We apply this Policy in cases, when you visit the “Higiena Verslui” (hereafter - “the Company”) website, register or order goods in our e-shop, order newsletters. When managing personal data, we are guided by the European Union Data Protection Regulation No. 2016/679, the Law on the Legal Protection of Personal Data, other related legal acts of the Republic of Lithuania and the instructions of the controlling institutions.
Company's personal data processing
To ensure transparency and responsible personal data processing, we inform that the Company manages personal data for the following purposes:
- e-commerce services;
- direct marketing, including newsletter;
- for other purposes, related to internal administration, for example, for managing the Company’s employee data.
What personal data is collected?
The Company collects and manages the following categories of personal data:
- the basic data, necessary for the above-mentioned purposes: name, surname and contact data;
- the data, necessary for the sale of goods: order details, invoices, data, related to payments, etc .;
- other data, collected with your consent, which is defined in detail at the time, when your consent is requested.
What legal bases can your personal data be collected for?
The Company may collect your personal data only in accordance with the legal grounds for legal processing. This is the legal basis for concluding and executing a contract, when you enter into a contract of sale with the Company. The Company's legitimate interests may also be the basis for processing data, for example, when the Company sends newsletters and informs about goods or services. Your consent is another basis; the Company can process personal data on (for example, direct marketing, when submitting individualized offers, supporting individual client analysis or other cases). The Company may also process your personal data in the same way, as performing legal obligations (to comply with the requirements of regulatory acts, provide answers to legitimate requests of state and municipalities, etc.) or other legal grounds for legal handling.
The information, collected by the cookies, allows us to provide you with the convenience of browsing, attractive offers and more information about the behavior of the website users, analyzing the trends and improving the website, customer and the Company's services.
The Company's employees have access to the statistics about visitors of the Company's website, responsible for analyzing this data and improving the website, as well as the Company partners, providing website content management tools.
How do I manage my cookies?
In most browsers you can do the following:
- check, which cookies are saved and delete individual cookies;
- block third-party cookies;
- block cookies from specific websites;
- block all sending of cookies;
- delete all cookies upon closing the browser.
If you do not agree to save cookies to your computer or other device, you can at any time cancel the consent to use them after changing the settings and deleting the saved cookies. If you have chosen to delete cookies, remember that all the settings you have set are also deleted. In addition, having completely blocked cookies, many websites (including the “Higiena Verslui” website) will not function properly. For these reasons, we do not recommend disabling cookies, when you use the Company's website.
To learn more about cookies and how to manage or remove them, just visit www.allaboutcookies.org and your browser's help page.
PERSONAL DATA SECURITY
Your Personal Information is managed responsibly and securely in accordance with all laws and regulations of the Republic of Lithuania. When establishing personal data processing tools, as well as during data processing, we implement appropriate legal and technical data protection and organizational measures to protect your personal data from accidental or unlawful destruction, damage, modification, loss, disclosure and any other unauthorized handling.
Company employees are writing to third parties not to disclose or disseminate information about the Company's customers, including visitors to the Company's website, at the workplace.
Personal data security measures are determined, considering the risks that arise, when processing personal data. For more information on personal data security in our Company, please refer to the Personal Data Processing Rules.
YOUR RIGHTS AND OTHER IMPORTANT INFORMATION
You are entitled to:
- apply to the Company with the request to provide information on your personal data, processed by “Higiena Verslui”, where and how the personal data is collected and how the Company handles it;
- apply to the Company with the request to rectify your personal data and/or to suspend the processing of such data, except for storage, in case, when you are aware of the personal data, you establish that the data is incorrect, incomplete or inaccurate;
- apply to the Company with the request to delete personal data or stop the processing of such personal data, except for storage, in case, when you are aware of your personal data, you establish that personal data are processed illegally or fraudulently, excessive personal data is processed, or basics of other legal acts exist;
- disagree with the processing of your personal data, when this data is processed or intended to be processed for direct marketing purposes or due to a legitimate interest, pursued by the Company or a third person, personal data is provided to.
