1. General Provisions
1.2. The Company is engaged in economic and commercial activities, which include the production of food industry equipment starting with an idea, drafting of a project, equipment installation and maintenance, metal processing, production, cleaning and coating of non-standard metal products and structures, trade in spare parts for trucks, trailers and buses and other services. For the provision of these services, the Company processes personal data in accordance with the legal grounds and data processing purposes specified in the Policy and the legal acts applicable to the Company.
1.3. This Policy is intended for persons who use or intend to use the Company’s services or visit the website dovaina.lt.
2. Principles of Personal Data Processing
2.1. The Company processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter – the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts governing the processing of personal data.
2.2. The scope of personal data processed depends on the Company’s services ordered or used and the information provided by the website visitor when ordering and / or using the Company’s services, visiting or registering on the website.
2.3. The company follows, among other things, the basic data processing principles set forth below:
2.4. At the Company data is processed only in accordance with one or more criteria of lawful processing – (i) to ensure the provision of services under the contract (i.e. to fulfil the contract or to take action at the request of the data subject before entering into the contract); (ii) upon the consent of the data subject; (iii) when the processing is necessary to fulfil a legal obligation of the Company; (iv) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company; (v) when personal data need to be processed for the legitimate interests of the Company or a third party (see Article 6 (1) of the Regulation, http://www.privacy-regulation.eu/en/6.htm).
2.5. When processing and storing personal data, the Company implements organizational and technical measures that ensure the protection of personal data from accidental or illegal destruction, alteration, disclosure, as well as from any other illegal processing. Only those employees of the Company and auxiliary service providers have access to the personal data processed by the Company for whom it is necessary to perform their job functions or to provide services to the Company.
2.6. The Company’s customer or potential customer, employees and any other natural persons are responsible for ensuring that the personal data provided by them is accurate, correct and complete. In case of changes in the personal data provided by them, they must immediately notify the Company. The Company shall not be liable for any damage caused to a person and / or third parties due to the fact that the person provided incorrect and / or incomplete personal data or did not apply for completion and/or alteration of the data due to the changes.
3. Sources of Personal Data
3.1. Personal data is usually obtained directly from the data subject (the Company’s client or potential client, employees or candidates), who provides it by visiting the website, using the Company’s services, providing services to the Company, working or seeking employment with the Company.
3.2. In cases provided for by law or upon a consent, personal data may also be obtained from third parties (e.g. temporary employment agencies, recruitment agencies, public authorities and relevant registers).
3.3. Although the customer is not required to provide any personal data to the Company, certain services may not be provided to him/her or he/she will not be employed with the Company if the personal data is not provided.
4. Purposes of Personal Data Processing
4.1. The Company processes personal data for the following main purposes:
5. Provision and Recipients of Personal Data
5.1. The Company shall have the right to transfer the personal data of its customer representatives or employees to third parties which require the processing of such customer personal data or the purposes specified in this Policy or legislation.
5.2. The Company undertakes to transfer customer data to third parties only to the extent and only in cases where it is necessary for the provision of the respective services and/or fulfilment of the obligations laid down in the legislation. Where personal data are not necessary for the provision of a particular service, they shall not be transmitted. The Company shall only transfer personal data to the aforementioned third parties on the basis of an agreement on the provision of data or a specific piece of legislation, strictly in compliance with the requirements laid down in the legislation.
5.3. The Company undertakes to respect the confidentiality obligation in respect of the personal data of customers, employees, potential customers or employees. Personal data may be disclosed to third parties only if it is necessary for the conclusion and performance of the contract for the benefit of the data subject or for other legitimate reasons.
5.4. The Company may provide the personal data processed to its data processors (sub-contractors) which provide IT, accounting, debt recovery or other ancillary services to the Company and process personal data on behalf of the Company. Data processors shall have the right to process personal data only in accordance with the instructions of the Company and only to the extent that is necessary to properly discharge the obligations laid down in a contract. The Company shall only use the processors which provide sufficient assurance that appropriate technical and organizational measures are implemented in such a way that the processing complies with the requirements of the Regulation and ensures the protection of the data subject’s rights.
5.5. In addition, the Company may also provide customer data responding to the requests of courts, bailiffs or the authorities to the extent necessary for proper enforcement of the applicable legislation and instructions of the authorities.
6. Personal Data Processing for Direct Marketing Purposes
6.1. The Company may process the data subject’s contact details for direct marketing purposes. The consent to use personal data for direct marketing purposes can be given via e-mail, by subscribing to the newsletter sent by the Company, by subscribing to the news on the Company’s social network accounts, by leaving the consent on the Company’s website (by ticking the appropriate box), by signing a questionnaire or agreement with the Company, or otherwise informing the Company’s administration in writing. The consent for direct marketing should be voluntary, it is not a prerequisite for the contractual relationship with the Company, and it does not affect the relationship between the data subject and the Company.
6.2. The Company may send informational messages if the person has given consent to the Company to use his/her data for direct marketing purposes and to the Company’s customers without separate consent for the marketing of similar services, provided they are given a clear, free and easily enforceable opportunity to object or refuse such use of their contact details and provided they did not initially object to such use of their data when sending each message.
6.3. The Company may send e-mail notifications for direct marketing purposes.
6.4. A person may withdraw his/her consent in relation to direct marketing at any time by giving notice to e-mail address email@example.com or by getting in touch with the Company by another method.
7. Time Limits for Personal Data Storage
7.1. Personal data collected by the Company shall be stored in printed documents and/or electronically in the Company’s information systems. Personal data shall be processed for no longer than necessary for achieving the purposes of the processing, or for no longer than requested by the data subjects and/or provided for in the legislation. Generally, personal data are processed for 10 years after the termination of the contractual relationship.
7.2. Although the customer may terminate the contract or refuse the Company’s services, the Company must continue to store the personal data of the customer’s representatives due to possible future claims or legal claims until the data retention periods expire.
7.3. The Company seeks not to store any outdated or unnecessary information and to ensure that personal data and other information about clients are regularly updated, correct and destroyed in time.
8. Rights of Data Subjects
8.1. The rights of a data subject shall include but shall not be limited to:
8.2. A person may exercise all his/her rights as a data subject by contacting the Company via e-mail: firstname.lastname@example.org.
8.3. If the issue with the Company cannot be resolved, the customer has the right to contact the State Data Protection Inspectorate (ada.lt), which is responsible for the supervision and control of personal data protection legislation.
9.3. If a visitor of the website does not consent to cookies being recorded on his/her computer or another device, he/she may change his/her browser settings and turn off all cookies or turn them on (off) one at a time. However, the Company notes that in some cases this may slow down the browsing, limit certain website functionalities or block access to certain pages of the website. More detailed information on cookies used by the Company is available at www.google.com/privacy_ads.html.
10. Final Provisions
10.1. This Policy shall be governed by the law of the Republic of Lithuania and of the European Union.
10.2. The Company reserves the right to amend Policy, therefore, visitors of the website are kindly asked to check regularly for any updates of the Policy and review the amended or new provisions.