1. Home
  2. PRIVACY POLICY

PRIVACY POLICY

Effective Date: 2024-12-17

DEFINITIONS

GDPR – Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).

Data / Personal Data – Any information relating to a natural person whose identity is identified or can be identified (Data Subject); a natural person whose identity can be determined, directly or indirectly, especially by identifiers such as name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Recipient of Data – A natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether a third party or not.

Data Subject – The Data Controller’s client, employee, or any other person whose personal data is processed by the Data Controller.

Processing of Data – Any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data Processor – A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller.

Data Controller – UAB “Coffee break LT”, company code 305738832, registered address Veiverių g. 9B-62, LT-11346 Vilnius, operational address Šv. Stepono g. 41, Vilnius.

Third Party – Any natural or legal person, public authority, agency, or other body that is not the data subject, data controller, or data processor, or persons authorized by the data controller or processor to process personal data.

Client – A person who uses or has used the services provided by the Data Controller.

Consent of the Data Subject – Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them, either by a statement or by a clear affirmative action.

Policy – Refers to this Personal Data Processing Policy.

GENERAL PROVISIONS

The Data Controller collects the personal data specified in Section 4 for administrative and direct marketing purposes, to conduct business, and to fulfill legal obligations. The Data Controller is responsible for processing your personal data under the conditions outlined in this Policy.

This Policy explains what personal data we collect, how we process and store it when providing our products and services. This includes information collected in our physical stores or online at www.enefitarena.lt (hereinafter – Website).

This Policy also applies to targeted content, including online offers and advertising of products and services, which you may see on third-party websites, platforms, and apps (hereinafter – Third-Party Sites). Please note that these Third-Party Sites may have separate privacy policies and terms. We kindly ask you to review them before using these Third-Party Sites.

By using our Website, you confirm that you have read and agree to comply with this Policy.

When using third-party services such as Facebook or Instagram, the terms and privacy policies of those services may apply. For example, Facebook applies its own data policy to all users and visitors.

Principles of Personal Data Processing

The Data Controller ensures that personal data processing is conducted according to the following principles:

  1. Personal data must be processed lawfully, fairly, and transparently.
  2. Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  3. Personal data must be adequate, relevant, and limited to what is necessary.
  4. Personal data must be accurate and kept up to date.
  5. Personal data must be stored in a form that allows identification of data subjects no longer than necessary.
  6. Personal data must be processed securely to prevent unauthorized processing, loss, destruction, or damage.
  7. The Data Controller is responsible for demonstrating compliance with these principles.

Data retention periods are specified in Section 4.

METHODS OF COLLECTING PERSONAL DATA

We collect your personal data directly, for example:

  • When you provide personal information registering as a Client on the Website, purchasing subscriptions or gift cards, participating in contests, subscribing to newsletters, sending inquiries, or communicating with our Customer Service Center.

We may also obtain personal data from third parties who have a legal basis to process and share your data with us.

We process personal data to provide services as outlined in Section 4. In some cases, processing requires your consent, e.g., for marketing, cookies, or location data.

PURPOSES OF DATA PROCESSING

Website Browsing

  • Data Collected: Browser information, IP address, device address, clicked links, visited sites, cookies, and information shared via third-party sites (e.g., Facebook likes).
  • Purpose: Personalize and improve user experience, track visits, preferences.
  • Storage: According to individual cookie lifespans; social media information stored while accounts are active.
  • Legal Basis: Your consent via cookie consent tool.

Direct Marketing

  • Data Collected: Name, email, IP address.
  • Purpose: Offer services and products of interest; participate in surveys, lotteries, and promotions.
  • Storage: While you purchase services or until newsletter unsubscription; social media information stored while accounts are active.
  • Legal Basis: Your consent through account creation or newsletter subscription.

Customer Service

  • Data Collected: Name, email, phone, reservation and payment history, age, submitted content.
  • Purpose: Respond to inquiries, requests, and comments.
  • Storage: General queries 3 years; cases related to damages or accidents may be longer.
  • Legal Basis: Performance of contract or legitimate interest.

Purchases in Person or Online

  • Data Collected: Name, contact info, subscription, gift card, discount codes, payment info, age, order execution data.
  • Purpose: Process and deliver purchased services or products.
  • Storage: While purchasing; deleted after 3 years of inactivity unless longer retention is required by law.
  • Legal Basis: Contract execution.

Lotteries and Contests

  • Data Collected: Name, email, phone, age, date of birth, user content.
  • Purpose: Run contests, select winners, and deliver prizes.
  • Storage: 3 months after contest ends, or longer if required by law; social media contests stored until account deletion.
  • Legal Basis: Legitimate interest.

Video Surveillance

  • Data Collected: Images.
  • Purpose: Ensure safety of property, guests, and provide evidence of criminal activity.
  • Storage: 30 calendar days.
  • Legal Basis: Legitimate interest.

“Surf Eye” Services

  • Data Collected: Name, contact info, swimming session video, payment info.
  • Purpose: Improve personal skills and performance.
  • Storage: 12 days if video is not purchased; otherwise stored permanently if purchased.
  • Legal Basis: Legitimate interest.

COOKIES AND SIMILAR TECHNOLOGIES

We use cookies to enhance product and website experience. Some are essential, others for analytics and marketing.

  • Types: Temporary and permanent cookies.
  • Management: Adjust browser settings or revoke consent via provided links.

DATA RETENTION PERIODS

Personal data is processed only as long as necessary to fulfill the purposes described and to comply with legal obligations (see Section 4).

RIGHTS OF DATA SUBJECTS

You may exercise the following rights:

  • Access, correction, or deletion of personal data.
  • Restrict processing or object to processing.
  • Data portability.
  • File complaints with supervisory authorities.

DATA SHARING

We may share your personal data with:

  • IT service providers, courier, advertising, legal, audit, and financial service providers.
  • Third parties processing data for their own purposes (e.g., “Surf Eye” services).

We ensure strict compliance with GDPR and other applicable laws when sharing data.

CONTACTS

UAB “Coffee break LT”
Registered address: Veiverių g. 9B-62, LT-11346 Vilnius
Operational address: Šv. Stepono g. 41, Vilnius
Email: aloha@citywave.lt
Phone: +37069303090

FINAL PROVISIONS

This Policy is reviewed at least annually or when legislation changes. Changes take effect upon publication on the Website.

Search

April 2026

  • M
  • T
  • W
  • T
  • F
  • S
  • S
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30

May 2026

  • M
  • T
  • W
  • T
  • F
  • S
  • S
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
0 Adults
0 Children
Pets
Size
Price