Privacy Policy

Privacy Policy

CHAPTER I

  1. GENERAL PROVISIONS

1.1. UAB GAUTORA (hereinafter referred to as "the Company"), company code 300551533, Vytauto pr. 87-6, LT-44238 Kaunas, e-mail sales@gautora.lt, tel. +370 630 50 447, respecting the right to privacy of the interested persons, buyers or visitors (hereinafter referred to as "Visitor"(s)) of the website www.gautora.lt (hereinafter referred to as "Website"), undertakes to ensure the protection of their personal data and the enforcement of their rights as data subjects.

1.2 This Data Protection Policy governs the principles and procedures for the processing of the Company's Visitors' personal data when using the Company's Website services or purchasing goods on the Website, thereby providing the Company with their personal data. Visitors agree to the provisions of this Data Protection Policy, except for processing activities that will require the Visitor's individual consent and which the Company will request when required.

1.3 Visitors can access the Website's Data Protection Policy by clicking on "Data Protection Policy" in the Website menu, and cookies in the pop-up cookie bar, and are deemed to have accessed the cookies by clicking on the "I accept" button in the pop-up cookie bar. If the visitor objects to the Data Protection Policy, the use of cookies and/or does not agree with the privacy and/or processing of Personal Data on the Website, or simply does not agree with the Website's Data Protection Policy, he/she may not continue to use the Website, and if he/she continues to use the Website, he/she does so at his/her own risk and responsibility, and may not make any claims relating to the privacy and/or the processing of Personal Data on the Website.

1.4 Visitors to the Website may accept or reject the cookies used on the Website (other than strictly mandatory cookies, if any) by clicking on the relevant button in the pop-up cookie bar, and to find out more about cookies and their management in the Data Protection Policy

1.5 OR Visitors are deemed to have read the Website's Data Protection Policy by ticking the consent/acceptance "box" when registering on the Website or in the Visitor System, or by clicking the "Allow" or "Disallow" button (for the use of cookies), or by simply clicking "Data Protection Policy" in the cookie bar that appears on the Website (which, when clicked, will bring up the website window containing the text of the Data Protection Policy). The Data Protection Policy can be re-accessed at any time by clicking on "Data Protection Policy" in the Site menu.

1.6.The Company, when concluding a contract with the Client, providing services or selling goods outside of this Website, has the right to establish additional purposes and conditions for processing personal data, which are not informed in this Data Protection Policy. If you would like to know more about the processing of personal data by the Company, please contact or visit our Company at the contact details or address set out in clause 1.1.

1.7 In processing the personal data of the Visitors, the Company complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("Regulation"), the Law of the Republic of Lithuania on the Legal Protection of Personal Data ("LPRD"), the Law on Electronic Communications of the Republic of Lithuania ("LERC"), and any other legal acts regulating personal data protection.

1.8 The Company may, at its sole discretion, change the terms of this Data Protection Policy by posting relevant information on the Website.

  1. DATA PROTECTIONTERMS USED IN THE POLICY

2.1. 'Personal data' means any information relating to an identified or identifiable natural person, whether or not directly or indirectly, in particular by reference to an identifier such as a name, a personal identification number, location data and an online identifier, or to one or more factors specific to the natural person's physical, physiological, genetic, mental, economic, cultural or social identity.

2.2.Data Subject - a natural person - a customer of the Company, a visitor to the Website, etc., whose personal data is collected by the Company.

2.3 "Consent of the data subject" means any freely given, specific and unambiguous indication of the data subject's wishes, by means of a statement or an unambiguous action, by which he or she freely consents to the processing of personal data concerning him or her.

2.4 "Processing" means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, alignment with or combination with other data, restriction, erasure or destruction.

2.5 Restriction of processing - the marking of stored personal data in order to restrict its future processing.

2.6 "Data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing.

2.7 "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller. Employees of the Company are not considered to be data processors.

