PRIVACY POLICY
The Privacy Policy (hereinafter – the Policy) regulates the principles of collection, processing and storage of personal data of visitors of the website www.sofralita.com and social media accounts, as well as newsletter recipients of SOFRALITA, Bendra Lietuvos ir Prancūzijos UAB (hereinafter – the COMPANY), and defines the purposes and means of processing their personal data.
This Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation).
Through this Policy, visitors of the COMPANY’s website and social media accounts and newsletter recipients are informed about the processing of their personal data.
TERMS USED
Personal Data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a name and surname, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject – a natural person – a visitor of the COMPANY’s website or social media accounts and/or a newsletter recipient whose personal data is collected and processed by the COMPANY.
Consent of the Data Subject – any freely given, specific and unambiguous indication of the wishes of a properly informed data subject by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Rights of the Data Subject – the possibilities of the data subject to participate in and control the activities of the data controller and/or processor when his or her personal data is processed – to know and be informed about the processing of personal data; to access the processed personal data and information on how it is processed; to request correction, deletion or suspension of processing actions of personal data, except for storage, where the data is processed in violation of legal requirements; to object to the processing of personal data; to request deletion of personal data; to receive personal data related to him or her which he or she has provided to the data controller; to lodge a complaint with the supervisory authority (State Data Protection Inspectorate).
Data Processing – any operation or set of operations performed on personal data or on sets of personal data, whether by automated or non-automated means, such as collection, recording, sorting, systematisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction.
Automated Data Processing – data processing operations carried out wholly or partly by automated means. These include any information and communication technologies used to process personal data, such as computers, communication networks, etc.
Data Controller – SOFRALITA, Lithuanian-French Joint Stock Company, legal entity code: 110541076, registered address: Ateities pl. 23, LT-52167 Kaunas, phone No.: +37061624559, email: info@sofralita.lt
Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
Data Recipient – a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.
Cookie – a small text file that a website stores on a computer or mobile device when the website is visited.
Personal Data Breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
Other terms used in this Policy shall be understood as defined in the Regulation and other legal acts regulating the processing of personal data.
CHAPTER I
PRINCIPLES OF PERSONAL DATA PROCESSING
1. The COMPANY, when processing your personal data, follows these principles:
1.1. Personal data is processed only for legitimate purposes defined in this Policy and is not further processed in a manner incompatible with those purposes (purpose limitation principle);
1.2. Personal data is processed accurately, fairly and lawfully in accordance with legal requirements (lawfulness, fairness and transparency principle);
1.3. The COMPANY processes personal data in such a way that personal data is accurate and, where necessary, kept up to date (accuracy principle);
1.4. The COMPANY processes personal data only to the extent necessary to achieve the purposes of personal data processing (data minimisation principle);
1.5. Personal data is stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data was collected and processed (storage limitation principle);
1.6. The COMPANY implements appropriate technical and organisational measures ensuring appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (integrity and confidentiality principle);
1.7. The COMPANY is responsible for compliance with the principles specified in this Policy and must be able to demonstrate such compliance (accountability principle).
CHAPTER II
PURPOSES OF PERSONAL DATA PROCESSING
2. The COMPANY processes your personal data:
2.1. for the purposes of pursuing legitimate interests, as well as properly managing and administering the website, monitoring its traffic, ensuring its security, improving its functioning, facilitating information search and ensuring submission of inquiries by Data Subjects, as well as for marketing purposes (sending newsletters with the consent of the Data Subject).
3. For the purposes specified in paragraph 2 of this Policy, the COMPANY collects and processes the following data:
3.1. Personal data: name or name and surname (when provided by you);
3.2. Contact data: email address, telephone number, address (when provided by you);
3.3. Other personal data/information provided by you in your inquiry/order to the COMPANY;
3.4. Other personal data of newsletter recipients (when provided by you).
CHAPTER III
COLLECTION AND PROCESSING OF PERSONAL DATA
4. Personal data is obtained from you when such data is required by law or when you provide such data voluntarily.
5. The COMPANY also processes your personal data when you contact the COMPANY by email, submit an inquiry on the website, subscribe to newsletters, send information to the COMPANY through the contacts indicated on the website or via the COMPANY’s social media accounts. In such cases the COMPANY processes your data in order to administer inquiries and/or send newsletters, ensure the quality of services provided, and protect and defend its legitimate interests.
6. Regardless of the way the data is collected, it is stored only to the extent and for the period necessary to achieve the established purposes, but no longer than the periods established in the General Index of Document Retention Periods approved by Order No. V-100 of the Chief Archivist of Lithuania of 9 March 2011 or other legal acts. Data provided in website inquiries is stored for no longer than three years after the response to the inquiry has been provided and is later deleted.
