We are pleased that you are visiting our website. The protection of your privacy and your personal data (hereinafter referred to as “personal data”) is of particular importance to us when using our website. This document provides information about the processing of your personal data when you visit our website. To provide website functionality and related services, it is necessary for us to collect certain personal data about you. We are committed to processing your data lawfully, fairly, and transparently, specifying the scope, purpose, legal basis, and retention periods applicable to such processing.

1. 1. General information and data processing principles

1.1. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal acts.

1.2. Pursuant to Article 4(1) of the General Data Protection Regulation (GDPR), personal data means any information relating to an identified or identifiable natural person. This includes, for example, such information as a person’s name and surname, address, telephone number, email address, as well as the Internet Protocol (IP) address. Data that cannot be linked to an individual — for instance, anonymised information — are not considered personal data.

According to Article 4(2) GDPR, the processing of personal data (such as collection, storage, retrieval, consultation, use, transmission, erasure, or destruction) always requires a legal basis or the data subject’s consent. Personal data being processed must be deleted once the purpose of processing has been fulfilled and no legally prescribed retention obligations remain.

1.3. In processing personal data, we adhere to the following principles (Article 5 of the GDPR):

• Lawfulness, fairness, and transparency. When we collect and process your personal information, we inform you about who collects and receives such data and for what reasons. Where required by law, we always seek your prior consent (for example, before collecting non-public information or sending any direct marketing materials). We never use your personal information for purposes that are incompatible with those specified herein.
• Purpose limitation and data minimization. UAB MAREMEDIA does not collect or process personal information without a lawful and legitimate reason. We use your personal data only when it is necessary for lawful operational purposes, such as providing services, managing client relationships, administering customer vehicle fleets, issuing accurate invoices, conducting marketing activities, profiling for improved customer service, performing customer satisfaction surveys, preparing analytical reports, and fulfilling our legal obligations.
• Accuracy and storage limitation. We collect only such personal information as is necessary for data processing as specified in this document. Non-public or sensitive information is collected only in exceptional circumstances. We take all reasonable measures to ensure that the personal data you provide are accurate, complete, and kept up to date.
• Integrity and confidentiality (data security). In processing personal data, we seek to ensure the highest level of privacy and data protection. For this purpose, we also conduct data protection impact assessments to ensure that our security measures are appropriate and that your information is adequately safeguarded against unauthorized access, disclosure, alteration, or destruction.

2. About Us

Company name: UAB MAREMEDIA

Country of registration: Republic of Lithuania

Company code: 301915598

Registered office address: Vytauto g. 48B, LT-68296 Marijampolė, Lithuania

Contact details: email – support@euroleasingauto.com;

Telephone – +370 602 92000

This Privacy Notice applies exclusively to the euroleasingauto.com website. It does not extend to any other websites to which we may provide hyperlinks. We assume no responsibility for the confidential handling of your personal data on such third-party websites, as we have no control over whether or not these entities comply with applicable data protection regulations. You are therefore advised to consult the respective privacy policies of such third parties directly to understand how your personal data are processed on their websites.

3. Data Protection Officer

If you have any questions or concerns regarding the protection of your personal data, you may contact our Data Protection Officer at any time by email at support@euroleasingauto.com.

4. Categories of personal data we collect

We may collect and process the following categories of personal data:

a) Website visitor data: IP address, browser type, date and time of access, operating system used, and the URL of the visited page.

b) Contract and service data: name, surname, date of birth, address, email address, telephone number; company details, VAT payer code, vehicle identification number (VIN), and payment information. Copies of identification documents or company registration certificates may also be collected where required by law.

c) Marketing data: email address provided for newsletter subscription; records of consent to receive marketing offers and promotional communications.

d) Cookies and online identifiers: technical cookies (necessary for the website’s operation), analytical cookies (e.g., Google Analytics), marketing cookies (e.g., Google Ads, Meta Ads), and social media plug-ins (e.g., Facebook, LinkedIn).

5. Collection, purpose, and legal basis for the processing of personal data

The information below applies to different categories of data subjects. Personal data are processed only to the extent necessary for achieving the specified purposes, in accordance with Article 5(1)(c) of the General Data Protection Regulation (GDPR) — the principle of data minimization.

