Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter – the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating the protection of personal data.
JCS “Septeka” follows the following main data processing principles:
- personal data are collected only for clearly defined and legitimate purposes;
- personal data are processed only lawfully and fairly;
- personal data is constantly updated;
- personal data are stored securely and for no longer than required by the purposes for which the data are processed or by law;
- personal data are processed only by those employees of the Company who have been granted such a right in accordance with their work functions or by duly authorized data processors.
Data controller – JCS “Septeka” (hereinafter – the Company), legal entity code 301501622, registration address Druskininkų str. 6-27, Kaunas.
Data subject – any natural person whose data is processed by the Company. The data controller collects only those data of the data subject that are necessary for the performance of the Company’s activities and (or) when visiting, using, browsing the Company’s websites, etc. (the “Site”). The company ensures that the personal data collected and processed will be secure and will only be used for a specific purpose.
“Personal data” shall mean any information relating directly or indirectly to a data subject whose identity is known or can be established directly or indirectly by reference to the data concerned. Processing of personal data means any operation performed on personal data (including the collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).
Consent means any voluntary and deliberate consent by which the data subject consents to the processing of his or her personal data for a specified purpose.
Cookies – The company’s website uses small pieces of textual information that are automatically generated while browsing the website and stored on a computer or other device used by the data subject (website visitor). Cookies are used to improve the browsing experience for website visitors, and to analyze website traffic and behavior on the website.
2. SOURCES OF PERSONAL DATA
Personal data are provided by the data subject himself. The data subject applies to the Company, uses the services provided by the Company, purchases goods and/or services, leaves comments, asks questions, requests the Company to provide information, and so on.
Personal data is obtained by the data subject by visiting the Company’s website. The data subject fills in the forms in it or for some reason leaves his / her contact details and so on.
Personal data is obtained from other sources. Data are obtained from other institutions or companies, publicly available registers, etc.
3. PROCESSING OF PERSONAL DATA
By providing personal data to the Company, the data subject agrees that the Company will use the collected data to fulfill its obligations to the data subject in providing the services that the data subject expects.
The Company processes personal data for the following purposes:
Execution of business assurance and continuity. The following data shall be processed for this purpose:
- For the purpose of concluding and performing contracts, personal data of suppliers (natural persons) may be processed: name (s), surname (s), personal identification number or date of birth, place of residence (address), telephone number, e-mail address, place of work, obligations, bank current account and the bank where the account is located, date, amount, currency and other data provided by the person himself/herself, which the Company receives in accordance with legal acts in the course of the Company’s activities and/or which the Company is obliged to manage by law and/or other legislation. E.g. data contained in the business certificate (type of activity, group, code, name, periods of activity, date of issue, amount), number of the individual activity certificate, data or the data subject is a VAT payer, etc. data necessary for the proper performance of the contract and/or legal obligations.
- Contracts, VAT invoices, and other related documents are stored in accordance with the terms specified in the General Documents Storage Index approved by the order of the Chief Archivist of Lithuania.
Administration of inquiries, comments, and complaints. The following data shall be processed for this purpose:
- Name (s) and/or username, e-mail address, telephone number, address, subject of the message, comment, response or complaint, text of the message, comment, response, or complaint. Duomenys Data on inquiries, comments, and complaints are stored for 1 calendar year from the date of submission.
For other purposes for which the Company has the right to process the personal data of the data subject when the data subject has given his or her consent, when the data is required to be processed in the legitimate interest of the Company or when the Company is obliged to process the data.
The following types of cookies may be used on the company’s website:
- Technical (necessary) cookies – help the website visitor to display the website and its content, and help to ensure the functionality of the website. Technical cookies are necessary for the proper functioning of the website and their use does not require the consent of the website visitor.
- Functional cookies – used to help the website visitor to use the Company’s website, to remember the choices and preferences made while browsing. Functional cookies are not necessary for the website to be fully functional, but they add functionality and improve your experience of using the Company’s website.
Analytical Cookies – Used to obtain information about how website visitors use the Company’s website. This is necessary in order for us to optimize and improve the Company’s website. With the help of analytical cookies, we can collect data about the web pages you have viewed, from which pages you came, and what emails. you have opened and responded to emails and date and time information. It also means that we may use information about you and your use of the site, such as the frequency of visits, the number of clicks on a particular page, the search terms used, and more.