CHAPTER IV
RIGHTS OF THE DATA SUBJECT
7. As a data subject you have the right to:
7.1. Know / be informed about the processing of your personal data;
7.2. Access your personal data and information about its processing. You have the right to contact the COMPANY with a request to provide information about what personal data is processed and for what purpose;
7.3. Request correction of your personal data. If it is determined that inaccurate or incomplete personal data about you is processed by the COMPANY, you have the right to request correction or completion of such data;
7.4. Request deletion of your personal data (“right to be forgotten”). You have the right to request deletion of your personal data where one of the following grounds applies:
• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• you withdraw the consent on which the processing is based and there is no other legal ground for processing your personal data;
• you object to the processing and there are no overriding legitimate grounds for the processing;
• the personal data has been processed unlawfully.
7.5. Request restriction of processing of your personal data. You have the right to request restriction of processing in the following cases:
• you contest the accuracy of the personal data for a period enabling the COMPANY to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request restriction of its use instead;
• the COMPANY no longer needs the personal data for processing purposes but it is required by you for the establishment, exercise or defence of legal claims;
• you have objected to processing pending verification whether the legitimate grounds of the COMPANY override those of the data subject.
7.6. Object to the processing of personal data. You have the right to object to the processing of certain optional personal data. Such objection may be expressed by not filling certain fields in documents or later submitting a request to terminate the processing of optional personal data. Upon request the COMPANY will inform you which of your data is processed optionally. Upon receiving a request to terminate such processing, the COMPANY immediately ceases such processing unless this contradicts legal requirements.
7.7. Data portability, meaning that you have the right to receive personal data concerning you, which you have provided to the COMPANY, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the COMPANY.
CHAPTER V
MEASURES FOR ENSURING PERSONAL DATA SECURITY
8. The COMPANY implements appropriate organisational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure or any other unlawful processing.
9. Only those persons who have access rights and only when necessary for achieving the purposes specified in this Policy may access personal data collected and processed by the COMPANY.
10. The COMPANY ensures proper network management, maintenance of information systems and implementation of other technical measures necessary to ensure protection of personal data.
CHAPTER VI
TRANSFER OF PERSONAL DATA TO THIRD PARTIES
11. Your personal data may be disclosed to third parties providing services to the COMPANY that ensure the functioning and maintenance of the COMPANY’s information systems. In such cases personal data is disclosed only to the extent necessary for proper provision of their services.
12. Your personal data may also be disclosed to law enforcement authorities in accordance with the legislation of the Republic of Lithuania.
13. When using certain services, such as “Google Analytics”, certain technical data about website visitors’ use of the website may be transferred outside the European Union or the European Economic Area. In such cases data is transferred in accordance with applicable legal requirements and by applying standard contractual clauses approved by the European Commission or other lawful safeguards.
14. In all other cases your personal data may be disclosed to third parties only with your consent.
CHAPTER VII
USE OF COOKIES
15. Information collected using cookies allows the COMPANY to improve the functioning of the website and ensure convenient and efficient information search.
16. The COMPANY’s website uses essential technical cookies necessary for proper functioning of the website. Statistical cookies may also be used to analyse website traffic and improve performance, for example by using “Google Analytics”.
17. Website visitors may manage and/or delete cookies through the settings of their internet browser. The browser may also be configured not to accept cookies or to warn about their use. How to do this depends on the operating system and browser used.
18. If stored cookies are deleted, some functions of the COMPANY’s website may not work as intended.
CHAPTER VIII
SENDING NEWSLETTERS
19. With the consent of the data subject, the COMPANY may send newsletters containing information about products sold, services provided, organised trainings or seminars and other direct marketing content.
20. The COMPANY sends newsletters no more than three times per week and only with the prior consent of the Data Subject expressed electronically by filling in the relevant form on the COMPANY’s website and providing an email address.
21. The COMPANY sends newsletters until the consent is withdrawn.
22. The Data Subject has the possibility to easily unsubscribe and object to further sending of such direct marketing content by clicking the link in the email.
23. After the Data Subject unsubscribes from the COMPANY’s newsletters, no further newsletters will be sent.
CHAPTER IX
CHANGES TO THE PRIVACY POLICY
24. This Policy is regularly reviewed and updated, and any changes are published on the website: www.sofralita.com.
CHAPTER X
CONTACT INFORMATION
25. If you have questions, comments or complaints related to the personal data collected, used and stored by the COMPANY, please contact us by email: info@sofralita.lt.