- 1. UAB SKINIJA, legal entity code 133618635, registered office address Šilalės g. 14, Kaunas, LT-48315, Lithuania (hereinafter referred to as the Company) is the operator of the online store www.skinija.lt.
- 5. More detailed information about the Company and the Company's contact details can be found in the CONTACTS section of the Online Store website.
- 6. We would like to point out that all actions carried out with the User's Personal Data are carried out in accordance with the applicable provisions of the European Union and the Republic of Lithuania, in particular the General Data Protection Regulation and the Law on Legal Protection of Personal Data of the Republic of Lithuania, as well as with the requirements of other legal acts.
Term Definition Personal Data Any information about the data subject: a wide range of personal identifiers, including a natural person's name, (work) phone number, (work) email address, identification number, location data, internet identifier, etc. Special categories of data Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of identifying a natural person specifically, health data or data concerning the sex life and sexual orientation of a natural person. Data Controller or Controller The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing. Data Processor or Processor A natural or legal person who processes personal data on behalf of the Controller. Data subject Any living individual who is the subject of personal data stored by an organisation. Data processing Any operation or sequence of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, in alignment or combination with other data, restriction, erasure or destruction. Personal Data breach A breach of security resulting in the unintentional or unauthorised destruction, loss, alteration, unauthorised disclosure, unauthorised access or unauthorised transmission, storage or other processing of personal data. Data subject consent Any freely given, specific and unambiguous indication of the data subject's free will, by means of a statement or an unambiguous action, by which he or she consents to the processing of personal data, if properly informed. Personal Data Protection Officer The staff member responsible for the implementation of the Policy within the organisation.
Terms used in the context of this document include:
- 2. The Data Controller is the Company, i.e. UAB Skinija, legal entity code 133618635, Šilalės g. 14, LT-48315, Kaunas, Lithuania, which determines the grounds, purposes and means of data processing.
- 3. Online Store – an electronic shop accessible at www.skinija.lt.
- 4. User – a natural person visiting the Online Store website and/or a natural person interested in or seeking to purchase the goods sold by the Company and/or receive the services provided by the Company, and/or acquiring them.
- 5. Personal Data means any information relating to a natural person, a data subject, whose identity is known or can be established, directly or indirectly.
- 6. Data recipient – a legal or natural person to whom the Data Controller provides personal data.
- 7. Online Store account – an account for logging in to the Online Store website, which is created by the active actions of the User according to the sequence of actions specified on the Online Store website, and where the User's Personal Data and order history are stored.
- 8. A cookie is a small text file that is sent to and temporarily stored on each User's device used to access the Online Store website.
- 9. Direct marketing means the activity of offering goods or services to persons by post, telephone or other direct means and/or seeking their opinion on the goods or services offered.
- 10. Partner of the Company means a person who provides services to the Company or assists in the performance of services to the entity or with whom joint projects may be undertaken.
- 11. The Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Labour Code and other legal acts regulating the protection of personal data.
WAYS OF OBTAINING PERSONAL DATA
- 1. The Company receives a User’s Personal Data in three ways, when:
− The User provides information about him/herself;
− The data relating to the User is generated automatically when the User uses the Online Store website;
− Data about the User is obtained from third parties.
- 2. The User of the Company's Online Store website independently provides information to the Company in the following cases:
- When the User creates an Online Store account and places an order in the e-Store;
- During the User's communication in any form with the Company.
- 3. The second way of obtaining Personal Data includes the situation where the Company obtains the information by means of cookies, on the legal basis of the User's consent to the processing of his/her Personal Data and collects it automatically when the User uses the Company's Online Store website and the opportunities it provides.
PURPOSES OF PROCESSING THE USER'S PERSONAL DATA
- 1. The Company processes Users' Personal Data for the purposes set out below:
- For the purpose of conducting electronic commerce on the Company's Online Store website;
- For the purpose of organising and running competitions, promotions and games;
- For the purpose of providing services;
- For direct marketing purposes;
- For the purpose of assessing, improving and ensuring the quality of professional service and for the purpose of resolving potential or existing disputes with the Users (audio recording).
- For identification purposes;
- For information and communication purposes;
- For debt recovery purposes.
- 2. The Company shall not process the User's Personal Data for any other purposes incompatible with the purposes set out above.
PERSONAL DATA PROCESSED AND THE LEGAL BASIS FOR PROCESSING THEM
1. The Company processes the following Personal Data of Users in the course of its business:
- The legal basis for the conclusion and performance of the contract: Personal Data of the user, such as full name, email address, telephone number, delivery address, internet protocol (IP) address, payment method of the purchased item, order history, residential address, text file cookies.
This Personal Data is processed for the purpose of conducting electronic commerce on the Company's Online Store website.
- On the basis of the User's consent: Personal Data of the User, such as full name, telephone number, email address, internet protocol (IP) address, text file cookies.
- This Personal Data is processed for the purpose of competitions, promotions, organisation and execution of games, marketing.
