Privacy policy updated on 12/20/2022

Additions or changes to the policy take effect upon their publication on this website.


This Privacy Policy sets out UAB Grožio galia (further on we) collection and use of personal data on websites terms and conditions that apply to visitors to these websites and our social networks (e.g. Facebook, Instagram, etc.). Please read this document carefully, as it informs you about the processing of your personal data.

Because this Policy is subject to change without notice, please check each time you visit our Sites. You will find the latest version of the Privacy Policy there.


With respect to all personal data described in this Privacy Policy UAB Grožio galia acts as a Data Controller. Our contacts:


UAB Grožio galia

Legal entity code: 303326876

Address: Vasario 16-osios g. 2-119, LT-01106 Vilnius

email mail adress: [email protected]  

Phone number: +370 612 51510


For what purposes do we collect personal data?

1.1. For the purpose of e-commerce, i.e. to provide the opportunity to shop in our online store.

1.2. For the purpose of creating and administering a customer account. If you want to see your order and payment information and not fill in your data every time you create a new order, you can create a registered user account.

1.3. For the purpose of creating and administering a cosmetologist account.

1.4. In order to inform about our news, promotions and ask for your opinion with the help of the newsletter (direct marketing).

1.5. In order to inform about goods appearing in trade, which you were interested in.

1.6. If you submit a question, request or complaint to us by means of e-mail communication.

1.7. In order to administer your social networks (Facebook, Instagram).

1.8. To improve our website, ensure its operation, increase its security and adapt its content and form to the needs of users.

1.9. In order to protect our rights participating in legal proceedings involving you.


What data exactly do we collect?

1.1. The following order data is collected:

  • Name, Surname;
  • Delivery address;
  • Phone number and email address. Necessary for the performance of contractual obligations (e.g. communication regarding delivery delays), but not for direct marketing purposes;
  • Payment data (purpose and method of payment, payment amount). Required for payment of ordered goods through the selected external payment transaction platform. The payment service provider (see section 3 of the Privacy Policy) may collect securely encrypted data from your bank card. This information (eg card number, expiry date, security code) are not available to us;
  • Shopping cart;
  • Cosmetologist code. All products in our online store can only be purchased after receiving the beautician’s approval, which you prove by submitting the beautician’s code. If you don’t have a beautician code, you can send a request Grozio.LT cosmetologists partners who will contact and coordinate the consultation time. In this case, your email address will be forwarded to the consulting beautician.

1.2. Collected data:

  • Name, Surname;
  • Email address;
  • Purchase history.

1.3. Collected data:

  • Name, Surname;
  • Email address;
  • Telephone number;
  • Salon address;
  • Information about provided consultations.

1.4. We collect your e-mail address. Attention! We use two-factor authentication to protect your data. This means that after entering your e-mail address, you will receive a letter requiring identity verification. You will be added to the subscriber list only after clicking on the link in the email.

1.5. We collect your e-mail address that you provide to us along with the product information you are interested in.

1.6. We collect:

Your name;

  • Phone number (if provided);
  • E-mail address (must be provided);
  • Content of the message, time of delivery of the message and response to the message.
  • 1.7. The following data of social network users are collected and processed:
  • Name, Surname;
  • Contact information (if you provide it to us);
  • Comments left under our posts;
  • Shares of our posts; “likes”, “follows” and data on your other reactions (including information about when you started following or liked our social network account);
  • Photos, messages you send to us;
  • History of communication with us (message content, time of receipt/delivery);
  • Feedback you leave and Grozio.LT ratings.

1.8. When you visit Grozio.LT website, we automatically collect the following data from you: IP address, operating system, user ID and other information about your activities on our website and on other websites. We collect and store this information as part of log entries or through the use of cookies. Read more about the use of cookies in the Cookie Policy.

1.9. All the above-mentioned information, documents and their attachments sent to you, documents and their attachments submitted by you, procedural documents, court rulings, resolutions, decisions.

Information about criminal offences and convictions.


Which GDPR clause do we use to process your personal data?

1.1. Execution of the contract and its conclusion (GDPR 6 Art. 1(b))

1.2. An account is created with your active consent (GDPR 6 Art. 1(a))

1.3. An account is created with your active consent (GDPR 6 Art. 1(a))

1.4. Execution of the contract and its conclusion (GDPR 6 Art. 1(b))

1.5. With your consent (Art. 6 GDPR Art. 1(a))

1.6. We have a legitimate interest in answering your questions, examining your requests or complaints (GDPR Art. 6 1(f))

1.7. With your consent, which you have given by connecting to a social network (GDPR Art. 6 1(a))

1.8. Personal data obtained with the help of cookies are processed on the basis of our legal interest (GDPR Article 6 1(f))

1.9. We have a legitimate interest in defending our rights in legal proceedings (Art. 6 1(f) GDPR).

The data is necessary for us to assert, exercise or defend legal claims (Art. 9 GDPR Art. 2(f)).


How long do we keep this data?

1.1. Order data is stored for 24 months from the day the order was created. Financial documents are kept for 10 years from the date of the purchase transaction, except in cases where there is a need to store data longer, for example to defend legal claims

1.2. Account data is stored for the entire period, while your account is valid. The account is valid for 3 years from the date of your last login. 30 days before the account expires, we send a notification informing you of the impending deactivation of the account.

We can store your consent and proof of it for a longer period, if necessary, in order to be able to defend ourselves against demands, claims or lawsuits brought against us.

1.3. Account data is stored throughout the contractual relationship between Grozio.LT and cosmetologist period and 10 years after their end. Upon termination or termination of the contractual relationship, the account is blocked.

