Privacy Policy – Hellios connect

Политика конфиденциальности на русском языке

HELLIOS CONNECT

The following Privacy Policy of Hellios Connect (hereinafter – the Provider) is effective as of September 1, 2025, and was last updated on the same date.

This Privacy Policy is intended to inform data subjects of the manner in which their personal data is collected and processed, to specify the duration of data retention, to identify the recipients to whom such data may be disclosed, to outline the rights of data subjects, and to set out the procedures for exercising such rights as well as for addressing any other matters related to the processing of personal data.

Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legislation governing the protection of personal data.

To gain a full understanding of this Privacy Policy, please carefully review its contents together with any related documents and annexes (if applicable).

1. DEFINITIONS

1.1. DATA CONTROLLER – the Provider;

1.2. DATA SUBJECT – a natural person whose personal data is processed by the Provider;

1.3. PERSONAL DATA – any information relating directly or indirectly to a Data Subject whose identity is known or can be directly or indirectly determined by reference to such data;

1.4. PROCESSING OF PERSONAL DATA – any operation performed on personal data (including collection, recording, storage, editing, alteration, granting of access, submission of queries, transfer, archiving, and any other related actions);

1.5. CONSENT – any freely given, specific, informed, and unambiguous indication by which the Data Subject signifies agreement to the processing of their personal data for a specific purpose.

The Provider shall adhere to the following fundamental principles of data processing:

Personal data shall be collected only for clearly defined and legitimate purposes;
Personal data shall be processed lawfully and fairly; personal data shall be kept accurate and up to date;
Personal data shall be stored securely and for no longer than is necessary for the purposes of processing or as required by applicable legislation;
Personal data shall be processed solely by those employees of the Provider who are authorized to do so in accordance with their job functions or by duly authorized data processors.

2. SOURCES OF PERSONAL DATA

2.1. Personal data shall be provided directly by the Data Subject. The Data Subject shall contact the Provider, order SIM cards or internet services, register in the online store, create an account, complete purchase or inquiry forms, subscribe to newsletters, leave feedback or comments, and communicate with customer service staff through the contact details provided on the website.

2.2. Personal data shall be collected when the Data Subject visits the Provider’s website, online store, or customer self-service system. The Data Subject shall complete order or registration forms, request SIM cards or internet services, submit inquiries, provide contact details, or supply other necessary information in order to use the Provider’s services.

2.3. Personal data shall be obtained from other sources. Such data shall be collected from other institutions or companies, publicly available registers, and similar sources.

3. PROCESSING OF PERSONAL DATA

3.1. Personal data shall be collected when visiting, registering, or purchasing services on the Provider’s website https://myhellios.com, as well as when using the online store or the customer self-service system.

3.2. By submitting personal data to the Provider, the Data Subject shall be deemed to consent to the Provider’s use of such data for the purpose of fulfilling the Provider’s obligations towards the Data Subject and providing the services reasonably expected by the Data Subject.

3.3. The Provider shall process personal data for the following purposes:

3.3.1. Ensuring the Provider’s business operations and continuity. For this purpose, the following personal data shall be processed:

3.3.2. The Provider shall process personal data of suppliers who are natural persons insofar as it is necessary for the conclusion and performance of agreements, namely: name(s), surname(s), personal identification number or date of birth, residential address, telephone number, e-mail address, bank account number and bank detailes, date, amount, and currency of a financial transaction or agreement, as well as any other data provided by the individual, obtained by the Provider in accordance with legal acts in the course of its business activities, and/or which the Provider is required to process under applicable laws and/or other legal acts.

3.3.3. For the administration of inquiries, comments, and complaints, the Provider shall process the following personal data name(s), surname(s), and/or username, e-mail address, telephone number, postal address, subject of the inquiry, comment or complaint, text of the inquiry, comment, or complaint, and bank account number (in the case of refunds).

3.3.4. For the purposes of direct marketing, the Provider shall process the following personal data: name(s), surname(s), and/or username, e-mail address, telephone number, data regarding purchased goods, their price, date of purchase, as well as data confirming the right to participate in promotional campaigns and the fulfilment of the conditions of such campaigns.

4. NEWSLETTERS

4.1. A subscription to newsletters may be withdrawn at any time by clicking the “Unsubscribe” button located at the bottom of each newsletter received, by replying directly to the received e-mail, or by contacting the Provider via e-mail and expressing the wish to no longer receive newsletters from the Provider.

5. E-COMMERCE

5.1. The Provider’s online store shall be developed and administered directly by the Provider.

5.2. All data collected for the purposes of e-commerce shall be stored on servers managed by the Provider or through other reliable data storage solutions, ensuring compliance with applicable legal requirements and high standards of data protection.

5.3. For the acceptance of payments, the Provider shall use the payment management platform Paysera. The privacy policy of the payment management platform is available at Paysera Privacy Policy: https://www.paysera.lt/v2/en-LT/legal/privacy-policy.

The Provider’s website shall be protected in accordance with a security protocol based on an SSL (Secure Socket Layer) certificate. Such websites can be identified by the letter “S” in the address bar: “https://”.

6. DISCLOSURE OF PERSONAL DATA

6.1. The Provider shall be bound by a duty of confidentiality towards Data Subjects. Personal data shall be disclosed to third parties only where necessary for the conclusion or performance of a contract for the benefit of the Data Subject, or where such disclosure is required by applicable legislation or justified on other lawful grounds.

