Privacy Policy

PRIVACY POLICY

1. ABOUT THIS PRIVACY POLICY

This Privacy Policy (the “Policy”) explains how CleanLix, operated by Commerce Core, UAB, a company registered in ###company_country### with its registered address at Savanorių pr. 363, Kaunas, Lithuania (“We”, “Us”, “Our”), collects, uses, shares, and protects your personal information when you visit or make a purchase through Our website https://robertas.corehostapp.com, including any related subdomains and services (collectively, the “Website”).

The Website enables you to purchase products offered by Commerce Core, UAB, a company registered in ###company_country### with its registered address at Savanorių pr. 363, Kaunas, Lithuania (“We”, “Us”, “Our”). When you place an order through the Website, you enter into a binding agreement in accordance with Our Terms and Conditions (the “Terms”).

For the purposes of data protection laws:

  • We act as the data controller in relation to all personal information processed through the Website, including for order fulfillment, shipping, payment coordination, customer support, and marketing communications.
  • Payment service providers, listed in the Terms, process payment-related data in accordance with applicable legal and regulatory requirements. Where they process data on Our behalf, they act as data processors. Where required by law, they may process certain data independently in accordance with their own legal obligations.

The Policy applies whenever you:

  • Visit or browse the Website;
  • Place an order;
  • Subscribe to recurring deliveries;
  • Contact customer support;
  • Sign up for marketing communications;
  • Otherwise interact with Our services.

By using the Website, you acknowledge that you have read and understood the Policy.

We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and, where applicable, relevant United States federal and state privacy laws, including the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”).

If you have any questions about the Policy or how your personal data is handled, you may contact Us using the details provided in the “Contact Information” section below.

2. WHAT PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide directly to us, information collected automatically when you use the Website, and information received from service providers involved in operating Our services. The specific data we process depends on how you interact with the Website.

Below We explain what categories of personal information We collect, why We use them, the legal basis for processing under the GDPR (where applicable), and how long We retain them.

We collect and process personal information in accordance with the principles of lawfulness, fairness, transparency, data minimization, purpose limitation, accuracy, storage limitation, integrity, and confidentiality. We collect only the personal information that is necessary for the purposes described in the Policy.

1. Information You Provide Directly

When you place an order, subscribe to recurring deliveries, contact customer support, or sign up for marketing communications, you provide certain personal information directly to us. This may include:

  • Full name;
  • Shipping and billing address;
  • Email address;
  • Telephone number;
  • Order details and purchase history;
  • Subscription preferences;
  • Communications sent to customer support.

We use this information primarily to perform Our contract with you. This includes processing and fulfilling your orders, arranging delivery, managing subscriptions, handling returns and refunds, and communicating with you regarding your purchases. Where you contact customer support, We use your information to respond to inquiries, resolve complaints, and maintain service quality.

In certain cases, We also process this information to comply with legal obligations (such as accounting and tax requirements) or to pursue Our legitimate interests, including fraud prevention, dispute management, and business protection.

We do not collect medical records, diagnostic information, or health data beyond information necessary to process your order. Our products are not medical services, and We do not process protected health information within the meaning of applicable healthcare regulations.

GDPR basis:

  • Performance of a contract (Art. 6(1)(b));
  • Legal obligation (Art. 6(1)(c));
  • Legitimate interests (Art. 6(1)(f)).

Order-related and financial records are retained for up to 10 years where required by applicable accounting and tax laws. Customer service communications are generally retained for up to 3 years after the last interaction, unless longer retention is necessary to establish, exercise, or defend legal claims. Marketing contact details are retained until you withdraw consent or after a defined period of inactivity (generally up to 5 years), whichever occurs first.

2. Payment and Transaction Data

When you make a purchase, payment information is processed by authorized payment service providers disclosed in the Terms. We do not store full payment card numbers or security codes. However, We may receive and process limited payment-related data such as:

  • Transaction confirmations;
  • Payment status;
  • Partial billing information;
  • Fraud prevention indicators.

We use this information to confirm successful transactions, prevent fraudulent activity, manage chargebacks or disputes, and ensure secure payment processing.

GDPR basis:

  • Performance of a contract (Art. 6(1)(b));
  • Legitimate interests in fraud prevention and business protection (Art. 6(1)(f));
  • Legal obligation (where applicable).

Payment transaction records and related financial documentation are retained for up to 10 years, or longer if required by law or necessary for the resolution of disputes.

