Privacy policy

Last updated: 2026-03-09

1. Introduction and Scope

1.1. This Privacy Policy sets out how Groomica, UAB (hereinafter – We, the Company or the Data Controller) collects, uses, stores, and processes personal data when customers (hereinafter – You, the Customer) use our online store and related services.

1.2. The Policy applies in all cases when you visit our website, purchase products, communicate with us via email, or subscribe to our newsletters.

1.3. Personal data means any information that can directly or indirectly identify a natural person, such as name, surname, email address, telephone number, IP address, or order history.

1.4. In processing personal data, we comply with:

  • The General Data Protection Regulation (EU) 2016/679 (GDPR);
  • The Law on Legal Protection of Personal Data of the Republic of Lithuania;
  • The Civil Code of the Republic of Lithuania;
  • The Law on Electronic Commerce;
  • Other applicable legal acts.

1.5. If you do not agree with the provisions of this Policy, please do not use our services or website. Please note that some data (e.g., essential cookies, order data) are mandatory for the performance of the contract and cannot be deleted without terminating our business relationship.

2. Data Controller

2.1. The Data Controller responsible for processing your personal data is:

Groomica, UAB
Company code: 307092132
VAT code: LT100017601817
Registered office: Pašventės k. 11, Pašventės k., Ignalinos r., Lithuania
Email: hello@groomica.eu

2.2. We have not appointed an official Data Protection Officer (DPO), but for any questions related to your personal data or this Policy, you may contact us at: hello@groomica.eu

2.3. When submitting a data protection request, please indicate your name, surname, contact details, and the nature of your request so that we can process it promptly and respond within the deadlines set by the GDPR.

3. Data We Collect

3.1. We collect the following categories of your personal data:

3.1.1. Customer account data

  • Name, surname
  • Email address
  • Password (encrypted, not visible to us)
  • Account creation and last login dates

3.1.2. Order data

  • Shopping cart information
  • Delivery address (street, city, postal code, country)
  • Phone number
  • Order history

3.1.3. Payment data

  • Payment method (card, Apple Pay, Google Pay, Klix, ESTO, Klarna, etc.)
  • Payment amount, currency
  • Payment status

Note: We do not store or see full card details – they are processed by our payment providers in accordance with PCI DSS security standards.

3.1.4. Communication data

  • Subscription status
  • Email open statistics
  • Click-through data
  • Submitted inquiries, complaints, or feedback

3.1.5. Browsing and device data

  • IP address
  • Browser type and version
  • Device operating system
  • Browsing history on our website
  • Data collected through cookies and pixels

3.1.6. Social media data

  • Information you provide when messaging or commenting on social networks
  • Interaction with our ads (clicks, views, conversions)
  • Advertising campaign performance data

4. Purposes and Legal Bases of Data Processing

4.1.1. Contract performance

  • To accept, process, and deliver orders.
  • To provide customer service (handling inquiries, warranty, returns).
  • To administer payments.

Legal basis: GDPR Art. 6(1)(b) – performance of a contract.

4.1.2. Compliance with legal obligations

  • To issue invoices and maintain accounting records.
  • To retain data as required by law.

Legal basis: GDPR Art. 6(1)(c) – legal obligation.

4.1.3. Consent

  • To send newsletters, offers, and promotions.
  • For marketing activities on Facebook, Instagram, TikTok, and Google Ads.
  • For analytical and marketing cookies.

Legal basis: GDPR Art. 6(1)(a) – consent.

4.1.4. Legitimate interests

  • To improve our website, services, and customer experience.
  • For direct marketing to existing customers where permitted by law.
  • To prevent misuse, fraud, or abuse.

Legal basis: GDPR Art. 6(1)(f) – legitimate interests.

5. Data Sharing with Third Parties

5.1. We do not sell or disclose your personal data to third parties except where necessary for service provision or compliance with legal obligations.

5.2. Service providers and partners:

  • Shopify – e-commerce platform ensuring the operation of the store.
  • DPD, FedEx – for order delivery.
  • Omnisend – for newsletters and automated messages.
  • Google (Google Analytics, Google Ads) – for website analytics and advertising.
  • Meta (Facebook, Instagram) – for social media marketing and advertising.
  • TikTok – for advertising campaigns.

