PRIVACY POLICY


  • PRIVACY POLICY

    1. Purpose of the policy and basic concepts

    1.1. This Privacy Policy (hereinafter - the Policy) JSC Remigijus Ko, company code 302425985 (hereinafter referred to as the Company) recognises the importance of the protection of personal data to the clients of the Company and other data subjects and undertakes to respect and protect the privacy of each data subject. Data subjects entrust the Company with their personal information and the Company is responsible for justifying the trust of data subjects. The policy defines the Company's commitment and liability to protect and respect the privacy of the person, the actions of the Company and its employees in the processing of personal data, using personal data processing facilities installed at the Company, as well as the rights of the data subjects and their implementation procedures, personal data protection measures and other issues of protection of personal data.

    1.2. The main concepts used in the policy are the following:

    1.2.1. "Data subject" means a natural person whose data the Company manages;
    1.2.2. Personal data - any information relating to a natural person - a data subject whose identity is known or may be determined, directly or indirectly, using data such as a personal code, one or more persons physically, physiologically, psychologically, economically, culturally or socially attributes;
    1.2.3. Processing of personal data is any action performed by a person: collecting, recording, storing, storing, classifying, grouping, merging, modifying (adding or correcting), providing, publishing, using, logical and / or arithmetic operations, searching, dissemination, destruction or other action or set of actions;
    1.2.4. "Data subject's consent" means any express, unequivocal, express and unequivocal expression of the will of the duly notified data subject in a statement or unambiguous way he accepts the processing of personal data relating to it, such as in writing, including by electronic means, or an oral statement. Gaps, pre-marked boxes or omissions are not considered to be consent;
    1.2.5. "Controller" means a legal or natural person who, alone or in association with others, establishes the purposes and means of processing personal data. In this Policy the Company is the data controller;
    1.2.6. Data processor - a legal or physical person (who is not a controller's employee) who is authorised by the data controller to process personal data;
    1.2.7. Employee - a person who has an agreement of employment or a similar nature with the Company;
    1.2.8. The supervisory authority - the State Data Protection Inspectorate;
    1.2.9. Direct marketing is an activity aimed at offering goods or services by post, telephone or other direct means and / or inquiring their views on the goods or services offered.
    1.2.10. Company's website - www.veriame.lt;
    1.2.11. General Data Protection Regulation - 27 April 2016 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (the Universal Data Protection Regulation);
    1.2.12. The client is a natural person of 16 years of age or older who purchases or intends to purchase the goods sold by the Company and has provided his personal data for this purpose to the Company;
    1.2.13. Other terms used in the Rules meet the definitions provided for in the General Data Protection Regulation and the Law on the Legal Protection of Personal Data of the Republic of Lithuania.
    1.3. The purpose of this Policy is to facilitate the exercise of data subjects' rights.
    1.4. This Policy applies to the processing of personal data of employees insofar as it is not regulated by the Personal Data Processing Rules approved by the order of the Director of the Company. This Policy also applies to the protection of personal data of other data subjects (i.e. not clients and not employees) whose personal data the Company manages or maintains in the future.
    1.5. Personal data processed by the company must be accurate, appropriate and only to the extent that it is necessary for them to collect and further process. Where personal data is processed, personal data is constantly updated.
    1.6. To create an account on the Company's website, persons who are 16 years of age or older are entitled to submit their personal data for processing through the Company's web site.
    1.7. Point 1.6 of this Policy provides for the possibility to provide personal data for processing through the Company's website only for persons aged 16 years or older, as children need special protection of their personal data, as they may not be fully aware of the risks, consequences or safeguards of their personal data and their rights, create an account on the Company's website.
    1.8. JSC myWorld Lietuva, whose loyalty partner is the Company, provides that registration and participation in the cashback world programme managed by UAB myWorld Lietuva may be at the age of 14 years, but it is necessary to obtain a written consent of the legal representative until the age of maturity. Accordingly, to fill out a paper form at the Company's trading venue, JSC myWorld Lietuva can receive persons who are 14 years of age or less, who can receive a loyalty card issued by the Company. However, a minor who intends to fill out an application must arrive with his legal representative who, after showing the document confirming his right of representation, submits a written consent of his or her legal representative for completing the questionnaire and processing of the minor's personal data for the purposes of issuing and using the loyalty card.
    1.9. Customer personal data is collected for the purposes of the conclusion and execution of the agreements for the sale and sale of goods sold by the Company online (for the processing and administration of the goods (purchase) of goods), identification of the customer in the Company's information system, identification of the client by logging onto his account on the Company's website, issuing invoices and other financial documents, as well as for direct marketing purposes.
    1.10. The Company manages the following personal data for the purposes specified in clause 1.9 of the Policy: name, surname, e-mail address, telephone number, postal address, bank account details, customer behaviour and purchases.
    1.11. The legal basis for the processing of personal data referred to in clause is the Company's obligation to execute an agreement concluded with the data subject and / or at the request of the data subject (order) to conclude an agreement.
    1.12. The Company as a partner of JSC MyWorld Lithuania handles personal data of individuals who fill in a paper form at www.cashbackworld.com ("registration at Veriame.lt") on the website of the Company or at the Company's sales office with JSC "myWorld Lietuva" a loyalty card issued by Company to get.
    1.13. The company manages the following personal data for the purposes of implementing the loyalty programme specified in Policy 1.12. Policy: country, language, gender, name, surname, date of birth, mobile telephone number, e-mail address, name, surname, mobile telephone number, e-mail address, the basis of representation.
    1.14. The legal basis for processing the data referred to in point 1.12 is the provision of the data subject's consent.
    1.15. The company manages these personal data for customers for direct marketing purposes: name, surname, e-mail address, telephone number.
    1.16. The legal basis for processing the data referred to in point 1.15 is the provision of the consent of the data subject.
    1.17. When personal data is processed for the purposes of the implementation and direct marketing of the loyalty program referred to in 1.12 and / or 1.15, the data subject has the right at any time to agree to the processing of such personal data without charge, to the extent that the processing involves those purposes, with the withdrawal of his consent.
    1.18. The processing of personal data is governed by the General Data Protection Regulation, the Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating the processing of personal data.