- The legal basis for the conclusion and performance of the contract: Users’ Personal Data such as full name, telephone number, email address, personal complaints
- This Personal Data is processed for the purpose of providing the services published on the Company's Online Store website.
On the basis of the User's consent: Users’ Personal Data such as full name, email address, city, purchase category, purchase amount data, text file cookies This Personal Data is processed for the purpose of carrying out direct marketing.On the legal basis of the Company's legitimate interest and consent: Personal Data of the User, such as audio recording (conversation recording) data This Personal Data is processed for the purpose of professional service quality assessment, improvement and assurance and for the purpose of resolving potential or existing disputes with Users.
- 2. The Company notes that it does not collect, process or perform any other data processing operations related to the User's sensitive (special) personal information, such as religious or political opinions, health, etc.
USER RIGHTS AND PROCEDURES FOR THEIR IMPLEMENTATION
1. The Company shall ensure, observe and respect the rights of the Users of the Company's Online Store website:
- the right to information, i.e. the right to be informed about the processing of the User's Personal Data by the Company;
- the right to receive information relating to the User's Personal Data processed by the Company;
- the right to rectification of the User's Personal Data if it is inaccurate or incomplete;
- the right to be forgotten when the Personal Data is no longer necessary to achieve the purposes for which it was collected or otherwise processed and/or the User withdraws the consent on which the processing of the Personal Data was based and there is no other lawful basis for the processing of the Personal Data, and/or the User does not consent to the processing of the Personal Data, and there are no overriding legitimate grounds for processing the Personal Data, and/or the Personal Data has been unlawfully processed, and/or the Personal Data must be erased in accordance with a legal obligation imposed by the law of the European Union or the law of a Member State of the Company, and/or the User's Personal Data has been collected in the context of the offering of information society services;
- the right to restrict the processing of the User's Personal Data when the User disputes the accuracy of the Personal Data for the period during which the Company can verify the accuracy of the Personal Data and/or the processing of the Personal Data is unlawful and the User does not consent to the deletion of the Personal Data and instead requests to restrict its use, and/or the Company no longer needs the User's Personal Data for processing purposes, but it is necessary for the User to assert, enforce or defend legal claims, and/or the User has objected to the processing of the Personal Data until it is verified whether the Company's legitimate reasons prevail over the User's reasons;
- the right to object to the processing of the User's Personal Data, i.e. the User shall have the right to object at any time, on grounds relating to the particular case of the User, to the processing of Personal Data concerning him or her where such processing is carried out for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company, including profiling, and/or the processing of Personal Data is necessary for the legitimate interests of the Company or of a third party, except where such interests or fundamental rights and freedoms of the User, which require the protection of personal data, are overridden by such interests, in particular where the User is a child, including profiling, and/or where Personal Data is processed for the purpose of direct marketing, including profiling in relation to direct marketing. The Company hereby states that, taking into account the exercise of the User's right to object to the processing of Personal Data, it no longer processes Personal Data, unless the Company proves that the processing of Personal Data is carried out for compelling legitimate reasons that override the interests, rights and freedoms of the Company or for the purpose of asserting, enforcing or defending legal claims;
- the right to portability of Personal Data, i.e. the User shall have the right to obtain Personal Data relating to him/her which he/she has provided to the Company, where the processing of the User's Personal Data is based on consent and/or contract and such User's Personal Data is processed by automated means of processing of Personal Data. The Company hereby points out that, in exercising its right to data portability, the User has the right to have the Company, whenever technically feasible, transmit the Personal Data directly to another Data Controller, i.e. to the natural or legal person who establishes the purposes and means of the processing of the data.
- the right to withdraw consent to the processing of Personal Data where the processing is based on the User's consent.
- 2. The Company states that the relevant actions implementing the above-mentioned rights of Users will be carried out as soon as possible, but no later than 1 (one) month after the date of your written request.
- 3. Please note that, if necessary, the deadline of 1 (one) month may be extended by a further 2 (two) months, depending on the complexity and number of requests. In such case, the Company shall inform the User of such extension within 1 (one) month of receipt of the request, together with the reasons for the delay.
- 4. The Company points out that, without prejudice to other administrative or judicial remedies, each User shall have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State in which he/she has his/her habitual residence, place of work or the place of the alleged infringement, if he/she considers that the processing of his/her Personal Data is being carried out in breach of the applicable legal data protection legislation. In the Republic of Lithuania, such supervisory authority is the State Data Protection Inspectorate, legal entity code 188607912, address A. Juozapavičiaus g. 6, LT-09310 Vilnius, Lithuania
- 5. If the User wishes the Company to exercise the above rights or if the User has any questions regarding the enforcement of his/her rights, please contact the Company at firstname.lastname@example.org.
