Back to the site

Privacy Policy

Effective Date: 2025-08-11
Last Updated: 2025-08-11

This Privacy Policy (“Policy”) explains how Fotografe Aurelija (“Fotografe Aurelija”, “we”, “us”, “our”) collects, uses, discloses, and safeguards personal data in connection with:

  • Our website https://fotografeaurelija.lt (the “Website”);
  • Our services, including photography, 3D visuals, and event hosting (together, the “Services”).

It applies to customers, suppliers, event participants, and other third parties we interact with in the course of providing our Services.

If you are a member of staff, a separate internal privacy notice applies.

1. About Us

  • Business Name: Fotografe Aurelija
  • Legal Form: Freelance photographer registered in Lithuania
  • Registration Number: 899 744
  • Registered Office: Pulko g. 2-427, Vilnius, Lithuania
  • Email: aurelija@lumastudio.lt
  • Data Controller: Fotografe Aurelija

We are the data controller of the personal data we process, unless otherwise stated.

Supervisory Authority in Lithuania:
Valstybinė duomenų apsaugos inspekcija (State Data Protection Inspectorate)
Website: https://vdai.lrv.lt/
Tel: +370 5 279 1445
Email: ada@ada.lt

2. Personal Data We Collect

We may collect the following categories of personal data:

A. Contact Data — name, email, phone number, job title, organisation name, country.
B. Payment Data — bank account details, transaction information.
C. Profile Data — preferences, event attendance records.
D. Image Data — photographs, video recordings.
E. Behavioural Data — browsing activity, interaction with emails (via cookies, pixels, tags).
F. Technical Data — IP address, browser type, operating system, geolocation.

3. How We Collect Data

We collect personal data:

  • Directly from you (forms, email, events, phone calls, contracts).
  • Automatically (cookies, analytics tools).
  • From third parties (business partners, publicly available sources).

4. Legal Bases for Processing (GDPR)

We process your personal data under the following GDPR legal bases:

  • Article 6(1) (a) — Consent (e.g., marketing, certain use of images).
  • Article 6(1) (b) — Contract (e.g., fulfilling service agreements).
  • Article 6(1)© — Legal obligation (e.g., invoicing, tax compliance).
  • Article 6(1) (f) — Legitimate interest (e.g., improving services, security, defending legal claims).

5. How We Use Your Personal Data

We use your data for:

  • Providing and managing our Website and Services.
  • Customer service and responding to enquiries.
  • Event registration and participation management.
  • Marketing communications (with consent or where permitted).
  • Improving our Website and Services through analytics.
  • Recruitment and supplier relationship management.
  • Security and legal compliance.

6. Marketing Communications

  • We may send you email marketing if you have given consent or if you are an existing client (within GDPR’s “soft opt-in” rules).
  • You can opt out anytime via an unsubscribe link or by contacting us.

7. Cookies and Analytics

We use cookies, web beacons, and similar technologies for analytics and marketing.
Full details are available in our Cookie Policy.

8. Sharing Your Data

We may share personal data with:

  • Service providers (IT, hosting, analytics, payment processing).
  • Event partners and suppliers.
  • Professional advisers (lawyers, accountants).
  • Law enforcement, regulators, and courts (where required).

We do not sell your personal information.

9. International Transfers

If we transfer your personal data outside the EEA, UK, or Lithuania, we will:

  • Use adequacy decisions where applicable (e.g., EU–US Data Privacy Framework).
  • Use Standard Contractual Clauses (SCCs) when required.

10. Data Retention

  • Client records: up to 6 years after last service.
  • General contact data: up to 3 years after last interaction.
  • Event data: only as long as needed for the event’s purpose.
  • Suppression lists (for marketing opt-outs): indefinitely.

11. Security

We implement technical and organisational measures to protect your personal data against:

  • Unauthorised access
  • Loss or theft
  • Alteration or misuse

12. Children’s Privacy

  • We do not knowingly collect data from children under 13.
  • If we learn we have collected such data without parental consent, we will delete it.
  • This complies with COPPA (Children’s Online Privacy Protection Act) in the US and relevant EU rules.

13. Your Rights (EU & Lithuania)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccuracies
  • Erase data (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing (including marketing)
  • Withdraw consent at any time
  • Lodge a complaint with State Data Protection Inspectorate

14. Additional Rights for US Residents

If you are a resident of certain US states (e.g., California, Virginia, Colorado), you have additional rights under state privacy laws (e.g., CCPA/CPRA):

  • Right to know the categories and specific pieces of personal information collected.
  • Right to request deletion of personal information.
  • Right to opt out of the sale or sharing of personal information (we do not sell personal data).
  • Right to non-discrimination for exercising privacy rights.

To exercise these rights, email aurelija@lumastudio.lt.

15. How to Contact Us

Email: aurelija@lumastudio.lt
Address: Pulko g. 2-427, Vilnius, Lithuania

16. Changes to This Policy

We may update this Privacy Policy from time to time.
We will notify you of significant changes via email or a notice on our Website.

User Agreement, Privacy policy
Site by wfolio