Privacy Policy last updated on 7 April 2026.

Supplements and amendments to the Privacy Policy enter into force from the date of their publication on this website.

 

1. GENERAL INFORMATION

With this privacy policy (hereinafter referred to as the “Privacy Policy”) Venipak Lietuva, UAB (hereinafter referred to as the “Company” or “We”) sets the provisions for the processing of personal data collected from visitors to our website venipak.com/lt/ (hereinafter referred to as the “Website”), to customers who use our services, and to other individuals whose personal data we process in the framework of our activities. This Privacy Policy also applies to personal data processing and communication on social media accounts of the Company (e.g. Facebook, LinkedIn).

Details of the data controller:
Venipak Lietuva, UAB
Konstitucijos pr. 18, LT-09308, Vilnius
Company code: 300906055
Tel.: +370 700 55221
Email: [email protected]

As this Privacy Policy may change without any separate notification, please check the Policy every time you visit our Website. The latest version of the Privacy Policy is available on our Website.

All data We process in the framework of our operations is collected in accordance with the requirements laid down in laws of the European Union and the Republic of Lithuania and in line with the instructions of the controlling bodies. All reasonable technical and administrative measures are applied to protect the collected personal data from loss, unauthorised use and modification.

Persons under the age of 16 cannot submit any personal data through our Website. If you are under the age of 16, you must obtain the consent of your parent or other legal guardian before submitting your personal information.

 

2. WHAT INFORMATION ABOUT YOU DO WE COLLECT AND HOW DO WE USE IT?
For what purpose do we collect personal data? What exactly is the data we collect/process? Which GDPR clause do we rely on to process your personal data? How long do we keep this data?
2.1. Parcel collection and delivery The sender’s and recipient’s first name and surname, delivery address, telephone number, email address, and other information provided by the sender, the recipient’s  signature (obtained upon collection/delivery of the parcel).

 

The data we generate includes: the parcel number, proof of delivery, the GPS data and the collection and delivery location, a photo of of the parcel if delivered (a photo of the place where the courier dropped off the parcel, e.g. the entrance door), the App user’s ID, account status, IP address, technical data concerning account logins and account activity.

 

 In the case of a sender: (1) the performance and conclusion of a contract (Article 6(1)(b) of the GDPR); and (2) the fulfilment of a legal obligation pursuant to Article 6(1)(c) of the GDPR (Article 10(2) of the Postal Law of the Republic of Lithuania)

 

In the case of the parcel recipient

(1) the fulfilment of a legal obligation under Article 6(1)(c) of the GDPR (Article 10(2) of the Postal Law of the Republic of Lithuania); and (2) our legitimate interest in delivering the parcel to the right recipient (identification) under Article 6(1)(f) of the GDPR)

 Electronic data files, information systems and database records are kept for a period of 4 years from the date of receipt.

 

Documents relating to the collection of parcels (waybills and related documents) are kept for 18 months.

 

Parcel delivery documents (electronic and paper) are kept for 4 years.
2.2. Contracting and performance of contracts With regard to natural persons who sign a contract: name, surname, personal identification number, address, individual activity certificate or business licence, account details, telephone number, email address, signature and the contract being concluded.

 

With regard to representatives of legal entities entering into the contract (e.g. company employees): name, surname, job title, telephone number, email address, signature and the contract being concluded.

 The performance of a contract and its conclusion (Article 6(1)(b) of the GDPR)

 

The fulfilment of a legal obligation to keep proper accounting records in accordance with Article 6(1)(c) of the GDPR (Accounting Law of the Republic of Lithuania, Value Added Tax Law of the Republic of Lithuania)

 

Our legitimate interest in concluding and performing a contract with the other party to the contract by engaging its representative (for the purposes of concluding and performing the contract, contacting and identifying the representative, signing documents, etc.) (Article 6(1)(f) GDPR)

 

 10 years from the date of termination of the contract, unless there is a need to keep the data for a longer period, e.g. to defend legal claims
2.3. Customs administration Name, surname, phone number, email address, parcel number, messages sent, contents and value of goods. The fulfilment of a legal obligation under Article 6(1)(c) of the GDPR (Customs Law of the Republic of Lithuania) 6 months in the active database. After this period, We will transfer the data to the archive for 5 years.
2.4. Making payments and bookkeeping Data contained in accounting records: name, surname, personal identification number, contact details, bank account number, payment details, services rendered and other information as required by accounting rules.

