Legal

Privacy Policy

This Privacy Policy explains how MB Libranet ("Libranet", "we", "us", or "our") processes personal data in connection with the website at https://libranet.pro (the "Website"). MB Libranet is the data controller for the processing described here. Last updated: 20 June 2026.

This notice is provided under Articles 13 and 14 of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"). It describes only the personal data we actually handle through this Website. Most of that data comes directly from you (for example, what you type into the contact form). Some of it, such as your IP address and request metadata, is not actively submitted by you but is observed in the course of your own visit, including by Cloudflare, which proxies all traffic before it reaches us. To the extent any data is obtained in that way rather than supplied directly, the Article 14 information requirements also apply, and this notice covers both situations. If anything here is unclear, contact us using the details in the "Who we are" and "Contact us" sections below.

Who we are (the controller)

The controller responsible for your personal data is:

MB Libranet, a Lithuanian small partnership (mažoji bendrija).
Company / registration code: 306214658. Data about the company is held in the Register of Legal Entities of the Republic of Lithuania (Juridinių asmenų registras), administered by VĮ Registrų centras.
Registered office: V. Nagevičiaus g. 3, LT-08237 Vilnius, Lithuania.
Email: [email protected]
Phone: +370 660 22 189
Website: https://libranet.pro

We provide IT services (cloud platforms, custom software development, and AI systems) to business clients across the EU. This Website is a corporate and marketing site with a contact form. It does not sell products, does not take payments online, and does not host user accounts.

Data protection contact

We have not appointed a statutory Data Protection Officer, because MB Libranet is not of a type or scale that requires one under Article 37(1) GDPR. Send all data-protection questions and requests to [email protected].

What personal data we collect, and from where

We process the following categories of personal data, and nothing beyond them through this Website. We do not run analytics, advertising, newsletters, user accounts, online payments, or social logins.

1. Contact form submissions

When you use the contact form, we collect:

Full name (required)
Email address (required)
Company name (optional)
Phone number (optional)
Your message (required)

This data comes directly from you. It is stored in the Website's database and also emailed internally to [email protected] so we can respond. The form is protected by IP-based rate limiting and a hidden "honeypot" field to deter automated abuse. We do not ask for, and ask you not to send, any special-category data (for example data revealing health, racial or ethnic origin, political opinions, religious beliefs, or trade-union membership) through the form.

2. Technical and security logs

When you visit the Website, our infrastructure automatically records technical data needed to run the site securely and prevent abuse: your IP address, your browser user-agent, and request metadata and timestamps. This data is generated by the act of visiting and is not something you actively submit.

3. Browser localStorage (theme preference)

If you switch the site between dark and light appearance, your browser stores a single "theme" value in its localStorage. This value stays in your browser, is not sent to our servers, and is not used to identify or track you. It exists only to remember the display choice you made.

4. Cookies and essential storage

We use only strictly necessary cookies and storage: an encrypted Laravel session cookie and a CSRF token (for security and to make forms work), and Cloudflare security cookies such as __cf_bm (bot mitigation). We do not use analytics, advertising, or cross-site tracking cookies, and because only essential cookies and storage are used, we do not show a consent banner. See the "Cookies and essential storage" section below for a short overview.

Why we process your data, and our lawful basis

Under Article 13(1)(c) GDPR we must tell you the purpose of each processing activity and the lawful basis for it under Article 6. The table below summarises this. Where we rely on legitimate interests under Article 6(1)(f), we have identified the specific interest, as required by Article 13(1)(d).

Data / activity	Purpose	Lawful basis (GDPR Art. 6)
Contact form submissions	To read and respond to your enquiry and to take steps, at your request, towards a possible business relationship.	Art. 6(1)(b): steps taken at your request prior to entering into a contract; and/or Art. 6(1)(f): our legitimate interest in responding to enquiries addressed to us.
Technical and security logs (IP address, user-agent, request metadata, timestamps)	To operate the Website reliably, protect it against attacks and abuse, and ensure network and information security.	Art. 6(1)(f): our legitimate interest in the security and integrity of our systems and in preventing abuse.
Strictly necessary cookies (encrypted Laravel session cookie, CSRF token, and Cloudflare security cookies such as __cf_bm)	To provide the secure, working Website you asked to use: session security, CSRF protection, and bot mitigation.	Art. 6(1)(f): our legitimate interest in the security and integrity of the Website. Separately, storing or reading these items on your device is exempt from the consent requirement under Article 5(3) of the ePrivacy Directive 2002/58/EC (as transposed into Lithuanian law by Article 61(4) of the Law on Electronic Communications), because they are strictly necessary to provide the service you requested.
Theme value in browser localStorage	To remember your dark or light display choice.	Not personal data processed by us: the value stays in your browser and is never sent to our servers, so no GDPR Article 6 basis arises. Storing it is exempt from consent under Article 5(3) ePrivacy (as transposed by Article 61(4) of the Law on Electronic Communications) as a purely functional preference you set.

Is providing data required?

You are not obliged to contact us. If you choose to use the contact form, the fields marked as required (name, email, and message) are needed for us to identify you and answer; if you do not provide them, we cannot process or respond to the enquiry. The optional fields (company name, phone) simply help us reply more usefully. Technical and security log data is generated automatically as a necessary part of serving the Website and cannot be switched off without preventing access.

We do not sell or rent personal data, and we do not share it with advertising networks. We disclose data only to the service provider and infrastructure listed below.

