THE PRIVACY POLICY

The purpose of the privacy policy is to inform how the personal data of data subjects are collected and processed, to explain how long they are stored, to whom they are provided, what rights data subjects have and where to apply for their implementation or other issues related to the processing of personal data.

Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter - the Regulation), Republic of Lithuania Law on the Legal Protection of Person'al Data and other legal acts regulating the protection of personal data.

UAB „Brandas“ follows the following basic data processing principles:

-                                    personal data will be collected only for clearly defined and legitimate purposes;

-personal data are processed only lawfully and fairly;

-personal data is constantly updated;

-personal data are stored securely no longer than required by the purposes for which the data are processed or by law;

-personal data are processed only by those employees of the Company who have been granted such a right in accordance with their work functions or by duly authorized data processors.

1.DEFINITIONS

1.1.  Data controller - UAB Brandas (hereinafter - the Company), legal entity code 302531629, address of registration  Gedimino avenue 45-4, Vilnius, Lithuania.

1.2.  Data subject - any natural person whose data is processed by the Company. The data controller collects only those data of the data subject that are necessary for the performance of the Company's activities and (or) when visiting, using, browsing the Company's websites, Facebook page, etc. (the "Website"). The company ensures that the personal data collected and processed will be secure and will only be used for the specific purpose.

1.3.  "Personal data" shall mean any information relating directly or indirectly to a data subject whose identity is known or can be established directly or indirectly by reference to the data concerned. Processing of personal data means any operation performed on personal data (including the collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).

1.4.  Consent means any voluntary and deliberate consent by which the data subject consents to the processing of his or her personal data for a specified purpose.

1.5.  Cookies - The company's website uses small pieces of textual information that are automatically generated while browsing the website and stored on a computer or other device used by the data subject (website visitor). Cookies are used to improve the browsing experience for website visitors, to analyze website traffic and behavior on the website.

 2.SOURCES OF PERSONAL DATA

2.1.   Personal data are provided by the data subject himself. The data subject applies to the Company, buys the goods sold by the Company, leaves comments, asks questions, requests the Company to provide information, and so on.

2.2.  Personal data is obtained by the data subject visiting the Company's website. The data subject fills in the forms in it or for some reason leaves his / her contact details and so on.

2.3.  Personal data is obtained from other sources. Data are obtained from other institutions or companies, publicly available registers, etc.

 3.THE PROCESSING OF PERSONAL DATA

3.1.  By providing personal data to the Company, the data subject agrees that the Company will use the collected data to fulfill its obligations to the data subject in providing the services that the data subject expects.

3.2.  The Company processes personal data for the following purposes:

3.2.1.  Ensuring the company's operations and continuity. The following data shall be processed for this purpose:

  • For the purpose of concluding and performing contracts, personal data of suppliers (natural persons) may be processed: name (s), surname (s), personal identification number or date of birth, place of residence (address), telephone number, e-mail address, place of work, positions, bank account and the bank where the account is located, date, amount, currency and other data provided by the person himself / herself, which the Company receives in accordance with legal acts in the course of the Company's activities and / or which the Company is obliged to manage by law and / or other legislation. E.g. data contained in the business certificate (type of activity, group, code, name, periods of activity, date of issue, amount), number of the individual activity certificate, data whether the data subject is a VAT payer, etc. data necessary for the proper performance of the contract and / or legal obligations.
  • Contracts, VAT invoices and other related documents are stored in accordance with the terms specified in the General Documents Storage Index approved by the Order of the Chief Archivist of Lithuania.

     The legal basis for data processing is the need to fulfill a contract to which the customer is a data subject or to take action at the customer's request before concluding a contract with him (Article 6 (1) (b) GDPR), where certain personal data are required by law (Section 6 (1) (c) of the GDPR).

 

3.2.2.   Sale of goods sold by the company, administration of the Company's debtors. The following data shall be processed for this purpose:

   Trading in goods sold by the Company, personal data of customers (natural persons) may be processed: name (s), surname (s), telephone number, e-mail address, address of residence, signature, payment data for goods and other information related to the sale of goods.

