Personal data is processed pursuant to the General Data Protection Regulation of the European Union (EU) 2016/679 (hereinafter – the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legislation that regulate the protection of personal data.
Private Limited Liability Company Eigera complies to the following fundamental data processing principles:
- Personal data is collected only for clearly defined and lawful purposes;
- Personal data is processed only in legitimate and fair methods;
- Personal data is regularly updated;
- Personal data is stored safely and for periods that do not exceed the purposes of data processing or the applicable legislation;
- Personal data is processed only by the employees of the Company, who have been granted this right pursuant to their job functions, or by data processors, who have been duly authorized.
1.1. The controller of personal data – Private Limited Liability Company Eigera (hereinafter – the Company), legal entity code 303362185, registered office at Kęstučio g. 20, Telšiai.
1.2. Data subject – any natural person, whose data is processed by the Company. The data controller shall only collect the data of the data subject that is necessary to carry out the Company’s activities and(or) visit, use and browse the Company’s websites, Facebook account, etc. (hereinafter – the Website). The Company undertakes to ensure that the data collected and processed is kept safe and used only for the specific purposes.
1.3. Personal data – any information, directly or indirectly related to the data subject, who has been identified or whose identity can be directly or indirectly determined by using the aforementioned data. The processing of personal data is any operation performed by using the personal data (including collecting, recording, storing, editing, changing, giving access, making, transferring, archiving enquiries, etc.).
1.4. Consent – any free and informed confirmation by the data subject that they agree to their personal data being processed for a specific purpose.
2. SOURCES OF PERSONAL DATA
2.1. Personal data is provided by the data subjects themselves. The data subject starts communicating with the Company, uses the services provided by the Company, purchases its services, participates in surveys and research, leaves comments, makes inquiries, subscribes to newsletters, asks information from the Company, etc.
2.2. Personal data is received when data subjects visit the Company’s website. Data subjects fill in the forms that are on the website or, for any reason, leave their contact information, etc.
2.3. Personal data is obtained from other sources. Data is received from other institutions or companies, public registers, etc.
3. PERSONAL DATA PROCESSING
3.1. By giving their personal data to the Company, data subjects agree to the Company using the data it collects in order to fulfill its obligations to data subjects and provide the services data subjects hope for.
3.2. The Company processes personal data for the following purposes:
3.2.1. Ensuring the Company’s activities and their continuity. Personal data of clients and suppliers (natural persons) processed for this purpose can be the following:
- Name(s), surname(s), personal number or date of birth, place of residence (address), telephone number, email address, workplace, position, bank settlement account and bank where the account is, date, amount and currency of a monetary operation or transaction, and other data, provided by the person themselves, and obtained by the Company while carrying out its activities pursuant to applicable legislation, and(or) which the Company is obliged to process pursuant to laws and(or) other legislative acts. For example, data present in business licenses (activity type, group, code, name, periods of carrying out the activity, data of issue, sum), numbers of individual activity certificates, data as to whether the data subject is a VAT payer and other data, necessary to conclude an agreement and(or) duly perform obligations set forth in legislation. When partners are legal entities, the following data of their employees or representatives can be processed: names, surnames, telephone numbers, email addresses, company’s name, address, position, authorization data (number, date, date of birth of an authorized person).
3.2.2. Administration of inquiries, comments and complaints. For this purpose, the data processed is the following:
- Contact details (telephone number, email address);
- Texts of inquiries, comments or complaints.
3.2.3. Direct marketing. For this purpose, the data processed is the following:
3.2.4. Other purposes, which the Company has a right to process the personal data of data subjects for, when the data subject has given their consent, and when the data has to be processed due to lawful interests of the Company or when the Company is obligated to process the data by certain legal acts.
- Name, surname;
- Contact details (telephone number, email address)
4. SUPPLY OF PERSONAL DATA
4.1. In respect of the data subject, the Company undertakes to respect the duty of confidentiality. Personal data can be disclosed to third parties only when an agreement has to be concluded or performed for the benefit of the data subject, or due to other lawful reasons.