2.8. cookie - a small piece of text information that is automatically created when browsing the Website and stored on the visitor's computer or other device.

2.9. "Direct marketing" means the practice of offering goods or services to persons by post, telephone or other direct means and/or seeking their opinion on the goods or services offered.

  1. WHAT PERSONAL DATA IS COLLECTED ON THE WEBSITE?

3.1 The Company collects and further processes the following personal data of the Visitors, which the Visitors themselves provide when visiting, registering, enquiring, ordering services and/or purchasing goods on the Website: name, surname, e-mail address, name, address, email address, etc.The Visitors' name, email address, telephone number, IP address, mailing and/or delivery address, login name, password, customer identification number, purchase history, date of registration, data related to the ordering, sale and payment of a product or service, email correspondence and information the content of which cannot be predicted or determined by the Company and which the Visitor may not be able to predict or control by inquiring, notifying etc. The Company may not be able to determine the information that the Company may not be able to reasonably determine, and which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine, which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine and which the Company may not be able to reasonably determine.

3.2 The Company collects and continues to process automatically collected personal data by means of cookies (only those who have consented to the use of these cookies by clicking on the consent button in the cookie bar on the Website page) and which are indirectly provided by the Visitors when visiting, registering, ordering services and/or purchasing goods on the Website. These are data that are automatically collected from the computers and/or mobile devices used by the Visitors when accessing the Site: IP addresses and times of access, the browser and version used by the user, the websites visited by the Visitors prior to accessing the Company's Site, data on the use of the services, etc. These data are stored for the duration of the cooperation between the Company and the Visitor and, depending on the data, for a period of up to 26 (twenty-six) months from the end of the cooperation period (or the last session of the Visitor's visit to the website). This data may be stored for a longer period if there are other legal grounds for such storage period. Other data is stored on the servers of cookie controllers (e.g. Google Analytics) and is not the responsibility of the Company and is not monitored by the Company. These data may be stored for up to 20 (twenty) years.

3.3 For more information about the personal data that Visitors indirectly provide when visiting the Website, please refer to Sections 9, 10 and 11 of this Data Protection Policy on Cookies.

3.4 By using the services provided by the Website, the Visitor assumes full responsibility for the correctness and accuracy of the data provided.

3.5 If the Visitor fails to provide the personal data necessary for the conclusion of a contract, performance of the contract, provision of services on the Website, etc., or provides incorrect data, the Company will not be able to enter into a contract with the Visitor and/or fulfil its terms, or be able to provide the Visitor with the services provided on the Website or general services, or simply to inform the Visitor in a proper manner.

3.6 In the event of a change in your personal data or other relevant information provided on the Website, the Visitor undertakes to amend and/or supplement his/her personal data or other relevant information within 10 (ten) working days.

3.7 In individual cases, the Website Administrator shall have the right to request clarification and/or supplementation of the Visitor's personal data or other relevant information if it is necessary for the provision of the Website's services, the Company's obligations, or the performance of a contract.

3.8 If a separate account is created for a Visitor on the Website, the Visitor is responsible for the confidentiality of his/her login passwords and for any actions performed on the Website after logging in using the Visitor's login details. The Visitor may not disclose the login details to any third party. If the Visitor becomes aware or suspects that the Visitor's login details have become known or may become known to third parties, the Visitor must immediately inform the Website Administrator using the contacts specified in Clause 1.1. and change the login details. In the event that the Website Administrator is not informed, if a third party accesses the Website using your login credentials, we will assume that you have accessed the Website.

  1. FOR WHAT PURPOSES AND ON WHAT GROUNDS ARE PERSONAL DATA COLLECTED AND PROCESSED?

4.1 The Company shall process the Visitor's personal data on the basis of a legal basis and/or a legitimate and legitimate interest that does not infringe the interests, rights and freedoms of the Visitor.