   When administering the Company's debtors, personal data of customers (debtors, natural persons) may be processed: name (s), surname (s), date of birth, address of residence, telephone number, e-mail address, amount due, information about the goods provided and / or services, other data related to indebtedness.

  • Contracts, VAT invoices and other related documents are stored in accordance with the terms specified in the General Documents Storage Index approved by the Order of the Chief Archivist of Lithuania.
  • Data related to the administration of the Company's debtors shall be kept no longer than is necessary for the purposes for which the personal data are processed.

 The legal basis for data processing is the need to fulfill a contract to which the customer is a data subject or to take action at the customer's request before concluding a contract with him (Article 6 (1) (b) GDPR), where certain personal data are required by law (Article 6 (1) (c) of the GDPR) and the need to pursue the legitimate interests of the Company in improving its operations and business success rates (Article 6 (1) (f) of the GDPR).

3.2.3.  Administration of inquiries, comments and complaints. The following data shall be processed for this purpose:

   Name (s), surname (s)and / or username, e-mail address, telephone number, address, subject of the message, comment, response or complaint, text of the message, comment, response or complaint, order number, attachments.

  • Data on inquiries, comments and complaints are stored for 1 calendar year from the date of submission.

  Legal basis for data processing - the processing is necessary for the legitimate interests of the controller or of a third party, unless such interests or fundamental rights and freedoms as are necessary to ensure the protection of personal data prevail over them, in particular where the data subject is the child (Article 6 (1) (f) GDPR) and the consent of the data subject (Article 6 (1) (a) GDPR).

3.2.4.  Sale of gift vouchers. The following data shall be processed for this purpose:

   Gift voucher value, date of sale, gift voucher number, gift voucher expiration date.

  • Personal data is stored until the expiration date of the gift voucher.

 The legal basis for data processing is the need to perform a contract to which the customer is a party as a data subject or to take action at the customer's request before concluding a contract with him (Article 6 (1) (b) GDPR).

3.2.5.  E - commerce. The following data shall be processed for this purpose:

 Name (s), surname (s), delivery address, telephone number, e-mail address, payment details for the product / service, comments.

  • Personal data is stored only to the extent and for the time necessary to achieve the stated purposes. When the customer's personal data no longer needs to be processed, a decision is made to destroy them, except for those that must be archived in accordance with the requirements of legal acts or the Company's internal local legal acts in cases prescribed by law.

 The legal basis for data processing is the need to perform a contract to which the customer is a party as a data subject or to take action at the customer's request before concluding a contract with him (Article 6 (1) (b) GDPR).

3.2.6.  Ensuring the quality of telephone consultations on the Company's services, improving the quality of customer service, controlling the provision of information in a qualified and expeditious manner (recording of telephone conversations). The following data shall be processed for this purpose:

 Call record, phone number from and to whom the call is being made, date of the call, duration of the call.

  • Records of telephone conversations are stored for one month.

 The legal basis for the processing is the consent of the data subject (Article 6 (1) (a) GDPR).

 3.2.7.   For the purpose of ensuring the security of the Company's employees, other data subjects and assets (video surveillance). The following data shall be processed for this purpose:

  • Video image. Video surveillance systems do not use facial recognition and / or analysis technologies, and the image data captured by them is not grouped or profiled according to a specific data subject (person). The data subject shall be informed about the video surveillance by means of information signs with the video camera symbol and the Company's details, which shall be provided before entering the monitored area and / or premises. The field of surveillance of video cameras shall not include premises where the data subject expects absolute protection of personal data.
  • Personal data (video data) obtained by video surveillance cameras shall be stored for up to 14 (fourteen) calendar days from the moment of their capture, after which they shall be automatically destroyed, unless there is reason to believe that a misdemeanor, criminal act or other illegal activity has been recorded (until the end of the relevant investigation and / or proceeding).

  Legal basis for data processing - the processing is necessary for the legitimate interests of the controller or of a third party, unless such interests or fundamental rights and freedoms as are necessary to ensure the protection of personal data prevail over them, in particular where the data subject is the child (Article 6 (1) (f) GDPR) and the consent of the data subject (Article 6 (1) (a) GDPR).

