Privacy Policy
How your personal data is collected, used and stored, and what your rights are under the General Data Protection Regulation (GDPR).
1. Who we are (the controller)
The controller of your personal data is Terris Timber, MB, legal entity code 307556248, registered office Raudondvario pl. 101B, LT-47184 Kaunas, Lithuania.
For privacy matters you can reach us by email at info@web1o.com or by phone at +370 628 11029. All matters relating to this policy are handled by the controller.
- Name and legal form: Terris Timber, MB
- Legal entity code: 307556248
- VAT code: LT100019645711
- Registered address: Raudondvario pl. 101B, LT-47184 Kaunas
- Email: info@web1o.com · Phone: +370 628 11029
2. Data Protection Officer and contact point
No Data Protection Officer (DPO) has been appointed, as one is not required under Article 37 GDPR.
For data-protection matters you can contact us using the details above.
3. What personal data we collect
We only process data that is needed for the purposes described below. Most of it you provide yourself by completing an enquiry or contact form; some technical data is collected automatically as you browse the website web1o.com.
- Contact / enquiry form data: name, email, phone number, message content
- Technical data: IP address, browser and device information, server log entries
- Cookie and usage data (see the Cookie Policy)
4. Purposes and legal bases
We process personal data only where we have a legal basis under Article 6 GDPR. Each purpose relies on the corresponding basis:
- Responding to enquiries and handling leads — your consent and/or steps taken before entering a contract (Art. 6(1)(a)/(b))
- Operating and securing the website, and keeping logs — our legitimate interest in keeping the service safe and reliable (Art. 6(1)(f))
- Sending newsletters or marketing messages — your separate consent (Art. 6(1)(a))
- Meeting legal and accounting obligations — legal obligation (Art. 6(1)(c))
5. Who we share data with (recipients)
We do not sell your personal data. We only share it with trusted processors acting on our behalf under agreements that meet Article 28 GDPR, or where required by law.
- Hosting / IT provider acting as a processor: Hostinger (hosting, EU)
- Analytics provider acting as a processor: Microsoft Clarity (Microsoft) — only with your consent; see the Cookie Policy
- Professional advisers and public authorities where required by law
6. International transfers (outside the EU / EEA)
Most of your personal data is processed within the European Union / European Economic Area (EEA).
Currently such a transfer is made by Microsoft Clarity (analytics, only with your consent), which transfers data to the US. This relies on appropriate safeguards — the European Commission's Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework. You can obtain a copy by contacting us at the details above.
7. How long we keep data
We keep personal data only for as long as needed for the purposes above or as required by law. Once the period ends, the data is securely deleted or anonymised.
- Enquiry and correspondence data: 24 months from last contact
- Contract and accounting data: for the period required by law (10 years)
- Server logs: up to 12 months
8. Your rights
Under the GDPR you have the following rights over your personal data. To exercise them, contact us at the details above — we will respond within one month at the latest (Art. 12 GDPR).
- The right to access your data (Art. 15)
- The right to rectification of inaccurate data (Art. 16)
- The right to erasure (the ‘right to be forgotten’, Art. 17)
- The right to restrict processing (Art. 18) and the right to data portability (Art. 20)
- The right to object to processing (Art. 21); the right to object to direct marketing at any time is absolute
- The right to withdraw consent at any time, as easily as it was given, without affecting processing carried out before withdrawal (Art. 7(3))
9. Right to lodge a complaint
If you believe your personal data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). In Lithuania this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI).
VDAI contacts: L. Sapiegos g. 17, 10312 Vilnius; email ada@ada.lt; phone +370 5 271 2804; vdai.lrv.lt.
10. Is providing data mandatory; automated decisions
Providing data in our forms is voluntary, but without the necessary data (such as your email) we cannot respond to your enquiry or provide the requested service.
We do not carry out decision-making based solely on automated processing, including profiling, that would have a legal or similarly significant effect on you.
11. Cookies, changes and contact
Our website uses cookies. You will find full details in our Cookie Policy.
We may update this privacy policy from time to time, for example when laws or our operations change. The current version is always published on this page with the date it was last updated. If you have any questions, contact us at info@web1o.com.
Last updated: 2026-06-30
For questions, contact us via our contact page.