I. KEY TERMS
1.1. Company (or personal data controller) - A. Baniulis' company "PROTEKTA", a company established in accordance with the laws of the Republic of Lithuania, with its registered office at Klevų str. 42, Vaivadai, Panevėžys district, Republic of Lithuania, company code 168651545 , phone / fax 8- 45 510023, data about the company are collected and stored in the Register of Legal Entities.
1.2. E-shop - Company e-shop at www.protekta.lt .
1.3. Account - the result of the buyer's registration with protekta.lt, due to which an account is created to protect his personal data and order history ( account ). < / p>
1.4. Password - a unique combination of letters and numbers created by the buyer and known only to him, which is entered for the first time when registering protekta.lt , and then to sign in to your account.
1.5. Order - Confirmation of the goods / services and conditions selected by the buyer in the account.
1.6. IP Address is a unique number assigned to each computer connected to the Internet, known as an Internet Protocol (IP) address, and which identifies the person.
1.7. Direct marketing - activities aimed at offering goods / services to customers by mail, telephone or other means and / or ask for their opinion on the goods or services offered
1.8. Personal data - means any information relating to a natural person - a data subject whose identity is known or can be directly or indirectly identified by means of data such as a personal code, one or more personal, physiological, psychological, economic, cultural or social characteristics.
1.9. Personal Data Breach - A security breach that results in the unintentional or unlawful destruction, loss, alteration, unauthorized disclosure, transfer, storage, or other processing of Personal Data or unauthorized access to it.
1.10. Processing of personal data - means any action on personal data: collection, recording, storage, storage, classification, grouping, aggregation, modification (addition or correction), provision, use, destruction or any other action, or action pack.
1.11. Employee - means a person who has an employment or similar contract with the Company and is appointed by the Company's manager to process Personal Data or processes such data in accordance with the job functions specified in his / her job description and has signed a commitment to data confidentiality.
1.12. Recipient of the Data - means the legal or natural person to whom the Personal Data is provided.
1.13. Data subject - a natural person (buyer / seller) whose data is processed by the Company.
1.14. Provision of data - Disclosure of personal data through the transfer or other making available (other than publication in the media).
1.15. Automatic data processing - Data processing operations performed in whole or in part by automatic means.
1.16. Data controller - means a legal or natural person who is authorized by the Company to process personal data.
1.17. Data controller - a legal or natural person who, alone or together with others, determines the purposes and means of the processing of personal data.
1.18. Special personal data - data relating to a person's racial or ethnic origin, political, religious, philosophical or other beliefs, trade union membership, health, sexual life, and information about a person's criminal record.
1.19. Consent is a voluntary statement by the data subject to process his or her personal data for a purpose known to him or her.
II. GENERAL PROVISIONS
2.1. The purpose of these Rules is to regulate the processing of personal data in the Company and on the Company's website protekta.lt, ensuring the 2016 April 27 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, compliance with and implementation of the Law on Legal Protection of Personal Data of the Republic of Lithuania and other related legal acts.
2.2. The Company collects your data, which you voluntarily submit by e-mail, registered mail, fax, telephone, directly to the Company's point of sale, registered on the Company's website protekta.lt or using the Company's website.
2.3. By submitting your personal data to the Company, you confirm and voluntarily agree that A. Baniulis' company "PROTEKTA" will manage and process your personal data in accordance with these Rules, applicable laws and other regulatory enactments.
2.4. You , in order to register with protekta.lt, you must provide the following mandatory details: name, surname, e-mail. mail, telephone number, address. An Account is created during registration. You enter your data in your account, so you are solely responsible for the accuracy of this data. You are given a User ID. You may adjust and / or complete personal information in your Account at any time.
2.5. During registration at protekta.lt, you must come up with / create a password, the confidentiality of which you are responsible for. You must not disclose the password to third parties and keep it, otherwise you are solely responsible.
2.6. Your personal data is collected for defined and legitimate purposes, processed accurately and fairly, kept up to date and stored for no longer than required by the stated purposes of the processing.
2.7. The Company processes the following personal information about you:
2.7.1. Name surname.
2.7.2. Residence (address) / Shipping address
2.7.3. Personal identification code (only with your consent / obligatory when purchasing goods on credit);
2.7.4. Email address;
2.7.5. Phone number;
2.7.6. Credit / debit card or other payment details (only if you pay by bank transfer);
2.7.7. Your login name in the Company's online store;
2.7.8. Details of the goods you have purchased, their quantities, purchase dates and other information related to the goods.
2.8. Your personal data specified in Clause 2.7 is processed for the purpose of conclusion, performance and fulfillment of legal obligations.
2.9 In processing your (Data Subject's) personal data, the Company complies with the requirements of European Union legal acts, the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania and other directly applicable legal acts regulating personal data. protection, as well as instructions from the competent authorities.
