Privacy policy

Personal Data Processing Rules

http://www.kailiai.lt/lt/ ensures that personal data is processed in a lawful, fair and transparent manner, collected only for the purposes set out and clearly defined in this policy and not further processed in a way incompatible with those purposes.

http://www.kailiai.lt/lt/ ensures the proper security of personal data by applying organizational and technical measures, including protection against unauthorized or illegal data processing and against unintentional loss, destruction or damage.

1. KEY DEFINITIONS
1.1. Privacy Policy  – these rules of personal data processing, which are posted on the websitehttp://www.kailiai.lt/lt/.
1.2. Internet site – a website located at http://www.kailiai.lt/lt/, where the customer can place an order, leave a request, give consent to process personal data for the purpose of direct marketing.
1.3. E-commerce  – buying and selling goods or services online.
1.4. Data controller  – a legal or natural person who, alone or together with others, determines the purposes and means of the processing of personal data. In this Privacy Policy, the data controller is UAB Vilniaus kailiai, e-mail: p. info@kailiai.lt, tel. No. +370-52627803, fax.: +370-52643436, mob. +370-61550186.
1.5. Data subject – a customer or website visitor whose personal data is processed by the Data Controller for the purposes of e-commerce, direct marketing, inquiry administration, loyalty program administration.
1.6. Data  Controller – a natural or legal person who assists the Data Controller, in accordance with the powers granted by him, to achieve the set objectives.
1.7. Personal data  – data of a natural person or a company processed by the Data Controller and according to which the customer or visitor of the website can be identified, including, but not limited to: photo, name, surname, e-mail address, telephone number, shipping address, etc.
1.8. Data processing – any action on personal data: collection, recording, storage, storage, modification (addition or correction), provision, use, destruction or any other action or set of actions.
1.9. Direct marketing  is the activity of offering goods or services to individuals, offering occasional discounts, sales, news and / or seeking their opinion on the goods or services offered, by post, e-mail,  telephone or other direct means.
1.10. Consent  is an act of the Data Subject, expressed voluntarily, by which he or she consents to the processing of personal data.
1.11. The supervisory authority  is the State Personal Data Protection Inspectorate of Republic of Lithuania.

2. GENERAL PROVISIONS
2.1. The policy sets out the main provisions for the collection, storage and processing of personal data.
2.2. The Data Subject shall be deemed to have read and read this Privacy Policy when agreeing to the processing of his / her Personal Data.
2.3. This Privacy Policy is available at any time and can be printed on the websitehttp://www.kailiai.lt/lt/.

3. PROCEDURES FOR THE COLLECTION, STORAGE AND USE OF PERSONAL DATA
3.1. The Data Subject agrees that for the purpose of electronic commerce, the Data Controller will process the following personal data related to them:
3.1.1. name, surname,
3.1.2. telephone number,
3.1.3. e-mail address,
3.1.4. IP address,
3.1.5. delivery address of the goods,
3.1.6. el. store account user password,
3.1.7. payment data of the product / service (bank account number, method of payment, etc.),
3.1.8. purchase history (purchased goods and / or services, price, etc.).
3.2. In the event that the goods are purchased by an unregistered buyer, the Data Controller shall process the above-mentioned personal data, except for those specified in Clause 3.1.6.
3.3. The personal data of registered users received for this purpose is stored for 5 (five) calendar years from the last customer’s login to their e-mail. the date of the store user account, and for unregistered users – 2 (two) calendar years from the execution of the order.
3.4. The data subject is informed that data controllers – companies providing courier services, banks – are used for this purpose.
3.5. The data subject agrees that for the purpose of administering the request, when the request is submitted by e-mail. by mail, the Data Controller will process the following personal data related to him / her:
3.5.1. name, surname,
3.5.2. e-mail address,
3.5.3. comment / request.
3.6. The controller confirms that personal data processed for this purpose are not provided.
3.7. For this purpose, personal data shall be stored for 2 (two) calendar years from the date of submission of the data.
3.8. The Data Subject agrees that, for the purposes of direct marketing, the Data Controller will process the following personal data relating to him:
3.8.1. e-mail address,
3.8.2. Phone number.
3.9. Personal data obtained for the purpose of direct marketing shall be stored for 2 (two) calendar years from the date of submission of the data.
3.10. The Data Controller confirms that personal data is collected only directly from the Data Subject and is not collected from other sources.
3.11. The Data Controller undertakes not to disclose the processed Personal Data to third parties, except in the following cases:
3.11.1. if there is the consent of the Data Subject to the disclosure of personal data,
3.11.2. when executing an order or providing other services – to Data Processors providing delivery of goods or other services ordered by the Buyer,
3.11.3. law enforcement authorities in accordance with legal requirements,
3.11.4 if it is necessary to prevent or investigate criminal offenses.

