I. GENERAL PROVISIONS
1.2. This Policy shall:
1.2.1. be applicable in cases where you visit the Website and avail yourself of the possibility to purchase the products and/or services offered on the Website;
1.2.2. be intended for protection of your personal data against unlawful use;
1.2.3. define the obligations of the controller of your personal data;
1.2.4. explain how and for what purposes your personal data is collected, used and stored (processed) on the Website;
1.2.5. inform you as the data subject of your rights and the ways of exercise thereof and provide other information required by the legal acts governing processing of personal data.
1.3. For the purposes of this Policy, the following definitions shall apply:
1.3.1. “Personal Data” shall mean any information relating to a natural person who is identified (known) or who can be identified, directly or indirectly, (data subject) by reference to the respective identifiers such as name and surname, e-mail address, online identifier (IP address) and other data or factors.
1.3.2. “Data Subject” (You) shall mean a natural person whose persona data is processed on the grounds and for the purposes set out herein.
1.3.3. “Data Controller” (We or Data Controller) shall mean Autobrava Motors UAB (legal person registration number 302792561, registered at the address Žalgirio g. 112a, 09300 Vilnius).
1.4. For the purposes of processing your data, we shall follow the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications, other laws and legal acts regulating processing and protection of personal data, compliance with and implementation thereof including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
II. BASIC PERSONAL DATA PROCESSING PRINCIPLES AND CONDITIONS
2.2. In order to use the Website, you shall not be obliged to provide us with any Personal Data, nevertheless, in such case, we cannot provide you the possibility to purchase the services and/or products offered on the Website.
2.3. The data provided while you use the Website shall be collected and processed by the Data Controller referred to in paragraph 1.3.3. hereof.
2.4. We collect Personal Data provided by you while using the Website and at the moment of registration on the Website with a view to purchasing the products and/or services offered by us, i.e.:
2.4.1. Main information, i.e. name, surname, e-mail address, address of the place for delivery of the goods, your vehicle model and/or vehicle identification number (VIN) and telephone number;
2.4.2. Data related to registration on the Website for purchase of the offered services and/or products, i.e. ordered service/product, your online identifier (IP address), information on consent on dissent to processing of Personal Data for direct marketing purposes (at the moment when you register for ordering of our newsletter) and related entries;
2.4.3. Other data on use of the Website, i.e. data collected using cookies and similar technologies related to browsing online etc.
2.5. We collect and process Personal Data only on the grounds and for the respective purposes set out in paragraph 1.4. hereof as specified below:
2.5.1. performance of your registration on the Website for the purposes of purchase (ordering) of the offered services and/or products (legal grounds: conclusion and performance of a contract), i.e. for the purposes of:
· processing of your orders of products and/or services;
· issue of financial documents;
· dealing with the problems in relation to provision or delivery of the goods;
· discharge of other contractual obligations.
2.5.2. subject to your consent where Personal Data is processed for the purposes of direct marketing;
2.5.3. if you call by the telephone numbers indicated on the Website, data shall be processed for the purposes of ensuring the quality of provided services and information, conclusion of commercial transactions and performance thereof (recording of telephone conversations).
2.6. In all afore-mentioned cases, we process your Personal Data to the extent required for achievement of the respective clearly defined lawful objectives taking into account the Data Subject privacy protection.
2.7. We ensure that Personal Data shall be processed in a precise, good faith and lawful manner, that Personal Data shall be processed only for the purposes which correspond to the purposes established before collection of Personal Data, that Personal Data shall be processed only strictly in accordance with clear and transparent personal data processing requirements set forth in the legal acts.
2.8. When processing Personal Data for the purposes defined in paragraph 2.5.1 hereof, Personal data may be disclosed to:
2.8.1. the partners of the Data Controller providing services related to placing or fulfilment of your order (for example, dispatch, payment);
2.8.2. the data processors/subcontractors (information technology companies processing data with a view to ensuring development, improvement and support of the information systems) which carry out certain works or provide services to us and process your data on behalf of the Data Controller. Data processors shall be entitled to process Personal Data only in accordance with the Data Controller’s instructions and only to the extent necessary for proper performance of the obligations established in the contract. In case of subcontracting any subcontractors, we assume all reasonable measures to ensure that the data processors implemented the appropriate organisational and technical security measures and kept Personal Data confidential.
2.8.3. In other cases, your Personal Data may be disclosed to third parties only in the cases provided for in the legal acts.
2.9. Your data referred to in paragraphs 2.4.1. and 2.4.2 hereof provided at the moment of registration on the Website (except for your consent to processing of Personal Data for direct marketing purposes) shall be stored for the period not longer than 3 (three) years from the moment of your last login to the customer’s account.
2.10. The data referred to in paragraph 2.4.3 hereof shall be stored not loner than for the period indicated in the Cookies Policy mentioned in paragraph 4.1. hereof.
2.11. Your Personal Data shall be stored by us for the period not longer than indicated herein unless the legal acts provide for a longer period for storage of such Personal Data.