- systematically, in a computer-readable format, obtain personalized personal data you submit to the Company and forward the data to another controller, or require the Company to directly transfer such data to another manager, where technically feasible (the right to data portability)
Due to the implementation of your rights or complaints, you can contact [email protected] You can also contact the State Data Protection Inspectorate, but we will always seek to resolve all issues directly with you.
- in writing - by e-mail [email protected];
- orally - by phone no. 8 (5) 736923;
- in writing - to P. Vileišio g. 18, Vilnius, LT-10306
How do I know about changes to this policy?
Rules for the processing of personal data
Rules for the processing of personal data
1. Basic concepts
1.1. Company – JSC UAB "Verslo projektų valdymas" a company, incorporated under the laws of the Republic of Lithuania, with its registered office at P. Vileišio g. 18, Vilnius, LT-10306 Republic of Lithuania, company code 300106661, the data of which is accumulated and stored in the Register of Legal Entities.
1.2. Data subject – a natural person, whose personal data the Company manages.
1.3. Personal data - any information, related to a natural person - a data subject, known to be or may be directly or indirectly identified, using such data, as a personal code, one or more physical, physiological, economic, cultural or social characteristics of a person.
1.4. Personal data processing - any act, performed by the Personal Data: collection, recording, storage, classification, grouping, merging, modification (addition or edition), provision, publication, usage, logical and/or arithmetic operations, search, dissemination, deletion or other action or set of actions.
1.5. Automatic mode - actions, performed in whole or in part by automated means.
1.6. Employee - the person, who has concluded a contract of employment or of a similar nature with the Company and is appointed by the Company Head decision to process personal data or whose personal data is processed.
1.7. Manager - the legal or natural person, authorized by the Company to process personal data. The manager (-s) must be registered with the Inspectorate.
1.8. Data receiver – the legal entity or natural person, Personal Data is provided to. The data receiver (-s) must be registered with the Inspectorate
1.9. Inspectorate - the State Data Protection Inspectorate of the Republic of Lithuania.
1.10. Cookies - small text files, sent to the device of each person, visiting the website, which connect to the website and is temporarily stored on that device. During the next visit to the website, your browser will read the cookie and transfer information back to the website or item. The information, collected on the cookie website, helps identify a visitor to the website, save the history of the visit and adapt the content accordingly.
2. General provisions
2.1. This document regulates actions of the Company and its Employees in the management of Personal Data, using the automated Personal Data Processing Means, used in the Company, as well as defines the Data Subject Rights, Personal Data Protection Risk Factors, Personal Data Protection Measures and other issues, related to the Personal Data processing.
2.2. Personal data must be accurate, appropriate and only to the extent that it is necessary for its to be collected and be kept processing. If personal data is required for personal data processing, it is constantly updated.
2.3. The goals of personal data processing - direct marketing and other legitimate goals, defined in advance of data collection.
2.4. The Company, for the purpose, specified in Clause 2.3 of the Rules, handles the following Data subject Person details:
(d) phone number;
(f) subscribed Information;
(g) loyalty card number, expiration date;
(h) the shop, where the questionnaire is filled.
2.5. The Personal Data processing is governed by the Law on the Legal Protection of Personal Data (No. X-1444 of February 1, 2008), other laws and legal acts, regulating the processing and protection of data, as well as these Rules.
3. Personal data processing
3.1. The Company manages personal data for the following purposes:
- e-commerce services;
- direct marketing, including newsletter;
- for other purposes, related to internal administration, for example, for managing employee data of the Company.
3.2. The Company collects and manages the following categories of personal data:
(a) the basic data, necessary for the above-mentioned purposes: name, surname and contact data;
(b) data, necessary for the sale of goods: order details, invoices, data, related to payments, etc .;
(c) other data, collected with your consent, which is defined in detail at the time, when your consent is requested.
3.3. Personal data is processed manually and non-automatically, using personal data processing facilities, used in the Company.
