Last Updated: March 20, 2025

UAB “Light Conversion” (hereinafter referred to as the “Company,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. As a company registered in Lithuania, we process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with our website https://lightcon.com/ (hereinafter the “Website”). By using our Website, you acknowledge and agree to the processing of your personal data as described in this Privacy Policy.

Please note that this Privacy Policy applies only to our Website. Our Website may contain links to third-party websites that we do not operate or control. The presence of such links does not imply our endorsement or review of those third-party websites. We encourage you to review their privacy policies before providing any personal data.

We are dedicated to ensuring that your data is handled transparently, securely, and in a manner that respects your rights. If you have any questions about how we process your personal data, please contact us using the details provided in the “Contact Us” section of this policy.

Table of contents

I. DATA CONTROLLER

II. DATA PROTECTION OFFICER (DPO)

III. WHAT INFORMATION DO WE COLLECT?

IV. COLLECTED AND PROCESSED PERSONAL DATA, PROCESSING PURPOSES, LEGAL BASES, RETENTION PERIODS, AND DATA RECIPIENTS

V. ARE YOU REQUIRED TO PROVIDE PERSONAL DATA?

VI. WHERE DO WE OBTAIN YOUR DATA?

VII. IS YOUR DATA TRANSFERRED OUTSIDE THE EU?

VIII. SECURITY MEASURES

IX. YOUR RIGHTS AS A DATA SUBJECT

X. CONTACT INFORMATION AND POLICY UPDATES

I. Data Controller

Name: UAB “Light Conversion”

Legal entity code: 222598890

Registered address: Keramiku st. 2B, LT-10233 Vilnius, Lithuania

Email: company@lightcon.com  

Phone: +370 5 249 1830

II. Data Protection Officer (DPO)

The Company has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with applicable data protection laws and ensuring the security of personal data.

If you have any questions regarding the processing of your personal data or wish to exercise your rights under the GDPR, you may contact the Data Protection Officer at: dpo@lightcon.com.

III. What Information Do We Collect?

We collect and process the following types of information:

1. Personal Data

When you use our Website, we may collect certain personal information about you (“Personal Data”). You voluntarily provide this information in various ways, including but not limited to:

  • When registering or logging in to your account;
  • When submitting your details through online forms;
  • When contacting us via contact forms or other communication channels.

Whenever we collect Personal Data, we provide a link to this Privacy Policy or a relevant data collection notice explaining how your data will be processed.

2. Usage Data

When you browse our Website, certain information may be collected automatically using technologies such as server logs, tracking pixels, cookies, and other tracking mechanisms. Usage Data may include:

  • IP address;
  • Browser type and version;
  • Session details (e.g., time and duration of visits, pages viewed, actions taken such as clicks);
  • Device type and operating system;
  • Geographical location (determined based on IP address);
  • Technical details about your network connection.

Some of this data is collected using cookies and similar tracking technologies. Automatically collected information may sometimes be linked to Personal Data if it can be used to identify you directly or indirectly. Such data is processed only when we have a legal basis, such as your consent (for cookie usage) or our legitimate interest in ensuring Website security and functionality.

3. Cookie Data

Our Website uses cookies to track user activity and store certain information about browsing behavior. Cookies may collect data such as browsing history and behavior on the Website, user preferences (e.g., language settings), and unique identifiers for analytics and marketing purposes.

For more details about how we use cookies, their purpose, and how you can manage them, please refer to our Cookie Policy.

IV. Collected and Processed Personal Data, Processing Purposes, Legal Bases, Retention Periods, and Data Recipients

1. User Account Registration on the Website

We process personal data to create and manage user accounts, ensuring access to relevant services and content.

  • Legal Basis for Processing: Performance of a contract (GDPR Article 6(1)(b)).
  • Processed Data: Full name, email address, phone number (optional), password, country, and other necessary account setup details.
  • Retention Period: As long as the account is active, plus 1 year after deletion to allow for account reactivation or legal compliance.
  • Data Recipients: Website administrators, IT service providers (hosting providers, system maintenance partners).
2. Sales, Support, and General Inquiries

Personal data is collected when users submit inquiries regarding product information (Sales), laser service-related support (Support), or general inquiries through the website’s contact forms.

  • Legal Basis for Processing: Legitimate interest (GDPR Article 6(1)(f)) – to respond to inquiries and provide requested information.
  • Processed Data: Full name, email address, company name (if applicable), optional phone number, and inquiry details.
  • Retention Period: Data is stored for 2 years after the last communication unless legal obligations require longer retention.
  • Data Recipients: Customer support teams, and IT service providers (for technical support).
3. Newsletter Subscription

We process personal data for email marketing and promotional purposes, such as sending newsletters, product updates, and industry news.

  • Legal Basis for Processing: Consent (GDPR Article 6(1)(a)).
  • Processed Data: Email address.
  • Retention Period: Until the user unsubscribes or 2 years after the last engagement.
  • Data Recipients: Marketing team, MailerLite (email marketing platform).