Commercial (targeted or advertising) cookies – used to provide personalized advertising to a visitor to the Company’s website. This is called “remarketing,” which is based on your browsing activity, such as the products and/or services you’ve searched for, viewed, or viewed.
The Company’s employees have access to statistics about the Company’s website visitors, who are responsible for analyzing these data and improving the website.
Technical records may also be accessed by Company partners who provide content management tools on the Company’s website.
Data collected by cookies is stored in the Company for no longer than is necessary to achieve the purposes of data processing or for no longer than required by data subjects and (or) provided by legal acts.
You can find more information about cookies at AllAboutCookies.org.
- For Chrome: https://support.google.com/chrome/answer/95647?hl=en;
- For Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies;
- For the Safari browser: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac;
- For Edge Browser: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy.
5. PROVISION OF PERSONAL DATA
The company undertakes to respect the obligation of confidentiality vis-à-vis data subjects. Personal data may be disclosed to third parties only if this is necessary for the conclusion and performance of the contract for the benefit of the data subject or for other legitimate reasons.
The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the Company’s instructions and only to the extent necessary to properly perform the obligations set out in the contract. The company shall use only those processors who sufficiently ensure that the appropriate technical and organizational measures are implemented in such a way that the processing complies with the requirements of the Regulation and that the rights of the data subject are protected.
The company may also provide personal data in response to requests from a court or public authority to the extent necessary to properly comply with applicable law and the instructions of public authorities.
The company guarantees that personal data will not be sold or rented to third parties.
6. PROCESSING OF PERSONAL DATA OF MINORS
Individuals under the age of 14 may not disclose any personal information through the Company’s website. If a person is younger than 14 years of age, in order to use the Company’s services, the written consent of one of the representatives (father, mother, guardian (s)) regarding the processing of personal data must be submitted before providing personal information.
7. TERM OF STORAGE OF PERSONAL DATA
Personal data collected by the Company is stored in printed documents and/or Company information systems. Personal data shall be processed for no longer than is necessary for the processing of the data or for no longer than required by the entities and/or provided by law.
Although the data subject may terminate the agreement and provide the Company’s services, the Company must continue to retain data regarding future waiver claims or claims of legal entities until the expiration of the data retention periods.
8. RIGHTS OF THE DATA SUBJECT
- Right of access to data processing.
- Right of access to processed data.
- Right to have data rectified.
- Right to request data (“Right to be forgotten”). This right shall not apply if the personal data requested are also processed on other legal grounds, such as the processing is necessary for the performance of the contract or is subject to obligations under the applicable law.
- Right to restrict data processing.
- Right to object to data processing.
- Right to data portability. The right to data portability must not adversely affect the rights and freedoms of others. Data subjects do not have the right to data portability with regard to personal data processed in non-automated files, such as paper files.
- The right to require that a solution based solely on automated data processing, including profiling, is not applied.
- The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
The company must enable the data subject to exercise the above-mentioned rights of the data subject, prohibited public order when it is necessary to ensure state security or defense, prevention, investigation, detection or prosecution of criminal offenses, important economic or financial interests, breach of official or professional ethics. prevention, investigation and detection, and protection of the rights and freedoms of the data subject or of other persons.
10. PROCEDURE FOR EXERCISE OF RIGHTS OF THE DATA SUBJECT
The data subject may apply to the Company for the exercise of his / her rights:
in writing to: Druskininkų st. 6-27, Kaunas.
In order to protect the data from unauthorized disclosure, the Company must verify the identity of the data subject upon receipt of a request from the entity to provide other rights.
The company’s response to the data subject shall be provided no later than one month from the date of receipt of the data subject’s request, taking into account the specific means of processing the personal data. This period may be extended by two months, if necessary, depending on the complexity and number of applications.
11. RESPONSIBILITY OF THE DATA SUBJECT
The data subject must:
- inform the Company about changes in the information and data provided. It is important for the company to have correct and valid data subject information;
- provide the necessary information to enable the Company to identify the data subject at the request of the data subject and to ensure that it is in real communication or cooperation with the particular data subject (provide an identity document or by electronic means that allow the proper identification of the data subject). This is necessary for the protection of the data subject and other persons so that the information disclosed about the data subject is provided only to the data subject, without prejudice to the rights of other persons.
12. FINAL PROVISIONS