Privacy Policy
Last updated: 2 July 2026
This Privacy Policy explains how UAB „First Impression Consulting“ (“First Impression”, “we”, “us” or “our”) collects and uses your personal data when you visit our website at firstimpression.works, contact us through our enquiry form, or book a consultation with us. We are the data controller responsible for your personal data. We process it in accordance with the EU General Data Protection Regulation (GDPR) and applicable Lithuanian law.
Who we are
- Controller: UAB „First Impression Consulting“
- Legal entity code: 305599560
- VAT code: LT100013685112
- Registered address: Vokiečių g. 16-1, Vilnius, Lithuania
- Head office: A. Goštauto g. 8-326, Vilnius, Lithuania
- Contact: hello@firstimpression.works
For any question about this policy, or to exercise your data protection rights, email us at hello@firstimpression.works.
What data we collect, why, and our legal basis
Enquiries through our contact form
When you use our “Get in touch” form, we collect your name, email address, company name (if you provide it), the topic you select, your message, and confirmation that you have ticked the consent box.
- Purpose: to read your enquiry, respond to you, and follow up about the services you asked about.
- Legal basis: your consent (GDPR Art. 6(1)(a)) - before sending, you confirm you have read this policy. Where your enquiry concerns a possible engagement, we also rely on taking steps at your request prior to entering into a contract (Art. 6(1)(b)).
- How it is handled: the form does not create an account or a public comment. Your message is sent to us by email (to hello@firstimpression.works) and is not stored in the website’s database. We reply using the email address you provide.
- Marketing: we use these details only to respond to your enquiry. We do not add you to any marketing list or newsletter and do not use your enquiry for advertising.
- Withdrawing consent: you can withdraw your consent or ask us to delete your enquiry at any time by emailing hello@firstimpression.works. This does not affect processing carried out before you withdrew.
Booking a consultation (Calendly)
If you book a call through our scheduling widget, this is provided by Calendly. Calendly collects the details you enter (such as your name, email address and chosen time) in order to schedule the meeting. The scheduling widget only loads when you choose to open it. The legal basis is your consent and taking steps at your request prior to a possible engagement (Art. 6(1)(a) and (b)). Calendly processes this data under its own privacy policy.
Cookies, analytics and marketing tools
On your first visit we show a cookie banner. Non-essential cookies and third-party scripts - Google Tag Manager, Google Analytics and the Meta (Facebook) Pixel - are blocked and do not run until you give your consent. The legal basis for these is your consent (Art. 6(1)(a)), which you can withdraw at any time using the “Cookies” link in the site footer. See the Cookies section below for details.
Spam prevention and security
- To limit automated spam, when you submit the contact form we briefly store a one-way hashed (irreversible) version of your IP address for about 60 seconds. We do not retain your raw IP address for this purpose.
- Our hosting provider may keep standard technical server logs (such as IP address, browser type and timestamps) for security and to keep the website running reliably.
- Legal basis: our legitimate interest in the security and integrity of the website (Art. 6(1)(f)).
Cookies
Cookies are small files stored on your device. We group them into three categories, and only strictly necessary cookies are used before you consent:
- Necessary (always on): required for the site to work and to remember your cookie choice. This includes the
fi_cookie_consentcookie, which stores your preferences for 6 months. No consent is needed for these. - Analytics (consent required): Google Analytics 4, loaded via Google Tag Manager, helps us understand how visitors use the site (for example pages viewed, approximate location and device type) so we can improve it.
- Marketing (consent required): the Meta (Facebook) Pixel helps us measure the effectiveness of our advertising and, where relevant, show more relevant ads.
You can change or withdraw your consent at any time using the “Cookies” link in the footer of every page, or by blocking cookies in your browser settings. Because a script that has already run cannot be “un-run”, withdrawing consent reloads the page so that the relevant tools stop loading.
Who we share your data with
We do not sell your personal data. We share it only with service providers who process it on our behalf or, where they determine their own purposes, as independent controllers:
- Google (Google Ireland Limited and Google LLC) - Google Tag Manager and Google Analytics. See Google’s privacy policy.
- Meta (Meta Platforms Ireland Limited and Meta Platforms, Inc.) - the Meta Pixel. See Meta’s privacy policy.
- Calendly (Calendly LLC) - consultation scheduling.
- Our email and website hosting providers - to deliver enquiry emails to us and to operate the website.
We may also disclose personal data where we are required to do so by law or to protect our legal rights.
International data transfers
Some of our providers (including Google, Meta and Calendly) are based in, or transfer data to, the United States. Where your personal data is transferred outside the European Economic Area, it is protected by appropriate safeguards - the EU-US Data Privacy Framework (to which Google LLC and Meta Platforms, Inc. are certified) and/or the European Commission’s Standard Contractual Clauses.
How long we keep your data
We keep personal data only for as long as necessary for the purposes described above. We do not apply a fixed retention period to enquiry correspondence; instead we review it periodically and delete or anonymise it once it is no longer needed to handle your request, for our legitimate business and record-keeping purposes, or to meet a legal obligation. Cookie-based data is kept for the periods set by each tool, and your cookie consent record is kept for 6 months. You can ask us to delete your data sooner - see Your rights.
Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased (“right to be forgotten”);
- restrict or object to our processing;
- receive your data in a portable format;
- and, where processing is based on consent, withdraw that consent at any time without affecting processing carried out beforehand.
To exercise any of these rights, email hello@firstimpression.works. We will respond within one month.
You also have the right to lodge a complaint with a data protection supervisory authority. Our lead authority is:
- State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija)
- L. Sapiegos g. 17, 10312 Vilnius, Lithuania
- ada@ada.lt · vdai.lrv.lt
Security
We use reasonable technical and organisational measures - including encryption in transit (HTTPS/TLS) and access controls - to protect personal data against unauthorised access, loss, or misuse.
Children
Our website and services are intended for businesses and are not directed at children under 16. We do not knowingly collect personal data from children.
Changes to this policy
We may update this Privacy Policy from time to time. The current version is always published on this page together with its “last updated” date. If we make significant changes to how we use cookies, we will ask for your consent again.
Contact
UAB „First Impression Consulting“, A. Goštauto g. 8-326, Vilnius, Lithuania - hello@firstimpression.works.