III. YOUR RIGHTS AS A DATA SUBJECT AND THEIR ENFORCEMENT
3.1. You have the following basic rights:
3.1.1. Be aware of the processing of your personal data;
3.1.2. Get to know your personal data and how it is processed;
3.1.3. Receive personal data relating to you that you have provided to the Company in a structured, commonly used and computer-readable format and transfer it to another data controller, or require the Company to transfer such personal data directly to another data controller when technically possible (right to data portability)
3.1.4. Require replenishment, correction; destroy your personal data (right to be forgotten) or suspend, with the exception of storage, the processing of your personal data when your personal data is processed in violation of the provisions of applicable and applicable legislation. The right to request the deletion of your personal data does not apply if the personal data requested to be deleted are processed on a legal basis, such as the processing is necessary for the performance of a contract or an obligation under applicable law.
3.1.5. We do not consent to the processing of your personal data.
3.2. At the moment of acceptance-transfer of the goods, the Company's employees may ask you to submit an identity document, which is used only for proper personal identification. In this case, no copy of the identity document is made.
3.3. Your right of access to your Personal Data is exercised in the following order:
3.3.1. You have the right to obtain information on the sources and sources of your personal data, the purpose for which they are processed, the provided to data recipients and have been provided for at least the last year. If you send the application by post or courier, a notarised copy of your identity document must be attached to the application. When information about a person is requested by his or her representative, he or she must provide proof of representation and proof of his or her identity. If the request of the data subject's representative is made in writing, the controller must provide him with a written reply.
3.3.2. You can request the exercise of your rights to the Company by e-mail. by post ( email@example.com ), by registered mail (Klevų str. 42, Vaivadai, Panevėžys district) or upon arrival to the Company (Klevų str. 42, Vaivadai, Panevėžys district).
3.3.3. Upon receipt of your request for portability or request for processing of your personal data, the company will respond to whether the personal data relating to you are processed and provide you with the requested data or the reasons for refusing such request no later than 30 calendar days from your request. . At your request, the data is provided / forwarded to the address or e-mail specified in the letter. email address.
3.3.4. Your requests (rights) are executed when you provide information that allows us to identify you. If the Company has reasonable doubts about your identity, the Company may request additional information necessary to verify your identity.
3.4. J If you are a registered user of the Company's website, you can view and edit the personal information provided on the Company's website and contact details of you by visiting the relevant sections of the Company's website.
3.5. You can complain about the Company's actions (omissions) to the State Data Protection Inspectorate (A. Juozapavičius St. 6, Vilnius, e-mail firstname.lastname@example.org , website www.ada.lt ) within 3 months < earlier than the date of receipt of the reply from the Company or within 3 months from the date of expiry of the deadline for reply set out in Section 3.3.3. You can appeal the actions (omissions) of the State Data Protection Inspectorate to a court in accordance with the procedure established by law.
IV. TRANSMISSION OF PERSONAL DATA
4.1. The Company undertakes to protect your privacy and to use the information provided exclusively for the purposes specified in these Rules. The Company may transfer your personal data to third parties who act as Data Processors on behalf of the Company. Personal data may be provided only to those Data Processors with whom the Company has signed relevant agreements or cooperation agreements contain provisions discussing the transfer / provision of Personal Data and the Data Processor ensures adequate protection of the transferred Personal Data. Your personal data may be disclosed to third parties only in accordance with the procedure provided for by the legal acts of the Republic of Lithuania. The Company may transfer your personal data to governmental or law enforcement authorities upon request and only if required by applicable law.
4.2. Your personal data may be transferred to the Company's partners providing goods transportation services. In this case, only the personal data that are (necessary) for the performance of the service will be transferred.
4.3. The Company has the right to the data of the Data Subjects (hereinafter - debtors) who have defaulted on their property obligations - personal identification data, contact information, credit history, i.e. financial and property obligations and their fulfillment, debts and their payment, - to provide data controllers who manage joint debtors' data files. The company shall provide the data of the debtors only if the data subject has received a written reminder of the default by post or electronic means and within 30 calendar days from the date on which the reminder was sent to the data subject:
4.3.1. the debt remained unpaid and / or was not deferred or
4.3.2. the data subject did not reasonably contest the debt.
When the data subject pays the debt, the company informs the data controllers processing the joint debtors' data files that the data subject has paid the debt and indicates the date of the debt repayment.
V. MEASURES FOR THE IMPLEMENTATION OF PERSONAL DATA PROTECTION
5.1. Pursuant to the Law on the Legal Protection of Personal Data of the Republic of Lithuania, the European Union and others. In accordance with data protection legislation, the Company applies measures to prevent unauthorized access or illegal use of your data. The company ensures that the data you provide is protected from any illegal actions: unauthorized alteration, disclosure or destruction of personal data, identity theft, fraud. The data storage and processing databases used by the company are protected from unauthorized access via computer networks.
