In all cases covered by this Policy we act in the capacity of controllers of your personal data.
I. DIRECT MARKETING
The Company processes your personal data for direct marketing purposes only after receiving your explicit consent to such data processing.
The following personal data are processed for the direct marketing purposes: first name, last name, gender, e -mail address, date of birth, telephone number and place of residence.
You can refuse from receiving information about events or other information sent by us at any time by writing us an email to email@example.com.
II. ONLINE STORE
The Company processes your personal data for the online store‘s administration purposes only after receiving your explicit consent to such data processing.
The main purpose of the personal data processing is to enable the Visitor to use the online store in an efficient and optimal manner according to his/her personal needs. The personal data are used for:
- proper provision of the services ordered;
- convenient and efficient functioning of the online store that meets your needs;
- ensuring smooth administration of the online store and the website (e. g. sending You reminders of the account log-in data, informing about temporary impossibility to use the website etc.);
- time and proper responding to your enquiries and requests;
- presenting information that is relevant and offers that may be of interest to you;
- contacting You regarding any information provided by you;
- making statistical analyses and other analyses in order to constantly improve the content and services of the website and the online store;
- Other purposes of which you will be informed at the time of submission of your personal data.
The following personal data are processed for the online store administration purposes: first name, last name, first name and last name of the person that will collect the goods, email address, telephone number, address to which the goods will be delivered, purchase and order history, IP address, network and location data if You provide them, enquiries and complaints history, and other publicly available data that you have shared with us while visiting the online store.
This list is not complete as, in special cases and seeking to attain the objectives set in this Policy, the Company may need to collect additional information. Part of the personal data listed above are collected from buyers directly, e. g. data provided when the Visitor creates his/her account. Other personal data are collected indirectly, e. g. the Visitor‘s network and location data. Personal data can also be collected when other websites/portals provide them to us subject to your consent (also in cases when you log in to your account through social networks).
We will store your personal data for no longer than necessary for the purposes specified in this Policy. Personal data will be stored:
- until the Visitor stops using our services and deletes his/her user account;
- for 10 years after the last action taken in the Visitor‘s account;
- Until the personal data become irrelevant or unnecessary for the purposes referred to in this Policy.
DATA PROCESSING FOR THE PURPOSES OF YOUR ENQUIRIES AND REQUESTS
The Company processes your personal data also in cases when you contact us via email and send us enquiries and questions or provide any other information on our website or social network accounts.
In such cases the Company processes personal data in order to manage enquiries and complaints, ensure quality of its services, and protect and defend its rights and legitimate interests. You provide your personal data to us on a consent basis, i. e. by your actions of contacting us.
If you call us, we will process your personal data in order to consider the relevant matter, provide information and ensure service quality; such data may include data on your order history etc.
The legal basis for the personal data processing is the performance of our statutory duty to consider and reply to your enquiries and our interest to consider feedback received from our clients and to improve our service quality.
III. DATA PROCESSING FOR EMPLOYEE RECRUITMENT PURPOSES
Personal data provided by you will be processed for personnel recruitment purposes on the basis of your consent given at provision of the data, and will be stored until the end of the specific recruitment process.
Please note that, in order to assess your candidacy, we may ask your previous employers specified by You for references as well as information about your qualifications, professional skills and personal qualities relevant to work. We may request such information from your previous employers subject to your specific consent. If, upon consideration of your candidacy, we will select another candidate that meets our requirements better, We may ask You for your consent to retain your personal data received during recruitment and to use them in other recruitment processes and to contact You for this purpose.
If we obtain such consent, we will retain your personal data referred to above for no longer than two years after the date of receipt of the consent.
You may withdraw your consent at any time, which will not affect the lawfulness of the consent-based data processing until the moment of withdrawal. If you exercise your right of withdrawal, we will take action to destroy your personal data without delay.
IV.DATA PROCESSING ON THE WEBSITE
If You visit our website, the Company may process the Visitor‘s IP address and network and location data if the Visitor provides them. The data are collected by means of cookies and other similar technologies subject to the user content.
Please note that the indispensable and analytical cookies constitute a precondition for the use of the website. If you do not accept these cookies, we cannot guarantee that you will be able to use the website at all.
Please be aware that certain technical data on your visit to the website (IP address, cookies, technical data on your browser, other information related to the browser and browsing the website) can be transmitted or made available, for the browsing statistics, analytical and other purposes to entities operating either in the European Economic Area or beyond its boundaries (e. g. to Google Analytics, a US corporation, as We are using its services). Protection provided to personal data by non-EEA states can be lower than that provided by the EEA states, however, we will carefully assess conditions on which your personal data will be further processed and stored after transmission to the above-said entities.
V. DATA PROCESSORS AND DATA RECIPIENTS
The Company hires certain service providers (data processors) for the processing of your personal data. Such data processors include: entities providing data centre services, entities making analyses of browsing or online activities and providing services, entities providing advertising and marketing services, software creation, provision, support and development entities, entities providing information technology infrastructure services, communications service providers, leasing companies, couriers and other service providers to whom your personal data will be disclosed only to the extent that is necessary for the provision of their services.
We use specialised service providers for the sending of newsletters and other information.
