The rules for the processing of personal data of customers (hereinafter – the Rules) regulate the principles of collection, use and storage of personal data of customers, determine the goals and measures of processing personal data of customers, determine who and for what purposes can familiarize themselves with personal data of customers.
Responsible person – a natural or legal person appointed by the Company to manage the personal data of customers in accordance with a service or other contract;
Company – UAB ŽVELK AUKŠČIAU, (Kirtimų st. 33, LT-02244 Vilnius+370 685 67977, email@example.com)
Other concepts used in these Rules are understood as they are defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data. The key concepts are:
Personal data – any information related to a natural person – a data subject whose identity is known or can be directly or indirectly determined using data such as a personal identification number, one or more physical, physiological, psychological, economic, cultural or social characteristics characteristic of a person character traits.
Data processing – any action performed with personal data: collection, recording, accumulation, storage, classification, grouping, connection, change (addition or correction), provision, publication, use, logical and (or) arithmetic operations, search, dissemination, destruction or other act or set of acts.
Third party – a legal or natural person, excluding the data subject, data controller, data processor and persons who are directly authorized by the data controller or data processor to process data.
PRINCIPLES OF CUSTOMER PERSONAL DATA MANAGEMENT
The company is guided by the following principles when processing personal data of customers:
- processes personal data of customers only to achieve the legal purposes defined in these Rules;
- personal data of customers is processed accurately, honestly and legally, in compliance with the requirements of legal acts.
- The company processes the personal data of customers in such a way that the personal data is always accurate and is constantly updated in the event of a change;
- The company processes customer personal data only to the extent necessary to achieve the goals of customer personal data processing;
- personal data of customers is stored in such a form that the identity of data subjects can be determined no longer than is necessary for the purposes for which these data were collected and processed;
- Personal data is processed accurately, fairly and legally.
PURPOSES OF PROCESSING CUSTOMER PERSONAL DATA
Details of the processing of customers’ personal data are provided in this policy.
Main processed personal data: first name, last name, phone number, e-mail e-mail address and other data needed to fulfill orders and submit marketing offers.
The main purposes of processing personal data:
- Processing and implementation of orders, analysis of user data, purchases and use of the page for the purposes of improving the user experience and the website, for marketing and advertising purposes.
RIGHTS OF THE DATA SUBJECT
The company appoints a responsible person who ensures that the rights of customers as data subjects are ensured, properly implemented and that all information is provided correctly, on time and in a form acceptable to employees.
The rights of customers as data subjects and the means of their implementation:
- Know about the collection of your personal data. When collecting the client’s personal data, the company must inform these persons what personal data the client must provide, for what purpose the relevant data is collected, to whom and for what purpose it can be provided and what the consequences of not providing personal data are. Simplified information is provided in customer consents. The customer has the right to get acquainted with his personal data, to demand correction, clarification or addition of incorrect or incomplete personal data. The customer may also object to the processing of certain optional personal data.
- Familiarize yourself with your personal data and how it is handled. The customer has the right to contact the Company with a request to provide information about what and for what purpose his personal data is being processed. This information is provided free of charge to the Client once per year. If the client applies more than once a year for the provision of such information, the fee for providing this information cannot exceed the costs of providing such information.
- Demand correction, destruction of your personal data or suspension of processing of your personal domains.
- Do not consent to the processing of personal data. The customer has the right not to consent to the processing of certain optional personal data. Such disagreement can be expressed by not filling out certain sections of the questionnaire or other documents to be filled out, as well as by later submitting a request to stop the processing of optional personal data. The company provides written information on which personal data is processed on an optional basis. A company that has received a request to terminate the processing of optional personal data immediately terminates such processing, unless it conflicts with the requirements of legal acts and informs the employee/client thereof.
PERSONAL DATA SECURITY MEASURES
Access rights to personal data and authorizations to process personal data are granted, deleted and changed by order of the Head of the Company.
When protecting personal data, the company implements and ensures appropriate organizational and technical measures to protect personal data from accidental or illegal destruction, alteration, disclosure, as well as from any other illegal processing.
The company ensures proper storage of documents and data files, takes measures to prevent accidental or illegal destruction, alteration, disclosure of personal data, as well as any other illegal processing. Copies of documents containing personal data of employees must be destroyed in such a way that these documents cannot be reproduced and their contents cannot be identified.
In the company, only those persons who have been authorized to access such data have the right to access personal data, and only when it is necessary to achieve the goals set forth in these Rules.
The company ensures the security of the premises where personal data is stored, proper placement and review of technical equipment, compliance with fire safety rules, proper network management, maintenance of information systems and the implementation of other technical measures necessary to ensure the protection of personal data.
The company takes measures to prevent accidental or illegal destruction, alteration, disclosure of personal Data, as well as any other illegal processing, by properly and securely storing the documents and data files entrusted to it.
If the data processing employee or other responsible person doubts the reliability of the installed security measures, he must contact his immediate supervisor to evaluate the available security measures and, if necessary, initiate the purchase and installation of additional measures.
Employees or other responsible persons who automatically process personal data or from whose computers access to areas of the local network where personal data are stored use the passwords assigned to them. Passwords are changed when certain circumstances arise (for example: when the employee changes, when there is a threat of hacking, when there is a suspicion that the password has become known to third parties, etc.).
An employee working on a specific computer and accessing personal data can only know his password. Passwords are stored in a safe place and used only in case of necessity.
Upon detection of personal data security violations, the Company takes immediate measures to prevent illegal processing of personal data.
Non-compliance with these Rules, taking into account the severity of the violation, when the employee did not comply with them, may be considered a violation of work duties, for which employees may be subject to liability, provided for in the Labor Code of the Republic of Lithuania
DATA COLLECTION, COOKIES
We process your Personal Data obtained in the following ways:
When you provide us with Personal Data yourself;
- When we ourselves collect your personal data when you use the website, our administered social accounts, when you contact us by phone or e-mail. by means of communication upon arrival at our pick-up point;
- To the extent provided by applicable legislation, we may also receive information about you from other sources, such as publicly available registers, databases, marketing partners and other third parties.
- Depending on the settings of the social network you use, if you choose to link your social network account with your account on our website, we will be able to see certain data from your social network account, including your personal account data: your name, surname or pseudonym in the account, your profile photo and email postal address.
You have the right to change and update your information provided to us. In some cases (for example, when selling goods to you, delivering them, etc.) it is necessary for us to have accurate and up-to-date information about you, which is necessary for quality service provision, so we may ask you periodically to confirm that the information we have about you is correct.
By providing Personal Data to us, you are responsible for the correctness, completeness, and relevance of this Personal Data.
We use „third-party cookies” on our website, which are cookies that are not controlled by us, such as Google Analytics, Google Ads, Facebook and other cookies. We use these cookies in order to obtain statistical information about the use of the website and for the purposes of online advertising based on your behavior.
These Rules are reviewed and updated in the event of changes in the legal acts that regulate the processing of personal data.
Employees and other responsible persons are introduced to these Rules by signature or by electronic means is and must comply with the obligations set forth in it and follow the principles set forth in these Rules when performing their work functions. At the customer’s request, they are given the opportunity to familiarize themselves with these Rules.
The company has the right to partially or completely change these Rules. Employees and other responsible persons are informed of the changes by signature or by electronic means.