Privacy Policy

* You can revoke your consent any time using the “Revoke consent” button.

Revoke consent



The subject of this privacy policy

This Privacy Policy sets the terms for processing the User’s Personal data while using the Website. Getting to know with this Privacy Policy, the User will know how and for what purposes the Data Controller processes his/her Personal data, shares it and what rights grants to the User.

The terms and conditions of this Privacy Policy apply to the User every time the User wants to access the content and/or service the Data Controller provides on the Website. By providing the Personal data, the User also provides the Consent for Data Controller to collect, hold, use and disclose the User’s Personal data in accordance with the terms of this Privacy Policy. In addition to providing the foregoing information, if the User chooses to correspond further with the Data Controller through e-mail or through the “contact” section on the Website, the Data Controller may retain and use the content of the User’s messages together with the e-mail address and responses.

The Data Controller ensures, within the framework of applicable laws and Regulation, the confidentiality of Personal data and has implemented appropriate technical and organisational measures to safeguard the User’s Personal data from unauthorized access or disclosure, accidental loss, modification or destruction, or other unlawful Data processing.

This Privacy Policy is prepared, and, on this Website, Personal data is processed in accordance with the requirements of the Regulation and legal acts of the Republic of Lithuania.


Used terms

The following terms are used in this Privacy Policy:

“Consent” means a free, and unambiguous expression of the User’s will under declaration or unequivocal actions pursuant to which the User gives consent to process any Personal data related to him/her.

“Cookies” are type of messages with a unique identification number that is given to a web browser by a web server. It is transmitted to the User’s hard disk drive so that the Data Controller could distinguish the User’s computer from the Internet and see it on the Internet.

“Data Controller” is IĮ “ELSTINA”, registration code 124287054, registered office at Olandų 19-1, Vilnius, Lithuania.

Data processing” means any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Personal data” or “Data” means any information about the User whose identity has been identified or whose identity can be directly or indirectly identified (the data subject).

Privacy Policy” means this privacy policy, which determines the basic rules of Data Controller for collecting, processing and storing Personal Data applicable to Users while using the Website.

“User” is a natural person who has visited the Website and provided his/her Personal data to the Data Controller.

Newsletter” means a newsletter sent by the Data Controller to the User about the latest news and updates of the Data Controller’s services.

Regulation” means 2016/679 Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, which entered into force in the European Union on 25 May 2018.

Website” is the internet website of the Data Controller, the address of which is

The terms and definitions mentioned in this Privacy Policy are understood as defined and explained in the Regulation, which you can find by clicking on this link.


Collected INFORMAtion

To properly provide its services, the Data Controller collects the following information about the User:

Personal data submitted by the User

First name

Last name

Telephone number

Email address

Country and city of residence


Automatically collected Data

The Website uses Cookies, through which the Data Controller also collects Data that reveals the peculiarities of using its services or the automatically generated visits statistics. More information on the Cookies and its usage is provided herein in the Section 6.


Data from third-party sources

The Data Controller may receive information about the User from public and commercial sources (to the extent allowed by applicable legal acts) and associate it with other information that the Data Controller receives from the User.


Additional Data

With a separate Consent of the User, the Data Controller can also collect and manage other, additional Data about the User that is not indicated in this Privacy Policy.



Purposes of processing personal data

Personal data of the User is processed for the following purposes:

For registering to a Craftmaster. In case the User wants to register to a training with Grand Master Ella Sakalauskiene, the User has to provide his/her Personal data. After the User registers to the training and provides his/her Data, the Data Controller sends to the User all meaningful information about the training.

For selling tickets to trainings. The Data Controller sells tickets to the trainings organised by the Data Controller or other service providers. In order to participate in the training, the User has to make a payment through the selected external service provider to the Data Controller.

For sending the Newsletter. Sending notifications about the special offers, updates or changes on the Data Controller’s services.

For contacting. If the User wants to contact the Data Controller, under the rules specified on the Website, the User has to fill in the contact form with his/her Personal data.



The Data Controller undertakes not to disclose or transfer Personal data of the User to third parties except in the following cases:

when it is necessary to complete the contract with the User and provide services properly – to partners of the Data Controller. For these partners, the Data Controller will provide only as much of Personal data as will be required to fulfil a specific commitment;

if the individual Consent of the User on such transfer of Data has been received;

data transfer is obligatory upon the demand of law enforcement agencies in accordance with the procedure established by legal acts of the Republic of Lithuania;

in other cases, established in the Regulation and legal acts of the Republic of Lithuania.


Cookies usage

The Data Controller uses Cookies to collect the following information about the User: internet protocol (IP) address, the access device used, the browser used, number of visits, the pages viewed on the Website and the time spent on the Website.

The Data Controller collects the Cookies to:

ensure proper functions of the Website;

analyse the User’s browsing habits;

improve and develop the Website.

The User may consent to the use of Cookies in the following ways:

by clicking the “Accept” button on the Cookies bar that show up on the Website;

by not deleting them and/or not changing the User’s browser settings so that the Cookies cannot be stored.

The User may withdraw the Cookies Consent at any time. The User can do this by changing his/her browser settings so that the Cookies cannot be stored. Instructions may vary depending on the User’s operating system and the type of the web browser. More information about the Cookies, their use and how to refuse them are available at

In some cases, disabling some Cookies, especially the technical and performance Cookies, refusal to accept Cookies or their deletion may slow down the User’s browsing or prevent the User from using certain functions within the Website.



