is collected, used and stored only on the grounds, for the purposes and in the manner set out in this Privacy Policy.

This policy applies to all website users who use services, submit inquiries or otherwise transfer their personal data through the Websites.

1. GENERAL PROVISIONS

1.1. Personal data – any information that allows a User to be identified directly or indirectly. For example: name, surname, e-mail address, telephone number, postal address, postal code, IP address and other information that Users voluntarily provide when registering, ordering services on the Websites noparcels.com, app.noparcels.com.

1.2. Cookies – small text files that a website can store in the user’s browser or device. They help to automatically collect data about the User’s behaviour on the website (e.g., traffic, session duration, page views, technical settings, browsing history, clicks, etc.) and to improve the website’s functionality, tailor content and services to the user’s needs.

1.3. All information related to Personal Data is processed confidentially, for lawful and defined purposes, in accordance with the principles of fairness and proportionality, and is stored no longer than necessary, taking into account the established purposes of data processing.

1.4. The processing of personal data is carried out in compliance with the provisions of this Privacy Policy, the Law of the Republic of Lithuania on the Legal Protection of Personal Data, the General Data Protection Regulation (GDPR) and other applicable legal acts.

2. COLLECTION AND USE OF PERSONAL DATA

Registration rules on the Websites:

2.1. When registering on NoParcels Websites, Users must provide accurate, complete and truthful information about themselves. Users undertake to update the data they have provided themselves when it changes. NoParcels reserves the right to remove incorrect or misleading data, restrict the provision of services or cancel an account if it becomes clear that the data was inaccurate or false.

2.2. The User is responsible for maintaining the confidentiality of the password granting access to the account. Data transmission via the Internet is not completely secure – NoParcels takes all reasonable technical measures, however it cannot guarantee absolute security of transmission.

Collection and use of information:

2.3. NoParcels collects and processes the following Personal Data:

• Name, surname
• Address, postal code
• Telephone number
• E-mail address
• Other contact details specified in registration or order forms.

2.4. The collected data is used for the following purposes:

• 2.4.1. Administration of orders, registrations and other activities related to the provision of services;
• 2.4.2. Transferring the information provided by the User to the relevant carrier in order to deliver the shipment;
• 2.4.3. Preparation and issuance of financial documents (e.g., invoices);
• 2.4.4. Resolving issues related to the fulfilment of orders (errors, discrepancies, returns);
• 2.4.5. Informing about changes to the website, service updates;
• 2.4.6. Statistical analysis of service usage that does not allow identification of a specific User – such data may be transferred to third parties;
• 2.4.7. Marketing purposes – to analyse user behaviour, provide tailored offers, assess advertising effectiveness;
• 2.4.8. Performance of contractual obligations related to users’ services, orders and communication.

3. Transfer of personal data to third parties

3.1. NoParcels may transfer the User’s personal data to third parties only on a lawful basis and only to the extent necessary to achieve the specified purposes. Data is transferred in the following cases:

3.1.1. For service performance – when data transfer is necessary to implement the purposes specified in Section 2 (e.g., data is transferred to carriers, payment service providers, IT system administrators or customer service partners);

3.1.2. Under legal acts – when the transfer of personal data is necessary under the requirements of the legal acts of the Republic of Lithuania or the EU (e.g., to law enforcement authorities, supervisory authorities, the tax administrator, debt collection companies, etc.);

3.1.3. To ensure legitimate interests – when it is necessary to protect the rights of NoParcels or third parties, prevent fraud or reduce credit risk;

3.1.4. In cases of business restructuring – when NoParcels transfers data due to company restructuring, merger, licensing, transfer or sale of all or part of assets. In such a case, personal data is transferred only in compliance with legal requirements and ensuring adequate protection;

3.1.5. To data processors (service providers) – NoParcels may engage third parties (data processors) who process data on behalf of NoParcels and only under given instructions (e.g., cloud service providers, IT infrastructure maintenance companies, marketing partners). Data processing agreements are concluded with these entities in accordance with GDPR requirements;

3.1.6. Transfers outside the European Economic Area (EEA) – where certain services or technological solutions require transferring data to third countries, NoParcels ensures that data is transferred only to countries recognised as ensuring an adequate level of protection, or on the grounds provided for in Articles 46–49 of the GDPR (e.g., standard contractual clauses approved by the European Commission).

4. Transfer of personal data to third parties

4.1. NoParcels may transfer Users’ personal data to third parties only if it is necessary in the following situations:

4.1.1. to implement the purposes provided for in these Privacy Rules (especially in Section 2), e.g., to fulfil service provision obligations, transfer data to carriers or payment service providers;

4.1.2. where required by applicable legal acts of the Republic of Lithuania or the EU, or by law enforcement authorities;

4.1.3. to protect against fraud or other legal violations and to manage or reduce credit risk;

4.1.4. when selling, transferring or licensing part or all of NoParcels’ business, its shares or assets (including the transfer of data to authorised business successors);

4.1.5. when transferring data to debt collection companies, legal representatives or other authorised entities where it is necessary to recover the user’s debts under applicable agreements or legal acts.