5.2. The company carefully follows the principles of personal data protection and processing provided in the Regulation:
5.2.1. Data shall be processed in a lawful, fair and transparent manner (principle of lawfulness, fairness and transparency);
5.2.2. Data shall be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (purpose limitation principle);
5.2.3. Adequate, relevant data are collected and only those that are necessary to achieve the purposes for which they are processed (data reduction principle);
5.2.4. The data shall be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
5.2.5. The data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (retention limitation principle);
5.2.6. Data shall be processed in such a way as to ensure adequate security of personal data through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage (principle of integrity and confidentiality); < / p>
5.2.7. D data are managed in such a way that the above principles are followed and we are able to prove it (accountability principle).
5.3. The Company uses appropriate business systems and procedures to protect and defend the personal data entrusted to your Company. The Company uses security systems, technical and physical measures that restrict access to and use of your personal data on the Company's servers.
5.4. Employees who process personal data shall observe confidentiality and keep confidential any information relating to Data Subjects or other interested parties which they have come to know in the course of their duties. Employees process personal data automatically and non-automatically only after they have been granted access. Access to personal data may only be granted to a person who has the personal data necessary for the performance of his or her functions and only if the employee has undertaken to respect confidentiality . Upon termination of the employment relationship, the Employee's access is revoked. Antivirus software for employees' computers is constantly updated. The company ensures the use of secure protocols and / or passwords when personal data is transmitted via external data transmission networks.
VI. DEADLINE FOR PROCESSING PERSONAL DATA
6.1. Your data is retained for as long as the documents or files in which it is contained are required by law or regulation to be retained. At the end of the storage period, documents or files are destroyed. In the databases, your personal data is deleted (destroyed) as soon as their processing becomes pointless (no longer necessary). Your personal data is stored for no longer than required by the purposes of data processing, laws and other legal acts. Your data is stored for a maximum of 10 years from the date of performance of the contract.
6.2. Personal data related to e-commerce is stored for 2 (two) years from the date of the Person's last connection to the e-shop system or the Person's last purchase on the website.
7.1. For the website to work properly, we store small data files called cookies on your device. A cookie is a small text file that a website stores in the browser of your computer or mobile device when you visit the website. The next time you visit the site, this file may be scanned so that the site can recognize your computer or mobile device.
7.2. With the help of cookies, we collect the IP addresses of the website visitors' computers (IP address - computer identifier in Internet Protocol networks). They are not used to identify you. Temporary storage of the IP address by the system is necessary for the website to be presented to the user's computer. For this reason, the user's IP address must be stored for as long as the visit lasts.
7.3. The information collected by cookies allows us to ensure your ability to browse more conveniently, provide you with attractive offers and learn more about the behavior of website users, analyze trends and improve the website and customer service.
7.4. Cookies on the protekta.lt website are intended for:
7.4.1. Ensure consistent website performance;
7.4.2. For shopping cart operation;
7.4.3. To collect pageview statistics;
7.4.4. For relevant information and suggestions.
7.5. Descriptions of cookies used on the protekta.lt website:
Uses Google Analytics to measure the purpose of a user's visit, report website activity to website operators, and improve the user experience when visiting the site
This cookie is used to identify the Person.
These cookies are used to collect Google Analytics statistics about website traffic.
7.7. If you do not agree to the storage of cookies on your computer or other device, you can revoke your consent to use them at any time by changing the settings and deleting the stored cookies. If you choose to delete your cookies, keep in mind that all your options will be removed as well. Also, if cookies are completely blocked, many websites, including ours, will not function properly. For these reasons, we don't recommend disabling cookies when you use the website.
7.8. To learn more about cookies and how to manage or remove them, simply visit www.allaboutcookies.org and your browser's help page.
By using the website and clicking the "I AGREE" button in the notification line, you confirm that you agree and allow the website administrator to save cookies on your device (computer, tablet, smartphone, etc.). < / p>
Please note that if you do not make any selections and continue to browse the website, only those cookies will be stored on your terminal device that are necessary for the proper functioning of the website.
VIII. PROCEDURES FOR MANAGING AND RESPONDING TO BREACHES OF PERSONAL DATA SECURITY
8.1. A personal data breach is an act or omission that may or may not have undesirable consequences and is contrary to the mandatory rules of personal data protection law. The degree of impact, damage and consequences of the personal data protection violation are determined in each specific case by the head of A. Baniulis' company "PROTEKTA" or a commission formed by him.
