PRIVACY POLICY

Effective from: 1 May 2026. Last updated: 1 May 2026.

 

1. Data Controller

MB "Adcanonas", company registration number 303665855, registered address Pernaravos g. 3, LT-47166 Kaunas, Republic of Lithuania, not registered as a VAT payer, email [email protected], phone +370 602 23329. Information about the Provider is collected and stored in the Register of Legal Entities of the Republic of Lithuania. The Provider operates under the trade name and brand "ChangeAI".

In this document, the data controller is referred to as We, Our, or ChangeAI.

 

2. Scope of This Policy

This Privacy Policy applies to all persons who:

  • visit Our website www.changeai.io and its subdomains (e.g. workshop.changeai.io);
  • register for Our online training courses, custom business training programmes, events, or workshops;
  • use Our Learning Platform;
  • participate in Our remote or in-person training sessions;
  • communicate with Us by any means.

 

3. What Data We Collect

3.1. Registration and Order Data

When you register for Our Services through the Website, a registration form, or by contacting Us directly, We collect the following data:

  • first name and surname;
  • email address;
  • phone number;
  • company name, if provided;
  • when paying by invoice, We additionally collect the company registration number, VAT number (if applicable), and registered address;
  • discount code applied, if any;
  • payment method;
  • order status and order number.

We do not see or store payment card data. This data is processed by third-party payment service providers in accordance with applicable payment security requirements.

 

3.2. Learning Platform Data

When you use Our Learning Platform (Kajabi or Thinkific), We process the following data:

  • login credentials (email address; password is stored in encrypted form by the platform provider);
  • course progress (lessons viewed, assignments completed);
  • attendance history for live sessions;
  • information about downloaded materials.

 

3.3. Remote Training Audio and Video Data

When you participate in live remote sessions via video conferencing platforms (Zoom, Google Meet), the following data may be processed:

  • participant's name and surname (or chosen display name);
  • voice recording;
  • video recording (if the participant enables their camera);
  • chat messages during the session;
  • personal data voluntarily provided by the participant.

Before recording begins, the session facilitator informs participants of the intended recording. Participants have the right, on grounds relating to their particular situation, to object at any time to the processing of their personal data on this basis, by notifying Us in writing.

 

3.4. In-Person Event Data

When you participate in in-person events, We may additionally process:

  • attendance confirmation data (registration at the venue);
  • photographs and video footage taken during the event (participants are informed at the start of the event);
  • special dietary or accessibility requirements, if you voluntarily provide them.

 

3.5. Website Browsing Data

We use third-party analytics and measurement tools that may collect information about your visit to the Website:

 

Tool

Provider

Data Processed

Purpose

Google Analytics 4

Google Ireland Limited

Visit date and time, pages visited, traffic source, approximate geographic location, device type, browser, anonymised user identifier

Website usage statistics and campaign performance measurement

Meta Pixel

Meta Platforms Ireland Ltd.

Visit date, pages visited, actions taken, device identifier

Measuring the effectiveness of advertising campaigns on Facebook and Instagram, lookalike audience creation, and remarketing

Microsoft Clarity

Microsoft Ireland Operations Limited

Browsing session recording, clicks, scrolling, movement, heatmaps, device type

UX quality analysis and identification of obstacles in registration forms

 

Microsoft Clarity is used to analyse website usability. We configure Clarity so that form fields and other sensitive input data are not recorded or are masked, to the extent permitted by the tool's settings.

These tools use cookies and similar technologies. You can manage your cookie consent through the cookie consent banner.

 

3.6. Communication Data

When you communicate with Us by email, WhatsApp, social media platforms, or phone, We may store the content of the communication, contact details, and the date of communication.

 

3.7. Data We Do Not Collect

We do not knowingly collect or process:

  • personal data of children (under 18 years of age) — Our Services are intended for adults only;
  • special categories of personal data (GDPR Article 9), unless you voluntarily provide such data (e.g. dietary requirements at an event);
  • biometric data for identification purposes.

 

4. Legal Bases for Processing

Data Category

Legal Basis (GDPR)

Purpose

Registration and order data

Art. 6(1)(b) — performance of a contract

Administer registration, deliver the Service, send confirmation, grant access to the Learning Platform

Invoice details

Art. 6(1)(c) — legal obligation

Comply with the requirements of the Lithuanian Financial Accounting Law and other applicable legislation

Learning Platform data

Art. 6(1)(b) — performance of a contract

Provide access to purchased content, track learning progress, ensure proper Service delivery

Audio and video recordings

Art. 6(1)(f) — legitimate interest

Ensure quality Service delivery, create educational materials for course participants

In-person event photos and video

Art. 6(1)(f) — legitimate interest

Event documentation and communication

Marketing communications

Art. 6(1)(a) — consent

Send newsletters and invitations to other events

Analytics and advertising

Art. 6(1)(a) — consent

Use cookies, Meta Pixel, Google Analytics 4, and Microsoft Clarity

Communication data

Art. 6(1)(f) — legitimate interest

Respond to enquiries, provide consultations, resolve disputes

 

We send marketing communications only with your consent or in other cases permitted by applicable law. You can withdraw your consent at any time by clicking the unsubscribe link in any email received or by writing to Us at [email protected].