4.2 The Company processes personal data for the following processing purposes:

4.2.1. for the purposes of electronic commerce, order fulfillment and administration of the Website (e-shop), delivery of goods (shipments) to customers and administration and other obligations arising from the purchase and sale relationship;

4.2.2. for the purposes of administering accounting records relating to the ordering of services or goods, and for the purposes of administering after-sales service;

4.2.3. for the protection and defence of violated rights and legitimate interests, for the purpose of proving and settling legal disputes;

4.2.4. for the purpose of identifying the Visitor on the Website;

4.2.5. for the purpose of the visitor's registration on the Website;

4.2.6. for the purpose of identifying and logging in to the Visitor's account, processing and administering the purchase of services and/or goods;

4.2.7. for the purposes of communication, including correspondence with the Website Visitor;

4.2.8. for the purposes of ensuring the rights of whistleblowers, in accordance with the Law on the Protection of Whistleblowers of the Republic of Lithuania;

4.2.9. and for other purposes related to the Company's legal obligations and liabilities.

4.3 Personal data is processed on the basis of the legal grounds of GDPR (EU) 2016/679:

4.3.1. Article 6(1)(b), i.e. the processing is necessary for the performance of a contract to which the data subject is a party, or for the purpose of taking action at the request of the data subject prior to the conclusion of the contract;

4.3.2. point (c) of Article 6(1), i.e. the processing is necessary for compliance with a legal obligation to which the controller is subject;

4.3.3. point (f) of Article 6(1), i.e. processing is necessary for the legitimate interests of the controller or of a third party, unless such interests of the data subject or the fundamental rights and freedoms of the data subject, which require the protection of personal data, override those interests, in particular where the data subject is a child;

4.4 If the Company wishes to use the Visitor's data for other purposes for which it does not have a contractual or other legal basis, the Company will seek the Visitor's consent. With the Visitor's consent (which the Visitor may withdraw at any time), the Company will only use the data for a specific purpose, for example as set out in the Direct Marketing section.

  1. HOW IS VISITORS' PERSONAL DATA PROCESSED?

5.1 The Company shall ensure that the personal data of Visitors will be:

5.1.1. processed in a lawful, fair and transparent manner;

5.1.2. are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes;

5.1.3. adequate, relevant and only necessary for the purposes listed above for which they are processed;

5.1.4. accurate and updated as necessary;

5.1.5. processed in such a way as to ensure, through appropriate technical and organisational measures, adequate security of personal data, including protection against unauthorised or unlawful processing of Data and against accidental loss, destruction or damage.

  1. WHO IS PROVIDED WITH VISITORS' PERSONAL DATA?

6.1 Access to the Visitor's personal data by the Company's employees and authorised persons shall only be granted for the performance of official functions in accordance with the Employee's position and role within the Company.

6.2 All data recipients to whom the Company transfers (or will transfer, as appropriate) personal data are (or will be) bound by law or by signature to keep the information confidential. Without the consent or request of the Visitor, the Company will not transfer personal data to other persons not specified in these Terms and Conditions, unless the Company is obliged to do so in accordance with the procedure provided for by the legislation of the Republic of Lithuania or the European Union.

6.3.The Company, when providing services or selling goods, fulfilling the requirements of the legislation of the Republic of Lithuania, fulfilling its obligations and commitments, for internal administration purposes or on the basis of the Company's legitimate interest and / or on the basis of a legal basis, may receive and / or transfer the Visitor's personal data to the state, law enforcement authorities, etc. legal or natural entities, as well as third parties such as leasing, credit, insurance, transport, courier, legal services, etc. companies, partners or service providers, as well as if it is necessary for the protection of the Company's rights and for the transmission of data to courts, persons involved in debt collection procedures, bailiffs or simply for the performance of the Company's statutory obligations.

