Privacy Policy

1.1. This Privacy Policy (hereinafter – the “Policy”) explains how MB “Naudokis” (hereinafter – the “Company” or “we”) collects, uses, and stores users’ personal data when using the “Naudokis” platform (mobile application and website). 1.2. We are committed to ensuring the protection of your personal data in accordance with the General Data Protection Regulation (GDPR) and the laws of the Republic of Lithuania. 1.3. By using our platform, you confirm that you have read and understood this Policy.

2.1. Data Controller: MB “Naudokis”. 2.2. Registered address: Numėjos g. 6, LT-08402 Vilnius. 2.3. Company code: 307423504. 2.4. Contact for personal data matters: email info@naudokis.lt.

We may collect the following personal data: • Registration data: name, surname, email address, phone number, password. • Identity verification data (KYC): copy of identity document, personal code, residential address (if required by law or payment service providers). • Payment data: bank account number, payment transaction history, transaction amounts. • Usage data: login history, IP address, device type, browsing activity on the platform. • Communication data: messages via the platform, customer service requests, notification history.

We process your personal data for the following purposes: • creating and managing user accounts; • executing reservations and rental transactions; • collecting and transferring payments; • identity verification (KYC/AML requirements); • ensuring security (fraud prevention, dispute resolution); • customer support and communication; • compliance with legal obligations.

We process your data based on: • Performance of a contract (when you use our platform and enter into transactions). • Legal obligations (e.g., financial accounting, KYC/AML requirements). • Consent (e.g., for newsletters or marketing). • Legitimate interest (e.g., ensuring platform security, fraud prevention).

• Registration and account data – while you use the platform and for 3 years after account closure (if required for legal compliance). • Payment data – stored for 10 years in accordance with accounting laws. • Communication data – stored for 2 years after the last interaction. • Data subject to statutory retention – stored for as long as required by law.

Your data may be shared with: • payment service providers (e.g., Paysera, Neopay, etc.); • KYC/AML service providers (e.g., identity verification partners); • insurance companies (if insurance services are used); • IT service providers (server maintenance, email systems); • government authorities, where required by law. All partners process data only under agreements and in compliance with GDPR.

• We use technical and organizational measures (SSL, data encryption, access control). • Data is stored within the EU or in countries with an adequate level of data protection. • Only authorized employees have access to your data.

Under GDPR, you have the right to: • obtain information about your data processing; • access your personal data; • request rectification of inaccurate or incomplete data; • request deletion of data (“right to be forgotten”), where no legal ground for retention exists; • restrict data processing; • receive your data and transfer it to another controller; • object to processing based on legitimate interest; • withdraw consent at any time (e.g., for newsletters). Requests to exercise your rights can be submitted by email at [to be inserted].

• The platform may use cookies to improve user experience, analytics, and marketing. • Users may disable cookies in their browser settings, but this may limit functionality. • More information about cookie usage is provided in the separate Cookie Policy.

• If you have questions or complaints about data processing, please contact us first at [to be inserted]. • If you believe your rights are being violated, you have the right to contact the State Data Protection Inspectorate (VDAI).

12.1. We may update this Policy to ensure compliance with legislation or to improve data protection. 12.2. Updates take effect from the date of publication on the platform.