Privacy Policy

Who we are
Scope of this policy
Data we collect
How we use personal data
Legal bases (GDPR)
Cookies & similar technologies
Sharing of personal data
International data transfers
Data retention
Security
Your rights
Children's privacy
Changes to this policy
Contact & complaints

This Privacy Policy explains how Nensis, UAB ("Nensis", "we", "us" or "our") collects, uses, stores and protects personal data when you visit nensis.org (the "Website") or engage with our Services. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable Lithuanian law.

1. Who we are

The data controller responsible for your personal data is:

Nensis, UAB
Company code: 305444033
Registered office: Veiverių g. 9 B-62, LT-11346, Vilnius, Lithuania
Email: support@nensis.org

2. Scope of this policy

This policy covers personal data processed by Nensis in connection with: (a) your visit to the Website; (b) any communication you have with us (including via email at support@nensis.org); and (c) any professional engagement where Nensis acts as a data controller. Where Nensis processes personal data on behalf of a client as a data processor (for example, when managing the client's advertising accounts), the applicable data processing agreement with that client will govern such processing.

3. Data we collect

We collect the following categories of personal data:

3.1 Data you provide directly

Contact information — name, business email, phone number, company name and role when you contact us, request a proposal or enter into an engagement.
Commercial information — contractual details, billing information and invoicing data where we are in a commercial relationship.
Communication content — the content of messages you send us by email or any form on the Website.

3.2 Data collected automatically

Technical data — IP address, browser type and version, operating system, device type, referring URL, pages viewed, timestamps and approximate location derived from the IP address.
Usage data — interactions with the Website such as clicks, scroll depth and session duration.

We do not knowingly collect special categories of personal data (such as data revealing racial or ethnic origin, health, religious beliefs or sexual orientation) via the Website.

4. How we use personal data

We use personal data to:

Respond to inquiries, provide proposals and communicate with you;
Enter into and perform contracts for our Services;
Operate, maintain, secure and improve the Website;
Comply with legal, tax and accounting obligations;
Protect our legal rights, property and users, and prevent fraud or abuse;
Send occasional service-related communications (we do not send unsolicited marketing emails).

5. Legal bases (GDPR)

We only process personal data where we have a valid legal basis under Article 6 of the GDPR:

Purpose	Legal basis
Responding to your inquiry; pre-contractual communication	Performance of a contract / steps at your request (Art. 6(1)(b))
Providing Services under a signed engagement	Performance of a contract (Art. 6(1)(b))
Maintaining accounting records, tax compliance	Legal obligation (Art. 6(1)(c))
Website analytics, security and fraud prevention	Legitimate interests (Art. 6(1)(f))
Non-essential cookies and tracking	Consent (Art. 6(1)(a))

6. Cookies & similar technologies

The Website uses a minimal set of cookies and similar technologies to function correctly, measure traffic and improve the user experience. Non-essential cookies are only set after you provide consent where required. You can manage cookies in your browser settings at any time. Rejecting non-essential cookies will not affect your access to the core content of the Website.

7. Sharing of personal data

We do not sell personal data. We may share personal data with:

Service providers acting as data processors on our behalf — including hosting, email, analytics, accounting and communications tools — under contracts that require them to protect personal data.
Professional advisors such as lawyers, auditors and accountants where necessary.
Authorities where required by law or to protect our legal rights.
Successors in interest in connection with a merger, acquisition or reorganisation of our business, subject to continued protection of your data.

8. International data transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure an adequate level of protection by relying on appropriate safeguards under the GDPR, such as the European Commission's Standard Contractual Clauses or an adequacy decision.

9. Data retention

We retain personal data only for as long as necessary for the purposes set out in this policy, including to meet legal, accounting or reporting requirements. Typical retention periods:

Inquiry and pre-contractual correspondence — up to 24 months from last contact;
Contractual and billing records — 10 years, as required by Lithuanian law;
Website analytics data — up to 14 months in aggregated form.

When personal data is no longer required, it is securely deleted or anonymised.

10. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. These include encryption in transit, access controls, least-privilege principles for staff, and regular security reviews of the tools we use.

No method of transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected individuals in accordance with the GDPR.

11. Your rights

Subject to applicable law, you have the following rights regarding your personal data:

Access — obtain confirmation whether we process your data and a copy of it;
Rectification — ask us to correct inaccurate or incomplete data;
Erasure — request deletion where the legal conditions are met;
Restriction — request that processing be limited in certain circumstances;
Portability — receive your data in a structured, commonly used format;
Objection — object to processing based on legitimate interests, including any direct marketing;
Withdraw consent — at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, please email support@nensis.org. We will respond within the timeframes required by law (generally one month).

12. Children's privacy

The Website and Services are intended for businesses and individuals over the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The updated version will be posted on this page with a revised "Last updated" date. Where the changes are material, we will take reasonable steps to notify you in advance.

14. Contact & complaints

For any privacy-related question, or to exercise your rights, contact us at:

Nensis, UAB, company code 305444033
Veiverių g. 9 B-62, LT-11346, Vilnius, Lithuania
Email: support@nensis.org

You also have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, https://vdai.lrv.lt/) or with another supervisory authority of the EU member state where you reside, work or where an alleged infringement of the GDPR has taken place.

Your privacy matters to us. If anything in this policy is unclear, please reach out — we'll do our best to explain.