1.4. 5 years (unless you give a new consent for longer data storage during this time).

1.5. Your e-mail the postal address is stored until notification of the appearance of the missing product in the market. After informing you that the product has arrived, your e-mail will be removed.

1.6. Simple e-mails or messages in which you ask for non-legally binding information are stored no longer than 1 year from the end of the examination of the question.

In the event that you submit a complaint, claim or other legal document to us, we store it 3 years.

Personal data may be stored for a longer period of time if it is necessary for us to be able to defend ourselves against demands, claims or lawsuits brought against us.

1.7. Personal data related to social accounts may be stored for 10 years.

1.8. Read more about storage periods in the Cookie Policy.

1.9. As long as the legal proceedings are ongoing and for 10 years after their end.



When necessary, Grožio galia may transfer or otherwise disclose processed personal data to state supervision and law enforcement institutions, courts and other state-authorized institutions.

Also, to the extent necessary to ensure the proper provision of services, Grožio galia may transfer personal data to trusted third parties – partners, service providers (including software, IT infrastructure maintenance, cloud service providers, server rental and maintenance, electronic communications, parcel delivery, website administration, accounting, archiving service providers, marketing service providers and etc.). We will only provide all of these service providers with as much data as is necessary to perform the specific service.

Business sale or business merge. We may also disclose your personal data to third parties in the event that we sell or buy any business or assets (due to liquidation, bankruptcy or otherwise), or merge with another company. In this case, we may transfer your data to a prospective seller or buyer of such business or assets, as a result of a business sale or business merge Grožio galia customer information can also be the subject of sales.

We currently cooperate with and transfer your personal data to the following service providers:

  • Newsletters to the shipping service provider;
  • Website hosting to the service provider;
  • To cosmetologists with whom Grožio galia cooperates. Your data is transferred when you send us a request for a beautician;
  • Payment services to the provider (acting as an independent data controller);
  • Shipment delivery for performing service providers;

Facebook, Inc. (USA). With Facebook you can familiarize yourself with the privacy policy here. Facebook does not invoke the “Privacy Shield” data transfer mechanism to the US, but continues to participate in this program. For transfers of personal data outside the EEA Facebook uses standard contract conditions (SCC) approved by the European Union Commission.

Google LLC (USA). You can familiarize yourself with Google’s privacy policy here. Used Google cookies and Google Workspace. Google does not invoke the “Privacy Shield” data transfer mechanism to the US, but continues to participate in this program. For transfers of personal data outside the EEA Google uses standard contract conditions (SCC) approved by the European Union Commission.


In cases where you communicate with us using social networks, you should take a look at the data protection conditions applied by the specific social network and familiarize yourself with its privacy policy. All personal data that you transmit to us using social networks is managed by a specific social network manager (e.g. Facebook, Instagram).


When processing and storing your personal data, we implement organizational and technical measures to ensure the protection of personal data from accidental or unlawful destruction (e.g. we regularly back up data), replacement, disclosure, as well as from anyone else illegal processing. Safe use of our website is ensured by one of the world’s leading secure connections SSL (Secure Socket Layer) certificate. When using an SSL certificate, the information sent between the user’s browser and our server is encrypted. You can find the details of the certificate  


Each data subject whose data is processed in our activities has the following rights:

To know (be informed) about the processing of your personal data (Articles 12-14 GDPR); 

Familiarize yourself with the processed personal data ( Article 15 GDPR); 

Demand correction of inaccurate personal data related to it (Article 16 GDPR); 

Request the erasure of personal data relating to it (“right to be forgotten”) (Article 17 GDPR). 

Attention! You have the right to be forgotten only if it can be justified by one of the following reasons:

Personal data are no longer necessary to achieve the purposes for which they were collected or otherwise processed;

You withdraw the consent to the processing of the personal data on which the processing is based and there is no other basis for processing the data;

You do not consent to the processing of the data in accordance with Article 21(1) of the GDPR and there are no overriding legitimate reasons for the processing of the data.

Restrict data processing (Article 18 GDPR):  

Attention! You only have the right to restrict the processing of your data when:

personal data is inaccurate;

the processing of personal data is illegal, but you do not agree to the deletion of the data;

the data controller no longer needs the personal data to fulfill its purpose, but you need it to assert, exercise or defend legal claims;

you object to data processing in accordance with Article 21(1) of the GDPR, if the legitimate reasons of the data controller do not override your reasons.


Transfer your personal data when data processing is based on consent or contract and the data is processed by automated means (Article 20 GDPR);

Object to the processing of personal data for reasons related to your specific case, when the data is processed for the legitimate interests of the data controller or a third party, except when the data controller proves that the data is processed for compelling legitimate reasons that override your interests, rights and freedoms, or in order to assert, enforce or defend legal claims (Article 21 GDPR).


If you think that UAB “Grožio galia” illegally processes your personal data or does not exercise your rights, you have the right to file a complaint with the State Data Protection Inspectorate (L. Sapiegos st. 17, 10312 Vilnius, phone +370 (5) 271 2804, +370 279 1445, e-mail [email protected]).

You can exercise your existing rights by submitting a written request by e-mail [email protected].


This website may contain third party banners, links to their websites and services. Please note that we are not responsible for the content of these websites or the data security measures they use. So if you click on the link from Grozio.LT website to other websites, you should consult their privacy policies separately.


If you have questions related to the protection of personal data, please contact us by e-mail. by post [email protected] or by phone +370 612 51510.