4.1.6. To data processors (service providers) – NoParcels may engage third parties (data processors) who process data on behalf of NoParcels and only under given instructions (e.g., cloud service providers, IT infrastructure maintenance companies, marketing partners, as well as business intelligence (BI) or customer relationship management (CRM) service providers that help analyse service use or improve the user experience). Data processing agreements are concluded with these entities in accordance with GDPR requirements;

5. Correction of personal data

5.1. The User has the right at any time to review, correct, change or update the personal data provided in the registration form or account by logging into the account or by contacting via e-mail: [email protected].

5.2. NoParcels takes reasonable measures to ensure that the personal data provided by the User is accurate, complete and updated to the extent necessary for the purposes of service provision. Upon the User’s request, inaccurate or changed personal data will be corrected without delay, taking into account the nature of the processing and the requirements of legal acts.

5.3. The User also has the following rights, which may be exercised by submitting a request by e-mail:

– Right to be forgotten: the User may request that their personal data be deleted if it is no longer necessary for the purposes of service provision or is processed unlawfully;

– Right to restrict processing: the User may request the temporary suspension of processing, e.g., while its accuracy or lawfulness is being verified;

– Right to object to processing: the User has the right to object to the processing of their data when it is carried out on the basis of legitimate interest (e.g., direct marketing);

– Right to data portability: the User has the right to receive their personal data in a structured, commonly used and machine-readable format and to request that it be transferred to another controller;

– Right to withdraw consent: where processing is based on consent, the user has the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5.4. NoParcels processes only the User’s personal data that is necessary for the provision of specific services, in accordance with applicable legal acts, lawful grounds and (where applicable) the User’s consent.

5.5. If the User believes that their rights related to the processing of personal data have been violated, they have the right to lodge a complaint with the State Data Protection Inspectorate (SDPI): [https://vdai.lrv.lt](https://vdai.lrv.lt)

6. Rights of data subjects

The User (data subject) is granted the following rights under the General Data Protection Regulation (GDPR), which may be exercised by submitting a free-form request by e-mail indicated on NoParcels Websites:

6.1. Right of access to data The User has the right to obtain confirmation as to whether NoParcels processes their personal data. If so, the User must be provided with information about: – the categories of processed data, – the purposes of processing and the legal basis, – the recipients of the data or categories of recipients, – the data retention period or the criteria used to determine it, – the right to lodge a complaint with a supervisory authority, – the sources of personal data (if the data was not collected directly from the User), – the existence of automated decision-making (if applicable), including profiling.

6.2. Right to rectify data The User has the right to request that inaccurate or incomplete personal data be rectified or completed without undue delay.

6.3. Right to erase data (“right to be forgotten”) The User may request the erasure of their personal data if: – the data is no longer necessary for the purposes for which it was collected; – the User withdraws the consent on which the processing was based; – the data was processed unlawfully; – the data must be erased to comply with a legal obligation; – the data was collected in relation to the offer of information society services to a child. This right may be restricted if processing is necessary for compliance with legal obligations or on grounds of public interest.

6.4. Right to restrict processing The User may request restriction of the processing of their personal data if: – the accuracy of the data is contested (processing is restricted while accuracy is verified); – the data is processed unlawfully, but the User opposes erasure; – NoParcels no longer needs the data, but the User needs it for legal claims, exercising or defending them; – the User has objected to processing pending verification whether NoParcels’ legitimate grounds override those of the User.

6.5. Right to object to processing The User has the right at any time to object to processing of their data where processing is based on legitimate interest, including profiling or direct marketing. In such case, NoParcels will no longer process the data unless it demonstrates compelling legitimate grounds.

6.6. Right to data portability The User has the right to receive the personal data they have provided in a structured, commonly used and machine-readable format and, where technically feasible, to request that the data be transmitted directly to another controller.

6.7. Right to withdraw consent Where processing of personal data is based on consent, the User has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

6.8. Right to lodge a complaint with a supervisory authority The User has the right to lodge a complaint regarding the processing of their personal data with the State Data Protection Inspectorate (SDPI): [https://vdai.lrv.lt](https://vdai.lrv.lt)

6.9. Identity verification: When exercising the rights of the data subject (e.g., a request for erasure, portability or access), NoParcels has the right to take reasonable measures to verify the identity of the applicant. In such cases, NoParcels may request additional information to ensure that the personal data belongs to the applicant, in order to ensure data security and prevent unlawful disclosure.

7. Submission of information and complaints

7.1. The User has the right to contact NoParcels with requests, complaints or questions related to the processing of personal data by e-mail indicated on the website (e.g., [email protected]). Requests may be submitted in writing or by e-mail, at the user’s choice.

7.2. NoParcels will provide a response in the same manner in which the message was received unless the User clearly indicates another preferred form of response.

7.3. Contact information (e-mail, address or other channels) is publicly published on the website so that the User can easily and transparently exercise their rights regarding the Privacy Policy and personal data.