3. Automatically Collected Information

When you browse or interact with the Website, certain technical and usage information is collected automatically through cookies and similar tracking technologies. This may include:

  • IP address;
  • Device type and operating system;
  • Browser type;
  • Referring URLs;
  • Pages visited and time spent;
  • Click and navigation behavior;
  • General geographic location derived from IP address.

We use this information to operate and secure the Website, improve performance, analyze usage trends, detect suspicious activity, and enhance user experience. Where permitted by law, We also use certain data for personalization and analytics.

GDPR basis:

  • Legitimate interests in maintaining and improving the Website (Art. 6(1)(f));
  • Consent (for non-essential cookies and marketing-related tracking).

Analytics and technical usage data is generally retained for up to 24 months from collection, unless a shorter period is required by law or you withdraw your consent (where processing is based on consent).

4. Marketing and Advertising Data

If you subscribe to marketing communications or interact with promotional content, We may process information relating to your engagement and preferences. This may include:

  • Email engagement data (opens and clicks);
  • Preferences inferred from browsing behavior;
  • Responses to campaigns and promotions.

We use this information to send promotional communications, measure campaign effectiveness, and present content or offers that may be relevant to your interests.

Where required by law, We rely on your consent to send marketing communications. You may withdraw your consent at any time by using the unsubscribe mechanism included in Our communications.

In certain jurisdictions, including some U.S. states, the disclosure of data to advertising partners for targeted advertising may be considered “sharing” under applicable privacy laws.

GDPR basis:

  • Consent (Art. 6(1)(a));
  • Legitimate interests in marketing to existing customers, where permitted by law (Art. 6(1)(f)).

Marketing-related data is retained until you withdraw your consent or after a defined period of inactivity (generally up to 5 years), whichever occurs first. Suppression records may be retained to ensure compliance with your opt-out preferences.

5. Information Received from Service Providers

We may receive limited personal information from service providers involved in operating Our business, including payment processors, fraud prevention providers, analytics services, and advertising partners.

We process this information solely for the purposes described in the Policy, including transaction management, fraud detection, analytics, and marketing measurement.

GDPR basis:

  • Performance of a contract;
  • Legitimate interests;
  • Consent (where required).

Such data is retained in accordance with the retention periods described above for the relevant data category.

6. Children’s Data

The Website and Our products are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors without appropriate parental or guardian involvement, where required by applicable law. If We become aware that personal information has been collected in violation of applicable laws, We will take appropriate steps to delete it.

3. INFORMATION YOU ARE REQUIRED TO PROVIDE

Certain personal information is necessary for Us to process your orders, manage subscriptions, respond to inquiries, and provide Our services. This includes essential contact details (such as your name, delivery address, and email address) and information required for payment processing.

If you choose not to provide the mandatory information required to complete a purchase or respond to your request, We may not be able to process your order, provide customer support, or deliver the requested services.

Providing other information (such as marketing preferences) is optional and based on your consent.

4. WHAT WE DO WITH YOUR PERSONAL DATA

We use your personal data primarily to perform Our contract with you, including processing orders, managing subscriptions, and providing customer support. Additionally, We process your information based on our legitimate interests to maintain and improve the Website, prevent fraud, and, where you have provided consent, to send marketing communications and perform analytics. Detailed information on the purposes, legal bases, and retention periods for each category of data is provided in Section 2 of the Policy.

First, We use your information to process and fulfill your orders. This includes confirming your purchase, arranging shipment, managing subscriptions, handling returns and refunds, and sending transactional communications such as order confirmations, delivery updates, and subscription reminders.

We use your contact information to respond to inquiries, manage customer support requests, and resolve complaints. Where necessary, We may use relevant information to document communications and maintain records for dispute resolution purposes.

Your information is also used to operate, maintain, and improve the Website. This includes monitoring performance, analyzing usage trends, preventing fraud, detecting suspicious activity, securing payment processes, and ensuring the integrity of Our systems.

If you have consented to receive marketing communications, We may use your contact details to send promotional messages about products, discounts, new releases, or special offers. You may withdraw your consent at any time using the unsubscribe mechanism provided in Our communications or by contacting Us directly.

Where permitted by law, We may use certain information for analytics and advertising purposes, including measuring campaign performance and improving the relevance of Our marketing efforts. In some U.S. states, such disclosures to advertising or analytics partners may be considered “sharing” under applicable privacy laws. Where required, you will be provided with the opportunity to opt out.

We may also process personal data where necessary to comply with legal obligations, respond to lawful requests from authorities, enforce the Terms, protect Our legal rights, or defend against legal claims.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects without appropriate safeguards and, where required, your consent.