Cloudflare, Inc.: our content delivery network, DNS, DDoS-protection and bot-mitigation provider. Cloudflare proxies all traffic to the Website and, in doing so, processes IP addresses and request data. It acts as our processor under a written data processing agreement and on our instructions. This may involve processing outside the European Economic Area (in the United States); see "International transfers" below.
Hosting and email infrastructure: the Website runs on a dedicated server, and email is self-hosted, both operated for MB Libranet rather than by a separate external provider. Contact-form data is stored and handled on this infrastructure.

For completeness: we use server-side search-engine tools (Google Search Console, Bing Webmaster Tools, and DataForSEO) that work only with aggregate site and search statistics. These tools do not receive or process your contact-form submissions.

International transfers

Most processing takes place on infrastructure operated for us. However, because Cloudflare proxies all traffic, your personal data (in particular your IP address and request data) may be transferred to the United States, which is outside the EEA.

These transfers are protected by appropriate safeguards under Chapter V GDPR:

Cloudflare, Inc. is self-certified under the EU-US Data Privacy Framework. To the extent and for as long as Cloudflare remains certified under that Framework and the European Commission's adequacy decision under Article 45 GDPR remains in force, transfers to it benefit from that adequacy decision; and
otherwise, and as a fallback (including if that certification were to lapse), the transfers are covered by the European Commission's Standard Contractual Clauses (Article 46(2)(c) GDPR), as incorporated into our data processing agreement with Cloudflare.

You can request a copy of the relevant safeguards by emailing [email protected].

How long we keep your data

Contact form submissions: we keep these only as long as needed to deal with your enquiry and any relationship that results from it, and in any event we delete them within approximately 24 months of our last contact with you, unless a contract or a legal obligation requires us to keep them longer.
Technical and security logs: kept only for a short period, sufficient to operate and secure the Website and investigate incidents, after which they are deleted or overwritten.
Theme preference (localStorage): remains in your browser until you clear it; we never receive it.

How we protect your data

In line with Article 32 GDPR, we apply technical and organisational measures appropriate to the risk, including encryption in transit, an encrypted session cookie, CSRF protection, rate limiting and bot mitigation on the contact form, and access controls on our server and email. No system is perfectly secure, but we take reasonable measures to protect the confidentiality, integrity and availability of the data we hold and to restore access after an incident.

Your rights

Subject to the conditions in the GDPR, you have the following rights in relation to your personal data:

Access (Art. 15): to obtain confirmation of whether we process your data and a copy of it.
Rectification (Art. 16): to have inaccurate or incomplete data corrected.
Erasure (Art. 17): to have your data deleted where one of the grounds applies.
Restriction (Art. 18): to have our processing restricted in certain circumstances.
Data portability (Art. 20): to receive data you gave us in a structured, commonly used, machine-readable format, where processing is based on consent or a contract and carried out by automated means. For your contact-form data this applies only to the extent we rely on the contract basis (Art. 6(1)(b)), not where we rely on legitimate interests (Art. 6(1)(f)).
Objection (Art. 21): to object, on grounds relating to your particular situation, to processing based on our legitimate interests. Following a valid objection, we will stop that processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is needed to establish, exercise or defend legal claims.
Withdraw consent (Art. 7(3)): where we ever rely on your consent, to withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

We do not carry out any solely automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you (Article 22 GDPR).

How to exercise your rights

To exercise any of these rights, email us at [email protected] or write to MB Libranet at the registered office above. We will respond without undue delay and within one month of receiving your request; where a request is complex or there are several requests, we may extend this by up to two further months and will tell you if we do. Exercising these rights is free of charge. We may need to verify your identity before acting, to make sure we do not disclose data to the wrong person.

Your right to complain

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The competent authority in Lithuania is:

State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI)
L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania
Phone: +370 5 271 2804
Email: [email protected]
Website: https://vdai.lrv.lt/

You may also contact us first if you would like us to address the issue directly.

Cookies and essential storage

This Website uses only strictly necessary cookies and a single functional value in your browser's localStorage. Specifically: an encrypted Laravel session cookie and a CSRF token (security and form handling), Cloudflare security cookies such as __cf_bm (bot mitigation), and the "theme" value that remembers your dark or light display choice. We use no analytics, advertising, profiling, or third-party tracking technologies, and all cookies are first-party except the Cloudflare security cookies set as part of protecting the site.

Because these items are strictly necessary or purely functional, storing or reading them on your device is exempt from the consent requirement under Article 5(3) of the ePrivacy Directive 2002/58/EC, as transposed into Lithuanian law by Article 61(4) of the Law on Electronic Communications, which is why no consent banner is shown. You can still clear or block cookies and localStorage through your browser settings, though doing so may stop parts of the Website from working.

Children

This Website is a B2B corporate and marketing site and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data through the contact form, please contact us at [email protected] and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time, for example to reflect changes to our processing or to the law. When we do, we will revise the "Last updated" date at the top of this page, and the current version is always the one published here.

Contact us

For any question about this Privacy Policy or about how we handle your personal data, contact us at:

MB Libranet
V. Nagevičiaus g. 3, LT-08237 Vilnius, Lithuania
Email: [email protected]
Phone: +370 660 22 189

This Privacy Policy is governed by Lithuanian law and applicable EU data-protection law. Any disputes that cannot be resolved directly fall within the jurisdiction of the courts of Vilnius, Lithuania.