 

5. How Long We Retain Data

Data Category

Retention Period

Registration, payment, and accounting records

10 years after performance of the agreement, as required by the Lithuanian Financial Accounting Law and other applicable legislation

Learning Platform data (course progress, attendance)

Duration of access to the Service plus 12 months after access expires

Audio and video recordings from remote training

Duration of access to the Service plus 12 months after access expires, unless participants are informed otherwise

In-person event photos and video

3 years from the event date

Marketing subscription

Until consent is withdrawn

Analytics and advertising cookies

According to each provider's policy and Our chosen settings: Google Analytics 4 up to 14 months, Meta Pixel up to 180 days, Microsoft Clarity up to 12 months

Communication records

3 years from the date of last contact, unless longer retention is necessary to establish, exercise, or defend a legal claim

 

Once the retention period expires, personal data is securely deleted or anonymised. Anonymised data (from which you can no longer be identified) may be retained indefinitely for analytics and business improvement purposes.

 

6. Who We Share Data With

Personal data may be shared with the following categories of processors or recipients only to the extent necessary to deliver the Service, administer the Website, process payments, maintain accounting records, or comply with legal requirements:

 

Category

Current providers include, but are not limited to

Payment service providers

AS "Citadele banka" Lithuanian branch (Klix), Stripe Payments Europe Ltd.

Learning platforms

Kajabi LLC, Thinkific Labs Inc.

Video conferencing platforms

Zoom Video Communications Inc., Google Ireland Limited (Google Meet)

Email marketing platforms

MailerLite Limited

IT infrastructure providers

Lovable Cloud, Supabase Inc.

Analytics and advertising providers

Google Ireland Limited, Meta Platforms Ireland Ltd., Microsoft Ireland Operations Limited

Accounting service providers

Accounting firms under contract

Government authorities

When required by applicable law

 

The specific providers within each category may change over time as We update Our tools and platforms. We ensure that all processors are bound by appropriate data processing agreements and meet the requirements of applicable data protection legislation. An up-to-date list of specific providers is available upon request by contacting Us at [email protected].

We do not sell your personal data.

When personal data is transferred outside the European Economic Area (EEA), We apply the safeguards required by the GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • where applicable, the recipient's certification under the EU-US Data Privacy Framework.

You may request a copy of the applicable safeguards by contacting Us at [email protected].

 

7. Your Rights

Under the GDPR, you have the following rights:

  1. a) Right to information — to receive information about the processing of your data;
  2. b) Right of access — to request access to your personal data;
  3. c) Right to rectification — to request correction of inaccurate or incomplete data;
  4. d) Right to erasure — to request deletion of your data where there is a legal basis to do so;
  5. e) Right to restriction — to restrict the processing of your data;
  6. f) Right to portability — to request the transfer of your data to another controller, where applicable;
  7. g) Right to object — to object to processing based on legitimate interest or for direct marketing purposes;
  8. h) Right to withdraw consent — to withdraw consent at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal;
  9. i) Right to lodge a complaint — to lodge a complaint with a supervisory authority.

 

How to Exercise Your Rights

To exercise any of these rights, please contact Us at [email protected]. We will respond within 30 calendar days of receiving your request. If the request is complex, this period may be extended by a further 60 days, in which case We will inform you. We may need to verify your identity before processing your request.

Supervisory Authority

If you believe your data has been processed in violation of applicable law, you have the right to lodge a complaint with:

State Data Protection Inspectorate (VDAI) L. Sapiegos g. 17, LT-10312 Vilnius Email: [email protected] Phone: +370 5 271 2804 Website: https://vdai.lrv.lt

You may also lodge a complaint with the supervisory authority in your country of residence.

 

8. Cookies

8.1. What Are Cookies

Cookies are small text files placed on your device when you visit Our Website. They help Us understand how you use the Website, remember your preferences, and improve your experience.

 

8.2. Types of Cookies

The following types of cookies may be used on the Website:

  • Strictly necessary cookies — required for the Website to function properly. The Website cannot function correctly without these cookies.
  • Analytics cookies — help Us understand how visitors use the Website (e.g. Google Analytics 4, Microsoft Clarity).
  • Marketing cookies — used to measure the effectiveness of advertising campaigns and for remarketing (e.g. Meta Pixel).

 

8.3. Managing Cookies

Analytics and marketing cookies are only used with your consent, provided through the cookie consent banner displayed on your first visit.

You can withdraw or change your consent at any time via the "Cookie Settings" link in the website footer. You can also manage cookies through your browser settings. Please note that disabling certain cookies may limit the Website's functionality.

 

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • encryption of data in transit (TLS/SSL);
  • access controls limiting data access to authorised personnel only;
  • use of reputable cloud infrastructure providers;
  • regular review of security practices and service provider arrangements.

No method of data transmission or storage is 100 per cent secure. If We become aware of a data security breach that may pose a risk to your rights and freedoms, We will notify the State Data Protection Inspectorate within 72 hours and, where required by applicable law, We will also notify you.

 

10. Third-Party Links

Our Website and communications may contain links to third-party websites, tools, and platforms. We are not responsible for the privacy practices of these third parties. We recommend reviewing their privacy policies before providing them with any personal data.

 

11. Changes to This Policy

Changes to this Privacy Policy take effect on the date of publication on the Website. We will provide additional notification by email of material changes relating to the processing of data already collected, where We hold such an email address and where such notification is required by applicable law.

 

12. Contact Us

For questions regarding the processing of personal data, you may contact Us:

   

Email

[email protected]

Phone

+370 602 23329

Post

Pernaravos g. 3, LT-47166 Kaunas

Last updated: 1 May 2026