Category of data subjects	Categories of personal data processed	Purposes of processing	Legal basis under the GDPR	Sources of personal data	Recipients of personal data (categorie)	Data retention period	Special remarks (consent, special category data, profiling, and data transfers outside the EEA)
5.1. Ultimate Beneficial Owners (UBOs), Senior Management, and Lawful Representatives of Legal Entity Clients	Name, surname; date of birth; residential address; personal identification number (where necessary for identification purposes); identity document details or copy; position; and authorization details.	Identification of the client (‘Know Your Customer’, KYC), sanctions and Politically Exposed Persons (PEP) checks, assessment of creditworthiness, prevention of fraud, and the conclusion and administration of contractual arrangements.	Article 6(1)(c) – legal obligation (AML/KYC); Article 6(1)(b) – performance of a contract; Article 6(1)(f) – legitimate interest (risk management)	Sources: directly from the client; from publicly available and commercial databases (including PEP and sanctions lists, credit reference agencies); and from official company registers.	IT and KYC/AML service providers; banks and payment intermediaries; auditors and legal advisers; supervisory and law enforcement authorities	For the duration of the contractual relationship plus 10 years (for accounting purposes), or for as long as required under AML regulations.	Copies of identity documents are processed solely when required by applicable legislation. Any transfer of personal data outside the European Economic Area (EEA) is conducted in accordance with the GDPR, based on Standard Contractual Clauses (SCCs) or an adequacy decision issued by the European Commission.
5.2. Client Contact Persons (Employees Responsible for Relationship Management)	Name, surname; business email address; telephone number; and job title.	Communication related to the performance of the contract, administration of orders and service provision, and improvement of service quality.	Article 6(1)(b) – performance of a contract; Article 6(1)(f) – legitimate interest (business administration)	Sources: obtained directly from the individual or provided by the employer.	Recipients: IT and telecommunications service providers, as well as logistics and customer service partners	For the duration of the business relationship and for 3 years after the last contact.	—
5.3. Appointed Representatives (Employees or Authorized Agents of Clients)	Full name; contact information; date of birth; driver’s license data; employer details; records of incidents or damages; and, where applicable, GPS location and behavioral data (such as instances of speeding or similar conduct)	Administration of vehicles (including delivery and return, servicing, management of damages and insurance claims, and processing of fines), monitoring of safety and operational performance, and related communication.	Article 6(1)(b) – performance of a contract; Article 6(1)(c) – legal obligation (registration, taxation, fines); Article 6(1)(f) – legitimate interest; GPS/telematics – Article 6(1)(a) – consent (where required)	From the employer (client), from the driver himself/herself, and from partners (service providers/insurers	Employer (client); insurance companies; service providers and suppliers; law enforcement and municipal authorities (for fines); and carriers.	For the duration of the vehicle’s operation period plus 3 years (limitation period for claims); data relating to damages or legal proceedings – until the conclusion of the case plus the applicable limitation period	Health data in the event of damages – only to the extent necessary and where applicable under Article 9(2)(a) or (f) GDPR; GPS data – processed only with prior consent (subject to separate notice and the possibility to withdraw consent); profiling does not produce any legal effects.
5.4. Consumers (Private Clients)	Name, surname; contact details; address; date of birth; personal identification number (where required for identification or by law); employer and position; income and source of income (where necessary for credit assessment); driver’s license details; information on incidents or damages, where applicable.	Conclusion and performance of the contract (purchase, rental, or leasing), creditworthiness assessment, payment administration, taxation and registration, management of damages and insurance claims, handling of fines, and customer service	Article 6(1)(b) – performance of a contract; Article 6(1)(c) – legal obligation; Article 6(1)(f) – legitimate interest (risk and operational management); GPS – Article 6(1)(a) – consent.	Directly from the data subject; credit institutions; insurance companies; and public registers	Banks and payment institutions; insurance companies; law enforcement and municipal authorities; public registers; and service providers.	For the duration of the contract plus 10 years (for accounting purposes); creditworthiness documents – in accordance with statutory requirements.	Health and offence-related data – only to the extent necessary for the administration of damages or fines (GDPR Article 9(2)(f) and Article 10); GPS data – processed based on consent with a clear option to withdraw.
5.5. Managers / Authorized Representatives and Contact Persons of Suppliers (Legal Entities)	Name, surname; contact details; ultimate beneficial owner (UBO) information and, where applicable, identity document details	Supplier selection and management, KYC/AML compliance, contract execution and payments, and quality control	Article 6(1)(b) – performance of a contract; Article 6(1)(c) – legal obligation (AML, taxation); Article 6(1)(f) – legitimate interest.	Directly; company registers; PEP and sanctions databases	IT and financial systems; auditors; banks; supervisory authorities.	For the duration of the contract plus 10 years	Copies of documents – only where required by law (AML/KYC)
Visitors to the Website	IP address; date and time of access; URL; referrer (source); browser type and version; operating system; cookies (necessary, analytical, marketing, social).	Website functionality and security; traffic analysis; personalized marketing (where consent has been given)	Article 6(1)(f) – legitimate interest (necessary and security logs); analytical, marketing, and social cookies – Article 6(1)(a) – consent.	Automatically from the browser or device; third-party tools	IT hosting and analytics providers (e.g., Google); marketing platforms	Logs – up to 30 days; analytical cookie IDs – in accordance with the Cookie Policy (up to 13 months); marketing data – until consent is withdrawn.	A Cookie Consent Management system is used; consent may be modified at any time in the ‘Cookie Settings’ section; data may be transferred outside the EEA on the basis of Standard Contractual Clauses (SCCs).
5.7. Recipients of Newsletters and Marketing Communications	Email address; name (if provided); record of consent.	Newsletter distribution, promotional offers, and surveys	Article 6(1)(a) – consent; for existing clients – Article 6(1)(f) – legitimate interest (marketing of similar services, with the right to opt out).	Directly (via the website form	Email service providers; marketing platforms.	Until consent is withdrawn or for 3 years after the last contact	Each email contains an unsubscribe link; records of consent are retained for evidential purposes. You may unsubscribe at any time, for example by using the unsubscribe link included at the end of each newsletter or by adjusting your preferences in the website settings. Alternatively, you may send a request to unsubscribe at any time by email to support@euroleasingauto.com
5.8. Employment Candidates	Data contained in CVs and cover letters; contact details; recruitment notes; and consents	Conducting recruitment and candidate administration	Article 6(1)(b) – pre-contractual measures; Article 6(1)(a) – consent (talent pool)	Directly; recruitment platforms.	HR service providers; evaluators.	Normally 1 month after the end of the recruitment process; longer only with consent or, in the event of a dispute, until the expiry of the limitation period.	Inclusion in the talent pool is based solely on separate and explicit consent, which the data subject may withdraw at any time without affecting the lawfulness of processing carried out prior to withdrawal.”
5.9. Company Employees	As set out in the company’s internal Employee Privacy Notice, which governs the processing of personal data of employees	Employment relationship administration	6(1)(b), 6(1)(c), 6(1)(f)	Internal	State authorities; IT and recruitment service providers	“As specified in the Employee Privacy Notice	Detailed regulation is provided in internal documents