6.4 For the purpose of providing the services provided on the Website, the personal data of the Visitors is transferred to the following Data Processors:

6.4.1;

E-shop developers;

Server maintenance companies

6.5 The Company shall only use Data Processors that ensure that appropriate technical and organisational measures are implemented in such a way that the processing of Data complies with the requirements of the Regulation and that the protection of the rights of Visitors as data subjects is ensured.

6.6 The Company notes that the above Data Processors are entitled to process the Visitors' personal data only on the Company's instructions.

  1. HOW LONG ARE PERSONAL DATA STORED?

7.1.Visitors' personal data shall be stored during the entire period of cooperation and for as long as they are necessary for the execution and administration of the contract or the Website services (purchase and sale), and thereafter for as long as the storage of personal data is obligatory for the Company in accordance with the procedure provided for by the legislation of the Republic of Lithuania. The retention periods for different Personal Data according to the different purposes of data processing may vary from 1 to 50 years, and in cases where the legislation does not provide for time limits, the Company shall retain different Personal Data for different periods, taking into account the purposes of data processing and the actual legitimate grounds of the Company, for example:

7.1.1. for the processing and administration of the purchase of services and/or goods, and for the administration of accounting documents related to the ordering of services or goods, shall be kept for 50 years (Order of the Chief Archivist of Lithuania No.V-100 of 09.03.2011);

7.1.2. of persons who have given consent to the processing of their personal data for direct marketing purposes and who have not objected to the processing of their personal data at the time of collection of the data - until such time as the consent is withdrawn or the purpose for which the consent was given has expired, stored for 1 year;

7.1.3. in the course of the presentation of evidence in court or in the course of disputes, the data shall be stored in accordance with the legislation on data retention periods, and in the event of an incident, dispute, investigation, legal proceedings, etc., from the beginning of the incident and for a period of 1 year following the conclusion of the investigation and/or the final decision of the court or the final decision of the relevant authorities;

7.1.4. the login data to the Site for as long as the Visitor uses the Site and for 3 years after the Visitor stops using the Site;

7.1.5. data relating to a communication shall be retained until the end of the communication, or for 2 years from the last moment of the communication;

7.1.6. the contact data shall be kept permanently for as long as the services are provided or pre-contractual communication takes place, and for 2 years after the end of the provision of services or the absence of a service contract etc.

7.2 If you would like to know the exact details of the information you are interested in, you may contact us at the contacts and/or address set out in Section 1.1 of this Data Protection Policy.

CHAPTER II. MARKETING

  1. PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES

8.1 Without the Visitor's express consent, the Company may use the Visitor's contact details to send notifications or reminders by post, email, telephone or SMS in connection with the conclusion of a contract, including pre-contractual activities, the provision of services and/or the enforcement of the Company's legal obligations and/or commitments and for similar purposes (which are not classified as direct marketing purposes).

8.2 The Company is currently engaged in direct marketing activities. The Company may use the Visitor's personal data for sending newsletters, offers, invitations and other promotional messages, as well as inquiring about the quality of existing services or goods by post, e-mail, telephone or SMS only with the prior consent of the Visitor, i.e. in accordance with the provisions of Article 6(1)(a) of the Regulation (EU) 2016/679, i.e., the data subject has consented to the processing of his/her personal data for one or more specific purposes, and with the Law on Electronic Communications. The Company carries out website statistics and visitor analysis activities with the help of cookies (for more information on cookies, see sections 1.3, 2.8, and 3.2, and sections 9, 10 and 11).

8.3 The Company may carry out the following activities for Direct Marketing purposes (only with the prior consent of the Visitor):

8.3.1. for the purpose of sending newsletters;

8.3.2. for the purposes of granting discount (loyalty) cards to Visitors, accounting for discounts, administering the cards, and informing Visitors who have loyalty cards and have consented to the processing of their data by post, email, telephone or SMS about new products and promotions;

8.3.3. for the purposes of direct marketing, games, lotteries, polls, surveys, quizzes, contests, promotions, statistical questionnaires, voting and similar activities;

8.3.4. for the purposes of ensuring the participation of the visitor in the customer loyalty (discount) programme, for the purposes of direct marketing in connection with the loyalty (discount) programme;

8.3.5. for the purposes of business analytics and statistical analysis, and for the purpose of conducting general research to improve the quality and quality of services.