8.2. Risk factors for personal data breach:
8.2.1. unintentional, when the protection of personal data is violated due to accidental data processing errors, data carriers, deletion of data records, destruction, detection of incorrect routes (addresses) during data transmission, etc., or system failures due to power failure, computer virus, etc., breach of internal rules, lack of system maintenance, software tests, inadequate maintenance of data media, inadequate line capacity and protection, integration of computers into the network, protection of computer programs, inadequate supply of fax materials, etc.);
8.2.2. intentional, when the protection of personal data is intentionally violated (illegal intrusion into A. Baniulis' company "PROTEKTA" premises, information systems, computer network, malicious violation of established rules for processing Personal Data, deliberate spread of computer virus, theft of personal data, illegal use of another employee's rights and kt.);
8.2.3. unexpected accidental events (lightning, fire, flood, flooding, storms, burning of electrical installations, effects of temperature and / or humidity changes, influence of dirt, dust and magnetic fields, accidental technical accidents, other irresistible and / or uncontrollable factors, etc.).
8.3. Employees with a right of access to personal data must inform the manager if they notice a breach of personal data security (inaction or actions that could cause or threaten the security of personal data).
8.4. After assessing the risk factors, the degree of impact of the breach, the damage and the consequences, the manager or the person responsible for personal data protection shall decide on a case-by-case basis on the measures necessary to remedy the personal data breach and its consequences.
8.5. In the event of loss of personal data due to force majeure, the person (s) responsible for the maintenance and servicing of the information system in which the processed personal data are stored must take steps to recover the lost personal data as soon as possible. / span>
8.6. The Company notifies the State Data Protection Inspectorate within 72 hours about personal data security violations. Violations which may result in material or non-material damage to natural persons, such as loss of control of their personal data, restriction of rights, discrimination, theft or falsification of their identity, financial loss, unauthorized removal of pseudonyms, damage to his reputation, the loss of confidentiality of personal data covered by professional secrecy or other economic or social damage to the natural person concerned shall be notified to the Data Subject without delay.
9.1. You must provide the Company with complete and correct Personal Data and inform you of any changes to your Personal Data. The Company will not be liable for any damage caused to you and / or Third Parties due to the fact that you have provided incorrect and / or incomplete Personal Data or have not properly and timely informed about their changes.
9.2. The Company is not responsible for communication failures that prevent users of the Company's website and other persons from accessing the website or using the services.
9.3. The Company does not have a full guarantee that the Company's website will be fully protected against viruses or other malicious components. You are advised that any material you read, download or otherwise receive through the Company's website is at your sole discretion and risk, and you are solely responsible for any damage caused to you and your computer system. .
X. VIDEO MONITORING
10.1. The purpose of video surveillance is to ensure the protection of resources (hereinafter - assets) managed by A. Baniulis' company "PROTEKTA" by the right of employees, customers and other legal basis, to guarantee the security of assets.
10.2. Video surveillance is performed in the territory of the data controller, located at Klevų str. 42, Vaivadai, Panevėžys district
10.3. Video surveillance does not collect more video data than is necessary for the stated purpose. By monitoring the image, the company automatically processes the image data of the data subjects located or working in the monitored premises and territory. Video data is obtained from video surveillance cameras. The video cameras shall be installed in such a way that video surveillance is carried out on no more part of the premises and area than is necessary.
10.4. Video surveillance systems do not use facial recognition and / or analysis technologies, and the video data captured by them is not grouped or profiled according to a specific data subject (person).
10.5. The camera surveillance field does not include rooms where visitors expect absolute protection of personal data, such as changing rooms, lounges, toilets.
10.6. Video data may be provided by the data controller to a pre-trial investigation body, a prosecutor or a court in connection with administrative, civil, criminal cases in their possession, as evidence or in other cases prescribed by law.
10.7. Video data is recorded and stored - 14 days after the deadline, the data is automatically destroyed, unless there is reason to believe that a misconduct, violation of work discipline, criminal offense or other illegal actions has been recorded. If video data used as evidence in civil, administrative or criminal proceedings or in other cases provided for by law, the video data may be stored for as long as is necessary for these purposes of data processing and destroyed immediately when no longer needed.
XI. FINAL PROVISIONS
11.1. By registering on the protekta.lt page, you are responsible for the storage and (or) transfer of your login data to third parties.
11.2. By visiting the Company's website and providing information about yourself to the Company's partners and / or employees, it is considered that you have read and agree to the provisions of these rules.
11.4. The law of the Republic of Lithuania shall apply to the relations arising on the basis of these Rules.
11.5. V Any disputes arising from the implementation of these Rules shall be settled through negotiations. In case of failure to reach an agreement, disputes shall be resolved in accordance with the procedure established by the legal acts of the Republic of Lithuania.
Updated: May 26, 2020.