Privacy policy
In this Privacy Policy (hereinafter referred to as the “Privacy Policy”), we provide information on how ChocoGroup, company code 302687215, registered office address at Technikos g. 7A, Ilgakiemis, Kaunas District, LT-53288 (hereinafter referred to as the “Data Controller”) processes your personal data on the website www.chocogroup.eu.
You can contact the Data Controller using the following details:
Phone: +370 657 55 252
Email: [email protected]
Address: Technikos g. 7A, Ilgakiemis, Kaunas District, LT-53288
What personal data do we process?
|
Purpose |
Data |
Legal Basis |
Storage Time |
Who Can We Share It With? |
|
Conclusion and execution of contracts with legal entities |
First name, last name, contact information, other data in the contract. |
Legitimate interest in conducting business |
10 years after the contract ends |
– |
|
Conclusion and execution of contracts with individuals |
First name, last name, address, email address, phone number. |
Contract |
10 years after the contract ends |
Payment service providers |
|
Order delivery |
First name, last name, phone number, email address, address, self-service parcel terminal information, parcel number. |
Contract |
10 years after the contract ends |
Courier services, delivery service providers, post office |
|
Payment refund |
First name, last name, bank account number, other details |
Contract, legal obligation |
10 years after the payment transaction |
Payment service providers |
|
Creation and administration of user accounts on the website |
First name, last name, account name and password, phone number, email address, address |
Contract |
2 years after the last login to the account |
– |
|
Direct marketing (newsletters, event invitations, offering similar products or services) |
First name, last name, email address, phone number |
Consent |
2 years after consent is obtained |
Newsletter sending service |
|
Legitimate interest in offering similar products/services to customers |
2 years after the person has purchased products or services |
|||
|
Social media account management |
Unique ID, IP address, device information. |
Consent / Legitimate interest in communicating with customers |
As long as the social media site visitor is a follower of the accounts |
Social network (joint controllers) |
How do we process your personal data on social networks?
The information you provide to us on social media when you visit our accounts (including messages, use of “Like” boxes, and other communications) is controlled by us jointly with the operators of the social networks as joint controllers of personal data.
We currently have the following social media accounts:
“Facebook – [●], whose privacy notice is available at https://www.facebook.com/privacy/
Instagram – [●], whose privacy notice is available at https://help.instagram.com/519522125107875
Linkedin – [●], whose privacy notice is available at https://www.linkedin.com/legal/privacy-policy
We recommend that you read the privacy notices of the third parties, and that you contact the providers directly if you have any questions about their use of your personal data.
Who can we transfer your personal data to?
We may transfer information about you to our employees, agents, service providers such as debt management or collection companies, archiving service providers, legal, marketing services, IT service providers or subcontractors as reasonably necessary for the purposes set out in this Privacy Policy.
We may also disclose information about you if we are required to do so by law or in order to protect our rights or interests (including disclosing your personal data to third parties in order to collect debts owed to us by you), in connection with the contemplated transfer of the business or part of the business or its assets, or in connection with the reorganisation of the company, or in connection with these processes, by disclosing your personal data to the (prospective) acquirer of the business or its assets or to the other parties to the reorganisation.
How is your personal data processed?
Your personal data will be processed in accordance with the General Data Protection Regulation (hereinafter referred to as “GDPR”), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal requirements. The Data Controller shall, both when establishing the means of processing personal data and during the processing itself, implement appropriate technical and organisational measures provided for in the legislation for the protection of data protection, designed to protect the personal data processed against accidental or unlawful destruction, damage, alteration, loss, disclosure, as well as against any other unauthorised processing. The appropriate measures shall be determined taking into account the risks arising from the processing of personal data.
