LORIANA

candles and more

LORIANA

candles and more

Privacy Policy

Effective date: 2026-02-23

Website: https://loriana.lt (the “Website”)

1. Data Controller

Data Controller: Loriana Tumakova (individual activity)

Individual activity certificate No.: 1271995

Address: M. Balinskio g. 78, Jašiunai, Šalčininkai district, Lithuania

Email: loriana.tumakova@gmail.com

Phone: +370 673 23105

2. General information

This Privacy Policy explains how we process personal data when you visit the Website, purchase physical products (candles) and/or digital content (courses), create an account, contact us, or subscribe to updates.

We process personal data in accordance with the GDPR (EU 2016/679) and applicable Lithuanian laws.

3. What data we collect

3.1. Order and billing data

  • Name, surname

  • Email address, phone number

  • Shipping address (for physical products only)

  • Order details (products/courses, price, date, status)

  • Invoice details (if provided/required)

3.2. Account and course access data

  • Account login identifier (email/username), technical password data (we do not see your password)

  • Proof of purchase and access status

  • (If applicable) course progress / viewing data

3.3. Course materials download (PDF)

If our courses allow PDF downloads, we may keep technical records of downloads (e.g., date/time, file identifier) where necessary for system operation, security, or abuse prevention.

3.4. Communication data

  • Enquiries via forms, email, phone, social media

  • Message content and attachments you send us

3.5. Technical and cookie data

  • IP address, browser/device information

  • Cookie information

  • Website usage statistics (when you consent to analytics cookies)

4. Purposes and legal bases

We process data for:

4.1. Order fulfilment (candles and courses)

Purpose: to accept and fulfil orders, grant course access, deliver products.

Legal basis: contract performance (GDPR Art. 6(1)(b)).

4.2. Payment administration

Purpose: to process payments, refunds (if applicable), manage payment flows.

Legal basis: contract performance (GDPR Art. 6(1)(b)).

4.3. Accounting and legal obligations

Purpose: invoices, accounting records, tax compliance.

Legal basis: legal obligation (GDPR Art. 6(1)(c)).

4.4. Customer support and dispute handling

Purpose: respond to requests, handle claims/disputes.

Legal basis: legitimate interests and/or contract (GDPR Art. 6(1)(f), (b)).

4.5. Website security and abuse prevention

Purpose: IT security, fraud prevention, unauthorized access prevention, protection against unlawful distribution of content.

Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

4.6. Analytics (Google Analytics) and advertising (Meta Pixel) — consent-based

Purpose: traffic analytics, ad measurement and (if applicable) remarketing/audiences.

Legal basis: consent (GDPR Art. 6(1)(a)). Analytics and marketing cookies are enabled only after consent via the cookie banner.

5. Data recipients

We share data only as necessary:

5.1. Payment service providers (once selected)

Banks / payment platforms / card payment processors (e.g., bank link, cards, PayPal etc.).

Note: typically we do not store payment card details; they are processed by the payment provider (depends on your chosen provider).

5.2. Delivery providers (physical products)

Couriers / parcel locker networks (once selected). Data shared: name, phone, email (if needed), delivery address.

5.3. Technical providers

Hosting/server providers, IT maintenance, email service providers — as required to run the Website.

5.4. Analytics/advertising providers (if enabled)

Google Analytics (Google), Meta Pixel (Meta) — only after consent.

6. International data transfers

If we use international providers (e.g., Google/Meta), data may be transferred outside the EEA. In such cases, we use appropriate safeguards (e.g., Standard Contractual Clauses), as required.

7. Data retention

  • Orders and accounting data: kept as required by law (often 5–10 years).

  • Account data: while the account is active; afterwards minimal data as needed for accounting/legal claims.

  • Course access data: during the access period + a reasonable period for dispute handling.

  • Enquiries: until resolved + up to [12–24 months] (set your period).

  • Consents (cookies/marketing): until you withdraw consent and as needed to evidence consent.

8. Cookies

We use:

  • Necessary cookies (essential for the Website, e.g., cart, login).

  • Analytics cookies (Google Analytics) — only with consent.

  • Marketing cookies (Meta Pixel) — only with consent.

You can change your choices anytime via the cookie settings and your browser.

9. Your rights

You have the right to access, rectify, erase (where applicable), restrict processing, object (legitimate interest), data portability (where applicable), withdraw consent, and lodge a complaint with the Lithuanian Data Protection Authority (VDAI).

To exercise rights, contact: loriana.tumakova@gmail.com.

10. Security

We apply reasonable technical and organisational measures (e.g., SSL, access control, updates) to protect personal data.

11. Minors

The Website and products are intended for persons aged [16 or 18]. If we become aware of improper collection of minors’ data, we will take steps to delete it.

12. Changes

We may update this Privacy Policy. The latest version is always published on the Website

Хотите персонализированную свечу?

Делаем индивидуальные заказы (для подарков, мероприятий, компаний). Так как каждый заказ уникальный, цена рассчитывается индивидуально.