Privacy Policy
Last updated: November, 2025
This comprehensive privacy policy outlines how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws when you visit our website, and educational resources. We are committed to transparency regarding your data and ensuring your rights are always protected.
1. Who We Are
1.1 Data Controller
Brains on Duty, UAB is the data controller responsible for your personal data.
Contact Details:
- Address: Manufaktūrų g. 6, LT-11342 Vilnius
- Email: support@tickingbiology.com
2. Personal Data We Collect
2.1 Types of Personal Data
We may collect and process the following categories of personal data:
- Identity Data: name, surname, username.
- Contact Data: billing address, delivery address, email address, telephone numbers
- Financial Data: payment card details, bank account information
- Transaction Data: details about payments and services you have purchased from us
- Technical Data: internet protocol (IP) address, login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
- Profile Data: your username and password, gender, purchases or orders made, preferences, feedback, and survey responses
- Usage Data: information about how you use our website, products, and services collected via cookies and analytics tools (e.g. page visits, time on site)
- Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences
2.2 Collection Methods
We collect your personal data through:
- Direct interactions (when you fill in forms, correspond with us, etc.)
- Automated technologies or interactions (cookies, server logs, etc.)
- Third parties or publicly available sources
3. Legal Basis for Processing
We process your personal data on the following legal grounds:
3.1 Consent
Where you have given explicit consent for us to process your personal data for specific purposes, such as sending marketing communications. You have the right to withdraw this consent at any time.
3.2 Contractual Necessity
When processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering a contract.
3.3 Legal Obligation
When processing is necessary for compliance with a legal obligation to which we are subject.
3.4 Legitimate Interests
When processing is necessary for our legitimate interests or those of a third party, such as for processing payment transactions or IT providers, provided your fundamental rights and freedoms do not override those interests.
4. How We Use Your Personal Data
4.1 Purposes of Processing
We will only use your personal data for the purposes for which we collected it, including:
- To register you as a new customer
- To process and deliver your orders
- Provide you with relevant educational content
- To manage our relationship with you
- To enable you to participate in features of our service
- To administer and protect our business and website
- To deliver relevant content and advertisements to you
- To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences
4.2 Marketing Communications
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. You will receive marketing communications from us only if you have requested information from us or purchased goods or services from us and have not opted out of receiving marketing communications.
5. Data Sharing
5.1 Categories of Recipients
We may share your personal data with:
- Service providers acting as processors who provide IT and system administration services, and who help us operate our site
- Payment transaction providers
- Legal authorities, if required by law
- Third parties to whom we may choose to sell, transfer, or merge parts of our business, and their professional advisors
5.2 Third-Party Processing Requirements
We require all third parties to respect the security of your personal data and to treat it in accordance with the EU law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and in compliance with this privacy policy.
6. International Transfers
We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure it is protected using standard contractual clauses or other lawful mechanisms.
7. Data Security
We have implemented appropriate technical and organizational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Your information is stored on secure servers located in United States of America, Massachusetts.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data Retention
8.1 Retention Period
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:
- The amount, nature, and sensitivity of the personal data
- The potential risk of harm from unauthorized use or disclosure
- The purposes for which we process the data
- Whether we can achieve those purposes through other means
- The applicable legal requirements
8.1.1 Retention Periods by Data Category
| Data Category | Retention Period |
| Identity and Contact Data | 2 years after last user activity |
| Financial and Transactional Data | 10 years (for legal/accounting) |
| Marketing Preferences | Until consent withdrawn or 2 years inactivity |
| Technical and Usage Data | 1 year |
We review these periods regularly to ensure compliance with legal obligations and business needs.
8.2 Deletion or Anonymization
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
9. Your Legal Rights
Under the GDPR, you have the following rights:
9.1 Access
You have the right to request a copy of the personal data we hold about you.
9.2 Rectification
You have the right to request that we correct any incomplete or inaccurate data we hold about you.
9.3 Erasure
You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it.
9.4 Restriction
You have the right to request that we suspend the processing of your personal data.
9.5 Data Portability
You have the right to request the transfer of your personal data to you.
9.6 Objection
You have the right to object to processing of your personal data where we are relying on a legitimate interest and there is something about your situation which makes you want to object to processing on this ground.
9.7 Automated Decision-Making
You have rights relating to automated decision-making and profiling. We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
9.8 Withdrawal of Consent
You have the right to withdraw consent at any time where we are relying on consent to process your personal data.
10. Cookies and Tracking Technologies
10.1 Cookie Usage
We use a cookie consent management tool that allows you to accept or reject non-essential cookies. You can update your preferences at any time by clicking the “Cookie Settings” link at the bottom of our website.
Our website uses cookies and similar tracking technologies to distinguish you from other users of our website. This helps us to provide you with a good experience while browsing our website and allows us to improve our site.
Cookies can be categorized by their duration and their source:
- Session Cookies: These are temporary and expire once you close your browser.
- Persistent Cookies: These remain on your device for a set period or until you delete them manually.
- First-Party Cookies: These are set by us (the website you are visiting).
- Third-Party Cookies: These are set by domains other than the one you are visiting (e.g., our advertising partners).
10.2 Cookie Types
We use the following cookies:
- Strictly necessary cookies: Required for the operation of our website. You can set your browser to block these cookies, but some parts of the site will not function. These collect the following data: IP address & session ID
- Analytical/performance cookies: Allow us to recognize and count visitors and see how visitors move around our website. These collect the following data: anonymized IP address, pages visited, time spent on site.
- Functionality cookies: Enable us to recognize you when you return to our website. These collect the following data: user preferences, login details.
- Targeting cookies: Record your visit to our website, the pages you have visited, and the links you have followed. These collect the following data: IP address, browsing history, ad interactions, demographic data.
We also utilize a number of third-party service providers who also place cookies on your device to perform their services. These may include:
- Analytics Providers: Google Analytics
- Advertising Networks: Google AdSense, Meta Ads, TikTok Ads, LinkedIn Ads, Spotify Ads, Substack, X Ads
- Payment Processors: Stripe, PayPal
We do not have control over the information collected by these third parties. Please review their respective cookie policies for more information on their practices.
10.3 Cookie Consent
Except for strictly necessary cookies, we will only place cookies on your device if you have consented to us doing so. You can withdraw your consent at any time.
10.4 Children’s Data
Our services are not intended for children under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information promptly.
11. Changes to This Privacy Policy
We may update this privacy policy from time to time. We will notify you of significant changes by posting the new privacy policy on this page and, where appropriate, sending you a notification.
12. How to Contact Us and Complaints
We are not required to appoint a Data Protection Officer under the GDPR. However, if you have any questions or concerns about your data, please contact us at: support@tickingbiology.com. You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state where you reside, work, or where an alleged infringement of data protection law has occurred.
You may lodge a complaint with the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija):
Website: https://vdai.lrv.lt
Phone: +370 5 271 2804
Email: ada@ada.lt