8.4 The Company may request permission to process the following personal data for the purposes of direct marketing as set out in Clause 8.3: name, surname, address, e-mail address, telephone number.

8.5 With the consent of the Visitor, the processing and retention periods of personal data processed for direct marketing purposes could be:

8.5.1.Visitors who have not objected and/or consented to the processing of their personal data at the time of data collection - for as long as the direct marketing programme (the purpose for which the consent was given) continues, after which the data shall be stored for 1 year;

8.5.2. while the Visitor is using the discount card. After the last use of the card, the data shall be kept for 3 years;

8.5.3. until consent is withdrawn. Consent may be withdrawn under the conditions set out in paragraph 18 of the Data Protection Policy.

  1. SLAPS

9.1 In order to provide Visitors with a more convenient and efficient browsing experience on the Website, the Website uses Cookies.

9.2. What are cookies? Cookies are small text files that are stored in the browser of a visitor's device (e.g. computer, mobile phone, tablet) when the visitor browses websites. Cookies are used extensively to make websites work or work better and more efficiently. For the purposes of this Policy, all such technologies are referred to as "cookies".

9.3. Why are cookies used? In order to provide the visitor of the Website with the full services of the Website, and to ensure that the visitor can browse the Website more conveniently and efficiently, Cookies are placed on the visitor's computer (device). The Company uses the recorded information to identify the visitor as a previous visitor to the website, to store information about the services provided and/or purchases made, to collect website traffic statistics, etc. Cookies help to ensure that the website functions as it should; ensure that the visitor does not have to log in again each time he/she visits the website (if the login function is used); help to save the visitor's settings chosen during the visit; increase the website's speed and security; enable visitors to share pages on social networks; ensure that the visitor is able to customise the website to suit his/her own needs; ensure that he/she can find information on the website more quickly; help to make the website better for the visitor; help to make it more attractive to visitors; and help to tailor more effective marketing.

9.4 What are the types of cookies?

9.4.1. Strictly mandatory cookies. These cookies are necessary for the website to allow the user to navigate and use the website's features. You can set your browser to block or notify you of these cookies, but this may result in some areas or features of the website not working as smoothly as they should. These cookies do not collect any information for marketing purposes and do not remember where a visitor has been online.

9.4.2. Analytical cookies. These cookies allow us to count visits and traffic sources to measure and improve the performance of the website. For example, analytical cookies can show which pages are visited most often, help to record any problems on the website and show whether the advertising displayed on the website is effective. Analytical cookies do not collect personal information about users and all information collected by these cookies is aggregated and anonymous.

9.4.3. Functional cookies. These cookies enable us to improve functionality and personalisation, for example, by improving the format and layout of the content presented, setting the font size or positioning of website elements. Functional cookies do not track visitor actions on other websites. If the visitor does not allow these cookies to function, some or all of the above functions may not function properly.

9.4.4. Targeting or advertising cookies. Targeting or advertising cookies are used to display more interesting and relevant advertising to the visitor of the Website or to limit the number of times the same advertisement is shown on the Website. These types of cookies are also used to measure the effectiveness of an advertising campaign. These cookies may be used to remember what a visitor was looking at when they visited a website.

  1. COOKIES USED ON THE WEBSITE
CookieCookie namePurpose of processingMoment of creationPeriod of validityData used
Technical website cookies 
Cookie necessary for the functioning of the websitePHPSESSIDA cookie is used to enable the functionality of a website. It is deleted when the website window is closedEntering the pageUntil the website window closesUnique ID number 
       
Tawk.to cookies 
       
Hotjar cookies: 
       
Google Tag Manager, Google Analytics, Facebook Pixel, 
Website traffic counter_gaThe cookie collects information about user behaviour on the website and is used to store statistical information.On first access to the page2 yearsUnique ID number 
Website traffic counter_gidThe cookie collects information about user behaviour on the website and is used to store statistical information.On entering the pageUntil the website window closesUnique ID number 
  1. HOW CAN I MANAGE COOKIES?

