Last Updated: October 31, 2025
 

1. Introduction

Welcome to Metal Car. Your privacy is critically important to us. This Privacy Policy explains how UAB Statoksa, operating as Metal Car ("we", "us", "our"), collects, uses, and discloses your personal information ("Data") when you use our website (the "Site") and purchase our products or services (the "Services").

As a company based in the European Union, our privacy practices are grounded in the General Data Protection Regulation (GDPR). This policy is designed to be transparent and understandable for all our users, wherever you are located.

2. Who is Your Data Controller?

The controller of your personal data is: UAB Statoksa Address: Kareivių g. 19, LT-09133 Vilnius, Lithuania Email: metalcarwallart@gmail.com

For any privacy-related questions, please contact us at the email above.

3. What Data We Collect, Why, and on What Legal Basis

We process your Data for specific purposes and only when we have a legal basis to do so. Here’s a breakdown:

Purpose of ProcessingCategories of Data ConcernedLegal Basis (under GDPR)

Providing our Products & Services

Name, email, phone number, billing and shipping address, order details (product, size, etc.), payment transaction info, custom design details (e.g., car model, reference photos).

Performance of a contract (Art. 6(1)(b) GDPR). We need this data to fulfill your order.

Handling Your Inquiries & Support

Name, email, and the content of your communications with us.

Legitimate interest (Art. 6(1)(f) GDPR) to provide you with quality customer service.

Marketing & Communications

Email address, name, purchase history, cookie and device data.

Consent (Art. 6(1)(a) GDPR) when you subscribe to our newsletter. Legitimate interest (Art. 6(1)(f) GDPR) to send marketing to existing customers about similar products, where permitted.

Security, Functionality & Improvement

IP address, device and browser type, browsing data on our site (e.g., pages visited), cookies.

Legitimate interest (Art. 6(1)(f) GDPR) to secure our website, prevent fraud, and improve our services.

Legal Compliance & Defense

Transaction records, contracts, communications, and other data as required by law.

Legal obligation (Art. 6(1)(c) GDPR) for tax and accounting purposes. Legitimate interest (Art. 6(1)(f) GDPR) to defend our legal rights.

4. Who We Share Your Data With

We do not sell your personal data. We only share it with trusted service providers who help us operate our business. These include:

Recipient CategorySpecific Provider(s)PurposeCountry & Safeguard

E-commerce Platform

Shopify Inc.

Powers our online store.

Canada (Recognized by the EU as having adequate data protection).

Payment Processors

Stripe, Inc., PayPal, Inc.

To securely process your payments.

USA (Transferred under the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses (SCCs)).

Shipping & Fulfillment

e.g., DHL, FedEx, local postal services

To deliver your orders.

Varies (Transfers are based on necessity for contract performance).

Marketing, Advertising & Analytics

Omnisend, Google LLC, Meta Platforms Inc., TikTok

To send newsletters, manage advertising, and analyze site traffic.

Omnisend: EU (Lithuania). Google, Meta: USA (Transferred under the EU-U.S. Data Privacy Framework and/or SCCs). TikTok: EEA (Ireland), with data access from outside the EEA secured by SCCs.

Professional Advisors

Lawyers, accountants, auditors.

For legal, financial, and compliance purposes.

Primarily EU.

5. International Data Transfers

Since we operate globally, your Data may be transferred and processed in countries outside of the European Economic Area (EEA). We ensure your data is protected by using legally-approved mechanisms, such as:

• Adequacy Decisions: Transferring data to countries (like Canada) that the European Commission has deemed to provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs): Using legal contracts approved by the European Commission that impose data protection obligations on the recipient.
• EU-U.S. Data Privacy Framework: For transfers to certified U.S. companies.

6. How Long We Keep Your Data

We retain your Data only for as long as necessary to fulfill the purposes for which it was collected. For example, we keep order information for up to 10 years to comply with tax and legal obligations in Lithuania. Data collected for marketing purposes is kept until you withdraw your consent.

7. Your Data Protection Rights (GDPR)

As our data processing is governed by the GDPR, all our users have the following rights. You can:

• Request access to your personal data.
• Request correction of inaccurate data.
• Request erasure of your data ('right to be forgotten').
• Object to processing of your data (especially for marketing).
• Request the restriction of processing your data.
• Request the portability of your data.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with a supervisory authority (in Lithuania, this is the State Data Protection Inspectorate).

To exercise these rights, please contact us at metalcarwallart@gmail.com.

8. Your U.S. Privacy Rights

If you are a resident of certain U.S. states, such as California, you may have additional privacy rights, including:

• The Right to Know: The right to know what personal information we have collected about you, including the sources, purposes, and third parties we share it with.
• The Right to Delete: The right to request the deletion of your personal information, subject to certain exceptions.
• The Right to Opt-Out of Sale/Sharing: We do not "sell" personal information in the traditional sense. However, our use of advertising and analytics cookies (from Google, Meta, TikTok) may be considered "sharing" for cross-context behavioral advertising under California law. You can opt-out of this by managing your cookie preferences through our cookie banner or by enabling a Global Privacy Control (GPC) signal in your browser.
• The Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your U.S. privacy rights, please contact us at metalcarwallart@gmail.com.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Site. A cookie is a small text file stored on your device. We use them for functionality (e.g., keeping items in your cart), performance analytics, and advertising. You can control and manage cookies through our cookie consent banner and your browser settings.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page, with the "Last Updated" date at the top.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at metalcarwallart@gmail.com.