Privacy Policy
The purpose of the privacy policy is to inform how data subjects’ personal data are collected and processed, to explain how long they are stored, to whom they are provided, what rights data subjects have and where to apply for their implementation or other issues related to personal data processing.
Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter - Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.
Cotenders UAB follows the following basic principles of data processing:
- personal data is collected only for clearly defined and legitimate purposes;
- personal data is processed only legally and fairly;
- personal data are constantly updated;
- personal data is stored securely and no longer than required by the established purposes of data processing or legal acts;
- personal data is processed only by employees of Cotenders UAB who have been granted such a right based on their work functions or by duly authorized data processors.
1. Concepts
1.1. Data controller – Cotenders UAB (hereinafter – Company), legal entity code 303488967, registered office address Gedimino pr. 50, Vilnius.
1.2. Data subject - any natural person whose data is processed by the company. The data controller collects only those data of the data subject that are necessary for the company’s activities and/or visiting, using, browsing Cotenders UAB websites, Facebook page, etc. (hereinafter referred to as Site). The company ensures that the collected and processed personal data will be secure and will be used only for a specific purpose.
1.3. Personal data - any information directly or indirectly related to a data subject whose identity is known or can be directly or indirectly determined using the relevant data. Processing of personal data is any operation performed with personal data (including collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).
1.4. Consent - any freely and knowingly given confirmation by which the data subject agrees to the processing of his personal data for a specific purpose.
2. Sources of personal data
2.1. Personal data is provided by the data subject himself. The data subject applies to the company, registers for services, uses services provided by Cotenders UAB, purchases goods and/or services, leaves comments, asks questions, applies to the company requesting information, etc.
2.2. Personal data is obtained when the data subject visits the website of Cotenders UAB. The data subject fills in the forms therein or leaves his contact details etc. for any reason.
2.3. Personal data is obtained from other sources. Data is obtained from other institutions or companies, publicly available registers, etc.
3. Processing of personal data
3.1. By submitting personal data to the company, the data subject agrees that the company will use the collected data to fulfill its obligations to the data subject, providing services that the data subject expects.
3.2. The company processes personal data for the following purposes:
3.2.1. Cotenders UAB activity assurance and continuity. The following data are processed for this purpose:
For the purpose of concluding and executing contracts, personal data of suppliers (natural persons) may be processed: name(s), surname(s), personal identification number or date of birth, place of residence (address), telephone number, e-mail address, workplace, position, bank current account and the bank in which this account is located, the date, amount, currency and other data of the monetary transaction or transaction, provided by the person himself, which the company receives in accordance with legislation in the course of the company’s activities and (or) which the company is required to handle by laws and/or other legal acts. For example data contained in the business certificate (type of activity, group, code, name, periods of activity performance, date of issue, amount), individual activity certificate number, data or data subject is a VAT payer, etc. data required for the proper performance of the contract and/or legal obligations. When the partner is a legal entity, the following may be processed by its employees or representatives: name, surname, telephone number, e-mail address, company name, address, duties, authority data (number, date, date of birth of authorized person.
During the administration of requests, comments and complaints, personal data may be processed: first name(s), last name(s), e-mail address, text of the request, comment or complaint.
3.2.2. Direct marketing (subscribing to newsletters). The following data are processed for this purpose:
- Electronic mail.
3.2.3. For the purpose of ensuring the security of Cotenders UAB employees, other data subjects and property (video surveillance). The following data are processed for this purpose:
- image image. Video surveillance
3.2.3. For the purpose of ensuring the security of Cotenders UAB employees, other data subjects and property (video surveillance). The following data are processed for this purpose:
- image image. Video surveillance systems do not use face recognition and/or analysis technologies, the video data captured by them are not grouped or profiled according to a specific data subject (person). The data subject is informed about the ongoing video surveillance by means of information signs with the symbol of the video camera and the details of the company, which are presented before entering the monitored territory and/or room. The surveillance field of video cameras does not include premises where the data subject expects absolute protection of personal data.
3.2.4. For other purposes, for which the company has the right to process the personal data of the data subject, when the data subject has expressed his consent, when the data needs to be processed due to the legitimate interest of the company or when the company is required to process the data by relevant legal acts.