3.4. Only Personnel and Managers are entitled to manage Personal Data. Every Worker/Manager, assigned to handle Personal Data, must protect its confidentiality and comply with the requirements of the legislation on personal data protection.
3.5. An employee/manager must:
(a) keep the secret of personal data;
(b) process personal data in accordance with the laws of the Republic of Lithuania, other legal acts and these Rules;
(c) not disclose the Personal Data, transfer or make it available to any person, not authorized to process it by any means of access;
(d) immediately notify the Company Head or the person, appointed by him, of any suspicious situation that may endanger the security of personal data.
3.6. The employees, who automatically process personal data or can access the local area network, where Personal Data is stored, must use passwords. The passwords must be changed periodically, as well as in certain circumstances (for example, when a worker changes in case of an intrusion, suspicion that the password has become known to third parties, etc.). A worker can only know his password.
3.7. The computer maintenance officer must ensure that personal data files are not "shared" from other computers and that antivirus programs are updated periodically.
3.8. A computer maintenance worker makes copies of data files on computers. Losing or damaging these files requires the responsible employee to restore them within a few days.
3.9. The protection of personal data is organized, guaranteed and carried out by the Company Head or an employee, appointed by him.
3.10. An employee does not have the right to process personal data, when the Contractor's work or a similar contract with the Company expires or the Company Head revokes the Employee's appointment to process personal data.
3.11. The Manager loses the right to process personal data, when the Manager's contract with the Company is terminated.
4. Data on the company's website (higienaverslui.lt):
(a) by administering the website and diagnosing the problems in the “Higiena Verslui” server, we can use the IP addresses of visitor computers. IP address – a unique network code, identifying a computer. It can be used to set up a visitor and collect various demographic information;
(b) Using cookies, we collect data about the use of services. Information about cookies, cookie types and their uses are provided in the 5th paragraph of the Rules;
(c) By registering in the “Higiena Verslui” online store, we collect the basic information, necessary for the user identification, which you submit by completing the registration form, i.e. name, surname, e-mail address.
(d) by purchasing goods or services in the “Higiena Verslui” e-commerce store, we collect the data, required for the proper order execution, for example, the item and its order details, contact details and related records.
5. Cookie usage:
(a) Technical Cookies: ensure website functionality by creating a user account by logging in and managing Data subject orders. These technical cookies are essential for the proper functioning of the site.
(b) Functional cookies: help to remember the wishes of the Data subject and to use our website effectively. For example, these cookies will remember your preferred language, login information, searches and previously viewed items, etc. These functional cookies are not essential for the website to function but adds functionality and improves the experience of the website use by the Data subject.
(c) Analytical cookies: help gain insights on how visitors use the website, help to optimize and improve your website, understand the effectiveness of advertising and communication.
(d) Commercial cookies: Company and third-party cookies are designed to display personalized advertising on our own website and other websites, based on browsing actions, such as items, searched for by the Data subject, viewed goods.
6. Implementation of data subject rights
6.1. When submitting a personal identity document to the Company, the data subject is entitled to receive information on the sources and personal data collected, they are processed and provided for. Access to Personal Data is made upon submitting to the Company a written request for access to Personal Data by mail or e-mail.
6.2. The Company, upon receipt of a request from the Data Subject, regarding the processing of his Personal Data, is responsible for the handling of Personal Data, related to it and shall submit the requested data to the Data Subject no later than within 30 calendar days from the date of the Data Submission's request. At the request of the data subject, such data shall be provided at the written or e-mail address.
6.3. The opportunity to correct, delete your Personal Data or suspend your Personal Data Processing activities for the Data Subject is made upon submitting a written request to the Company by post, e-mail. mail or orally, if the Data Subject can be identified. Upon receipt of such a request, the Company immediately verifies the Personal Data and promptly rectifies incorrect, incomplete, inaccurate Personal Data at the request of the Data subject.
6.4. The Company immediately informs the Data Subject about the correction, deletion or removal of personal data done or not at his request.
6.5. The Company also ensures all other rights, guarantees and interests of the personal data subjects, guaranteed by laws and other legal acts of the Republic of Lithuania.