2.12. For the purposes of processing of Personal data for the purposes of ensuring the quality of provided services and information, conclusion of commercial transactions and performance thereof (recording of telephone conversations) referred to in paragraph 2.5.3 hereof, before recording of the conversation you shall be informed of recording of the conversation, the purpose of recording and where you may receive more information. The conversation records shall be stored for 6 months. Processed data may be disclosed to the data processors/subcontractors, i.e. (information technology companies processing data with a view to ensuring development, improvement and support of the information systems or other third parties where this is provided for by the requirements of the legal acts.
2.13. Your Personal Data shall be processed in a reliable and secure manner. When establishing the Personal Data processing measures and in the course of data processing, the Data Controller shall implement the appropriate data protection technical and organisational measures provided for in the legal acts aimed at protecting the processed Personal Data against accidental or unlawful destruction, damage, alteration, loss, disclosure as well as any other unlawful processing. The appropriate measures shall be established taking into account the risks posed by processing of Personal Data.
2.13.1. In addition to other measures, we have made sure that payment on the Website was consumer-friendly. The security measure used by us is one of the most reliable security measures, i.e. secure connection SSL (Secure Socket Layer) certificate issued by the international electronic signature certification centre Comodo. The SSL certificate shall regulate mutual authentication between your browser and our server so ensure encrypted connection between computers.
2.13.2. The confidential data entered when paying for the goods (passwords of login to the banking systems, credit card numbers) shall not be accumulated in our system.
III. DIRECT MARKETING (NEWSLETTER) CONDITIONS
3.1. If you agree to subscribe our newsletter, your e-mail address shall be used for sending of general and/or individualised (based on automated decisions (profiling)) information on goods, services, discounts, offers, competitions, news, surveys and other news and contact you to this end. The accumulated information shall be used only for sending of the newsletter.
3.2. For the purposes of sending general marketing proposals, general information which shall be shared by the Data Controller with all your customers shall be sent to you.
3.3. For the purposes of putting forward individualised marketing proposals, you may be attributed to the category of the customers of the Data Controller by means of automated decisions (profiling) on the basis of the data of the history of your interest (in the Data Controller’s salons, by e-mail telephone, browsing the Data Controller’s websites or otherwise) in the particular Data Controller’s services and/or goods and obtaining thereof, participation in the surveys, competitions and events organised by the Data Controller and other similar elements. In the afore-mentioned cases, general information shall be sent only to the respective category of the Data Controller’s customers.
3.4. The Data Controller shall be entitled to contact without the consent referred to in paragraph 3.1 hereof if the goods or services of the Data Controller (or similar goods/services) are offered or an opinion on the goods/services is asked. In the latter case, the Data Controller shall provide you with an easily realisable possibility not to agree with obtaining of the respective notices.
3.5. Our newsletter shall be sent from the Data Controller. Your e-mail address may be transferred to third parties providing specialised services only for sending the newsletter intended for you.
3.6. The term of data (e-mail address) processing on basis of paragraph 3.1 and/or paragraph 3.4 hereof shall be 3 years, but not longer than the validity period of your consent.
3.7. You shall be entitled to unsubscribe the newsletter sent on the basis of paragraph 3.1 and/or paragraph 3.4 hereof by notifying of your unsubscribing by e-mail email@example.com or clicking on the link at the end of the newsletter.
4.1. Data using cookies and similar technologies related to browsing on the Internet etc. shall be collected in accordance with the Cookies Policy.
V. RIGHTS OF THE DATA SUBJECT
5.1. Please be notified that you as the Data Subject have the following rights:
5.1.1. to be aware (be informed) of processing of your Personal Data;
5.1.2. to receive information on the sources from which your Personal Data is collected and you’re your Personal Data is collected, for what purpose your Personal Data is processed, to what data recipients your Personal Data is and was provided;
5.1.3. to request to collect your Personal Data which is processed if the data is inaccurate and/or incomplete;
5.1.4. to request to destroy your Personal Data or suspend processing of Your Personal Data if superfluous Personal Data is processed, the Data Subject requests to withdraw his consent or there exist adequate grounds for this;
5.1.5. to receive Personal Data in relation to you which you provided to the Data Controller in a structured and usually used and machine-readable format and forward such data to another data controller or request that forwarded such Personal data directly to another data controller where this is technically possible (right to data portability).
5.2. You should submit a written request for provision of information or actions referred to in paragraph 5.1 hereof to the Data Controller together with your identity document or by means of electronic communication enabling to duly identify you as the person who has proven his identity under the procedure established in the legal acts. If you apply to the Data Controller in writing, you should attach a notarised copy of your identity document to the request, except for the cases where the written request is submitted directly to the employees of the Data Controller and at the moment of submission of the request you may be identified.
VI. FINAL PROVISIONS
6.1. Should you have any questions or complaints concerning processing of your Personal Data, do not hesitate to address the Data Controller by e-mail address firstname.lastname@example.org, the data protection officer or may register your enquiry by telephone +370 5 2740440. Furthermore, if you have any complaints, you may apply to the State Data Protection Inspectorate although, first of all, we will make every effort to resolve all situations in cooperation with you.
6.2. This Policy shall be revised and updated at least once a year or in the event of any amendments to the legal acts governing processing of Personal Data.
6.3. The data controllers shall be entitled to partially or fully amend the rules described herein. You shall be notified of any amendments by publishing the updated version of the Policy on the Website. For this reason. you are recommended to periodically visit our Website on which the most recent version of the Policy shall be always available.