Users can withdraw consent at any time via the “unsubscribe” link in emails.

4. User Login and Access to Company Database

Certain users, such as customers, company representatives, service staff, and sales personnel, may access secured content related to purchased laser systems.

  • Legal Basis for Processing: Performance of a contract (GDPR Article 6(1)(b)).
  • Processed Data: Full name, email address, company name, user role, login credentials, and access logs.
  • Retention Period: For as long as the user has an active account and 1 year after account deletion for compliance and security purposes.
  • Data Recipients: IT administrators, and database management providers.
5. Website Performance Monitoring and Security

To ensure website functionality, detect technical issues, and prevent fraud, we collect automated data.

  • Legal Basis for Processing: Legitimate interest (GDPR Article 6(1)(f)) – to maintain website security and performance.
  • Processed Data: IP address, browser type, device information, cookies, and user actions on the website.
  • Retention Period: 1 year after website visit.
  • Data Recipients: IT service providers, hosting providers, and cybersecurity partners.

Data may be collected via Google reCAPTCHA, CookieBot, and analytics tools.

6. Use of Cookies and Tracking Technologies

We use cookies and similar technologies to optimize user experience, analyze website traffic, and personalize content.

  • Legal Basis for Processing:
    • Consent (GDPR Article 6(1)(a)) – for non-necessary cookies (marketing, analytics);
    • Legitimate interest (GDPR Article 6(1)(f)) – for necessary cookies (security, site functionality).
  • Processed Data: IP address, browsing behavior, preferences, unique identifiers.
  • Retention Period: As specified in the Cookie Policy.
  • Data Recipients: CookieBot (for consent management), Google Analytics, Google reCAPTCHA (to prevent spam).

Users can manage cookie preferences via the Cookie Settings panel.

7. IT Security and Fraud Prevention

To protect our website and IT infrastructure from cyber threats, unauthorized access, and fraudulent activities, we monitor security logs.

  • Legal Basis for Processing: Legitimate interest (GDPR Article 6(1)(f)) – to protect company infrastructure.
  • Processed Data: IP address, login time, browser and device details, suspicious activities (e.g., multiple failed login attempts).
  • Retention Period: 1 year after the last recorded suspicious activity.
  • Data Recipients: IT security teams, cybersecurity monitoring tools.
8. Compliance with Legal Obligations

Personal data may be processed to comply with tax, accounting, and other legal obligations.

  • Legal Basis for Processing: Legal obligation (GDPR Article 6(1)(c)).
  • Processed Data: Contracts, invoices, payment history, accounting records.
  • Retention Period: 10 years, as required by law.
  • Data Recipients: Tax authorities, financial institutions, accounting service providers.
9. Dispute Resolution and Legal Defence

Personal data may be processed to protect the company’s legal rights in case of disputes, claims, or legal proceedings.

  • Legal Basis for Processing: Legitimate interest (GDPR Article 6(1)(f)) – to defend legal claims.
  • Processed Data: Contracts, customer correspondence, complaint records, and financial documents.
  • Retention Period: 4 years from the resolution of the dispute or legal action.
  • Data Recipients: Legal advisors, regulatory authorities, and courts.

V. Are You Required to Provide Personal Data?

To provide the services described in Section IV, certain personal data is mandatory. If you do not provide this data, we may not be able to deliver certain services or respond to your requests. Below is an overview of when data is required and the consequences of not providing it.

1. User Account Registration and Access to Services:

  • To register an account, access secured content, or receive technical support, users must provide the basic required information (e.g., full name, email, and contact details).
  • If this information is not provided, account registration and service access will not be possible.
2. Sales, Support and General Inquiries:

  • To receive a response to sales, technical support, or general inquiries, users must provide minimum required details such as name, email, and company name. Without these details, we will not be able to process your inquiry.
3. Newsletter Subscription:

  • Subscribing to newsletters is entirely optional, and users must provide a valid email address to receive updates. If no email is provided, users will not receive marketing communications.
4. Use of Cookies and Tracking Technologies:

  • Necessary cookies (for security and website functionality) are necessary for the website to operate properly.
  • Users may refuse non-necessary cookies (marketing and analytics) via the Cookie Settings panel.
  • Refusing non-necessary cookies will not affect core website functionality, but some features may be limited.

VI. Where Do We Obtain Your Data?

We primarily collect personal data directly from you when you voluntarily provide your information on our website or through other interactions with us. This may occur in the following cases:

  • When you submit a request for sales inquiries or technical support.
  • When you submit a general inquiry.
  • When you subscribe to our newsletter.
  • When you enter into a contract with us or request services.
  • When you browse our website – certain data (e.g., IP address, device details, browsing behavior) is collected through cookies and similar technologies (see our Cookie Policy for more details).

