Skip to content

Legal

Privacy Policy

Under Articles 13 and 14 GDPR and the Lithuanian Law on Legal Protection of Personal Data.

Last updated:

1. Controller

The controller within the meaning of Article 4(7) GDPR is:

Legal name
Address
Company code
Email
Telephone

2. Data protection officer

A data protection officer must be designated under Article 37 GDPR where core activities consist of regular and systematic monitoring of individuals on a large scale, or large-scale processing of special categories of personal data.

For data protection enquiries, reach us at:

To confirm: where Orionyx operates or maintains systems that systematically capture personal data — for instance video recording as part of protection mandates — a designation duty may arise under Article 37(1)(b) GDPR. The designation must be notified to the VDAI. Please have this assessed for your case and complete this section accordingly.

3. Principles

We process personal data only where necessary to provide this website and our services. We do not collect data speculatively and we do not pass data on for advertising purposes.

This website uses no external analytics services, no social media plugins, no external font CDNs and no advertising networks. Fonts are served from our own server.

4. Server log files

When you access this website, the hosting provider automatically collects data transmitted by your browser:

  • Page requested, date and time of access
  • Volume of data transferred and confirmation of successful retrieval
  • Browser type and version, operating system
  • Referrer URL
  • IP address (stored truncated)
PurposeTechnical delivery, operational security, attack mitigation
Legal basisArt. 6(1)(f) GDPR — legitimate interest in secure operation
Retention[X] days, then automatic deletion
RecipientsHosting provider as processor (Art. 28 GDPR)

To complete: enter the name and domicile of the hosting provider and state the log file retention period specifically. A processing agreement must be in place. Recommendation given the audience: host inside the EU, ideally in Lithuania or the Baltics.

5. Contact form and email

When you contact us via the form or by email, we process the details you provide in order to handle your enquiry.

Data categoriesName, organisation, email address, telephone number (optional), subject, message content
PurposeHandling and answering your enquiry; where applicable, initiating a contractual relationship
Legal basisArt. 6(1)(b) GDPR (pre-contractual steps) and Art. 6(1)(a) GDPR (your consent)
RetentionUntil your enquiry is closed. Where a contract is initiated: per the commercial and tax retention periods under Lithuanian law (typically 10 years).
DisclosureNo disclosure to third parties

The form operates without external service providers. We use no reCAPTCHA and no third-party spam filter. Your IP address is not stored when you submit the form.

You may withdraw your consent at any time with effect for the future — an informal message to is sufficient. The lawfulness of processing carried out before withdrawal is unaffected.

6. Cookies

Under Article 73 of the Lithuanian Law on Electronic Communications (Elektroninių ryšių įstatymas) — the transposition of the ePrivacy Directive — information may be stored on your device only with your consent. Excepted are cookies strictly necessary to provide a service you have expressly requested.

Strictly necessary cookies

NamePurposeDuration
ox_consentStores your cookie banner decision6 months
wordpress_*Only when signed in to the editorial areaSession

Legal basis: Art. 6(1)(f) GDPR in conjunction with the exception for strictly necessary cookies.

Optional cookies

We currently set no optional cookies. Should that change, they will be set only following your active consent. You can withdraw consent at any time via Cookie settings.

7. Transfers to third countries

Data collected via this website is not transferred to countries outside the EU/EEA.

To confirm: where personal data is transferred to partners outside the EU in the course of business — for instance contact details within the development partnership in Ukraine — that must be set out separately here. Ukraine currently has no adequacy decision from the European Commission under Article 45 GDPR. A transfer therefore requires appropriate safeguards under Article 46 GDPR — normally standard contractual clauses (Implementing Decision (EU) 2021/914) together with a documented transfer impact assessment. Please have this assessed and complete this section accordingly.

8. Recipients and processors

We use carefully selected service providers who process data on our behalf. Agreements under Article 28 GDPR are in place with all of them.

CategoryPurposeDomicile
HostingDelivery of the website[provider, country]
EmailReceiving and handling enquiries[provider, country]

9. Your rights

Under the GDPR you have the following rights:

  • Access (Art. 15) — what data we process about you
  • Rectification (Art. 16) — correction of inaccurate data
  • Erasure (Art. 17) — the „right to be forgotten“
  • Restriction (Art. 18) — blocking instead of deletion
  • Portability (Art. 20) — release in a machine-readable format
  • Objection (Art. 21) — against processing based on legitimate interests
  • Withdrawal of consent (Art. 7(3)) — at any time, for the future

An informal message to is enough to exercise them. We respond within the period set by Article 12(3) GDPR — one month, extendable in justified cases.

10. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The competent authority for Orionyx is:

Valstybinė duomenų apsaugos inspekcija (VDAI)
State Data Protection Inspectorate of the Republic of Lithuania
L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania
Telephone: +370 5 271 2804
Email: ada@ada.lt
vdai.lrv.lt

You may also contact the supervisory authority of your habitual residence or place of work.

11. Obligation to provide data

Providing your data is neither a statutory nor a contractual requirement. However, without the fields marked as required in the contact form, we cannot process your enquiry.

12. Automated decision-making

No automated decision-making, including profiling, within the meaning of Article 22 GDPR takes place.

13. Data security

This website uses TLS encryption. We apply technical and organisational measures under Article 32 GDPR to protect your data against loss, manipulation and unauthorised access. Our measures are kept aligned with the state of the art.

14. Changes

We update this policy when the legal position or our processing changes. The version available here at any given time applies.