5. HOW WE SHARE YOUR PERSONAL INFORMATION

We do not sell your personal information for monetary consideration. However, We may share personal information with selected third parties where necessary to operate the Website, fulfill orders, comply with legal obligations, or support Our legitimate business interests.

1. Payment Processing

Payments are processed by authorized third-party payment service providers and payment agents as disclosed in the Terms.

These entities process payment-related information on Our behalf in order to:

  • Authorize and complete transactions;
  • Prevent fraud;
  • Comply with financial and regulatory obligations;
  • Handle chargebacks and payment disputes.

Payment service providers act as data processors when processing payment information on Our behalf. However, they may independently process certain information where required to comply with their own legal or regulatory obligations (for example, anti-money laundering requirements).

We do not store full payment card numbers or security codes.

2. Shipping and Fulfillment Partners

We share necessary personal information, such as your name, contact details, and delivery address, with logistics and shipping providers in order to deliver your purchases.

These providers process personal information solely for the purpose of delivering your order and related logistics services.

3. Service Providers

We engage trusted third-party service providers to support the operation of the Website and Our business. These may include:

  • IT hosting and cloud infrastructure providers;
  • Customer support tools;
  • Fraud prevention services;
  • Marketing and email communication providers;
  • Analytics providers.

These service providers are authorized to process personal information only as necessary to perform services on Our behalf and are subject to appropriate contractual data protection safeguards.

4. Advertising and Analytics Partners

We may share certain limited information (such as cookie identifiers, device data, or hashed contact information) with advertising and analytics partners in order to measure marketing performance and improve the relevance of Our advertisements.

In certain U.S. states, such disclosures may be considered “sharing” for targeted advertising purposes under applicable privacy laws. Where required, you have the right to opt out of such sharing.

5. Legal and Regulatory Disclosures

We may disclose personal information where required to:

  • Comply with legal obligations;
  • Respond to lawful requests from authorities;
  • Enforce the Terms;
  • Protect Our rights and property;
  • Prevent fraud or illegal activity;
  • Defend against legal claims.

6. Business Transfers

If Our business is involved in a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate safeguards.

6. INTERNATIONAL DATA TRANSFERS

We operate internationally and may transfer, store, or process your personal information in countries other than the country in which you are located. These countries may have data protection laws that differ from those of your jurisdiction.

These transfers may occur when We engage service providers located in different jurisdictions or when your personal data is accessed from outside your country of residence.

Where required by applicable data protection laws, and in particular where personal data is transferred outside the European Economic Area (“EEA”), the United Kingdom, or other regions with transfer restrictions, We implement appropriate safeguards to ensure that your personal data remains protected.

Such safeguards may include:

  • Transfers to countries recognized as providing an adequate level of data protection by the relevant authority;
  • The use of Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms;
  • Contractual obligations requiring recipients to implement appropriate technical and organizational security measures;
  • Additional safeguards where necessary to ensure an equivalent level of data protection.

Personal data may be processed by service providers located in various jurisdictions depending on operational needs, including hosting, cloud infrastructure, payment processing, logistics, customer support, and analytics services.

You may request further information regarding the safeguards applied to international data transfers by contacting Us using the details provided in the “Contact Information” section below.

7. YOUR RIGHTS AND CHOICES

Depending on your location and applicable data protection laws, you may have certain rights in relation to your personal information.

1. Rights of Individuals in the European Economic Area (EEA), United Kingdom, and Similar Jurisdictions

If you are located in the EEA, the United Kingdom, or another jurisdiction with similar data protection laws, you may have the following rights under the GDPR or applicable local legislation:

  • Right of Access

You have the right to request confirmation as to whether We process personal data concerning you and, where that is the case, to request access to that data and related information.

  • Right to Rectification

You may request correction of inaccurate personal data or completion of incomplete data.

  • Right to Erasure (“Right to be Forgotten”)

You may request deletion of your personal data where certain legal grounds apply, for example where the data is no longer necessary for the purposes for which it was collected or where you withdraw consent and no other legal basis applies.

  • Right to Restriction of Processing

You may request that We limit the processing of your personal data in certain circumstances.

  • Right to Data Portability

Where processing is based on your consent or the performance of a contract and carried out by automated means, you may request to receive your personal data in a structured, commonly used, and machine-readable format.

  • Right to Object

You have the right to object to processing based on Our legitimate interests. You also have the right to object at any time to the processing of your personal data for direct marketing purposes.

  • Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

  • Right to Lodge a Complaint

You have the right to lodge a complaint with a competent supervisory authority in your country of residence, place of work, or place of the alleged infringement.

2. Rights of U.S. Residents

If you are a resident of the United States, you may have certain rights under applicable federal and state privacy laws, including (where applicable) the CCPA, as amended by the CPRA, and similar state laws.

These rights may include:

  • Right to Know and Access

You may request information about the categories and specific pieces of personal information We have collected about you, the sources of such information, the purposes for which it is used, and the categories of third parties with whom it has been disclosed.

  • Right to Delete

You may request deletion of personal information We have collected from you, subject to certain legal exceptions.

  • Right to Correct

You may request correction of inaccurate personal information.

  • Right to Opt Out of Sale or Sharing

While We do not sell personal information for monetary consideration, certain disclosures to advertising partners may be considered “sharing” for targeted advertising under applicable state laws. Where applicable, you have the right to opt out of such sharing.

  • Right to Limit Use of Sensitive Personal Information

Where applicable, you may have the right to limit the use and disclosure of sensitive personal information.

  • Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

  • Right to Appeal (Where Applicable)

In certain U.S. states, you may have the right to appeal a decision we have made regarding your privacy request. Information about how to submit an appeal will be provided in our response where required by law.

Where required by applicable U.S. state privacy laws, We recognize opt-out preference signals sent through browser-based mechanisms, such as the Global Privacy Control (GPC), where technically feasible and in accordance with legal requirements.

Nothing in this section limits dispute resolution provisions set out in the Terms where applicable.

3. Exercising Your Rights

To exercise any of your rights, please contact Us using the details provided in the “Contact Information” section below.

To protect your personal information, We may request additional information to verify your identity before responding to your request. We may decline or limit requests where permitted by applicable law, including where requests are manifestly unfounded, excessive, repetitive, or would adversely affect the rights and freedoms of others.

We will respond to verifiable requests within the timeframes required by applicable law.

Please note that certain personal information may be exempt from deletion requests where retention is required for legal compliance, contractual obligations, fraud prevention, dispute resolution, or the establishment, exercise, or defense of legal claims.

8. DATA SECURITY

We implement appropriate technical and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These measures may include, where appropriate:

  • Encryption of data in transit;
  • Access controls and authentication mechanisms;
  • Secure hosting environments;
  • Monitoring systems designed to detect suspicious activity;
  • Internal policies limiting access to personal data to authorized personnel only.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While We take reasonable steps to protect your personal information, we cannot guarantee absolute security.

To the fullest extent permitted by law, We expressly disclaim liability for any unauthorized access, hacking, data loss, or other security breaches resulting from causes beyond Our reasonable control, including criminal acts of third parties, sophisticated cyber-attacks that exceed standard industry security measures, or vulnerabilities in third-party software or infrastructure.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, We will notify the competent supervisory authority and affected individuals, where required by applicable law.

9. DATA RETENTION

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, tax, regulatory, or reporting obligations, resolve disputes, enforce Our agreements, and protect Our legal rights.

Retention periods may vary depending on the type of data and the purpose of processing. Specific retention periods are described in the relevant sections of the Policy.

Where personal information is no longer required, We will securely delete, anonymize, or otherwise dispose of it in accordance with applicable laws and internal retention policies.

10. THIRD-PARTY WEBSITES AND SERVICES

The Website may contain links to third-party websites, applications, or services that are not operated or controlled by us.

If you access a third-party website or service through a link on the Website, your interactions with that third party are governed by their own privacy policies and terms of service. We are not responsible for the content, security practices, or privacy practices of third-party websites or services.

We encourage you to review the privacy policies of any third-party websites you visit before providing personal information.

11. CHANGES TO THE POLICY

We may update or modify the Policy from time to time to reflect changes in Our practices, legal requirements, or operational needs.

The updated version will be posted on this page with a revised “Last updated” date. Where required by applicable law, We will provide additional notice of material changes.

Your continued use of the Website after the updated Policy becomes effective constitutes your acknowledgment of the revised terms.

12. CONTACT INFORMATION

If you have any questions about the Policy, your personal data, or if you wish to exercise your rights under applicable data protection laws, you may contact Us at:

Commerce Core, UAB

Registered address: Savanorių pr. 363, Kaunas, Lithuania

Email: [email protected]

Phone: +1 (978) 788-0353

When contacting Us regarding a privacy matter, please specify that your request relates to personal data so that We may respond appropriately and within the timeframes required by law.