https://dviraciudalys.lt/lt/informacija/privatumas-slapukai
1

Privacy policy and cookies

General information

Your personal data submitted with the order is stored and never transferred to third parties, except when it is necessary for the execution of the order or when required by the laws of the Republic of Lithuania.

 Rules on the processing of personal data

 I. Basic concepts

1.1. The Company - JSC Imenza, a company established in accordance with the laws of the Republic of Lithuania, with its registered office at Vilties str. 24A, 29107, Anykščiai, Lietuva, Republic of Lithuania, company code 154107957, data about the company are collected and stored in the Register of Legal Entities. Company's websites: imenza.lt and dviraciudalys.lt

1.2. Data subject - a natural or legal entity (buyer) whose data is processed in the Company.

1.3. Personal data - means information related to a natural person - the Data Subject, which is listed in Clause 2.4 of these Rules.

1.4. Processing of Personal Data - means any action performed on Personal Data: collection, recording, accumulation, storage, classification, grouping, merging, modification (addition or correction), provision, use, deletion or other action or set of actions.

1.5. Automatic data processing - data processing operations performed in whole or in part by automatic means.

1.6. Employee - means a person who has entered into an employment or similar contract with the Company and is appointed to process Personal Data by the decision of the Head of the company.

1.7. Data Processor - means a legal or natural person who is authorized by the Company to process personal data.

1.8. Data controller means a legal or natural person who alone or with others determines the purposes and means of the processing of personal data.

1.9. Recipient of Data - means a legal or natural person to whom Personal Data is provided.

1.10. Inspectorate - the State Data Protection Inspectorate of the Republic of Lithuania.

1.11. Other terms used in these personal data processing rules correspond to the terms established in the Law on the Legal Protection of Personal Data of the Republic of Lithuania.

II. General provisions

2.1. This document regulates the actions of the Company and its Employees in the processing of Personal Data using the automatic means of personal data processing installed in the Company, as well as sets out the data subjects' rights, personal data protection risk factors, personal data protection enforcement measures and other issues related to personal data processing.

2.2. Personal data must be accurate, relevant and not excessive in relation to the collection and further processing of the data.

2.3. The purposes of the processing of personal data are the means necessary for the purchase and delivery of the goods and other legitimate and pre-defined purposes for the collection of the data.

2.4. Company process the following Personal Data of Data Subjects for the purpose specified in 2.3. point:

 2.4.1. name;

 2.4.2. surname;

 2.4.3. Email address;

 2.4.4. IP address;

 2.4.5. telephone number;

 2.4.6. place of residence (address);

 2.4.7. bank account;

 2.4.8. data of the goods purchased by the Data Subject, their quantities, purchase dates and other information related to the goods.

2.5. By submitting his / her personal data to the Company, the Data Subject confirms and voluntarily agrees that the Company shall manage and process the personal data of the Data Subject in accordance with these Rules, applicable laws and other regulatory enactments.

2.7. The Law on the Legal Protection of Personal Data of the Republic of Lithuania, Regulation (EU) 2016/679, other laws and legal acts regulating the processing and protection of data, as well as these Rules shall be followed in processing personal data.

The website dviraciudalys.lt uses these  cookies:

Shopping cart cookie

When a visitor to the website clicks the "Add to cart" button, which is a cookie created on the product page, which indicates: product code and product quantity. The cookie is valid until 48 hours.

When a visitor goes to the shopping cart and changes the quantity of goods to be ordered, the number of the desired quantity of goods is changed in the cookie. If a visitor orders several items, the cookie records data about several items selected by the visitor with the desired quantity.

The cookie is deleted after the customer has successfully ordered the goods or after 48 hours since the cookie was created.

Delivery cookie

When the buyer selects at least one product, a delivery cookie is created, which by default indicates that the customer wants the goods delivered to the home. If the customer does not choose another delivery method in the shopping cart, this cookie provides information to imenza.lt and dviraciudalys.lt store  that the customer needs the goods to be delivered at  home. If the customer chooses another delivery method, the newly selected delivery method is stored in the cookie. The cookie is stored for up to 48 hours. The cookie is deleted after the customer has successfully ordered the goods or after 48 hours since the cookie was created.

