Privacy policy

Last updated: August 6, 2025

1. Introduction

Welcome to Sort A Brick, a service operated by UAB Br1ck, a company registered in Lithuania with a business address at Terminalo g. 3, Biruliškių k., Kauno r., 54469, Lithuania.

This Privacy Policy explains how UAB Br1ck (hereinafter referred to as “Sort A Brick”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you access our website (sortabrick.com) or use our services.

This Policy applies each time you access our website, regardless of the device or platform used.

2. Types of Personal Data We Collect

We may collect, use, store, and process the following types of personal data:

  • Identity Data – first name, last name, and date of birth
  • Contact Data – email address, phone number, billing and delivery addresses
  • Transaction Data – payment details, purchase history
  • Financial Data – payment-related information (processed through secure third-party providers)
  • Marketing and Communications Data – your preferences for receiving newsletters or updates
  • Voluntary Content – any information you choose to share, such as toy brick stories or images of storage boxes

We also process aggregated data to improve analytics, performance, and user experience. This data does not directly identify you.

3. How We Collect Personal Data

We collect your personal data in the following ways:

  • Directly from you, for example when placing an order, subscribing to a newsletter, contacting us, or participating in a survey
  • Automatically, when you browse our website or interact with its features (including via cookies and similar technologies)
  • From third parties, such as social media platforms you engage with, service providers, or public sources (e.g. Facebook, LinkedIn)

4. Legal Basis and Purposes of Processing

We process your personal data only when a valid legal basis under the General Data Protection Regulation (GDPR) applies. Below is an overview of the purposes, the data we process, and the corresponding legal basis:

  • To process and fulfill your order: We process your first name, last name, date of birth, email address, phone number, delivery address, and order details.
    Legal basis: Performance of a contract
  • To manage payments and prevent fraud: We process your name, email address, order history, payment status, and transaction details.
    Legal basis: Legitimate interest
  • To comply with legal obligations (e.g., tax and accounting): We process purchase records and payment information.
    Legal basis: Legal obligation
  • To provide customer support and respond to inquiries: We process your name, contact details, order information, and message content.
    Legal basis: Legitimate interest
  • To send marketing communications (if you opt in): We process your name, email address, and communication preferences.
    Legal basis: Consent
  • To analyze website usage and improve user experience: We process your device type, pages visited, click behavior, and session duration.
    Legal basis: Legitimate interest or Consent
  • To defend legal claims or respond to official requests: Depending on the situation, we may process any of the data outlined in this Privacy Policy.
    Legal basis: Legal obligation and Legitimate interest

5. Data Sharing

We may share your personal data with trusted third parties who help us operate and deliver our services. This includes:

  • Payment service providers
  • IT and analytics providers 
  • Communication and email platforms
  • Shipping and logistics partners 
  • Legal and regulatory authorities

All third parties are contractually bound to protect your data and process it in accordance with applicable data protection laws.
We do not sell or rent your personal data.

6. International Data Transfers

Your personal data is stored and processed within the European Economic Area (EEA). We do not transfer personal data outside of the EEA.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, regulatory, tax, and accounting obligations.

Once the retention period ends, or the data is no longer needed, it will be deleted securely. In all cases, personal data will not be kept longer than 10 years, and it will be erased in a way that ensures it cannot be recovered.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, loss, or misuse. These measures include secure data storage, encrypted communication (such as HTTPS), and strict access controls supported by internal policies.

9. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (“right to be forgotten”)
  • Restrict or object to processing
  • Receive your data in a machine-readable format (data portability)

To exercise any of these rights, please contact us using the details provided in Section 12.

10. Children’s Data

Our services are not intended for individuals under the age of 16. We do not knowingly collect data from children. If we become aware that such data has been collected, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page. Significant updates will be communicated via email or posted on our website.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: [email protected]
Address: UAB Br1ck, Terminalo g. 3, Biruliškių k., Kauno r., LT-54469, Lithuania