TIME LIMITS FOR THE RETENTION OF PERSONAL DATA
- 1. The retention periods for Personal Data processed by the Company, depending on the purposes of the processing of Personal Data, are as follows:
- User's Personal Data processed for the purpose of conducting electronic commerce on the Company's Online Store shall be stored for 3 (three) years from the User's last use of the Company's Online Store;
- The User's Personal Data processed for the purpose of organising and conducting contests, promotions or games shall be stored for 3 (three) years from the User's last participation in a contest, promotion or game organised by the Company
- The User's Personal Data processed for the purpose of providing the services shall be stored for 3 (three) years from the User's last use of the services provided by the Company;
- The User's Personal Data processed for the purpose of direct marketing shall be stored for a period of 2 (two) years from the date of receipt of the User's consent to the processing of his/her Personal Data for the purpose of direct marketing;
- Personal data of the User processed for the purpose of evaluating, improving and ensuring the quality of professional service and for the purpose of resolving potential or arising disputes with customers shall be stored for 3 (three) years from the date of receipt of the relevant Personal Data.
- 2. The Company shall use all reasonable and prudent endeavours to protect the User's Personal Data for the periods specified above. Upon expiration of the Personal Data retention period, the Company shall destroy the User's personal information.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES AND DISCLOSURE OF PERSONAL DATA
- 1. The Company uses trusted third parties established in Lithuania and other European Union countries.
- 3. The User's Personal Data shall only be communicated to third parties to the extent and volume necessary for the direct performance of their duties and to ensure the legitimate interests of the User. The person will be informed separately on a case-by-case basis.
- 4. The Company and the third party to whom the Company has transferred the User's Personal Data shall operate under separate agreement(s) governing the processing of Personal Data transferred to the third party, the necessary technical and organisational security measures to be put in place along with other necessary legal provisions governing the processing of Personal Data.
- 5. The User undertakes and must protect his/her password and login name and other Personal Data for logging in to the account on the Company's Online Store website. The User undertakes and is obliged not to disclose to any other third party any Personal Data about himself or herself or about third parties, if such Personal Data of third parties has become available to him or her, and to inform the Company immediately of any identified breaches.
- 6. The Company seeks to ensure the confidentiality of the User's personal information and, in the normal course of using the Company's Online Store website, the Company shall not be entitled to disclose the User's Personal Data to any other data recipients, unless the Company's process of providing the services requires it.
- 7. In the event that the Company is obliged to do so by law or regulation, the Company shall disclose information about the User to the competent authorities.
SECURITY OF PERSONAL DATA
- 1. The Company is committed to the security and confidentiality of the User's Personal Data. In order to prevent unauthorised access to Personal Data or unauthorised disclosure of Personal Data and to protect the information in its possession, the Company has implemented appropriate technical and organisational security measures.
- 2. The Company notes that although the Company endeavours to put in place appropriate technical and organisational security measures, these or any other measures cannot guarantee complete security and cannot protect against all possible security breaches at any time due to possible unauthorised activities of third parties.
- 3. In the event of any personal security breaches, the Company will notify, within 72 hours, all Users or subjects whose data security may have been compromised.
CHILDREN'S PERSONAL DATA AND PRIVACY
- 1. The Company's Online Store and its services are intended for persons aged 16 years and over, and the Company does not knowingly collect or process Personal Data from children under the age of 16.
- 2. However, the Company notes that parents have the right to provide the Company with their consent if their minor child under the age of 16 wishes to use the Company's Online Store and its facilities, for example, to purchase a product or service.
- 3. If you become aware that your child has provided personal information to the Company without your consent, please contact the Company at email@example.com.
- 1. The Company shall be entitled to send direct marketing communications to the User by email and/or SMS with the User's express consent.
- 2. The User has the right to withdraw the consent(s) given to the Company to process his/her Personal Data for Direct Marketing purposes at any time
- 3. If the User no longer wishes to have his or her Personal Data used for the purposes of direct marketing, the User may:
- log in to their Account on the Online Store website and under “My Account” in the “Account” section at the bottom of the form, uncheck the box next to “Subscribe to our newsletter” and/or News SMS, and click the “Save” link;
- send an email to firstname.lastname@example.org or call the Company's general customer advice line +370 652 89484 and indicate that they do not wish to receive emails and/or SMS messages;
- unsubscribe from the newsletter by clicking on the “unsubscribe link” at the bottom of the newsletter.
- 4. The sending of emails and/or SMS messages shall only be interrupted at the email addresses and/or telephone numbers expressly indicated by the User.
- 5. The User has the right to object to the use of his/her personal data for direct marketing purposes by informing the Company by email to email@example.com or by calling the Customer Consultation Line +370 652 89484.
- 1. In order to provide the User with the full range of the Company's Online Store services, cookies may be placed on the User's device used to access the Online Store, subject to the User's consent.
- 3. Cookies used by the Company are for the transmission of information over an electronic communications network. Other types of cookies are to collect information for the calculation of attendance (to collect statistical information), to provide content that is relevant to the interests of the User and to save the visit history. The Company does not use these types of cookies but draws the Users' attention to the fact that some of the Company's partners may use these types of cookies. Therefore, the User should contact the particular Company's partner if he/she suspects that these types of cookies are being used without his/her consent.
Code of legal entity 13361863
Address: Šilalės g. 14, Kaunas LT-48315, Lithuania