Payment method cookie

When the customer selects the desired payment method, a cookie is created, which allows imenza.lt and dviraciudalys.lt store to see how the customer wants to pay. The cookie is created on the "Shopping Cart" page. The cookie is deleted after the customer has successfully ordered the goods, refused the chosen payment method, or after 48 hours  since the cookie was created.

Google Analytics

Website statistics use the standard Google Analytics tool.

III. Processing of personal data

3.1. Personal data is processed automatically using personal data processing facilities installed and / or leased by the Company.

3.2. Only Employees and Managers have the right to process Personal Data. Each Employee and / or Manager assigned to process Personal Data must maintain the confidentiality of Personal Data and comply with the requirements of personal data protection legislation.

3.3. The Employee / Manager must:

3.3.1. to protect the confidentiality of Personal Data;

3.3.2. to process Personal Data in accordance with the laws of the Republic of Lithuania, other legal acts and these Rules;

3.3.3. not to disclose, transfer or create conditions for access to the Personal Data by any means to any person who is not authorized to process the Personal Data;

3.3.4. Immediately notify the Head of the Company or his / her designee of any suspicious situation that may pose a threat to the security of Personal Data.

3.4. Employees who automatically process personal data or from which computers can access areas of the local network where Personal Data is stored must use passwords. Passwords must be changed at least every 30 days, as well as in certain circumstances (eg. change of employee, threat of burglary, suspicion that the password has become known to third parties, etc.). An employee working on a particular computer can only know his password.

3.5. The protection of personal data is organized, ensured and carried out by the Head of the Company or an employee appointed by him.

3.6. The Employee loses the right to process Personal Data when the Employee's employment or similar contract with the Company expires, or when the Head of the Company revokes the Employee's appointment to process Personal Data.

3.7. The Manager loses the right to process Personal Data when the Manager's contract with the Company is terminated.

IV. Rights of data subjects and their enforcement

4.1. When submitting an identity document to the Company, the data subject has the right to obtain information on the sources and sources of his / her Personal Data, for what purpose they are processed and to whom they are provided. Access to Personal Data is provided by submitting a written request to the Company for access to Personal Data by mail, fax or e-mail.

4.2. The data subject has the right to data portability. This right allows data subjects to have unhindered access to personal data which they have provided to the controller in a structured, commonly used and computer-readable format and to transfer that data to another controller. Data portability is the right of the data subject to obtain a subset of the personal data processed by the controller in relation to the data subject and to store this data for further personal use.

4.3. Upon receipt of a request from the Data Subject regarding the processing of his / her Personal Data, the Company shall be responsible for whether the Personal Data relating to him / her is processed and shall provide the Data Subject with the requested data no later than within 30 calendar days from the date of the Data Subject. At the request of the data subject, such data shall be provided in writing to the address or e-mail address provided.

4.4. The possibility to correct, delete your Personal Data or suspend the processing of your Personal Data shall be provided to the Data Subject upon submission of a written request to the Company by post, fax or e-mail or  oral request if the Data Subject can be identified. Upon receipt of such a request, the Company shall immediately verify the Personal Data and, at the request of the Data Subject, immediately correct any incorrect, incomplete, inaccurate Personal Data.

4.5. The Company shall immediately notify the Data Subject on his/her requested  performed or not performed rectification, destruction of the Personal Data.

4.6. The data subject may complain to the State Data Protection Inspectorate about the actions (inaction) of the Company within 3 months from the date of receipt of the reply from the Company or within 3 months from from day, when ends deadline in point  4.3. The data subject may appeal to a court against the actions (inaction) of the State Data Protection Inspectorate in accordance with the procedure established by law.

4.7. The Company also ensures all other rights, guarantees and interests of personal data subjects guaranteed by the laws and other legal acts of the Republic of Lithuania.