4. Provision of personal data
4.1. The company undertakes to observe the duty of confidentiality towards the data subjects. Personal data may be disclosed to third parties only if it is necessary to conclude and execute a contract for the benefit of the data subject, or for other legitimate reasons.
4.2. The company may provide personal data to its data processors who provide services to the company and process personal data on behalf of the company. Data processors have the right to process personal data only in accordance with the company’s instructions and only to the extent that it is necessary in order to properly fulfill the obligations set out in the contract. The company uses only those data processors who sufficiently ensure that appropriate technical and organizational measures will be implemented in such a way that the data processing complies with the requirements of the Regulation and ensures the protection of the data subject’s rights.
4.3. The company may also provide personal data in response to court or state authority requests to the extent necessary to properly comply with applicable legislation and state authority orders.
4.4. The company guarantees that personal data will not be sold or rented to third parties.
5. Processing of personal data of minors
5.1. Persons under the age of 14 may not submit any personal data through the company’s website. If a person is younger than 14 years of age, in order to use the company’s services, before providing personal information, it is mandatory to provide the written consent of one of the representatives (father, mother, guardian) regarding the processing of personal data.
6. Personal data storage term
6.1. The personal data collected by the company are stored in printed documents and/or in the company’s information systems. Personal data is processed no longer than is necessary to achieve the purposes of data processing or no longer than is required by the data subjects and/or provided for by legal acts.
6.2. Although the data subject may terminate the contract and refuse the company’s services, the company must continue to store the data subject’s data for possible future claims or legal claims until the data retention periods expire.
7. Rights of the data subject
7.1. Right to receive information about data processing.
7.2. Right to access processed data.
7.3. Right to request correction of data.
7.4. Right to demand deletion of data (“Right to be forgotten”). This right does not apply if the personal data that is requested to be deleted is also processed on another legal basis, such as the processing is necessary for the performance of a contract or is the fulfillment of an obligation according to the applicable legislation.
7.5. Right to restrict data processing.
7.6. Right to object to data processing.
7.7. Right to data portability. The right to data portability cannot adversely affect the rights and freedoms of others. The data subject does not have the right to data portability in relation to personal data that is processed manually in systematized files, such as paper files.
7.8. The right to request that a decision based solely on automated data processing, including profiling, not be applied.
7.9. The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
- The company must provide conditions for the data subject to implement the above-mentioned rights of the data subject, except for the cases established by law, when it is necessary to ensure the security or defense of the state, public order, prevention, investigation, detection or prosecution of criminal activities, important economic or financial interests of the state, official or the prevention, investigation and detection of violations of professional ethics, the protection of the rights and freedoms of the data subject or other persons.
9. Procedure for implementing the data subject’s rights
9.1. The data subject, for the exercise of his rights, can apply to the company:
- when submitting a written request in person, by post, through a representative or by means of electronic communication - e-mail by mail: [email protected];
- orally - by phone +370 687 22159;
- in writing - at Gedimino Ave. 50, Vilnius.
9.2. In order to protect data from illegal disclosure, the company must verify the identity of the data subject after receiving the data subject’s request to submit data or exercise other rights.
9.3. The company’s response to the data subject is given no later than one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of personal data processing. This period may be extended by another two months if necessary, depending on the complexity and number of requests.
10. Responsibility of the data subject
10.1. The data subject has:
10.1.1. to inform the company about changes in the provided information and data. It is important for the company to have correct and valid data subject information;
10.1.2. to provide the necessary information so that, at the request of the data subject, the company can identify the data subject and make sure that it is really communicating or cooperating with a specific data subject (provide a document confirming the identity of the person or in accordance with the procedure established by legal acts or electronic means of communication that would allow the proper identification of the data subject). This is necessary for data protection of the data subject and other persons, so that the disclosed information about the data subject is provided only to the data subject, without violating the rights of other persons.
11. Final Provisions
11.1. By transferring personal data to the company, the data subject accepts this Privacy Policy, understands its provisions and agrees to comply with it.
11.2. During the development and improvement of the company’s activities, the company has the right to unilaterally change this Privacy Policy at any time. The company has the right to unilaterally, partially or completely change the Privacy Policy by announcing it on the website StatybosZurnalas.lt.
11.3. Additions or changes to the privacy policy take effect from the day of their publication, i.e. from the day they are placed on the website StatybosZurnalas.lt.