11.1 Strictly binding cookies are a mandatory condition of use of the Company's Website. If you refuse these cookies, the Company will not be able to ensure the functionality of the Website.

11.2.A visitor to the Website can control the use of functional, targeting or advertising cookies by changing the settings of the Website cookies or the browser used and deleting cookies. Most browsers allow:

11.2.1. to check which cookies are stored and delete individual cookies;

11.2.2. block third party cookies;

11.2.3. block cookies from specific websites;

11.2.4. block the sending of all cookies;

11.2.5. delete all cookies when you close your browser.

11.3 Please note that deleting cookies or disabling the use of cookies in the future may result in the Website not working properly or not working at all. For these reasons, the Company does not recommend that you disable cookies when using the Website.

  1. LINKS ON THE WEBSITE

12.1 The Website may contain links to third party websites, legislation, social networks and other sources. It should be noted that third party websites linked to the Website are subject to the Data Protection Policies of those websites and the Company does not accept any responsibility for the content of the information provided by those websites, their activities and the provisions of their Data Protection Policies.

12.2.Clicking on the links on the Website to the social networks Facebook, Instagram, YouTube, etc., where the Company administers accounts belonging to the Company, may also involve the use of cookies administered by the managers of the social networks. Some of the data collected by these cookies may be transmitted to the Company.

CHAPTER III. RIGHTS OF DATA SUBJECTS

  1. THE DATA SUBJECT'S RIGHT OF ACCESS TO THE DATA AND HOW THEY ARE PROCESSED

13.1.The data subject shall have the right to obtain confirmation from the controller as to whether or not personal data relating to him or her are being processed, and, if such personal data are being processed, to have access to his or her own personal data, from what sources and for what purposes his or her personal data are being processed, and to which recipients they are provided, and to whom they are provided, and for which they have been provided at least during the last 1 year, by providing a document proving his or her identity to the controller or the processor, or by means of an electronic means of electronic communications which permits the proper identification of the person. Where personal data are transferred to a third country, the data subject has the right to be informed of the appropriate safeguards in relation to the transfer. The controller shall provide a copy of the personal data processed free of charge, upon request, once per calendar year. For any other copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means and unless the data subject requests otherwise, the information shall be provided in the usual electronic format.

  1. THE RIGHT OF THE DATA SUBJECT TO HAVE INACCURATE DATA RECTIFIED

14.1 The data subject shall have the right to have inaccurate personal data concerning him or her rectified by the controller without undue delay. Taking into account the purposes for which the data were processed, the data subject shall have the right to have incomplete personal data completed, including by means of a supplementary statement.

  1. THE RIGHT TO REQUEST ERASURE ('RIGHT TO BE FORGOTTEN')

15.1 The data subject shall have the right to require the controller to erase the personal data concerning him or her without undue delay and the controller shall be obliged to erase the personal data without undue delay if one of the following grounds can be relied upon:

15.1.1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

15.1.2. the data subject withdraws consent and there is no other legal basis for processing the data;

15.1.3. the data subject objects to the processing in accordance with Article 21 of the Regulation;

15.1.4. the processing of personal data was unlawful;

15.1.5. the personal data were collected when the data subject was under the age of 16 and the minor's data were collected without the consent of the parent or guardian.

15.2 However, these rights do not apply if the processing is necessary:

15.2.1. to exercise the right to freedom of expression and information;

15.2.2. to comply with a legal obligation imposed by Union or Member State law to which the controller is subject, which requires the processing of data, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

15.2.3. for reasons of public interest in the field of public health;

15.2.4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;

15.2.5. for the purpose of bringing, pursuing or defending legal claims.

