Privacy Policy

Last updated: 2026/01/25

1 — Overview

This Privacy Policy explains how MB Eleron (“Eleron”, “we”, “us”) collects, uses, shares, and protects personal data when you visit eleronlights.com (the “Site”), contact us, or purchase our products.

2 — Data Controller

Data controller: MB Eleron (Mažoji bendrija) Company code: 307535599 VAT ID: LT100019482713 Registered address: Vilkpėdės g. 22, LT-03151 Vilnius, Lithuania Email: [email protected]

3 — Personal Data We Collect

We collect personal data you provide directly. We do not use analytics tools and we do not build browsing profiles.

  • Data you provide: name, email, phone (if provided), shipping/billing address, order details, and customer support messages (including attachments you choose to send).
  • Payment data: payments are processed by Stripe. We do not store full card numbers. Stripe may process payment identifiers and fraud-prevention signals as part of providing payment services.
  • Technical data: we do not collect or store IP addresses for analytics or profiling. We may process minimal technical information strictly necessary to operate the Site securely and deliver requested services (for example, to prevent abuse and ensure system stability).

4 — How We Use Personal Data

We use personal data only as needed to run the Site and fulfill orders:

  • To process orders, deliver products, send order updates, and provide customer support (including returns, refunds, and warranty handling).
  • To protect the Site and our customers, prevent fraud and abuse, and defend against chargebacks and disputes.
  • To comply with legal obligations (e.g., tax/VAT records) and respond to lawful requests.
  • We do not send marketing emails unless you explicitly request them. Transactional emails (order confirmations, shipping updates, support replies) are not marketing.

5 — Legal Bases (GDPR)

Where GDPR/UK GDPR applies, we process personal data under the following legal bases: contract (to fulfill your order and provide support), legal obligation (tax/accounting compliance), and legitimate interests (security, fraud prevention, improving service, and defending legal claims). Where consent is required (e.g., optional marketing), you may withdraw consent at any time.

6 — When We Share Personal Data

We do not sell personal data. We share personal data only when necessary to provide our services:

  • Stripe: payment processing and fraud prevention.
  • Resend: sending transactional emails (order confirmations, shipping updates, and customer support messages).
  • Carriers/shipping partners: delivering your order and providing tracking.
  • Infrastructure and security providers: hosting, email delivery, and protecting the Site from abuse.
  • Legal/protection: where required by law or to protect our rights, customers, and business (including fraud investigations and chargeback disputes).

7 — International Data Transfers

We are based in Lithuania, but some service providers (such as Stripe and Resend) may process data outside the EEA/UK, including in the United States. Where required, we rely on appropriate safeguards (such as contractual protections) for international transfers.

8 — Data Retention

We keep personal data only as long as necessary for the purposes described in this Policy. Order and invoicing records are retained as required by applicable tax/accounting laws. Support, returns, warranty, and dispute records are retained as needed to handle requests and protect against claims. Security-related records (if any) are kept only as long as necessary for abuse prevention and dispute handling.

9 — Security

We use reasonable administrative, technical, and organizational measures to protect personal data. No method of transmission or storage is 100% secure, but we work to prevent unauthorized access, misuse, and loss.

10 — Your Rights (EU/UK)

If GDPR/UK GDPR applies, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability where applicable. You may also withdraw consent where processing is based on consent. To exercise your rights, contact [email protected]. We may request verification to protect your data.

11 — Complaints

If you are in the EU/UK, you can also lodge a complaint with your local data protection authority. In Lithuania, the supervisory authority is the State Data Protection Inspectorate (VDAI).

12 — Children

The Site is not intended for children under 16, and we do not knowingly collect personal data from children.

13 — Cookies

We use only strictly necessary cookies/technologies required for core Site functions (such as cart/checkout, security, and preventing abuse). We do not use analytics or advertising cookies. Because we only use essential cookies, we do not display a cookie consent banner.

14 — Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date shows the latest version. Changes take effect when posted on the Site.

15 — Contact

For privacy questions or requests, contact: [email protected]