4.2. The Company can supply personal data to its data processors, who provide the Company with services and process the personal data on behalf of the Company. Data processors are entitled to process personal data only by following the Company’s instructions and only to the extent, necessary to duly fulfill the obligations set forth in the agreement. The Company shall only employ data processors who are able to sufficiently ensure that appropriate technical and organizational measures are taken and the data processing complies with the requirements set forth in the Regulation, and the rights of data subjects are protected.
4.3. Moreover, the Company can supply personal data by responding to the requests of courts or state institutions, to the extent necessary to duly execute the applicable legal acts and instructions of state institutions.
4.4. The Company guarantees that personal data shall not be sold or leased to third parties.
5. PROCESSING THE PERSONAL DATA OF MINORS
5.1. Persons under the age of 14 cannot supply any personal data via the Company’s website. If a person, who is under 14, wishes to use the services of the Company and has to supply personal data, before doing so, they must present a written consent of one of their representatives (a mother, a parent or a guardian).
6. TIME LIMITS OF PROCESSING PERSONAL DATA
6.1. Personal data, collected by the Company, is stored in the form of printed documents and(or) in the information systems of the Company. Personal data shall be processed only for the period necessary to accomplish the purpose of such processing or not longer than demanded by the data subject and(or) set forth in the legislation.
6.2. Even though the data subject can terminate their agreement and reject the Company’s services, the Company has to continue to store the data of the data subject due to possible future demands or legal claims, until the time limits of storing personal data ends.
7. RIGHTS OF DATA SUBJECTS
7.1. A right to receive information about the processing of data.
7.2. A right to familiarize themselves with the data being processed.
7.3. A right to request for the data to be corrected.
7.4. A right to request for the data to be deleted (‘a right to be forgotten’). This right does not apply, if the data that is requested to be deleted is processed on other legal grounds, for instance, when processing is necessary in order to perform an agreement, or an obligation pursuant to the applicable laws exists.
7.5. A right to limit the processing of data.
7.6. A right to disagree with the processing of data.
7.7. A right to data portability. The right to data portability cannot have a negative effect on the rights and freedoms of others. The data subject is not granted the right to data portability with respect to the personal data that is systemized otherwise than by automatic means, e.g. stored in paper files.
7.8. A right to request for a solution, substantiated only by automated data processing (profiling included) not to be applied.
7.9. A right to make a complaint regarding personal data processing to the State Data Protection Inspectorate.
7.10. The Company must facilitate the implementation of the aforementioned rights of the data subject, except the cases provided for by laws, when the safety or defense of the state; public order; prevention, investigation, detection of crimes or persecution; important economic or financial interests of the state; prevention, investigation and detection of integrity or professional ethics violations; and protection of rights and freedoms of the data subject or other persons must be ensured.
8. PROCEDURE OF IMPLEMENTING DATA SUBJECT RIGHTS
8.1. Regarding the implementation of their rights, the data subject can approach the Company in the following ways:
8.1.1. By submitting a written application personally, by post, via a representative or via electronic communication means – an email: email@example.com ;
8.1.2. Verbally, by calling the telephone number +370 690 00015;
8.1.3. In writing, to the following address: Kęstučio g. 20, Telšiai.
8.2. In order to protect the data from unlawful disclosure, upon presented with the data subject’s request to supply their data or implement other rights, the Company must verify the data subject’s identity.
8.3. The Company must respond to the data subject’s request not later than within one month from the day the data subject’s application is received, by taking specific circumstances of processing personal data into account. If such a need arises, the said deadline may be extended for two additional months, by taking the complexity and amount of applications into account.
9. RESPONSIBILITIES OF DATA SUBJECTS
9.1.The data subject is obliged to:
9.1.1.Inform the Company about any changes in the information and data provided. It is important to the Company to have correct and valid information about data subjects;
9.1.2.Present the necessary information, so that, upon the data subject’s request, the Company could identify the data subject and ascertain that the communication and collaboration is really taking place with a specific data subject (present a valid identity document either following the procedure determined by laws or via electronic communication means that would allow sufficient identification of the data subject). This is needed to ensure the protection of the data subject’s and other persons’ data and disclosure of the information about data subjects only to the data subject themselves, without violating the rights of other persons.
10. FINAL PROVISIONS