Cookie Declaration
Strictly Necessary cookies
| Cookie key | Domain | Path | Cookie type | Expiration | Description |
|---|---|---|---|---|---|
| cf_clearance | .chocogroup.eu | / | First-party | 1 year | This cookie is used by the CloudFlare service to identify trusted web traffic and override any security restrictions based on the visitor’s IP address. It is essential for supporting a website’s security features and in providing protection against malicious visitors. |
Performance cookies
| Cookie key | Domain | Path | Cookie type | Expiration | Description |
|---|---|---|---|---|---|
| sbjs_migrations | .chocogroup.eu | / | First-party | Session | This cookie is used to track user interactions and migration between different pages or sections of the website to improve user experience and website performance analytics. |
| sbjs_udata | .chocogroup.eu | / | First-party | Session | This cookie is used to store user-specific data to help monitor and analyze the effectiveness of the advertising campaigns and optimize the user experience on the website. |
| sbjs_current_add | .chocogroup.eu | / | First-party | Session | This cookie is used to store information about the current visit to distinguish between users and sessions. It typically includes details such as source of traffic, campaign data, and user behavior to help in tracking and analyzing the effectiveness of marketing campaigns. |
| sbjs_first_add | .chocogroup.eu | / | First-party | Session | This cookie is used to store details about the user’s first visit to the website, including timestamp, referring site, and source of the traffic, to assess the effectiveness of marketing campaigns and website sources. |
| sbjs_current | .chocogroup.eu | / | First-party | Session | This cookie is used to track users’ activities and interactions across the website to facilitate better analysis and understanding of traffic sources and user behavior. |
| sbjs_first | .chocogroup.eu | / | First-party | Session | This cookie is used to store information about the user’s first session on the website. It tracks details such as the source from which the user came, the path they took, which search engine and keyword were used, and their location at the time of the first visit. This information is used to analyze and improve the website’s performance by understanding user behavior. |
| sbjs_session | .chocogroup.eu | / | First-party | 29 minutes 52 seconds | This cookie is used to track user activity and sessions to improve the performance and usability of the website, helping to understand how visitors interact with the website. |
Functionality cookies
| Cookie key | Domain | Path | Cookie type | Expiration | Description |
|---|---|---|---|---|---|
| wp-wpml_current_language | chocogroup.eu | / | First-party | Session | Stores the current language. By default, this cookie is set only for logged-in users. If you enable the language cookie to support AJAX filtering, this cookie will also be set for users who are not logged in. |
What are your rights?
Below you can find information about your rights in relation to the processing of your personal data by the Data Controller and when you can exercise these rights. If you would like more information about your rights or to exercise them, please contact us at the email address set out in this Privacy Policy.
- You can contact us at any time to ask if we are processing any of your personal data. If we store or use your personal data in any way, you have the right to access it. To do so, please submit a written request to us at the email address set out in this Privacy Policy. We may ask you to confirm your identity in order to fulfil your request. Please observe the principles of fairness and reasonableness when making such a request.
- If you have given us your consent to the processing of your data, you may withdraw it at any time by contacting us at the email address provided in this Privacy Policy.
- You have the right to ask us to correct any inaccuracies in the data we hold. In this case, we may ask you to confirm the corrected information.
- You have the right to ask us to delete your personal data. This right shall be exercised in the cases provided for in Article 17 of the GDPR.
- You have the right to ask us to restrict or not to process your personal data.
- You have the right to the transfer of data which is processed by automated means and which we have received from you with your consent or for the purpose of concluding a contract. If you exercise this right, we will transfer a copy of the data you have provided to us upon your request.
- You have the right to object to our use of your personal data in accordance with Article 21 of the GDPR.
How can you exercise your rights?
To exercise your rights, please submit your requests, complaints or claims in writing to us at the contact details provided in this Privacy Policy.
We will respond to any requests, complaints or claims we receive in writing in accordance with the procedures and deadlines set out by law. We will endeavour to provide you with the information as soon as possible, but no later than 30 days after receiving your request.
If, after receiving a request, complaint or demand, we are suspicious about the identity of the person making the request, we have the right to ask for the identity document of the person making the request.
Complaints
If you believe that your rights as a data subject have been and/or may be violated, please contact us immediately at the email address set out in this Privacy Policy. We assure you that only upon receipt of your complaint, we will contact you within a reasonable period of time to inform you of the progress of the investigation of the complaint and the subsequent outcome. If you are not satisfied with the outcome of the investigation, you may lodge a complaint with the supervisory authority, the State Data Protection Inspectorate (www.vdai.lrv.lt/).
Responsibility
You are responsible for ensuring that the data you provide to us is accurate, correct and complete. If the data you have provided us with changes, you must inform us immediately by email. In no event shall we be liable for any damage caused to you as a result of your providing incorrect or incomplete personal data or your failure to inform us of any changes to it.
Privacy Policy updated on 1 July 2025.
