Privacy Policy

This Privacy Policy describes how RRS M.B. (“RRS,” “we,” “us,” or “our”) collects, uses, and protects your personal data when you visit or use our website, www.yogapro.online (the “Site”). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

1. Data Controller

The data controller responsible for processing your personal data is:

RRS M.B.

V. Nagevičiaus g. 3, 08237 Vilnius, Lithuania

We have implemented internal arrangements as required by Article 26 of the GDPR to define responsibilities for fulfilling obligations under the GDPR. Details of these arrangements are available upon request.

2. Personal Data We Collect, Purposes, and Legal Bases

The following table details the personal data we collect, the purposes of processing, the legal bases for processing, data retention periods, and whether providing the data is mandatory.

Purpose of Processing	Legal Basis (GDPR)	Data Retention Period	Mandatory?	Data Categories
A) Website Browsing (Technical Cookies)	Art. 6(1)(f) – Legitimate Interest (Ensuring website functionality)	As specified in the Cookie Policy	No	IP address, browser type, device information, access times
A) Website Browsing (Non-Technical Cookies)	Art. 6(1)(a) – Consent	As specified in the Cookie Policy (until consent withdrawn)	No	Usage data, preferences (if applicable)
B) Responding to Inquiries/Contact Requests	Art. 6(1)(f) – Legitimate Interest (Responding to user requests)	1 year from the date of inquiry	Yes	Contact details (name, email, etc.), inquiry details
C) Processing Job Applications	Art. 6(1)(b) – Contractual/Pre-contractual Necessity	6 months from application date	Yes	Application details, CV, qualifications
D) Processing Gift Card Purchases	Art. 6(1)(b) – Contractual Necessity	Duration of the purchase process + legally required period for accounting purposes (typically 10 years)	Yes	Payment information, recipient details
E) Account Creation & Privilege Program Subscription	Art. 6(1)(b) – Contractual Necessity	Duration of account existence and program membership + legally required period for accounting purposes (typically 10 years)	Yes	Contact details, profile information, purchase history
E) Social Media Account Integration	Art. 6(1)(a) – Consent	Duration of account connection (until consent withdrawn)	No	Basic profile information, email address
F) Guest Checkout	Art. 6(1)(b) – Contractual Necessity	Legally required period for accounting purposes (typically 10 years)	Yes	Purchase details, contact information
G) Direct Marketing (with consent)	Art. 6(1)(a) – Consent	Until consent is withdrawn or inactivity (no purchase/account access for 3 years)	No	Contact details, purchase history (if applicable)
H) Profiling for Personalized Offers (with consent)	Art. 6(1)(a) – Consent	Until consent is withdrawn or inactivity (no purchase/account access for 3 years)	No	Purchase history, preferences (if applicable)
I) “Tell a Friend” Feature	Art. 6(1)(b) – Contractual/Pre-contractual Necessity (if friend joins Privilege Program) / Art. 6(1)(f) Legitimate Interest (if friend does not join)	6 months from correspondence if friend does not join Privilege Program. If friend joins, data is processed according to the Privilege Program terms.	No (for initial sharing) / Yes (if friend joins program)	Sender and recipient contact details
J) Abandoned Cart Reminder	Art. 6(1)(f) – Legitimate Interest (Recapturing lost sales)	Time necessary to send reminders	No	Cart contents, contact information
K) Fraud Detection (Payments)	Art. 6(1)(b) & (f) – Contractual Necessity & Legitimate Interest (Protecting against fraud)	Legally required period for accounting purposes + period necessary to investigate and resolve fraud claims	Yes	Payment information, transaction details
L) Handling Data Subject Requests	Art. 6(1)(c) – Legal Obligation	5 years from request closure	Yes	Request details, contact information

3. How We Collect Your Personal Data

We collect personal data directly from you when you:

Fill out forms on our Site.
Communicate with our customer support team.
Contact us via the Site or other communication channels (e.g., social media).
Use our services.

We may also receive your personal data from third parties, such as:

Business partners, subcontractors, and service providers.
Banks and financial institutions (for payment processing).
Other entities we collaborate with.

4. Direct Marketing

If you are an existing customer, we may use your email address for direct marketing of similar products or services, unless you object. You have a clear, free, and easy opportunity to object to this use.

For other direct marketing, we will only use your data with your prior consent. You can withdraw your consent at any time, free of charge. Each marketing communication will include a clear opt-out mechanism.

5. Sharing Your Personal Data

We may disclose your personal data to the following categories of recipients:

Public authorities, institutions, courts (when legally required).
Service providers (legal, financial, IT, marketing, etc.). We ensure these providers process data according to our instructions.
Parties involved in a contract with you.
Our affiliate companies.
Parties involved in a business sale or due diligence.
Other parties with your consent.

6. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we will ensure adequate safeguards are in place, such as:

Adequacy decisions by the European Commission.
Standard Contractual Clauses (SCCs).
Other appropriate safeguards as permitted by the GDPR.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, and in accordance with applicable legal obligations. We consider the purpose of the data retention, the legal basis, and the principles of lawful processing.

Data related to a contract is typically retained for the duration of the contract plus 10 years. Data from inquiries is typically retained for 1 year. We may retain data longer for legal claims, suspected illegal activity, or as required by law.

After the retention period, we will delete or anonymize your data.

8. Your Rights

You have the following rights regarding your personal data:

Right to be informed: Clear and transparent information about our processing activities.
Right of access: Request a copy of your personal data.
Right to rectification: Correct or update your personal data.
Right to data portability: Request transfer of your data to another organization (when applicable).
Right to erasure (“right to be forgotten”): Request deletion of your data (under certain conditions).
Right to restrict processing: Limit how we use your data (under certain conditions).
Right to object: Object to certain types of processing (e.g., direct marketing).
Right to lodge a complaint: File a complaint with the State Data Protection Inspectorate of the Republic of Lithuania (https://vdai.lrv.lt/en/).
Right to withdraw consent: Withdraw your consent at any time (if applicable).

To exercise these rights, please contact us at [email protected]. We will respond within 30 days (which may be extended by 60 days for complex requests). We may refuse requests if they are unfounded or disproportionate, or if GDPR exceptions apply.

9. Data Security

We have implemented security measures to protect your personal data from unauthorized access, use, or disclosure. While no system is completely secure, we strive to minimize risks.

10. Cookie Policy

Our website uses cookies. For details, please see our Cookie Policy.

11. Links to Other Websites

Our website may contain links to other websites. We are not responsible for the privacy practices of those websites.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Changes will be posted on our website.

13. Contact Us

If you have any questions, please contact us at:

Email: [email protected] Address: V. Nagevičiaus g. 3, 08237 Vilnius, Lithuania