The Data Controller undertakes to store the User’s Personal data for a period specified in the applicable laws and other legal acts of the Republic of Lithuania and/or this Privacy Policy, but not longer than is required by applicable laws and regulations of the Republic of Lithuania or pursuant to this Privacy Policy to achieve the goals of Data processing.

Data Controller seeks not to store irrelevant and outdated Personal data, and therefore when the User updates Data, old information is change into updated. Historical data is stored only if it is necessary pursuant to the applicable laws or to carry out activity of the Data Controller.

If the User does not make any payment or purchase any product that the Data Controller offers on the Website, the Data Controller will keep the User’s Data for no longer than 3 (three) years. In such a case, in 5 (five) calendar days before expiry of the term of 3 (three) years, the Data Controller will send an inquiry to the User’s e-mail address as to whether the User agrees to further processing of his/her Data. If the User expresses an objection or does not respond within 5 (five) calendar days, the Data Controller will delete all the Personal data related to the User.

If the User purchases any services offered on the Website, the Data Controller will keep the User’s Personal data for 10 (ten) years from the exercised payment on the Website, as it is foreseen in the Clause 10.15 of the Order of the archivist of the Government of the Republic of Lithuania “On Approval of the Register of Terms for the Storage of General Documents”. In such case, in 5 (five) calendar days before the expiry of the term of 10 (ten) years, the Data Controller will send an inquiry to the User’s e-mail address as to whether the User agrees to further processing of his/her data. If the User expresses an objection or does not respond within 5 (five) calendar days, the Data Controller will delete all the Personal data related to the User.

If the User subscribes the Newsletter, the Data Controller will store the Data and send the Newsletter in accordance with the procedure and terms as specified in the paragraphs 7.3 and 7.4 hereof.


RIGHTS of the Users

The User on the Website has the following rights:

know what and for what purpose the Personal data is processed;

require rectification or erasure of the Personal data;

require the Data Controller to restrict the processing of User’s Personal data for one of the legitimate reasons;

to submit claim to the State Data Protection Inspectorate concerning the illicit processing of Personal data or Data infringement;

to disagree with the processing of Personal data when this Data is processed or intended to be processed for direct marketing purposes.

Any requests or orders in relation to processing of the User’s data, the User has to submit in written to the Data Controller using the contact information indicated in this Privacy Policy (e-mail or postal address). Next to the request the User has to submit its identity document or identify itself with permissible electronic measures, unless the written request is submitted directly in the presence of the User when there is a possibility to identify him/her.

The User has a right to request erasure of all the Data about the User held by the Data Controller. In the answer to requests of the Users regarding the exercise of right to be forgotten, the Data Controller undertakes to answer in detail providing the grounds and (or) explanation on why there is no possibility to exercise such right when there is an overriding ground of legitimate interest or, when it is possible – how to exercise such right.

When the User submits the request to erase his/her Data, the Data Controller undertakes without undue delay to erase all Personal data, where one of the following grounds applies:

the Personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

the User withdraws consent on which the processing is based, and where there is no other legal ground for the processing;

the User objects to the processing of his/her Data and Data Controller does not determine overriding legitimate grounds for the further processing;

the Personal data have been unlawfully processed;

the Personal data have to be erased for compliance with a legal obligation in European Union or laws of the Republic of Lithuania.

User has a right to request that the Data Controller would restrict processing of the User’s Data in one of the following cases:

the accuracy of the Personal data is contested by the User for a period enabling the Data Controller to verify accuracy of the Personal data;

the Data processing is unlawful and the User opposes the erasure of the Data and requests the restriction of its use instead;

the Data Controller no longer needs the Personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims; or

when the User has objected to processing until the verification whether the legitimate grounds of the Data Controller override those of the User.

Where processing has been restricted under the paragraph 8.5 hereof, such Personal data shall, with the exception of storage, only be processed with the User’s Consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

The Data Controller after receipt of the User’s request or order shall respond and perform the steps in the request or refuse to perform stating the reasons for refusal no later than within 30 (thirty) days from the date of receipt. If necessary, the specified period may be extended by another 2 (two) months depending on the complexity and number of requests. In this case, within 30 (thirty) days from receipt of the application, the Data Controller informs the User of any such extension, together with a reason for the delay.

The Data Controller might not satisfy the User’s requests, in cases it is necessary to ensure:

execution of established legal obligations of the Data Controller;

public order and prevention of crimes; or

rights and freedoms of other Users or other third parties.

If the User has discovered the unlawfulness of its Data processing or in the event of a dispute with the Data processor, it has a right, at any time, to apply to the out-of-court dispute resolution authority in Lithuania – the State Data Protection Inspectorate, under the rules specified on its website, which can be found here.



The Data Controller may, at its own discretion, change this Privacy Policy.

The Data Controller recommends the Users to regularly visit the Website to find the latest version of the Privacy Policy. The Data Controller can notify the User of the changes of Privacy Policy at the contact details provided by the User.



The User can subscribe to the Data Controller’s Newsletter, indicating his/her email and expressing the Consent to the Data Controller for processing Personal data for direct marketing purposes.

The User may at any time refuse to receive the Newsletter by sending an email to the Data Controller or by selecting the “Unsubscribe” button at the bottom of every Newsletter sent to the User.



All the documents and questions in relation to this Privacy Policy can be sent to the contact details provided hereafter:

Sending mail – IĮ “ELSTINA”, Olandų 19-1, Vilnius, Lithuania

Sending e-mail –

Last updated on 13 January 2020