Privacy Policy

Last updated: 2025-03-18

Last updated: 2026-03-30

1. General Provisions

This privacy policy describes how Viktorija Lekavičienė, operating under individual business activity (registration no. IV_NUMBER), trading as "Welepix" (hereinafter — "we", "our" or "Welepix"), collects, uses and stores personal data when using the platform welepix.com.

We only process personal data that is necessary for the provision of services, in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Lithuanian legislation.

2. Data Controller

Data Controller: Viktorija Lekavičienė (individual business activity, registration no. IV_NUMBER)

Email: [email protected]

2.1 Data Roles

Content uploaded by the User (e.g., photos and related personal data) is processed on behalf of the User.

In such cases:

— The User is considered the data controller

— Welepix acts as the data processor

Welepix is not responsible for the legality of content uploaded by the User.

3. Data We Collect

Registration data: name, email address, password (encrypted).

Payment data: invoice information, payment history (we do not store card details).

Usage data: IP address, login time, browser type, device information, features used.

Uploaded content: photos and files.

Communication data: emails sent through the platform.

Cookies: technical and functional (details in Cookie Policy).

4. Purposes and Legal Basis

Account creation and management — Performance of contract

Service provision (galleries, storage) — Performance of contract

Payment processing — Performance of contract

Accounting and taxes — Legal obligation

Platform security — Legitimate interest (system protection, abuse prevention)

Fair use monitoring — Legitimate interest (ensuring service stability)

Communication with User — Legitimate interest (customer service)

5. Data Retention Periods

Account data — while active or up to 1 year after last login.

Files — while subscription is active + 30 days after.

Payment data — 10 years (as required by law).

Usage logs — up to 12 months.

Communication data — up to 6 months.

6. Data Transfers

Data may be processed with the help of trusted cloud infrastructure and technology service providers (e.g., storage, CDN, email, payment service providers) that help ensure the platform's operation.

All service providers are selected to ensure a high level of security and compliance with GDPR requirements.

Some service providers may process data outside the European Economic Area. In such cases, European Commission-approved Standard Contractual Clauses (SCC) or other lawful safeguards are applied.

We do not share data with third parties for marketing purposes.

7. Your Rights

You have the right to:

— access your data

— rectify it

— erase it

— restrict processing

— data portability

— object to processing

Contact: [email protected]. We respond within 30 days.

To protect data, we may ask you to verify your identity before processing a request.

8. Data Security

We apply technical and organisational security measures to protect data from unauthorised access, loss or disclosure.

9. Automated Decision-Making

We do not use automated decision-making or profiling that would have a legal or significant effect on the User.

10. Complaints

If you believe your rights have been violated, you may contact:

State Data Protection Inspectorate

https://vdai.lrv.lt

11. Changes to Privacy Policy

We may update this privacy policy. We will inform you about significant changes by email or through the platform.