CHAPTER I

GENERAL PROVISIONS

 

1. This Privacy Policy (the “Policy”) is regulated by A. Petrėnas Company, located at Rinktinės str. 40-2, Vilnius, and the company code is 225653160 (hereinafter - the Data Controller), the principles and procedure of personal data processing and the website operated by the Data Controller https: //www.g e liustilius.lt/ (hereinafter - the Website) operating conditions.

2. This Policy is intended for persons who visit the website owned by this Company https://www.geliustilius.lt/ and use the information on the website.

3. Any natural person whose personal data is processed by A. Petrėnas company is considered a data subject in this Policy.

4. By using the Services, by continuing to browse the Website, the Visitor (user of the Website) confirms that he has read this Policy, understands its provisions and agrees to abide by them.

5. The Data Controller shall ensure that, in adopting and implementing this Policy, it seeks to implement the following essential principles relating to the processing of personal data:

   1. Personal data are processed in a lawful, fair and transparent manner vis-à-vis the data subject (principle of lawfulness, fairness and transparency);

   2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;

   3. The further processing of personal data for archival purposes in the public interest or for statistical purposes is not considered incompatible with the original purposes (purpose limitation principle);

   4. Personal data shall be adequate, relevant and not excessive in relation to the purposes for which they are processed (data reduction principle);

   5. Efforts shall be made to ensure that personal data are accurate and, where necessary, updated within a reasonable time after the change;

   6. All reasonable steps shall be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased without delay or rectified within a reasonable time (principle of accuracy);

   7. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

   8. Personal data may be stored for longer periods if the personal data are processed solely for archival purposes, in the public interest or for statistical purposes, provided that the appropriate technical and organizational measures necessary to protect the data subject's rights and freedoms are in place (principle of limitation);

   9. Personal data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing of personal data and against unintentional loss, taking into account the general nature of the personal data processed by the controller. or damage (principle of integrity and confidentiality);

   10. The controller is responsible for ensuring that the above principles are complied with and must be able to demonstrate that they are complied with (accountability principle).

   11. This Policy is established in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (BDAR). (hereinafter - ADTAĮ), other legal acts of the European Union and the Republic of Lithuania. The terms used in the policy are understood as they are defined in the BDAR and the ADTA.

 

CHAPTER II

ON WHY WE PROCESS YOUR DATA

 

1. The company collects and processes personal data in accordance with the legal acts of the EU and the Republic of Lithuania regulating the protection of personal data.

2. The company processes your personal data when accepting and executing your orders, issuing invoices and / or other accounting documents for goods.

3. The company collects and processes your data:

   1. on the basis of consent, which is expressed by your active actions, ie contacting us and providing personal data, or other active actions;

   2. performing video surveillance in the Company's store at Jeruzalės str. 4, Vilnius and its territory and ensuring the security of property and persons;

   3. in order to fulfill our obligations under the law.

4. The company seeks to ensure that personal data is processed accurately, fairly and lawfully, that it is processed only for the purposes for which it was collected, that it is processed in accordance with clear and transparent principles and requirements for the processing of personal data.

5. We may also process personal data for other purposes if we have obtained your (data subject's) consent or if the processing of personal data is based on other lawful processing criteria provided by law.

 

CHAPTER III

PROCESSING OF PERSONAL DATA FOR IMAGE SURVEILLANCE

 

1. In order to ensure the protection of the property, health and life of our customers, employees and other persons, we have our own store at Jeruzalės str. 4, Vilnius We perform video surveillance in the premises and territory.

2. We perform video surveillance and process the data (video data) of customers entering the field of video surveillance based on our legitimate interest. Our video surveillance systems do not use facial recognition and / or analysis technologies, and the video data captured by them is not grouped or profiled according to a specific data subject (person).

3. Clients are informed about the video surveillance by means of information signs with the video camera symbol and the data controller's details, which are provided before entering the monitored area and / or premises.

4. Personal data (video data) collected during video surveillance is stored for up to 30 (thirty) calendar days from the date of capture.