Personal data referred to above will be deleted once they are no longer required for display on the website. The collection of data necessary for the provision of the website and the storage of such data in server log files are essential for the proper functioning of the website; consequently, users do not have the right to object to this processing. However, further retention of data may take place in specific cases where required by law.

6. Use of cookies

6.1. Type, scope, and purpose of data processing

We use cookies. Cookies are small text files that are sent to your browser when you visit our website and are stored there.

Some functions of our website cannot be offered without the use of technically necessary cookies. On the other hand, we also use cookies to personalize content and advertisements, to provide social media features, and to analyze our website traffic. We also share information about your use of our website with our social media, advertising, and analytics partners, who may combine it with other information that you have provided to them or that they have collected when you used their services.

For example, certain cookies may recognize your browser when you revisit our website and transmit various types of information to us. We use cookies to make your interaction with our website easier and more efficient. Among other things, cookies enable us to make our website more user-friendly and effective for you by tracking your usage patterns and identifying your preferred settings (e.g., country or language preferences).

If third parties process information using cookies, such information is collected directly through your browser.

Cookies do not cause any damage to your device. They cannot run programs or contain viruses. Our website uses different types of cookies, the nature and purpose of which are explained below.

6.2. Temporary Cookies / Session Cookies

Our website uses so-called temporary or session cookies, which are automatically deleted as soon as you close your browser.

This type of cookie allows the storage of your session ID, enabling various requests from your browser to be assigned to a single session. This, in turn, allows your device to be recognized during subsequent visits to the website.

6.3. Persistent cookies

Our website also uses so-called persistent cookies. Persistent cookies are stored in your browser for an extended period of time and may transmit information to us or to third parties.

The specific storage duration of a persistent cookie depends on the purpose of the cookie and may vary accordingly. You can delete persistent cookies manually at any time through your browser settings.

6.4. Third-party cookies

We use analytical cookies to monitor and analyze anonymous user behavior on our website.

We also use advertising cookies, which enable us to track user behavior for advertising and targeted marketing purposes.

Social media cookies allow you to connect with your social network accounts and share content from our website through your social networks.

6.5. Browser configuration settings

Most internet browsers are pre-configured to automatically accept cookies. However, you can configure your browser to accept only certain types of cookies or to reject cookies altogether. Please note that if you choose to block cookies, you may not be able to use all functions of our website in full.

You can also delete cookies that have already been stored in your browser by adjusting your browser settings. In addition, it is possible to configure your browser to notify you before cookies are saved. As different browsers may vary in their functionality, we recommend consulting your browser’s help menu for detailed configuration instructions.

To disable the use of cookies, it may be necessary to store a persistent cookie on your device to record your preference. If you later delete this cookie, you will need to disable cookie usage again.

7. Legal Basis for the Use of Cookies

7.1. Legal Basis for the Use of Necessary Cookies

The legal basis for the use of necessary cookies is the Controller’s legitimate interest pursuant to Article 6(1)(f) of the General Data Protection Regulation (GDPR).