5.3. All service providers process data only to the extent necessary for their functions and may not use it for their own purposes.

5.4. We may disclose your data to government authorities or law enforcement agencies if required by law.

5.5. Some of our partners (e.g., Shopify, Meta, Google) are located outside the EU. In such cases, we ensure that data is transferred only under appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCC) or certification under the EU–US Data Privacy Framework.

6. Cookies and Tracking Technologies

6.1. Our website uses cookies and other tracking technologies to improve website functionality, analyze visitor behavior, and deliver targeted advertising.

6.2. Types of cookies we use:

  • Essential cookies – ensure proper website functionality (e.g., cart, checkout). These cannot be disabled.
  • Analytical cookies – help us understand how visitors use the site (e.g., Google Analytics).
  • Marketing cookies – used to display targeted advertising (e.g., Facebook Pixel, TikTok Pixel, Google Ads).
  • Functional cookies – allow us to remember your preferences (e.g., language, login).

6.3. When you first visit the site, you are presented with a cookie consent notice where you can choose which cookies to allow. You can change your cookie settings at any time through your browser settings.

7. Automated Decision-Making and Profiling

7.1. We may use automated data analysis to show you personalized offers, adjust advertising based on your browsing history, and analyze customer behavior.

7.2. Automated decision-making does not produce legal effects or significantly affect you. It is used only for marketing and communication purposes.

7.3. You have the right to object to profiling by disabling marketing cookies, unsubscribing from newsletters, or contacting us at hello@groomica.eu.

8. Data Retention Periods

8.1. We retain your personal data only as long as necessary, but no longer than required by applicable laws.

  • Customer account data – stored while the account is active, and for 2 years after closure.
  • Order and payment data – stored for 10 years from the date of financial document issuance.
  • Communication data – stored for 3 years from the last correspondence.
  • Marketing data – stored until consent is withdrawn or for 5 years after the last interaction.
  • Cookie data – stored according to the cookie's validity period (from end of session up to 2 years).

8.2. After retention periods expire, personal data is securely deleted or anonymized.

9. Data Security Measures

9.1. We implement appropriate technical and organizational measures to protect your personal data.

9.2. Technical measures:

  • Data encryption using SSL (HTTPS).
  • Server protection and antivirus protection.
  • Database backups.
  • Payment processing compliant with PCI DSS standards.

9.3. Organizational measures:

  • Access to data is granted only to those who need it to perform their duties.
  • Internal data protection policies and controls.

9.4. Despite our efforts, no system is completely secure. We cannot guarantee absolute security, but ensure all legally required measures are applied.

10. Your Rights

Under the GDPR, you have the following rights:

  • Right to information – to receive clear information about how your data is processed.
  • Right of access – to obtain a copy of your personal data.
  • Right to rectification – to request correction of inaccurate data.
  • Right to erasure – to request deletion of your data when no longer needed.
  • Right to restrict processing – to request limitation of data processing.
  • Right to object – to object to processing based on legitimate interests or for direct marketing.
  • Right to data portability – to receive your data in a structured format.
  • Right to withdraw consent – to withdraw consent at any time.
  • Right to lodge a complaint – with the State Data Protection Inspectorate (VDAI) or your national supervisory authority.

11. Complaints and Supervisory Authorities

11.1. If you believe we are processing your personal data unlawfully, please contact us first at hello@groomica.eu. We undertake to respond within 30 calendar days.

11.2. If you are not satisfied with our response, you may lodge a complaint with:

State Data Protection Inspectorate (VDAI)
Email: ada@ada.lt
Website: www.ada.lt

11.3. You also have the right to apply to your country's supervisory authority if you reside outside Lithuania.

12. Updates to the Privacy Policy

12.1. We reserve the right to update this Privacy Policy at any time to reflect changes in legislation or our service conditions.

12.2. The updated version will always be published on our website.

12.3. If the changes are significant, we will notify you in advance via email or other appropriate means.

Last updated: 2026-03-09

13. Contact

Groomica, UAB
Company code: 307092132
VAT number: LT100017601817
Email: hello@groomica.eu