We may also receive personal data from third-party sources, including:

  • Authorized distributors, resellers, and service partners – If you purchase our products or services through third-party vendors, they may provide your contact details for customer support and warranty purposes.
  • Social media platforms – If you contact us via our official social media pages (e.g., Facebook, LinkedIn, Instagram), certain personal data may be processed according to the respective platform’s privacy policy.
  • Publicly available sources – When professional or company-related data (e.g., business contact details, and job titles) is publicly accessible and relevant to our business interactions.
  • Other individuals or corporate entities – If someone (e.g., a business associate, employer, or referral) shares your information with us for professional communication or collaboration.
  • Automated tracking tools – Data may be collected using Google Analytics, Google reCAPTCHA, and CookieBot to enhance website functionality and security.

If we receive your data from third parties, we ensure that these sources comply with GDPR and other applicable laws.

VII. Is Your Data Transferred Outside the EU?

Your personal data is primarily stored and processed within the European Union (EU) and the European Economic Area (EEA). However, in certain situations, data may be transferred outside the EU/EEA, including:

  • When data transfer is necessary for contract execution (e.g., international business collaborations, customer support, or service provision outside the EU/EEA).
  • When required by legal obligations (e.g., compliance with regulatory requirements, court rulings).
  • When you have provided explicit consent for the transfer.

If data is transferred outside the EU/EEA, we ensure that appropriate safeguards are in place in accordance with the General Data Protection Regulation (GDPR). These safeguards may include:

  • Standard Contractual Clauses (SCCs) – Approved by the European Commission, these legally binding agreements ensure that non-EU data recipients maintain GDPR-equivalent protections.
  • Adequacy Decisions – If the recipient country has been deemed to provide an adequate level of data protection by the European Commission.
  • Binding Corporate Rules (BCRs) – If our service providers have implemented internal policies ensuring GDPR compliance.

VIII. Security Measures

We take appropriate measures to protect your personal data from unauthorized access, loss, misuse, or disclosure. These include technical, administrative, and physical safeguards designed to ensure data confidentiality and integrity. While we strive to protect your data, no system is completely secure. If you have concerns about the security of your personal data, please contact us at dpo@lightcon.com.

IX. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding the processing of your personal data:

  • Right to Information (GDPR Articles 13 & 14) – You have the right to be informed about how we process your personal data, including the purposes of processing, data retention, and data recipients.
  • Right of Access (GDPR Article 15) – You have the right to request access to your personal data and obtain a copy of the information we hold about you.
  • Right to Rectification (GDPR Article 16) – If your personal data is inaccurate or incomplete, you have the right to request that we correct or update it.
  • Right to Erasure (“Right to be Forgotten”) (GDPR Article 17) – You can request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the original purpose of processing, or when you withdraw your consent (if processing was based on consent). However, this right is subject to exceptions, such as compliance with legal obligations.
  • Right to Restrict Processing (GDPR Article 18) – In specific cases, you may request that we temporarily restrict the processing of your personal data (e.g., if you contest the accuracy of the data or object to its processing).
  • Right to Data Portability (GDPR Article 20) – If your data is processed based on consent or contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format and to request that we transfer it to another data controller.
  • Right to Object to Processing (GDPR Article 21) – You have the right to object to the processing of your personal data if it is based on legitimate interests, including profiling. If you object, we will cease processing unless we have compelling legitimate grounds to continue or if processing is required for legal claims.
  • Automated Decision-Making & Profiling (GDPR Articles 22 & 13(2)(f)). We do not use personal data for automated decision-making that produces legal effects or significantly affects you. However, we may use automated processing for purposes such as fraud detection and security monitoring (e.g., identifying suspicious login attempts).

Your Rights Regarding Automated Processing:

  • You have the right not to be subject to decisions based solely on automated processing if they significantly affect you.
  • You can request human intervention, express your viewpoint, or contest a decision made using automated means.
How to Exercise Your Rights?

If you wish to exercise any of the rights mentioned above, you can submit a request by emailing us at dpo@lightcon.com.

To process your request, we may ask for additional information to confirm your identity. This is to ensure that personal data is not disclosed to unauthorized individuals.

We will respond to your request within 1 (one) month of receipt. If necessary, this period may be extended by an additional two months, depending on the complexity and number of requests. In such cases, we will notify you of any extension and explain the reason for the delay.

Right to Withdraw Consent

If your personal data is processed based on consent, you have the right to withdraw your consent at any time. You can withdraw consent by sending a request to dpo@lightcon.com. Please note that withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Right to Lodge a Complaint

If you believe that your personal data has been processed unlawfully, you have the right to file a complaint with the relevant data protection authority. In Lithuania, you can contact the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija):

Alternatively, you may file a complaint with the supervisory authority in your country of residence or workplace.

X. Contact Information and Policy Updates

How to Contact Us

For General Inquiries:

Company Name: UAB “Light Conversion”

Registered Address: Keramiku st. 2B, LT-10233 Vilnius, Lithuania

Email: company@lightcon.com

Phone: +370 5 249 1830

For data protection-related inquiries, including requests to exercise your GDPR rights, please contact our Data Protection Officer (DPO) at: dpo@lightcon.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or new data processing activities.

If we make significant changes, we will notify you via our website or other appropriate communication channels. The latest version of this Privacy Policy will always be available on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.