7.4. A response to the User’s request will be provided no later than within 1 (one) month from the date of receipt of the request. Where necessary, this period may be extended by a further 2 (two) months, and the User will be informed accordingly.

8. Legal bases for processing personal data and user choice

8.1. By providing their personal data, the User agrees that it will be processed under the conditions of this Privacy Policy on one or more of the legal bases set out in the GDPR, including but not limited to: consent, performance of a contract, compliance with a legal obligation, or legitimate interest.

8.2. NoParcels may send the user administrative (orders, contracts, etc.) and service-related information that is necessary to fulfil the User’s orders.

8.3. NoParcels may also send newsletters or marketing offers if the User has clearly given consent. The User has the right to unsubscribe from such messages at any time using the unsubscribe link provided in each e-mail or by contacting NoParcels by e-mail.

8.4. After opting out of marketing messages, NoParcels will still send information necessary for service performance, e.g., order, shipment or payment confirmations, invoices, service change notices, etc.

9. Cookies

9.1. Cookies – small text files stored on the User’s device to ensure proper operation of the website, analyse browsing habits and tailor services to the user’s needs. Different categories of cookies are used on NoParcels Websites (noparcels.com, app.noparcels.com), and clear information is provided to the User in the cookie consent banner. We may use necessary cookies without the User’s consent; other cookies are used only with explicit consent.

9.2. Necessary cookies – these cookies are required for the technical operation of the website and are always active. They enable functions such as secure login, saving browsing data or submitting orders. These cookies do not store personal identification data and collect only anonymous or pseudonymised information (e.g., session ID, language selection, browser or device identifier).

Examples:

• PHPSESSID – session management (until the end of the session);
• cookie_consent – storing the user’s cookie preferences (1 year).

9.3. Statistics cookies – used to analyse how Users interact with the website in order to improve its structure, content and user experience. They allow measuring traffic, bounce rates, page popularity, visit duration and click behaviour. These cookies are generally used only with the User’s consent, as they may be related to the processing of personal data.

Examples:

• Google Analytics (_ga, _gid);
• Hotjar (scroll behaviour, heatmaps);
• Matomo (visit duration, action analysis).

9.4. Marketing cookies – used to display personalised advertising based on the user’s browsing history. They help build user profiles, show relevant offers or reminders (e.g., about an abandoned cart), and track the effectiveness of advertising campaigns. These cookies are also used only with the User’s consent.

Examples:

• Facebook Pixel – ad targeting on Meta platforms;
• Google Ads Conversion Tracking (_gcl_au);
• LinkedIn Insight Tag – audience analytics for B2B services.

9.5. Other cookies – cookies that are not yet assigned to a specific category and are being analysed. They are also not activated without the User’s consent.

9.6. Cookie management – the User can change or withdraw consent for the use of cookies at any time by clicking the “Cookie settings” link on the website or by changing browser settings. However, disabling certain cookies may cause some website functions not to work properly.

Link to the cookie policy

10. Links to other websites

10.1. NoParcels Websites may contain links to websites, systems or services operated by third parties. This Privacy Policy applies only to websites operated by NoParcels (e.g., noparcels.com, app.noparcels.com), therefore NoParcels is not responsible for the privacy practices or content of third-party websites.

10.2. If, while using the NoParcels website, a visitor clicks a link and is taken to a third-party website, they must independently familiarise themselves with that website’s privacy policy. NoParcels has no control over and is not responsible for personal data processed on such websites or the data protection measures applied there.

10.3. NoParcels Websites may display third-party advertisements or embedded content that may use their own cookies or tracking technologies. NoParcels does not control them and assumes no responsibility for the content provided by such services or websites or their data collection practices.

11. Amendments to the Privacy Rules

11.1. NoParcels reserves the right to update or amend this Privacy Policy at any time to comply with legal requirements or changes in service provision. The User will be clearly informed of material changes related to the processing of personal data on the Websites or by e-mail, if such information is available.

11.2. Amendments to the Privacy Policy take effect from the date of publication on the website, unless another effective date is indicated.

11.3. By continuing to use NoParcels services after amendments to the Privacy Policy, the User confirms that they have familiarised themselves with the updated version and agree to it. If the User does not agree with the new version, they have the right to stop using the services and may exercise the rights of data subjects.

12. Final provisions

12.1. This Privacy Policy is governed by the law of the Republic of Lithuania, unless another law must mandatorily apply under the GDPR or international agreements.

12.2. Any disputes arising in connection with the implementation or interpretation of this Privacy Policy shall be resolved through negotiations. If an agreement cannot be reached, disputes shall be resolved in accordance with the procedure established by the laws of the Republic of Lithuania under the general rules of jurisdiction, except where another jurisdiction is applicable under the GDPR.

12.3. This Privacy Policy regulates the basic rules, principles and procedure for how UAB “Siuntų fabrikas”, operating through the websites noparcels.com, app.noparcels.com collects, uses, stores and processes the User’s provided personal information.

 

Published on 2025 07 21