 

 The fulfilment of a legal obligation to keep proper accounting records in accordance with Article 6(1)(c) of the GDPR (Accounting Law of the Republic of Lithuania, Value Added Tax Law of the Republic of Lithuania) 10 years, except where there is a need to keep the data for a longer period, for example to defend legal claims.
2.5. Direct marketing (informing you about our services and conducting surveys to assess the quality of our services) Name, surname, email address, phone number, parcel number. We inform you about our services: (1) if you have used our services, We process your data on the basis of Article 81(2) of the Law on Electronic Communications of the Republic of Lithuania; (2) if you have not used our services (you have not been our customer), We process your data on the basis of the consent that you have given us (Article 81(1) of the Law on Electronic Communications of the Republic of Lithuania and Article 6 (1) (a) of the GDPR).

We carry out surveys on the basis of our legitimate interest to improve the quality of our services in accordance with Article 6(1)(f) of the GDPR.

 

 Data of contractual customers is processed as long as contract is in force.

If We have your consent for direct marketing, We will process your data for 5 years from the date of receipt of your consent.

Data used for the purpose of conducting surveys will be processed for a period of 3 months from the date the service is provided.
2.6. Managing our social media accounts

 

 Name, surname, account name, gender, contact information (if you provide it to us), country, photo, comments on our posts, shares of our posts, reactions to our posts, reviews and ratings left, information about when you started following or liking our social networking account, messages sent to us with attachments, history of your communications with us (the content of the communications and the timing of when they were received/submitted)

 

 Your consent (Article 6(1)(a) of the GDPR) 5 years
2.7. Debt management If you are late in fulfilling your contractual obligations to our Company, the following data of the manager or shareholder of a natural or legal person shall be processed: name, surname, personal identification number, address, date of birth, email address, telephone number, payment account number, payment account statements, credit history, and any other data, insofar as it relates to the circumstances under which the debt arose or to the management of the resulting debt.

Some of these data are obtained from credit, financial, payment and/or electronic money institutions, state or non-state registers, and companies maintaining joint debtor data files (Creditinfo Lietuva UAB in Lithuania and others).

The Company has the right to provide the information it holds about your identity, contact details and credit history, i.e. financial and property obligations and their fulfilment, debts and their payment, to companies managing databases of debtors (e.g. Lithuania Credit Bureau, UAB Creditinfo Lietuva), as well as to debt collection companies.

 

 Our legitimate interest to receive timely payment for the services we provide in accordance with Article 6(1)(f) of the GDPR 1 year after the payment of debt or after the date of debt recovery
2.8. Handling inquiries, complaints and requests (internal administration) Name, surname, contact details and any other information or documents you provide to us Our legitimate interest in the proper and expeditious handling of complaints, requests and enquiries received in accordance with Article 6(1)(f) GDPR Data is stored for 4 years following the handling of an issue. Personal data may be retained for a longer period of time if this is necessary to enable the Company to defend itself against claims, demands or actions brought against it.

 
2.9. Recording of Customer Service Department telephone calls for the purpose of ensuring the quality of customer service by telephone, establishing consistent service practices, enabling the objective handling of customer requests and complaints, and protecting the Company’s legitimate interests

 

 Customer service specialist’s first name, last name and position.

Caller’s telephone number, audio recording of the call, and data provided during the call.

Technical call data: date, time and duration.

 The recording of telephone conversations is carried out on the basis of the Company’s legitimate interest (Article 6(1)(f) of the GDPR), namely to ensure the quality of customer service, to establish consistent service practices, to enable the objective handling of customer requests and complaints, and to protect the Company’s legitimate interests.

