Privacy Policy of the Hot Air Balloon Club “Padangių Gėlės”

1. General Provisions

1.1. This Privacy Policy governs the principles and procedures for the collection, processing, and storage of personal data of visitors and customers (hereinafter — “You”, “Purchaser”, “Passenger”) of the website www.padangiugeles.lt (hereinafter — the “Website”).

1.2. The Data Controller is the Hot Air Balloon Club “Padangių Gėlės” (legal entity code: 186440795, registered address: M. K. Oginskio g. 8, Nemenčinė, LT-15172 Vilnius District, email: [email protected], telephone: +37069945737).

1.3. Your personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation — GDPR) and the applicable legislation of the Republic of Lithuania.

1.4. By using the Website and purchasing flight tickets thereon, You confirm that You have read and understood this Privacy Policy.

2. Categories of Personal Data Collected and Purposes of Processing

2.1. The Data Controller collects and processes the following categories of Your personal data:

2.1.1. For the purpose of entering into and performing the service agreement (ticket purchase): full name, email address, telephone number, and information regarding purchased services.

2.1.2. For the purpose of flight organisation and safety assurance: when coordinating flight details, Passengers may be requested to provide their body weight (which is necessary for the calculation of the balloon’s lift capacity and for ensuring safety) and, where applicable, information regarding the age of minors or any specific medical condition that may affect flight safety.

2.1.3. For the purpose of payment administration: when processing payments made by bank card (Visa, Mastercard, etc.) or mobile wallets (Apple Pay, Google Pay), we collect information relating to the fact of payment. We do not collect or store bank card details — payments are processed by an external payment service provider (e.g., OPAY, Montonio).

2.1.4. For communication purposes: information submitted by You via email, text message, or social media messages, for the purpose of responding to Your enquiries.

3. Legal Basis for Processing

3.1. Your personal data are processed on the following legal grounds:

3.1.1. For the performance of a contract for the provision of services (flight) to which You are a party, or in order to take steps at Your request prior to entering into such a contract (Article 6(1)(b) GDPR).

3.1.2. For compliance with a legal obligation to which the Data Controller is subject, including tax, accounting, and aviation safety requirements (Article 6(1)(c) GDPR).

3.1.3. In order to protect the vital interests of the data subject, including in the event of an accident or emergency (Article 6(1)(d) GDPR).

3.1.4. For the purposes of the legitimate interests pursued by the Data Controller, including the exercise and defence of legal claims and the resolution of disputes (Article 6(1)(f) GDPR).

4. Disclosure of Personal Data to Third Parties

4.1. The Data Controller undertakes not to disclose Your personal data to third parties, except in the following circumstances:

4.1.1. To payment service providers (e.g., UAB “OPAY solutions”, UAB “Montonio Finance”). Only data strictly necessary to execute the payment transaction are transmitted to such providers (including order number, amount, and payer identifiers), encompassing the processing of Apple Pay, Google Pay, Visa, and Mastercard payments.

4.1.2. To the flight operations team: pilots and ground crew affiliated with the Club receive Your contact details, body weight, and full name, to the extent necessary for the proper organisation of the flight.

4.1.3. To companies providing IT and accounting services, which process data on our behalf pursuant to duly executed data processing agreements.

4.1.4. To law enforcement or supervisory authorities, including the Civil Aviation Administration of Lithuania, where there is a lawful basis for such disclosure.

5. Retention Periods

5.1. Purchase records (invoices and orders) are retained in accordance with the requirements of the applicable legislation of the Republic of Lithuania for accounting purposes, typically for a period of ten (10) years.

5.2. Flight logbooks, which may contain the names of passengers, are retained in accordance with the requirements of applicable aviation regulations.

5.3. Communication records are retained for a period of up to two (2) years following the date of last contact.

6. Rights of the Data Subject

6.1. You have the right to:

6.1.1. Access the personal data processed about You.

6.1.2. Request the rectification of inaccurate personal data.

6.1.3. Request the erasure of Your personal data (the “right to be forgotten”), except where we are required by law to retain such data.

6.1.4. Request the restriction of processing of Your personal data.

6.1.5. Receive Your personal data in a structured, commonly used and machine-readable format and transmit those data to another controller (right to data portability).

6.2. To exercise any of the above rights, please contact us at [email protected]. If You consider that the processing of Your personal data infringes applicable data protection law, You have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania (www.vdai.lrv.lt).

7. Cookies

7.1. The Website uses cookies in order to ensure its proper functionality, enhance the browsing experience, and collect visitor statistics.

7.2. By continuing to browse the Website, You consent to the use of strictly necessary cookies. You may delete or manage cookies at any time through your browser settings.