6.2. The Provider may disclose personal data to its data processors who provide services to the Provider and process personal data on behalf of the Provider. Data processors shall have the right to process personal data solely in accordance with the Provider’s instructions and only to the extent necessary for the proper performance of contractual obligations. The Provider shall engage only such data processors that provide sufficient guarantees to implement appropriate technical and organizational measures in a manner ensuring that processing meets the requirements of the GDPR and safeguards the rights of Data Subjects.

6.3. The Provider may also disclose personal data in response to requests from courts or public authorities, but only to the extent necessary to comply with applicable legislation and lawful instructions of such authorities.

6.4. The Provider guarantees that personal data shall not be sold or rented to any third parties.

7. PROCESSING OF PERSONAL DATA OF MINORS

7.1. Individuals under the age of 14 shall not provide any personal data through the Provider’s website.

7.2. If an individual is under the age of 14, any use of the Provider’s services shall require the prior provision of a written consent from a legal representative (parent or guardian) for the processing of personal data before any personal information is submitted.

8. RETENTION OF PERSONAL DATA

9.1. Personal data collected by the Provider shall be stored in printed documents and/or in the Provider’s information systems. Personal data shall be processed only for as long as necessary to achieve the specified purposes of processing, or for the period required by applicable legislation, or as permitted by the Data Subject.

9.2. Even if the Data Subject terminates the contract and ceases using the Provider’s services, the Provider shall continue to retain the Data Subject’s personal data to comply with potential future claims or legal obligations, until the expiration of the applicable data retention periods.

9. RIGHTS OF THE DATA SUBJECT

9.1. The right to obtain information regarding the processing of personal data.

9.2. The right to access the personal data being processed.

9.3. The right to request the rectification of personal data.

9.4. The right to request the erasure of personal data (“Right to be forgotten”). This right shall not apply where the personal data requested to be erased are processed on another lawful basis, such as processing necessary for the performance of a contract or compliance with legal obligations.

9.5. The right to restrict the processing of personal data.

9.6. The right to object to the processing of personal data.

9.7. The right to data portability. The exercise of this right shall not adversely affect the rights and freedoms of others. The Data Subject shall not have the right to data portability with respect to personal data processed in a non-automated manner in structured files, such as paper records.

9.8. The right to request that decisions based solely on automated processing, including profiling, shall not be applied.

9.9. The right to lodge a complaint regarding the processing of personal data with the State Data Protection Inspectorate (or other competent supervisory authority).

9.10. The Provider shall ensure that the Data Subject can exercise the rights listed above, except in cases provided by law where it is necessary to safeguard national security or defence, public order, the prevention, investigation, detection, or prosecution of criminal offenses, significant economic or financial interests of the state, prevention, investigation, or detection of breaches of official or professional ethics, or the protection of the rights and freedoms of the Data Subject or other individuals.

10. PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT

10.1. The Data Subject shall be entitled to exercise their rights by contacting the Provider:

10.1.1. In writing, personally, by post, through a representative, or by electronic means – e.g., via e-mail: hello@myhellios.com

10.1.2. Or verbally – e.g., by telephone: 37066309736

10.2. Aiming to protect personal data against unlawful disclosure, upon receiving a request from the Data Subject to access personal data or to exercise other rights, the Provider shall verify the identity of the Data Subject.

10.3. The Provider shall respond to the Data Subject no later than one month from the date of receipt of the request, taking into account the specific circumstances of the personal data processing. This period may be extended by a further two months if necessary, considering the complexity and number of requests.

11. RESPONSIBILITIES OF THE DATA SUBJECT

11.1. The Data Subject shall:

11.1.1. Inform the Provider of any changes to the information and personal data provided. It is essential for the Provider to hold accurate and up-to-date information about the Data Subject.

11.1.2. Provide the necessary information so that, upon the Data Subject’s request, the Provider shall be able to identify the Data Subject and ensure that communication or cooperation occurs exclusively with the correct individual. This may include providing an identity document or using electronic means in accordance with applicable legislation, which allow for proper identification of the Data Subject. This requirement is necessary to protect the personal data of the Data Subject and others, ensuring that disclosed information about the Data Subject is provided only to the Data Subject without infringing the rights of other individuals.

12. FINAL PROVISIONS

12.1. By providing personal data to the Provider, the Data Subject shall be deemed to have agreed to this Privacy Policy, shall be deemed to have understood its provisions, and shall undertake to comply with them

12.2. In the course of developing and improving its activities, the Provider shall have the right to unilaterally amend this Privacy Policy at any time. The Provider shall have the right to partially or fully amend the Privacy Policy by publishing the changes on the website https://myhellios.com/.

12.3. Any amendments or updates to the Privacy Policy shall enter into force on the day of their publication, i.e., the day they are posted on the website https://myhellios.com/.

Cookie Name	Duration	Purpose
`woocommerce_cart_hash`	session	Helps WooCommerce determine when cart contents/data changes.
`woocommerce_items_in_cart`	session	Helps WooCommerce determine when cart contents/data changes.
`wp_woocommerce_session_`	2 days	Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.
`woocommerce_recently_viewed`	session	Powers the Recent Viewed Products widget.
`store_notice[notice id]`	session	Allows customers to dismiss the Store Notice.