Customers are informed that the call will be recorded prior to the start of the conversation by means of an automated message. This message ensures transparency but does not constitute consent to the processing of personal data.

If you do not wish your call to be recorded, you may choose an alternative means of communication by contacting us by email at [email protected].

 No longer than 6 months, except where there is a need to keep the data for a longer period, for example, to defend legal claims.
2.10.       Recording of couriers’ telephone conversations for the purpose of ensuring the quality of communication related to parcel delivery, establishing consistent service provision practices, enabling the objective handling of customer requests, complaints and disputes related to parcel delivery, and protecting the Company’s legitimate interests.

 

 The courier’s first name, last name and position.

The customer’s telephone number, call recording, and data provided during the call. A “customer” means any natural person communicating with the courier by telephone in relation to parcel delivery, including senders, recipients and other persons associated with the parcel.

Call metadata: date, time and duration.

 The recording of couriers’ telephone conversations is carried out on the basis of the Company’s legitimate interest (Article 6(1)(f) of the GDPR), namely to ensure the quality of telephone communications related to parcel delivery, to establish consistent service provision practices, to enable the objective handling of customer requests, complaints and disputes related to parcel delivery, and to protect the Company’s legitimate interests.

Customers are informed that the call will be recorded prior to the start of the conversation by means of an automated message. This message ensures transparency but does not constitute consent to the processing of personal data.

 30 days, unless it is necessary to retain the data for a longer period, for example, to establish, exercise or defend legal claims
2.11.       Ensuring the security of parcels stored in parcel lockers and the Company’s property (video surveillance) Video data (video recording), date and time of collection Our legitimate interest in ensuring the security of parcels stored in parcel lockers and the security of the Company’s property (Article 6(1)(f) GDPR) No longer than 30 calendar days, unless there are grounds to believe that: (1) the video recordings contain evidence of an administrative offence, criminal act or other legal violation, including a breach of labour discipline and/or professional ethics; (2) the video data is necessary for pre-trial or judicial proceedings; or (3) a request to access the video data is received before the expiry of the data retention period.

In such cases, the video data shall be retained for as long as necessary to achieve these purposes and shall be deleted as soon as they are no longer required.

 
2.12.       Improving the Website to ensure better performance, improve security and adapt their content and format to the needs of visitors The following data of visitors of our Website are collected and processed: IP address, operating system, user ID, user device, and other information about the visitor’s activity on our and other websites. This information is collected and stored as part of records or through the use of cookies. For more information about the use of cookies, please refer to the Cookie Policy at venipak.com/lt/

 

 The data obtained by means of cookies is collected on the basis of your consent (Article 6(1)(a) GDPR). The data received is processed on the basis of our legitimate interest in improving the functioning of our Website (Article 6(1)(f) GDPR) For more information about retention periods, please refer to our Cookie Policy on venipak.com/lt/

 

3. TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA WITHIN AND OUTSIDE THE EEA?

We only transfer your personal data to trusted third parties and only for the purpose of properly fulfilling the purposes of processing your personal data. Specifically, your data may be transferred to:

Within the EEA to:

  • other companies within the Venipak Group;
  • our partners assisting in the delivery of parcels;
  • companies providing marketing, business management and communication services;
  • companies providing telephone call recording services;
  • companies providing customer service and customer administration services;
  • Creditinfo Lietuva, UAB (provision of debt management services);
  • debt collection companies to which claims relating to outstanding debts are assigned;
  • companies providing IT infrastructure maintenance and support services;
  • companies providing server hosting and server maintenance services;
  • companies providing electronic communications services;
  • companies providing website administration services;
  • companies providing accounting, audit, legal and other professional services;
  • Payment services providers;
  • public authorities and institutions, law enforcement authorities, and other persons performing functions assigned by law, in accordance with the procedure established by the legal acts of the Republic of Lithuania.