 3.2.8.  For other purposes for which the Company has the right to process the personal data of the data subject, when the data subject has given his or her consent, when the data is required to be processed in the legitimate interest of the Company or when the Company is obliged to process the data.

4. USE OF COOKIES

4.1.  The Company uses cookies on the Website for the purpose of improving and enhancing the experience of buyers and website visitors.

4.2.   The following types of cookies may be used on the company's website:

4.2.1. Technical (required) cookies - help the website visitor to display the website and its content, help to ensure the functionality of the website, create an account, log in to the account and manage your orders. Technical cookies are necessary for the proper functioning of the website and their use does not require the consent of the website visitor.

4.2.2.  Functional cookies - help the website visitor to use the Company's website to remember the choices and preferences made while browsing. Functional cookies are not necessary for the website to be fully functional, but they add functionality and improve your experience of using the Company's website.

 4.2.3.  Analytical Cookies – help to obtain information about how website visitors use the Company's website. This is necessary in order for us to optimize and improve the Company's website. With the help of analytical cookies, we may collect data about the web pages you have viewed, the pages from which you came, which e-mails you have opened and responded as well as date and time information. It also means that we may use information about you and how you use this site, such as the frequency of visits, the number of clicks on a particular page, the search terms used, and more.

4.2.4.  Commercial (targeted or advertising) cookies – help to provide personalized advertising to a visitor to the Company's website. This is called "remarketing", which is based on your browsing activity, such as the products and / or services you've searched for, viewed, or viewed.

4.3.   The Company's employees who are responsible for analyzing these data and improving the website have access to statistics about the Company's website visitors,

4.4.  Technical records may also be accessed by Company partners who provide content management tools on the Company's website.

4.5.   Data collected by cookies is stored in the Company for no longer than is necessary to achieve the purposes of data processing or for no longer than required by data subjects and (or) provided by legal acts.

4.6.  You can find more information about cookies at AllAboutCookies.org.

4.7.   If you do not agree that we use cookies, you have the option to change your browser settings and control the amount of cookies. Useful links to opt out of cookies can be found below:

  • For the Chrome browser:

https://support.google.com/chrome/answer/95647?hl=en;

https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac;

5. USE OF SOCIAL NETWORKS

5.1.  All information you provide on social media (including notifications, use of the “Like” and “Follow” fields, and other communications) is controlled by the appropriate social network manager.

5.2.  Our Company currently has an account on the social network “Facebook”, the privacy policy of which is available at https://www.facebook.com/privacy/explanation.

5.3.  We encourage you to read third-party privacy notices and contact service providers directly if you have any questions about how they use your personal information.

6. E-COMMERCE

6.1.  UAB Brandas e-shop was created using the PrestaShop platform. Data collected for e-commerce is stored on PrestaShop servers. The e-shop platform privacy policy is available at:

• PrestaShop privacy policy: https://www.prestashop.com/en/privacy-policy.

6.2.   Our website is protected by a security protocol that relies on a data encryption system certificate (SSL). The online address of such a store has the letter "s": "https: //".

 7.PROVISION OF PERSONAL DATA

 7.1.  The company undertakes to respect the obligation of confidentiality with regard to data subjects. Personal data may be disclosed to third parties only if this is necessary for the conclusion and performance of the contract for the benefit of the data subject or for other legitimate reasons.

7.2.  The Company may provide personal data to its data processors that provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the Company's instructions and only to the extent necessary to properly perform the obligations set forth in the contract. The company shall use only those processors who sufficiently ensure that the appropriate technical and organizational measures are implemented in such a way that the processing complies with the requirements of the Regulation and that the rights of the data subject are protected.

7.3.  The company may also provide personal data in response to requests from a court or public authority to the extent necessary to properly comply with applicable law and the instructions of public authorities.

7.4.  The company guarantees that personal data will not be sold or rented to third parties.

 8.PROCESSING OF PERSONAL DATA OF MINORS

8.1.   Individuals under the age of 14 may not provide any personal data through the Company’s website. If a person is under 14 years of age, in order to use the Company's services, the written consent of one of the representatives (father, mother, guardian (s)) regarding the processing of personal data must be submitted before providing personal information.