In addition, certain data on your visit to the website (IP address, cookies, technical data on your browser, other information related to the browser activities and browsing) can be transmitted or made available, for the purposes of browsing statistics and analysis and related purposes to entities operating either in the European Economic Area or beyond its boundaries (e. g. to Google Analytics, a US corporation, as We are using its services). Protection provided to personal data by non-EEA states can be lower than that provided by the EEA states, however, we will carefully assess conditions on which your personal data will be further processed and stored after transmission to the above-said entities.
We also use services provided by Facebook, Google and online advertising service providers. You can familiarise yourself with the privacy policies, personal data collected and data security measures applied by these entities by reading their Privacy Policies.
The Company hires certain third parties – service providers (data centre and server service providers, website designers and administrators, entities making analyses of browsing or online activities and providing services, statistical analysis service providers, entities providing direct marketing message and newsletter sending services etc.) that may need access to your personal data to the extent required for ensuring proper provision of the services. In such a case the Company is obliged to ensure that third parties comply with confidentiality and data protection undertakings. Please note that certain data can be accessible to companies operating either within or beyond EEA boundaries (Google, Amazon etc.). The Company will ensure that personal data will only be transmitted provided that sufficient grounds provided for in the EU General Data Protection Regulation (GDPR) and other applicable legal acts exists – such data transmission may be required for the conclusion and carrying out of the agreement and may be based on other grounds, conditions or exceptions under the GDPR. The Company will take reasonable action to ensure that third parties process personal data in accordance with the GDPR and other applicable legal acts (including, where necessary, adding standard data protection clauses adopted by the European Commission to agreements on data processing/provision). If you need more information please write us to firstname.lastname@example.org.
VI. DATA RETENTION PERIOD
Your personal data will be stored no longer than required by applicable laws and no longer than the data is required for the purposes for which they had been collected.
Longer storage of your personal data may be required if:
- it is necessary for us in order to defend against claims and lawsuits and to exercise our rights;
- there are reasonable suspicions over unlawful activities that are being investigated;
- your data are necessary for a due resolution of a complaint/dispute;
- your data are necessary for making back-up copies and other purposes related to the IS functioning and support or similar purposes;
- On other statutory grounds.
VII. PROCESSING OF PERSONAL DATA ON MINORS
Consent-based processing of a minor‘s personal data for the purposes of offering information society services is considered lawful if the minor is at least 16 years of age. If the minor is younger than 16, such processing is lawful provided that his/her parents or guardians have given a consent to process the data, therefore:
- if you are younger than 18 but not younger than 16, by using the services of our online store you confirm that you have your parents‘/guardians‘ approval for the disclosure of your personal data to the Company;
- If you are younger than 16, you can use the services and content of the online store only after your parents/guardians give their consent to the Company.
VIII. YOUR RIGHTS
You have the following rights in respect of your personal data:
- Familiarise yourself with your personal data and how they are being processed;
- Request to rectify any incorrect, inaccurate or incomplete data, to delete your personal data or to restrict processing of your personal data when the personal data are processed in violation of legal acts or when other legal grounds exist;
- Request to transfer your personal data to another data controller or to present them to you in a convenient form (applicable to the personal data that you have provided and which are processed automatically on contractual or consent basis);
- Object to your personal data processing when they are processed on the grounds of legitimate interest except for cases where there are lawful reasons for such processing or in order to make, enforce or defend legal claims;
- Where your personal data are processed on an individual consent basis – you may withdraw your consent to the processing at any time.
In order to exercise you rights please write us to email@example.com . Should the Company have any doubts over your identity, the Company may request you to provide additional information.
On receipt of your request we will inform you, without undue delay but in any case no later than within one month after receiving it, about the actions taken by us. We have the right to extend the one-month period by two months.
If you believe that your rights have been infringed, you have the right to file a complaint to a personal data protection supervisory body – the State Data Protection Inspectorate, address L. Sapiegos g. 17, Vilnius. The Company recommends that before applying to the Inspectorate you should contact responsible persons in the Company to find a solution for the issue.
IX. DATA PROTECTION
The Company implements appropriate technical and organisational measures to protect the Visitors’ data from loss, unauthorised use, unauthorised access, disclosure or modification.
In addition, the Company recommends that the Visitors should follow these minimum rules for ensuring personal data protection:
- do not disclose details of log-in to the online store to third parties;
- select a password consisting of at least 8 symbols;
- avoid using the same password on different websites;
- Update your software and obtain anti-virus programs.
X. CONTACT DETAILS
If you have any questions related to this Policy please contact us:
Via email firstname.lastname@example.org or
By phone 8699 82 000
Contact details of the Data Protection Officer:
Address for correspondence: Veiverių g. 150, Kaunas, Republic of Lithuania
Please address your letter to: UAB „Gritija“, Duomenų apsaugos pareigūnui
Details of the Company in the capacity of the data controller:
UAB Gritija, registered company No: 159967697
Registered office address: Veiverių g. 150, Kaunas, Republic of Lithuania
XI. OTHER PROVISIONS
The Company will inform the Visitors about updates by publishing a new version of the Policy on the website together with the dates on which corrections were made. The Visitor understands that by continuing the use of the website after the updates he/she agrees with the changes made.
Should any provision of this Policy be recognised as invalid or unenforceable, such provision will not affect validity and enforceability of the remaining provisions of the policy.
This Policy comes into effect on the date of its publication on the website.