Outside the EEA:

  • Facebook, Inc. (USA). Facebook no longer relies on the data transfer scheme Privacy Shield to transfer data to the USA, but is participating in the programme. For transfers of personal data outside the EEA, Facebook uses Standard Contractual Clauses (SCC) approved by the European Commission.
  • LinkedIn Corporation (USA). LinkedIn no longer relies on the data transfer scheme Privacy Shield to transfer data to the USA, but is participating in the programme. For transfers of personal data outside the EEA LinkedIn uses Standard Contractual Clauses (SCC) approved by the European Commission.
  • Google LLC (USA). Google’s Privacy Policy is available here. We use Google cookies. Google no longer uses the Privacy Shield mechanism to transfer data to the USA, but continues to participate in this programme. For transfers of personal data outside the EEA, Google uses the Standard Contractual Clauses (SCCs) approved by the European Commission.

We will provide your personal information to all these service providers only to the extent necessary to provide specific services.

 

4. WHAT DO WE DO TO PROTECT YOUR DATA?

Your Personal Data is processed responsibly and securely and is protected against loss, unauthorised use and alteration. We have put in place physical and technical measures to protect all information that we collect for the purposes of providing our services against accidental or unlawful destruction, damage, alteration, loss, disclosure or any other unauthorised processing. Personal data security measures are determined taking into account the risks involved in processing personal data.

 

5. YOUR RIGHTS

Each data subject, i.e. each of you whose data is processed in our activities, has the following rights to:

  • know (be informed) about the processing of your personal data (Articles 12-14 of the GDPR);
  • have access to your personal data processed (Article 15 of the GDPR);
  • request the rectification of inaccurate personal data relating to you (Article 16 of the GDPR);
  • request the erasure of personal data relating to you (“right to be forgotten”) (Article 17 of the GDPR).
    Please note! You only have the right to be forgotten if one of the following reasons applies:
    • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • you withdraw your consent to the processing of the personal data on which the processing is based and there is no other basis for processing the data;
    • you do not consent to processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for processing.
  • Restrict processing (Article 18 GDPR):
    Please note! You only have the right to restrict the processing of your data if:

    • your personal data is inaccurate;
    • the processing of personal data is unlawful but you do not consent to the erasure of the data;
    • the data controller no longer needs the personal data for its own purpose but you need it to assert, exercise or defend legal claims against you;
    • you object to the data processing in accordance with Article 21(1) of the GDPR, provided that the data controller’s legitimate reasons do not override your reasons.
  • Transfer of your personal data where the processing is based on consent or contract and the processing is carried out by automated means (Article 20 of the GDPR);
  • Object to the processing of personal data on grounds relating to your particular case where the processing is carried out for the legitimate interests of the data controller or of a third party, unless the data controller demonstrates that the processing is carried out for compelling legitimate grounds which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (Article 21 of the GDPR).

If you believe that Venipak Lietuva, UAB is unlawfully processing your personal data or is not exercising your rights, you have the right to file a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, 10312 Vilnius, tel. (+370 5) 271 2804, 279 1445, email [email protected]).

If you no longer wish to have your personal data processed for direct marketing purposes or have any other request or instruction related to the processing of your personal data, please contact us by email at [email protected] or phone at +370 700 55221.

Upon receipt of your request or instruction, we will provide you with a response within no later than 1 (one) month from the date of the request and will carry out the actions specified in the request or inform you why we refuse to do so. If necessary, the time limit may be extended by a further two months depending on the complexity and number of requests. In this case, we will inform you of the extension and the reasons for it within one month of receipt of the request.

 

6. THIRD PARTY PRODUCTS ON OUR WEBSITES AND COOKIES

This Website may contain third party banners and links to their websites and services. Please note that we are not responsible for the content of third party websites or the data security measures used by them. Therefore, if you click on a link from our Website, or our other content (e.g. a newsletter) to other websites, you should read their privacy policies separately. More information about cookies is available here.

 

CONTACT US

Should you have any questions regarding the protection of your personal data, please contact us in any way that suits you best:

By post or in person at our registered office at: Venipak Lietuva, UAB, Konstitucijos pr. 18, LT-09308, Vilnius
By phone: +370 700 55221
By email: [email protected]