9.TIME LIMITS FOR STORAGE OF PERSONAL DATA

9.1.  Personal data collected by the Company is stored in printed documents and / or Company information systems. Personal data shall be processed for no longer than is necessary for the purposes of the processing or for no longer than required by the data subjects and / or provided for by law.

9.2.  Although the data subject may terminate the agreement and waive the Company's services, the Company must continue to store the data subject's data due to possible future claims or legal claims until the data retention periods expire.

10.RIGHTS OF THE DATA SUBJECT

10.1.   Right to information about data processing.

10.2.   Right of access to processed data.

10.3.   Right to rectification of data.

10.4.   Right to erasure of data ("Right to be forgotten"). This right shall not apply if the personal data requested to be deleted are also processed on another legal basis, such as processing necessary for the performance of the contract or the performance of an obligation under the applicable law.

10.5.   Right to restrict data processing.

10.6.   Right to object to data processing.

10.7.   Right to data portability. The right to data portability must not adversely affect the rights and freedoms of others. The data subject shall not have the right to data portability in respect of personal data which are processed in non-automated files, such as paper files.

10.8.   The right to opt out of a decision based solely on automated data processing, including profiling.

10.9.   The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.

11.THE COMPANY MUST ENABLE THE DATA SUBJECT TO EXERCISE THE ABOVE-MENTIONED RIGHTS OF THE DATA SUBJECT, EXCEPT IN CASES ESTABLISHED BY LAW, WHEN IT IS NECESSARY TO ENSURE STATE SECURITY OR DEFENSE, PUBLIC ORDER, PREVENTION INVESTIGATION, DETECTION OR PROSECUTION OF CRIMINAL ACTIVITIES, IMPORTANT ECONOMIC OR FINANCIAL INTERESTS OF THE STATE OR  THE PREVENTION, INVESTIGATION AND DETECTION OF BREACHES OF PROFESSIONAL ETHICS, THE PROTECTION OF THE RIGHTS AND FREEDOMS OF THE DATA SUBJECT OR OF OTHERS.

 12.PROCEDURE FOR EXERCISE OF RIGHTS OF THE DATA SUBJECT

12.1.   The data subject may apply to the Company in order to exercise of his / her rights:

12.1.1.  by submitting a written request in person, by post, through a representative or by electronic means - email: info@brandas.eu brandas@brandas.eu;

12.1.2.  orally - by phone: +370 676 70609

12.1.3.  in writing to: Drobės st.29L, Kaunas.

12.2.  protect your data

12.3.  from unlawful disclosure, the Company must verify the identity of the data subject upon receipt of a request from the data subject to provide data or exercise other rights.

12.4.   to the data subject shall be provided no later than one month from the date of receipt of the data subject's request, taking into account the specific circumstances of the processing of personal data. This period may be extended by a further two months, if necessary, depending on the complexity and number of applications.

13.RESPONSIBILITY OF THE DATA SUBJECT

13.1. The data subject must:

13.1.1.  inform the Company about changes in the information and data provided. It is important for the company to have the correct and valid information of the data subject;

13.1.2.  provide the necessary information to enable the Company to identify the data subject at the request of the data subject in order to make sure they are actually communicating or collaborating with a specific data subject (to present an identity document or in accordance with the procedure established by law or by electronic means that would allow proper identification of the data subject). This is necessary for the protection of the data subject and other persons so that the information disclosed about the data subject is provided only to the data subject, without prejudice to the rights of other persons.

14.FINAL PROVISIONS

14.1.  By providing personal data to the Company, the data subject agrees to this Privacy Policy, understands its provisions and agrees to comply with it.

14.2.  The Company reserves the right to unilaterally change this Privacy Policy at any time during the development and improvement of the Company's operations. The Company has the right to unilaterally, partially or completely change the Privacy Policy by notifying about it on the website www.sofalovakedestalas.lt

Additions or changes to the Privacy Policy take effect from the date of their publication, i.e. from the day they are posted on the website www.sofalovakedestalas.lt