  1. THE RIGHT TO RESTRICT PROCESSING

16.1 The data subject shall have the right to require the controller to restrict the processing where one of the following applies:

16.1.1. the data subject contests the accuracy of the data for a period of time within which the controller may verify the accuracy of the personal data;

16.1.2. the processing of the personal data is unlawful and the data subject objects to the erasure of the data and requests instead that the use of the data be restricted;

16.1.3. the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims; or

16.1.4. the data subject has objected to the processing, pending verification that the controller's legitimate reasons override those of the data subject.

  1. RIGHT TO DATA PORTABILITY

17.1 The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used and computer-readable format, and shall have the right to have those data transmitted to another controller, and the controller to whom the personal data have been provided shall not impede that transmission, where:

17.1.1. processing is based on consent;

17.1.2. the data are processed by automated means.

17.2 This right shall not adversely affect the rights and freedoms of others.

17.3 In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another controller, where technically feasible.

17.4 This right shall not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. THE RIGHT TO OBJECT TO AND WITHDRAW YOUR CONSENT TO PROCESSING

18.1 The data subject shall have the right to object at any time, on grounds relating to his or her particular case, to processing of personal data concerning him or her where such processing is carried out pursuant to Article 6(1)(e) or (f) of the Regulation, including profiling on the basis of those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

18.2 Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for the purposes of such marketing, including profiling in relation to such direct marketing.

18.3 Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

18.4 Where personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), the data subject shall have the right to object, on grounds relating to his or her particular case, to processing of personal data concerning him or her, except where the processing is necessary for the performance of a task carried out for reasons of public interest.

18.5 Note: A visitor's refusal to consent to data processing may restrict or terminate his/her access to the Company's Website services, if the Company is unable to perform its services or obligations without the visitor's data. However, if the processing of the Visitor's data is suspended for direct marketing purposes, the Visitor will continue to be able to use the Company's services, but will no longer be able to receive direct marketing-related notifications about discounts or similar.

  1. THE RIGHT TO HAVE A DECISION BASED SOLELY ON AUTOMATED PROCESSING, INCLUDING PROFILING, DISAPPLIED

19.1 In these cases, the data subject shall have the right to have a decision based solely on automated processing overturned and reviewed:

19.1.1. where the Company makes decisions based solely on automated processing.

19.1.2.Where a data subject requests a review of a decision based on automated processing, the controller shall carry out a thorough assessment of all relevant data, including the information provided by the data subject, by a person of the controller who has the appropriate authority and capacity to change the decision.

  1. THE RIGHT TO LODGE A COMPLAINT WITH A DATA PROTECTION SUPERVISORY AUTHORITY

20.1.Data processing and protection in the Republic of Lithuania shall be supervised and controlled by the State Data Protection Inspectorate (SDPI). If you decide that the Company has violated your data processing rights, you have the right to contact the State Data Protection Inspectorate (https://vdai.lrv.lt) by phone +370 85 279 1445 or by e-mail ada@ada.lt.

  1. MAKING A REQUEST TO EXERCISE THE DATA SUBJECT'S RIGHTS

21.1 The data subject shall have the right to request the exercise of the data subject's rights orally or in writing, in person, by post or by electronic means. If you wish to exercise your rights, an employee of the Company will provide you with a form of document in which you indicate your wishes concerning the processing of data by the Company. We will respond with a decision within 30 calendar days.

21.2 For the exercise of the data subject's rights, you may contact the Company at the contacts and/or address set out in Section 1.1 of this Data Protection Policy.

21.3.Where the exercise of the data subject's rights is requested orally or in writing in person, the data subject shall be required to prove his or her identity by producing a document proving his or her identity. Failure to do so shall result in the non-enforcement of the data subject's rights. This provision shall not apply if the data subject requests information on the processing of personal data in accordance with Articles 13 and 14 of Regulation (EU) 2016/679.

