Privacy policy

1. Who we are

This Privacy Policy explains how Rhino Automotive, UAB (trading as "Rhino Automotive", "we", "us", "our") collects, uses, and protects personal data when you visit https://rhinoracing.eu or otherwise interact with us.

We are the data controller of the personal data we process about you under Regulation (EU) 2016/679 (GDPR) and the Republic of Lithuania Law on Legal Protection of Personal Data.

Company name: Rhino Automotive, UAB

Legal entity code: 306147857

VAT number: LT100015292514

Registered address: Partizanų g. 75K, LT-50308 Kaunas, Lithuania

Email: info@rhinoracing.eu

Phone: +370 663 77595

2. What personal data we collect

Depending on how you use our website and services, we may collect the following categories of personal data:

2.1 Information you provide to us

  • Identity data: first name, last name.
  • Contact data: email address, phone number, billing/shipping address.
  • Order data: products purchased, order history, vehicle details relevant to product fitment.
  • Communication data: messages you send us via forms, email, or chat.
  • Account data: login credentials, preferences (if you create an account).

2.2 Information we collect automatically

  • Technical data: IP address, browser type and version, device type, operating system, time zone.
  • Usage data: pages visited, referring URL, clicks, session duration, performance data.
  • Cookie data: as described in our Cookies Policy.

2.3 Information from third parties

  • Payment service providers (transaction status, not full card details).
  • Delivery partners (shipping status).
  • Analytics and advertising partners (aggregated behaviour data).

3. Why we process your data and legal bases

We process your personal data only when we have a lawful basis under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b)) — to process orders, deliver products, handle returns, provide customer support.
  • Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and consumer protection laws.
  • Legitimate interests (Art. 6(1)(f)) — to secure our website, prevent fraud, improve our services, and conduct direct marketing to existing customers for similar products.
  • Consent (Art. 6(1)(a)) — for non-essential cookies, marketing emails to non-customers, and any other processing where consent is required.

4. How long we keep your data

  • Customer and order records: 10 years after the last transaction (accounting and tax law requirement in Lithuania).
  • Marketing contacts: until you withdraw consent or object, and for a reasonable period thereafter for suppression purposes.
  • Website analytics: up to 14 months.
  • Cookies: as set out in the Cookies Policy.
  • Correspondence: up to 2 years from the last communication, unless needed longer for a legal claim.

5. Who we share your data with

We do not sell your personal data. We share it only with:

  • Payment processors (e.g., Stripe, PayPal, local card acquirers) to process your payments.
  • Logistics and courier companies to deliver your orders.
  • IT and hosting providers (including Webflow, cloud email, and CRM providers).
  • Analytics and advertising partners (e.g., Google Analytics, Meta), only where you have consented.
  • Professional advisers (accountants, lawyers, auditors) where necessary.
  • Public authorities where required by law.

All third parties act either as our data processors under a written agreement, or as independent controllers under their own privacy policies.

6. International transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where this happens, we rely on European Commission adequacy decisions or Standard Contractual Clauses (SCCs) under Article 46 GDPR to safeguard your data. You may request a copy of these safeguards by contacting us.

7. Your rights

Under the GDPR you have the right to:

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data where legal conditions apply ('right to be forgotten').
  • Restrict or object to processing, including for direct marketing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting the lawfulness of previous processing.
  • Lodge a complaint with the State Data Protection Inspectorate (VDAI) of Lithuania — L. Sapiegos g. 17, Vilnius, ada@ada.lt, +370 5 271 2804, www.vdai.lrv.lt.

To exercise your rights, contact us at info@rhinoracing.eu. We will respond within one month.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including encryption in transit (HTTPS/TLS), access controls, and regular backups. No method of transmission over the internet is 100% secure, so we cannot guarantee absolute security.

9. Children

Our website is not directed at children under 14. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Cookies

We use cookies and similar technologies as described in our separate Cookies Policy available on our website.

11. Changes to this policy

We may update this Privacy Policy from time to time. The 'Effective date' at the top shows when it was last revised. Material changes will be communicated via our website or email where appropriate.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: info@rhinoracing.eu

Phone: +370 663 77595

Address: Partizanų g. 75K, LT-50308 Kaunas, Lithuania