 

CHAPTER IV

HOW MUCH TIME DO WE PROCESS AND STORE YOUR DATA

 

1. We will process and protect your personal data for no longer than is necessary for the purposes for which the data were collected or for such period as may be required by law.

2. The storage of your personal data for longer than specified in the Policy may only take place if:

   1. There are reasonable grounds for suspecting that an illegal activity is under investigation;

   2. Your data is necessary for the proper resolution of a dispute or complaint;

   3. If we have received complaints about customers, or if we have noticed violations by the customer in question;

   4. Backups and other purposes related to the operation and maintenance of information systems or for similar purposes;

   5. In the case of other special grounds, conditions or cases provided for in the legislation.

 

CHAPTER V

IN WHICH CASES AND TO WHICH THIRD PARTIES WE WILL DISCLOSURE YOUR DATA

 

1. The Company will not transfer your personal data to any third parties without your prior consent, except as described below:

   1. We may transfer your data to third parties for processing, who assist us in the operation and administration of the Services. Such persons may include data center, software development, provision, maintenance and development companies, information technology infrastructure service companies, Internet browsing or internet activity analysis and service companies, security services, and so on.

   2. In each case, we provide the data controller with only the amount of data necessary to execute a specific order or provide a specific service.

   3. The data processors used by us may process your personal data only in accordance with our instructions. In addition, they must ensure the security of your data in accordance with applicable law and written agreements with us.

   4. The data may also be provided to the competent authorities or law enforcement agencies, such as the police or supervisory authorities, but only upon their request and only when required by applicable law or in the cases and procedures provided for by law to ensure our rights, our guests, security of personnel and resources, to make, submit and defend legal claims.

 

CHAPTER VI

YOUR RIGHTS

 

1. Data protection law gives you many rights regarding the processing of your personal data.

2. You have the right to access your personal data processed by us:

   1. You have the right to request our confirmation that we process your personal data and, in such cases, to request access to your personal data processed by us;

 

1. To exercise the above right, please submit a written request to us by e-mail. email geliustilius@gmail.com;

1. You have the right to request the correction of your inaccurate data:

   1. If you believe that information about you is incorrect or incomplete, you have the right to ask for it to be corrected.

   2. To exercise the above right, please submit a written request to us by e-mail. mail to geliustilius@gmail.com.

2. You have the right to object to the processing of your personal data:

   1. You have the right to object to the processing of personal data when personal data are processed in our legitimate interests. However, notwithstanding your objection, we will continue to process your data in the event of good cause for further processing;

   2. To exercise the above right, please submit a written request to us by e-mail. mail to geliustilius@gmail.com.

3. You have the right to request the deletion of your personal data (right to be forgotten):

   1. In certain circumstances, you have the right to request that we delete your personal data. However, this does not apply if we are required by law to retain data;

   2. To exercise the above right, please submit a written request to us by e-mail. mail to geliustilius@gmail.com.

4. You have the right to restrict the processing of your personal data:

   1. You also have the right to restrict the processing of your personal data in certain circumstances;

   2. To exercise the above right, please submit a written request to us by e-mail. mail to geliustilius@gmail.com.

 

CHAPTER VII

FINAL PROVISIONS

 

1. The law of the Republic of Lithuania shall apply to legal relations related to this Policy.

2. The Data Controller shall not be liable for any disruption of the use of the Website and / or any damage caused by them as a result of acts or omissions of third parties unrelated to the Data Controller or a person, including power outages, Internet access, etc.

3. The Data Controller has the right to change the Policy in part or in full.

4. Additions or changes to the Policy shall be effective from the date of their publication on the Website.

5. If, after the addition or change to the Policy, the person continues to use the Website and / or the services provided by the Data Controller, the person shall be deemed not to have objected to such additions and / or changes.

6. For all data processing questions, you can contact us by e-mail geliustilius@gmail.com;

7. This Privacy Policy has been applied from 2019 January 10

 

Prepared by: UAB Veritas Bona (304628436)