21.4. if the exercise of the data subject's rights is requested in writing by submitting a request by post, then a notarised copy of a personal identity document must be submitted with the request. In the case of a request made by electronic means, the request must be signed with a qualified electronic signature or must be made by electronic means which ensure the integrity and unalterability of the text. This provision shall not apply if the data subject requests information on the processing of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679.

21.5 A request for the exercise of the data subject's rights must be legible, signed by the data subject, and contain the data subject's name, surname, address and/or other contact details for communication or for the purpose of obtaining a response regarding the exercise of the data subject's rights.

21.6 The data subject may exercise his or her rights himself or herself or through a representative.

21.7 The representative of the person shall indicate in the request his/her name, surname, address and/or other contact details for communication, by which the representative of the person wishes to receive a reply, as well as the name, surname, personal identification number of the represented person, the identification number according to the controller's identification system (if any), address and other data necessary for the identification of the data subject, and provide a document confirming the representation.

21.8 In case of doubt as to the identity of the data subject, the controller will request additional information necessary to verify it.

21.9. Scanned copies of signed applications or complaints submitted by e-mail without a qualified electronic signature do not comply with the requirements of the legislation. Such submission may be an obstacle to the acceptance of your request for processing, and therefore, if you do not have a qualified electronic signature, you should submit your request either in person or by post, in accordance with the conditions set out above.

21.10. Requests for the exercise of the rights set out in the GDPR shall be considered for a maximum period of 1 month. Depending on the complexity of the request and the number of requests received, this period may be extended by 2 months, with a separate notification to the applicant stating the reasons for the extension.

  1. HANDLING A REQUEST TO EXERCISE THE DATA SUBJECT'S RIGHTS

22.1 Upon receipt of a request from a data subject, the data subject shall be provided, no later than one month after receipt of the request, with information on the action taken on the request. If there is a delay in providing the information, the data subject shall be informed within the specified time limit, indicating the reasons for the delay and the possibility of lodging a complaint with the State Data Protection Inspectorate. Where the data subject submits the request by electronic means, the information shall also be provided to the data subject by electronic means where possible, unless the data subject requests otherwise.

22.2 If the request is not submitted in accordance with the procedures and requirements set out in Chapter IX of the Rules, it shall not be examined and the data subject shall be informed of the reasons for this without delay, but not later than within 14 working days.

22.3 If, during the examination of the request, it is established that the data subject's rights are restricted on the grounds provided for in Article 23(1) of Regulation (EU) 2016/679, the data subject shall be informed thereof.

22.4 Information shall be provided in the official language in response to a data subject's request for the exercise of his or her rights.

22.5 All actions in response to requests from the data subject to exercise the data subject's rights shall be carried out and information provided free of charge.

22.6. the data subject shall have the right to complain against the Company's actions or omissions in the exercise of the data subject's rights to the State Data Protection Inspectorate, A. Juozapavičius g. 6, Vilnius, Vilnius, e-mail. ada@ada.lt, website https://vdai.lrv.ltas well as the national court.

22.7.In the event of material or immaterial damage caused by the violation of the data subject's rights, the data subject shall have the right to compensation, for which he/she shall have the right to apply to the courts of the Republic of Lithuania for compensation.

CHAPTER IV. FINAL PROVISIONS

  1. This Data Protection Policy shall be reviewed and updated at least once a year or in the event of changes in the legislation governing the processing of personal data.
  2. The Company, its employees, affiliates or authorised persons, as well as the Visitors to the Website, are obliged to comply with the terms and obligations set out in the Data Protection Policy and to follow the principles set out in this Data Protection Policy in the performance of their functions.
  3. The Company shall have the right to modify the rules described in this Policy in part or in full. We will inform you of the changes by posting an updated version of the Policy on the Website.

Last update: 2022-07-03

© Gautora 2022

Solution

Home
Shop
0 Cart