7. Personal data transfer
7.1. Personal data may be provided only to the Data Providers, the Company has signed respective agreements with on the Transfer/Provision of Personal Data; the Data Protection shall ensure adequate protection of the Personal Data transferred. Personal data may also be transferred to third parties in other cases, provided for in the laws and other legal acts of the Republic of Lithuania.
7.2. The Company does not use and disclose any sensitive personal information, such as health information, race, religious beliefs or political opinions without the explicit consent of the Data Subject, unless required or permitted by law.
7.3. Personal data may also be transferred to third parties in other cases, provided for in the laws and other legal acts of the Republic of Lithuania.
8. Personal Data protection risk factors
8.1. A breach of personal data protection - an act or omission that may result in undesirable effects, as well as in violation of the mandatory rules of the laws, regulating the personal data protection. The personal data protection, damage violation impact degree and consequences, in each case, shall be established by a commission, formed by the Company Head or his authorized person.
8.2. Personal Data protection risk factors:
(a) unintentional, when personal data protection is violated due to accidental reasons (data processing error, data media, deletion of data records, erroneous routes (addresses) for data transfer, etc., or system interruptions due to power failure, computer virus, etc., internal rules violation, system maintenance shortage, software tests, inadequate data carrier maintenance, inadequate line capacity and protection, network integration of computers, protection of computer programs, lack of fax supplies, etc.);
(b) deliberate violation of Personal Data protection (unauthorized intrusion into Company's/hotel premises, personal data storage repositories, information systems, computer network, malicious personal data infringement, deliberate distribution of computer viruses, personal data theft, unlawful use of another Worker's right etc.);
(c) unexpected accidental events (lightning, fire, flood, flood, storm, electrical wiring, effects of temperature and/or humidity changes, impacts of dirt, dust and magnetic fields, accidental technical accidents, other inevitable and/or uncontrolled factors, etc.).
9. Implementing measures for the personal data protection
9.1. To ensure the personal data protection, the Company implements or intends to implement the following Personal Data protection measures:
(a) administrative (organization of safe documents and computer data and their archives, as well as the organization of work in different fields of activity, introduction of personnel to the personal data protection in employment and after the termination of employment or similar relations, etc.);
(b) technical and software security (administration of servers, information systems and databases, maintenance of work places, maintenance of the Company's premises, protection of operational systems, protection against computer viruses, etc.);
(c) communications and computer networks (firewalling, sharing data, programs, unwanted data packets, etc.).
9.2. Technical and software tools for protecting personal data must ensure the following:
(a) installation of operating system and database copies, copying technique and compliance control;
(b) continuous processing technology;
(c) the strategy of updating systems in unforeseen cases (management of surprises);
(d) physical (logical) separation of the environment testing programs from operating mode processes;
(e) authorized use of data, its integrity.
9.3. All Employees, who have the right to manage personal data or organize and enforce its protection, must strictly observe the requirements of the Personal Data protection measures and relevant rules, instructions or procedures, established by the Company.
10. Terms for the personal data processing
10.1. The Company manages the Personal Data during the client's participation in the loyalty program and for no longer than what the data processing goals require or provides for by law, if they provide for longer data storage.
10.2. When Personal Data is no longer needed to be processed, it is deleted, except for that, which, in the cases, specified by law, must be transferred to state archives.
10.3 The data for direct and indirect marketing campaigns is retained by the company for no longer than the intended purpose of the data processing, legislation or data subject. Upon the Subject’s request, the Company deletes all the data, not required to be stored, in accordance with all legal requirements, regarding the Data Subject.
11.1. The employees, who violate the Law on the Legal Protection of Personal Data of the Republic of Lithuania, other legal acts, regulating processing and protection of Personal Data or these Rules, apply the liability measures, provided for in the laws of the Republic of Lithuania.
12. Final provisions
12.1. Compliance with the rules and, if necessary, review, trusted by the Company Head or his authorized person.
12.2. Responsible employees are introduced to the Rules by signing.