Translation from Lithuanian
BALTIJOS PERVEZIMAI, UAB
by the Order No. VKT-12
of BALTIJOS PERVEZIMAI, UAB Director
of 25 May 2018
Personal data shall be processed in accordance with European Union General Data Protection Regulation (EU) 2016/679 (hereinafter – Regulation), Law on Legal Protection of Personal Data of the Republic of Lithuania and other legislation regulating personal data protection.
BALTIJOS PERVEZIMAI, UAB shall act in accordance with the following data processing principles:
- personal data shall be collected for specified, explicit and legitimate purposes;
- personal data shall be processed lawfully, fairly;
- personal data shall be kept up to date;
- personal data shall be stored securely and no longer than is necessary for the purposes for which the personal data are processed or required by legislation;
- personal data shall be processed only by Company’s employees who have such right according to current work functions or by property authorized data processors.
1.1. Data Controller – BALTIJOS PERVEZIMAI, UAB (hereinafter – Company), legal entity code 141587495, legal address S. Šimkaus g. 13, Klaipėda.
1.2. Data subject – any natural person whose data is processed by the Company. Data controller shall collect only data of data subject that are necessary for carrying out Company’s activity and/or visiting, using, browsing Company’s website (hereinafter – Website). The Company shall ensure that collected and processed personal data would be secure and used only for a specific purpose.
1.3. Personal data – any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, by reference to certain data. Personal data processing shall be any operation which is performed on personal data (including collection, recording, storage, editing, alteration, granting access, inquiries, transfer, archiving, etc.).
1.4. Consent – any freely given, conscious confirmation by which data subject consents for his/her personal data to be processed for specific purpose.
2. PERSONAL DATA SOURCES
2.1. Data subject provides personal data. Data subject contacts the Company, uses services provided by the Company, sells goods and/or services, leaves comments, asks questions, etc.
2.2. Personal data obtained when data subjects visits Company’s Website. Data subject fills in forms therein or provides contact information for any reason, etc.
2.3. Personal data are received from other sources. Data are received from other institutions or companies, public registers, etc.
3. PERSONAL DATA PROCESSING
3.1. By submitting personal data to the Company, data subject shall agree for the Company to use collected personal data in performing its obligations with respect to data subject, in providing services expected by data subject.
3.2. The Company shall process personal data for the following purposes:
3.2.1. Conclusion and performance of agreements of services/goods provided/received by the Company concluded with data subject; storage of contact information to ensure possibility to contact them; tax accounting and payment control. For this purpose, the following data shall be processed:
3.2.2. Debt management. For this purpose, the following data shall be processed:
3.2.3. Administration of inquiries, comments or complaints. For this purpose, the following data shall be processed:
3.2.4. Administration of database of curriculum vitae (CV) of applicants for job vacancies. For this purpose, the following data shall be processed:
3.2.5. For the purpose of ensuring the safety of Company’s employees, other data subjects and property (video surveillance). For this purpose, the following data shall be processed:
3.2.6. For other purposes, enabling the Company to process data of data subject where data subject expressed his/her consent, where data must be processed for legitimate interest of the Company or where the Company is obliged to process data in compliance with relevant legislation.
4. PERSONAL DATA PROVISION
4.1. The Company shall undertake to comply with confidentiality obligation with respect to data subject. Personal data may be disclosed to third parties only if it is necessary for concluding and performing the agreement on behalf of data subject, or for any other legitimate reasons.
4.2. The Company may provide personal data to its data processors providing services and processing personal data on behalf of Company. Data processors shall have the right to process personal data only according to Company’s instructions and only to the extent necessary to properly perform obligations specified in the agreement. The Company shall engage only those data processors that are able to sufficiently ensure the implementation of proper technical and organizational measures in a way data processing would comply with the requirements of Regulation and ensure the protection of the rights of data subject.
4.3. The Company shall be entitled to provide Personal data in replying to the requests by court or state authorities to the extent necessary to properly perform applicable legislation and instructions by state authorities.
4.4. The Company shall guarantee that personal data shall not be sold or leased to third parties.
5. PERSONAL DATA RETENTION PERIOD
5.1. Personal data collected by the Company shall be stored in printed documents and/or Company’s information systems. Personal data shall be processed for no longer than is necessary for the purposes for which personal data are processed or no longer than is required by data subject and/or provided for by legislation.
5.2. If data subject terminates the agreement and refuses Company’s services, the Company shall be obliged to store data of data subjects with respect to possible future requirements or legal claims until the expiry of data retention terms.
6. DATA SUBJECT RIGHTS
6.1. Right to obtain information about data processing.
6.2. Right of access by data subject.
6.3. Right to rectification.
6.4. Right to erasure (‘right to be forgotten’). This right shall not apply if personal data requested to be erased are also processed on different legal grounds, such as processing necessary for the performance of the agreement or obligations under applicable legislation.
6.5. Right to restriction of processing.
6.6. Right to object.
6.7. Right to data portability. Right to data portability shall not have negative impact on rights and freedoms of others. Data subject shall not be able to exercise the right to data portability with respect to personal data that are processed in non-automated way in systemized media, for example, files in paper form.
6.8. Right to request that a solution based only on automated individual decision-making, including profiling, would not be applied.
6.9. Right to lodge a complaint concerning personal data processing to State Data Protection Inspectorate.
7. The Company shall be obliged to enable data subject to exercise the afore-mentioned rights of data subject, except in cases established in legislation, where it is necessary to safeguard national security; defence; public order; prevention, investigation, detection or prosecution of criminal offences; important economic or financial interests of the state; prevention, investigation, detection and prosecution of breaches of ethics for regulated professions; protection of the data subject or the rights and freedoms of others.
8. DATA SUBJECT RIGHT IMPLEMENTATION PROCEDURE
8.1. Data subject shall be able to contact the Company concerning implementation of his/her rights:
8.1.1. by submitting a written request in person, by mail or through a representative or via electronic means of communication – e-mail: firstname.lastname@example.org;
8.1.2. orally – by phone +370 46 311951;
8.1.3. in writing – at the address: S. Šimkaus g. 13, Klaipėda.
8.2. To protect data from unauthorized disclosure, the Company, upon receipt of data subject’s request to provide data or exercise other rights, shall be obliged to verify the identity of data subject.
8.3. The Company shall be obliged to reply to data subject’s request no later than within one month from the date of receipt of data subject’s request, taking into consideration specific data processing circumstances. This period may be extended for two months taking into consideration the complexity and number of requests.
9. LIABILITY OF DATA SUBJECT
9.1. Data subject shall be obliged:
9.1.1. to notify the Company about any changes of provided information and data. The Company must have correct and valid information of data subject;
9.1.2. to provide necessary information so that, in case of data subject’s request, the Company could identify data subject and make sure it interacts or collaborates with specific data subject (to provide personal identity document or under procedure established by legislation or via electronic means of communication that would enable proper identification of data subject). This is necessary for the protection of data of data subject and other persons, so that disclosed information about data subject would be provided only to data subject without violating the rights of other persons.
10. FINAL PROVISIONS