1. Data controller

The data controller is the company operating the BabyBest.lt online store.

The company is registered in Latvia and operates in accordance with European Union law.

2. What data we collect

We collect only the data necessary to place and fulfil orders, communicate with customers, ship products, process payments, comply with legal obligations and improve the website.

3. Purposes of data processing

• To place, confirm and fulfil orders
• To communicate with customers about orders, payments, delivery and returns
• To share data with courier and payment providers
• For accounting, tax and legal records
• For website security and fraud prevention
• For analytics and improving the site and user experience
• For marketing communications — only where permitted by law or based on consent

4. Legal basis for processing (GDPR)

We process personal data on the following legal grounds:

• Performance of a contract — to place and fulfil the order
• Legal obligations — for accounting, tax and legal compliance
• Legitimate interest — for security, abuse prevention and service improvement
• Consent — for certain cookies, analytics and marketing activities where required by law

5. Who we may share data with

We do not sell personal data. Data may be shared only with recipients necessary for operating the store and fulfilling orders.

• Courier and logistics companies — for order delivery
• Payment providers and banking services — for processing payments
• IT and hosting providers — for running the site and data storage
• Analytics services — to understand site usage and improve user experience
• Public authorities — only when required by law

We may use third-party services, including payment solutions, couriers, anti-fraud tools and analytics systems such as Google Analytics, where this is permissible and lawful.

6. How long we keep data

We retain personal data only as long as needed for the processing purposes, contract performance and legal requirements.

Retention periods may vary depending on data type: order data, accounting records, support correspondence, technical logs and cookies may be stored for different periods within legal limits and reasonable business needs.

7. Your rights

Under GDPR you have the following rights:

• Right to request access to your data
• Right to rectification of inaccurate data
• Right to erasure where legally permitted
• Right to restrict processing
• Right to data portability
• Right to object to certain processing
• Right to withdraw consent when processing is based on consent
• Right to lodge a complaint with the data protection supervisory authority

For requests relating to personal data, please contact us at: info@babybest.lt.

8. Cookies and analytics

We use cookies to ensure the site works correctly, to remember user preferences, to analyze traffic and to improve our service.

Where required by law, we request user consent for analytics and marketing cookies. You can also manage cookies in your browser settings.

9. Data security

We apply technical and organizational measures to reduce the risk of unauthorized access, loss, alteration or disclosure of data.

• SSL encryption of connections
• Restricted data access
• Processing controls and internal security measures
• Use of reliable services and infrastructure providers

10. Policy updates

We may periodically update this privacy policy to reflect changes in the website, legal requirements or services used. The current version is always published on this page.

Questions about data protection?

If you have questions about personal data processing, cookies, your rights or information security, contact us by e-mail.