4. EXERCISE OF DATA SUBJECT’S RIGHTS
4.1. The Data Subject grants the Data Controller the right to collect, manage, process and store personal data relating to him to the extent and for the purposes set out in this Privacy Policy.
4.2. Consent to collect, process, store personal data related to him / her may be revoked by the Data Subject at any time, and personal data processed for the purpose of direct marketing may be revoked without any additional justification by contacting the data controller –  UAB Vilniaus kailiai Manager, el. p. info@kailiai.lt, tel. Nr. +370 52627803, 861550186. Upon receipt of such a request by the Data Subject, the Data Controller shall immediately suspend the processing of personal data and destroy the personal data related to him. The data controller has the right not to delete personal data from the server if he has a legitimate reason to protect them, especially when it is necessary to ensure state security and defense, public order, crime prevention, investigation, detection or prosecution, protect important economic or financial interests of the state; and the protection of freedoms.
4.3. When contacting the Data Controller for information on the delivery of the goods / consignment, the Data Subject must provide his / her name, e-mail address for identification.
4.4. A data subject who has duly identified himself / herself, submitted an identity document to the Data Controller or a notarised copy thereof, which will be used only for identification and will not be stored, has the right to access his / her personal data by submitting a request to the Data Controller – UAB Vilniaus kailiai Manager, el. p. info@kailiai.lt, tel. Nr. +370 52627803, 861550186. 
4.5. If another person wishes to have access to the personal data of the Data Subject, he / she must submit a notarized power of attorney, and the data shall be provided to the lawyer only upon submission of the representation agreement and indication of the purpose of data use.
4.6. Upon receipt of the Data Subject’s request for access to the processed personal data, the Data Controller shall submit a response within 30 (thirty) calendar days from the date of receipt of the request. The answer shall indicate whether personal data is processed with the Data Subject and, if so, what and to whom it was provided during the last 1 (one) calendar year. The answer is provided free of charge.
4.7. If the Data Subject, having become acquainted with his / her personal data, determines that personal data have been collected or obtained from illegal sources, or that personal data are processed for purposes other than those for which consent was given, the Data Subject has the right to contact the Data Controller by e-mail. data processing operations and / or delete personal data relating to him. The Data Controller shall verify the Data Subject’s request and, if it is established that the request is justified, immediately, but not later than within 5 days, satisfy the Data Subject’s request and inform about the actions taken in writing.
4.8. In cases when the Data Subject, having acquainted himself with his personal data, finds that they are inaccurate or incomplete, he / she has duly identified himself / herself and requests in writing to correct and / or supplement the personal data related to him / her. If the data controller establishes that the request is justified, it shall correct or supplement the processed personal data without delay, but not later than within 5 working days, and shall inform about the actions taken in writing.
4.9. The Data Subject has the right to request that the Data Controller "forgets" him / her, deletes all data related to him / her, if such data are not necessary for the purpose for which they were collected and processed, or if the Data Subject withdraws consent or is processed in violation of legal requirements. . The Data Controller shall comply with such a request without undue delay, but not later than within 5 working days and shall inform the Data Subject of the actions taken.
4.10. The data subject has the right to apply to the Supervisory Authority if he or she considers that his or her legitimate interests have been harmed by the processing of his or her personal data.

5. RISK FACTORS FOR BREACHING PERSONAL DATA PROTECTION AND THEIR SOLUTION
5.1. In order to ensure adequate protection of Personal Data, the Data Controller shall implement the following organizational and technical measures for the protection of personal data:
5.1.1. Organizational
5.1.1.1. The data controller’s work procedures shall be organized in such a way as to ensure the secure management and (if any) transmission of computer data and / or documents and their archives.
5.1.1.2. Access to the Data Subject’s personal data shall be granted only to those Employees for whom they are necessary for the performance of work functions and only to those who have signed confidentiality agreements and are acquainted with other internal procedures in the scope of personal data processing.
5.1.2. Technical specifications
5.1.2.1. Data processors (service providers) appointed by the Data Controller shall act only with the authorization of the Data Controller.
5.1.2.2. Personal data is protected from loss, unauthorized use and alteration. The Internet connection is encrypted and the website page is executed via the https: // protocol.
5.1.2.3. Provides protection of computer hardware from malicious software (eg, installation, updating of antivirus programs), and the internal network of the computer through a firewall.

6. FINAL PROVISIONS
6.1. This Privacy Policy is reviewed every 2 (two) years and updated as necessary.
6.2. This Privacy Policy takes effect from May 7, 2020 and is publicly available on the Website.