7.2. Legal Basis for the Use of Cookies Requiring Consent

The legal basis for the use of cookies that require user consent is the data subject’s consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR).

8. Cookie Retention Period

8.1. Session (temporary) cookies are stored from the moment the user opens the browser until the browser is closed. Once the browser is closed, these cookies are automatically deleted.

8.2. Persistent cookies remain stored on the user’s computer until they are deleted through the browser settings or until their validity period expires.

8.3. Once the data transmitted through cookies are no longer required for the purposes described above, such information will be deleted. Further retention may occur in individual cases where required by applicable legislation.

9. Information About the Cookies Used

9.1. Necessary Cookies

Cookie Key	Domain	Path	Expiration	Description
CookieScriptConsent	www.euroleasingauto.com	/	1 month	This cookie is used by Cookie-Script.com service to remember visitor cookie consent preferences. It is necessary for Cookie-Script.com cookie banner to work properly.
PHPSESSID	www.euroleasingauto.com	/	Session	Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.

9.2. Performance Cookies

Cookie Key	Domain	Path	Expiration	Description
_ga_6XZGB3EVV4	.euroleasingauto.com	/	1 year 1 month	This cookie is used by Google Analytics to persist session state.
_ga	.euroleasingauto.com	/	1 year 1 month	This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.

10. Your Rights

10.1. In order to ensure the protection of personal data subjects, the General Data Protection Regulation (GDPR) establishes the following key rights of individuals in relation to the processing of their personal data. These rights are described in detail below.

Data Subject Rights	Description of the Right	Article of the GDPR
Right of Access to Personal Data	You have the right to obtain information regarding the processing of your personal data and to receive a copy of such data. Upon your request, we will provide you with all relevant information concerning the purposes of processing, the categories of personal data being processed, the categories of recipients, the data retention period, and your rights — including, where applicable, the right to rectification, erasure, or restriction of access to the respective data.	Right of Access (Article 15 GDPR)
Right to Rectification of Personal Data	If you consider that the personal data concerning you are inaccurate or incomplete, you may request that we correct or complete the data without undue delay.	Right of Access (Article 16 GDPR)
Right to be Forgotten	You have the right to request the deletion of your personal data, insofar as such deletion is permitted under the applicable legal provisions.	Right of Access (Article 17 GDPR)
Right to Restriction of Processing	You have the right to request that the use of your personal information be restricted, meaning that your data may be stored but not further processed except in specific cases provided by law.	Right of Access (Article 18 GDPR)
Right to Data Portability	Where applicable under the law, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.	Right of Access (Article 20 GDPR)
Right to Object	You have the right to object, on grounds relating to your particular situation, to the processing of your personal data. In addition, you have the right to object at any time to the processing of your personal data for direct marketing purposes, including any profiling carried out in connection with such marketing activities.	Right of Access (Article 21 GDPR)

You have the right to lodge a complaint with the State Data Protection Inspectorate regarding the processing of your personal data. Nevertheless, we kindly encourage you to first address any complaint or request directly to us — in person, by mail, through an authorized representative, or electronically by email at support@euroleasingauto.com — so that we may resolve the matter promptly and amicably.

10.2. Handling of data subject requests

The Company may refuse to act on a data subject’s request if the request is manifestly unfounded or excessive.

The Company shall, without undue delay and in any event within one month of receiving the request, provide the data subject with information on the action taken in response to the request, in accordance with Articles 15–22 of the General Data Protection Regulation (GDPR)

That period may be extended by a further two months where necessary, taking into account the complexity of the request and the number of requests received. The Company shall inform the data subject of any such extension within one month of receiving the request, stating the reasons for the delay.

11. Security and data retention

11.1. It is not possible to guarantee that any data transmission over the Internet or through a website will be completely secure against unauthorized access. However, in order to ensure fair and transparent data processing, and taking into account the nature of our processing activities, we implement appropriate personal data management procedures, including technical and organizational measures. These measures take into consideration potential harm and possible inaccuracies in the processing of personal data, with the aim of reducing the risk of errors and ensuring that your personal data are processed fairly and securely.

11.2. When transferring data to external entities in third countries, i.e., outside the EU or the EEA, we ensure that such entities handle your personal data with the same level of care as within the EU or the EEA. Personal data are transferred only to those third countries for which the European Commission has confirmed an adequate level of data protection, or where we ensure appropriate data handling through contractual agreements or other suitable safeguards.

12. Updates this privacy policy

We may update this Privacy Policy from time to time to reflect changes in applicable laws or our data processing practices. Therefore, we encourage you to review it regularly. If we make any significant changes to this Privacy Policy, we will notify you by posting a prominent notice on the homepage of our website.