Skip to content

VDA Graduation mobile app — Privacy Policy

Effective date: 2026-05-27

1. Data controller

This mobile application “VDA Graduation” (the “App”) is operated by Vilnius Academy of Arts (Vilniaus dailės akademija), legal entity code 111950439, registered address Maironio g. 6-101, LT-01124 Vilnius, Lithuania. Contact for this policy and personal data matters: vda@vda.lt.

This policy applies only to the App (iOS and Android). The website vdagraduation.lt is covered by a separate policy at https://vdagraduation.lt/privatumo-ir-slapuku-politika/.

2. What data the App processes

The App is designed to work with minimal data. It has no user accounts and includes no in-app analytics. The App fetches publicly displayed exhibition data (venues, participants, partner organisations, opening events) from a backend that we (Vilnius Academy of Arts) operate at vdagraduation.lt — see § 2(c) for details.

a) Location data (optional)

  • When: only while you are using the App, and only if you grant permission.
  • Why: to show your position (the “blue dot”) on the map of event venues.
  • Where it is processed: on your device only. We do not send location data to any server (including our backend at vdagraduation.lt) and we do not store it.
  • You can revoke permission at any time in your device settings. The App will keep working — only the blue dot will disappear.

b) Local device data

Your selected language and onboarding state are stored only on your device (AsyncStorage). They are not transmitted anywhere and are deleted when you uninstall the App.

c) Backend data exchange

When you open a screen that lists exhibition data, the App makes an HTTPS request to our backend at vdagraduation.lt to fetch that data. The request and response carry only:

  • The HTTP method, path and query, for example GET /api/venues
  • The standard HTTP headers your device’s OS sends, including your IP address and user-agent string
  • A JSON response containing exhibition data — no personal data about you

No identifier we generate is attached to the request. No cookies are read or set by the App.

Our hosting provider, Hostinger, retains standard server access logs containing your IP, the request path, response status, user-agent and timestamp for approximately 14–30 days. These logs exist for operational and security purposes (debugging, abuse mitigation) and are not used for advertising, profiling or analytics of identified users.

The App does NOT collect: name, email, phone number, precise address, photos, contacts, health data, biometric data, payment information, advertising identifiers, usage analytics or crash reports.

3. Third parties

  • Google Maps Platform (Google Ireland Ltd.) — on both Android and iOS, the App uses Google’s map component to render map tiles. When tiles are requested Google may process your device IP and the map viewport coordinates, governed by the Google Privacy Policy and the Google Maps Platform Terms.
  • Hostinger International Ltd. (Cyprus, with EU datacenters) — our hosting provider for the vdagraduation.lt backend. Hostinger processes the standard access-log data described in § 2(c) on our behalf, under the Hostinger Data Processing Agreement.
  • Apple App Store and Google Play — App distribution and any diagnostics you have opted into at the OS level are handled by Apple and Google respectively.
  • External links — the App may link to social networks (Facebook, Instagram, YouTube) and partner websites. Tapping such a link opens your browser and is outside the scope of this policy.

We do not sell, rent or share any data for advertising purposes.

4. Legal basis (GDPR)

  • For location data — your consent (GDPR Art. 6(1)(a)), provided via the OS permission prompt.
  • For local settings storage — our legitimate interest in making the App function correctly (GDPR Art. 6(1)(f)).

5. Retention

Location data is not retained — it is used in the moment, while you are viewing the map. Local settings remain on your device until you uninstall the App or clear its data. Server access logs at our hosting provider are retained for approximately 14–30 days and then automatically deleted.

6. Your rights

Because the App has no user accounts, the only data tied to you on our servers is your IP address in time-limited server access logs (see § 2(c)), which auto-expires within 14–30 days. The GDPR rights that practically apply here are:

  • Withdraw consent for location access at any time in your device settings.
  • Request a copy or erasure of access-log entries containing your IP (GDPR Art. 15 and Art. 17) — email us with your IP address and an approximate time window, and we will search the retention window on your behalf.
  • Choose not to use the map feature if you prefer no data to flow to Google Maps.
  • Lodge a complaint with VDAI — Lithuanian State Data Protection Inspectorate, L. Sapiegos g. 17, Vilnius, ada@ada.lt, https://vdai.lrv.lt.

For any data-related question, email vda@vda.lt.

7. Children

The App is not directed at children under 14 and we do not knowingly collect their data. In Lithuania, the age of digital consent is 14 (GDPR Art. 8 and the Lithuanian Law on Legal Protection of Personal Data).

8. International data transfers

Our backend at vdagraduation.lt is hosted in the EU (Vilnius or Frankfurt — Hostinger’s primary EU regions). Google services may involve processing of data outside the EEA. In such cases Google relies on the EU Standard Contractual Clauses.

9. Changes to this policy

If we update this policy, we will change the effective date above and, for material changes, notify you within the App or by email (if we have prior correspondence with you).

10. Contact

Vilnius Academy of Arts (Vilniaus dailės akademija)
Maironio g. 6-101, LT-01124 Vilnius, Lithuania
Email: vda@vda.lt