Privacy Policy

Last updated: January 28, 2026

At Canott, we respect and protect your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit or make a purchase on our website, and outlines your rights under the General Data Protection Regulation (GDPR) and other applicable laws.

1) Data Controller

The data controller responsible for the processing of your personal data is:

Canott
Didlauko str. 52
Vilnius 08329
Lithuania
Email: info@canott.com

2) Personal Data We Collect

Depending on how you interact with our website, we may collect the following personal data:

  • name and surname,

  • email address,

  • shipping and billing address,

  • payment information (processed securely by third-party payment providers; we do not store card details),

  • IP address, browser type, device and usage information,

  • order history and account preferences.

3) How We Use Your Personal Data

We process your personal data for the following purposes:

  • to process and deliver your orders,

  • to manage payments, invoices, and order confirmations,

  • to provide customer support and respond to inquiries,

  • to manage user accounts,

  • to improve our website, products, and services,

  • to comply with legal, tax, and accounting obligations,

  • to prevent fraud and ensure website security.

We do not sell, rent, or trade your personal data to third parties.

4) Legal Basis for Processing

We process personal data only when there is a lawful basis to do so, including:

  • contractual necessity – to fulfill and manage your orders,

  • legal obligation – to comply with tax, accounting, and consumer protection laws,

  • legitimate interest – to improve our services, secure our website, and prevent fraud,

  • consent – for optional activities such as newsletters, marketing communications, or non-essential cookies.

Where processing is based on consent, you may withdraw your consent at any time.

5) Third-Party Service Providers

We may share limited personal data with trusted third-party service providers only where necessary, including:

  • payment processors (such as Stripe or PayPal),

  • logistics and shipping providers (delivery details only),

  • analytics or marketing tools (only if you have given your consent).

All service providers are required to process your data securely and only for the purposes specified by us.

6) International Data Transfers

Some of our service providers may process personal data outside the European Economic Area (EEA).

In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7) Cookies

Our website uses cookies and similar technologies to:

  • ensure essential website functionality (for example, shopping cart and login sessions),

  • analyze website traffic and performance (only with your consent),

  • enable optional marketing or personalization features (only with your consent).

You can manage or withdraw your cookie preferences at any time via our cookie settings or through your browser. For more information, please refer to our Cookie Policy.

8) Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • order and billing data – retained for up to 10 years to comply with tax and accounting obligations,

  • account data – retained until you request deletion,

  • marketing data – retained until you withdraw your consent.

9) Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or misuse.

10) Your Rights

Under the GDPR, you have the right to:

  • access the personal data we hold about you,

  • request correction or updating of inaccurate data,

  • request deletion of your personal data (“right to be forgotten”),

  • restrict or object to certain types of processing,

  • withdraw consent at any time (where processing is based on consent),

  • request data portability,

  • lodge a complaint with your local data protection authority.

    In Lithuania, the supervisory authority is:
     
    State Data Protection Inspectorate
    L. Sapiegos g. 17
    LT-10312 Vilnius, Lithuania
    www.vdai.lrv.lt

To exercise any of these rights, please contact us at info@canott.com.

11) Contact Information

If you have any questions about this Privacy Policy or how your personal data is handled, please contact us at:

info@canott.com