1.1. UAB "Smagus" (hereinafter "the Company") respects the rights of all their clients (customers) (hereinafter “the Clients”), including visitors of the website https://www.adventica.lt (hereinafter "the Website"), to privacy and obligates to protect their personal data and facilitate the exercise of their, as the data subjects, rights.
1.4. Your personal data shall be processed following the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania (LPPDL), Law on Electronic Communications of the Republic of Lithuania (ECL) and other applicable laws, regulating personal data protection, also instructions of data protection authorities (in Lithuania – State Data Protection Inspectorate).
What definitions we use
- Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is an individual that can be identified directly or indirectly, first of all, using an identifier, such as the first and last name, personal ID number, location data and the Internet identifier, or based on one or several features of the physical, physiological, genetic, psychic, economic, cultural or social identity.
2.2. Data subject – a natural person – the Company Client (including the Website Visitors) whose personal data are collected by the Company.
2.3. Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.4. Data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.5. Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data controller.
2.6. Data controller – UAB "Smagus", a company established following laws of the Republic of Lithuania, registration number 305131024, registered office M. Valančiaus g. 3-2, LT-03105 Vilnius, Republic of Lithuania, data collected and stored in the Register of Legal Entities.
2.7. Cookie – a small text file automatically created when browsing on the Website and stored in your computer or other end device.
2.8. Direct marketing – the business of selling products or services directly by mail order or telephone selling or any other direct way and (or) asking for an opinion regarding offered services.
3. What personal data we collect
3.1. The Company collects and further processes the following personal data, provided by you when signing in and (or) ordering services on the Website or any other way: a name, surname, email address, phone no., data related to service rendering, such as information on a service and its ordering, account numbers, invoice issuing, payment details, information on a consent or disagreement regarding personal data processing for the purposes of direct marketing, credentials, any other data you additionally provide on your own initiate when signing in and (or) ordering, managing services.
3.2. Your personal data mentioned in Point 3.1 are stored within the period of cooperation between you and the Company (the period of service rendering) and for 10 (ten) years after the expiry of this period.
3.3. The Company collects and processes the following personal data provided by you indirectly when signing in and (or) ordering services on the Website, i.e. these data are automatically collected from the computers and (or) mobile devices you use, after you signed in the Website: IP addresses and connection times, the user’s browser and its version, the Internet Websites visited before getting into our Website, data about service use, such as data collected with the help of cookies and similar technologies, related to browsing in the Internet and etc.
3.4. Your personal data indicated in Point 3.3 are stored within the period of cooperation between you and the Company (the period of service rendering) and depending on the data, up to one year after the expiry of this period. These data can be stored for a longer period where such storage term is based on other legal grounds.
4. What the purposes for processing of your personal data are
4.1. The Company processes the aforementioned personal data for the following data processing purpose: to process and administrate a purchase (order) of services, to identify the Company Clients in the informational systems of the Company when signing in and logging in to your account on the Website, managing accounting documents related to the service order, to contact you regarding performance of contractual obligations, also for the purposes of direct marketing (with prior consents of data subjects only).
5. How we process your personal data
5.1. We ensure that your personal data will be: processed lawfully, fairly and in a transparent manner, collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (the principle of data minimisation), accurate and, where necessary, kept up to date (the principle of accuracy), processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (the principle of integrity and confidentiality).
6. What rights of data subject you have
6.1. You have the rights of data subjects below that we will implement having received your request (by email firstname.lastname@example.org; by mail to the address M. Valančiaus g. 3-2, LT-03105 Vilnius) and having properly checked your identity: to obtain the confirmation as to whether or not personal data concerning you are being processed, to obtain the rectification of inaccurate personal data concerning you, also to have incomplete personal data completed, to obtain from the Company the erasure of personal data concerning you where: a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, b. you withdraw your consent and where there is no other legal ground for the processing of your personal data c. the personal data have been unlawfully processed, d. on other grounds established by the Regulation; to obtain from the Company restriction of processing of your personal data, to receive the personal data concerning you, which you have provided to the Company, in a structured, commonly used and machine-readable format and to object to processing of the personal data concerning you (e.g. for direct marketing purposes or etc.).
6.2. It should be noted that in case you consider your rights, as the data subject, are breached, you can lodge a complaint to State Data Protection Inspectorate. Please find more information about State Data Protection Inspectorate and complaint produces here https://www.ada.lt/.
7. How we process personal data for direct marketing purposes
7.1. The Company shall send you newsletters by email and (or) make inquiries about the quality of current services only with your prior consent and based on the provisions of ECL, LPPDL and Regulation.
7.2. Your personal data processed for direct marketing purposes include the first name, the last name and email address.
7.3. Your personal data collected and process for direct marketing purposes are stored until you revoke your consent to receive direct marketing notifications.
8. Who we transfer your personal data to
8.1. The Company’s employees shall be granted an access to your personal data only under necessity to fulfil their duties and only with the employee’s confidentiality undertaking.
8.2. The Company can transfer your personal data to data processors rendering services to the Company and managing your personal data on the Company’s behalf and for the Company’s or your benefit, to law enforcements authorities where a legal ground for this exists, to other third parties with your consent.
8.3. We shall involve those data processors only who can secure the implementation of appropriate technical or organisational measures in the manner compliant with the requirements set out in the Regulation and the protection of your, as the data subject, rights.
8.4. It should be noted that the aforementioned data processors shall have the right to process your personal data based on our instructions only.
8.5. The data processor shall involve another data processor with a prior explicit or common written consent of the Company (the data controller) only.
8.6. Your personal data can also be transferred responding to official request from state institutions and courts, however, after proving legitimacy of such requests only.
9. What cookies we use and how
10. What links are displayed on the Website
10.1. On the Website, there can be displayed links to websites of the third parties, to laws, also to social networks (a possibility to share the Website content in social media Facebook and Instagram). It should be noted that the websites of the third parties that links are displayed on the Website apply the provisions of privacy policies of those websites, and the Company shall be exempted from liability for their content, activities and provisions of their privacy policies.