V. Transfer of personal data

5.1. Personal data may be provided only to those Recipients with whom the Company has signed the relevant agreements on the transfer / provision of Personal Data and the Data Recipient ensures adequate protection of the transferred Personal Data. Personal data may also be transferred to third parties in other cases and in accordance with the procedure provided for in the laws and other legal acts of the Republic of Lithuania.

5.2. Personal data may only be transferred:

 5.2.1. Venipak Lietuva, UAB, which provides goods delivery services to Data Subjects under a contract;

 5.2.3. Telia Lietuva, AB, from which the Company purchases online and server rental services.

5.3. The Company does not collect sensitive personal information, such as information about age, health, racial origin, religious beliefs or political views, unless required or permitted by law.

VI. Risk factors for personal data breach

6.1 A personal data breach is an act or omission that may or may not have undesirable consequences and is contrary to the mandatory rules of personal data protection law. The degree, impact and consequences of the personal data breach are determined in each specific case by a commission formed by the Head of the Company or his / her authorized person.

6.2. Risk factors for personal data breach:

6.2.1.unintentional, when the protection of personal data is violated due to accidental data processing errors, data storage, deletion of data records, destruction, detection of incorrect routes (addresses) during data transmission, etc., or system failures due to power failure, computer virus etc., breach of internal rules, lack of system maintenance, software testing, inadequate maintenance of data media, inadequate line capacity and protection, integration of computers into the network, protection of computer programs, insufficient supply of fax materials, etc.);

6.2.2. intentional, when the protection of personal data is intentionally violated (illegal intrusion into the Company's premises, storage of personal data storage media, information systems, computer network, malicious violation of the rules for processing personal data, intentional spread of computer virus, theft of personal data, illegal use of another employee, etc.) .);

6.2.3. unexpected events (lightning, fire, flood, flooding, storms, burning of electrical installations, exposure to changes in temperature and / or humidity, exposure to dirt, dust and magnetic fields, accidental technical accidents, other irresistible and / or uncontrollable factors, etc.).

VII. Implementing measures for the protection of personal data

7.1. In order to ensure the protection of personal data, the Company implements or plans to implement the following personal data protection measures:

7.1.1. administrative (establishment of procedures for secure management of documents and computer data and their archives, as well as work organization in various fields of activity, acquaintance of personnel with the protection of personal data during employment and after termination of employment or similar relations, etc.);

7.1.2. hardware and software protection (administration of servers, information systems and databases, workplace, maintenance of the Company's premises, protection of operating systems, protection against computer viruses, etc.);

7.1.3. protection of communications and computer networks (filtering of shared data, programs, unwanted data packets (firewalls), etc.).

7.2. The technical and software measures for the protection of personal data must ensure:

7.2.1. installation of a repository for copies of operating systems and databases, identification of copying techniques and control of compliance;

7.2.2. Technology of continuous data processing;

7.2.3. continuous data management (processing) operation technology;

7.2.4. physical (logical) separation of the application testing environment from the operating mode processes;

7.2.5. authorized use of the data, their integrity.

7.3. All Employees who have the right to process Personal Data or to organize and enforce their protection must strictly comply with the Personal Data Protection Measures and relevant rules, instructions or procedures set forth in the Company.

VIII. Deadline for processing personal data

8.1. The Company starts processing Personal Data from the registration of the Data Subject (Buyer) in the store and continues processing until the execution of the Data Subject's purchase transaction.

8.2. When Personal Data is no longer needed for the purposes of its processing, it is destroyed, except for those that must be transferred to state archives in cases prescribed by law.

IX. Responsibility

9.1. Employees who violate the Law on the Legal Protection of Personal Data of the Republic of Lithuania, other legal acts regulating the processing and protection of personal data, or these Rules are subject to the liability measures provided for in the laws of the Republic of Lithuania.

X. Final provisions

10.1. Supervision of compliance with the rules and, if necessary, review, is entrusted to the head of the Company or his authorized person.

10.2. The Responsible Employees are acquainted with the Rules by signing.