    2. Processing of personal data

    2.1. The management of personal data of the Clients within the Company, including their transfer to the third parties provided for in Section 2.2 of the Policy, is only authorized by the employees. Each employee is required to protect the confidentiality of personal data of a client and to comply with personal data protection legal acts and the requirements of these Rules.
    2.2. During the sale of goods on the Internet, the Customer's personal data may only be disclosed to the Company's partners acting as data processors acting on behalf of the Company who provide delivery services and other services related to the execution of the agreement of sale of goods (personal data is disclosed only to the extent that, as far as necessary for the provision of the relevant services). Customers who fill out a paper form for JSC MyWorld Lithuania on a place of business, issued by the Company, are submitted to JSC myWorld Lietuva by electronic data submitted in completed forms. When ordering Amway products in the company's online store for customers, an order with the relevant personal data for its execution is forwarded to Amway Polska Sp. z oo, representative office of Alticor Corporation representing the said company in Lithuania. Customer personal data may be provided only to data processors with whom the Company has signed agreements containing provisions on the transfer / delivery of personal data and if the processor ensures the protection of personal data which is required by the General Data Protection Regulation. In all other cases, personal data of clients may be disclosed to third parties only in the cases and according to the procedure established by legal acts of the Republic of Lithuania.
    2.3. Customers who fill out a paper form for JSC MyWorld Lithuania on a trading site issued by the Company, completed questionnaires with personal data contained therein are stored in the Company, lockable / drawer, and managed and accessed only by the Director of the Company or an employee of the Company specifically authorized by him. All other customer personal data is collected and stored electronically, automatically. If a paper order form is printed for the execution of a client's order submitted on the Company's website, it must be destroyed immediately after the completion of the order and is responsible for the person who completed the order execution.
    2.3. Employees shall observe the confidentiality and timeliness of any personal data related information they have acquired during their duties, unless such information is made public in accordance with the provisions of applicable laws and regulations. The obligation to protect the confidentiality of personal data also applies to the transition from employment to other positions after termination of employment or contractual relations. In performing the duties provided for in this item, employees must:
    2.4.1. Do not divulge, transmit, and do not create conditions for access to customer data by any means to any person who is not authorized to process personal data;
    2.4.2. to immediately notify the Director of the Company of any situation that threatens the security of personal data.
    2.5. Deadline for processing personal data: personal data is processed until it becomes redundant for processing it:
    2.5.1. The customer personal data collected and processed for the purposes of the conclusion and execution of contracts for the sale of goods by the Company online (clause 1.9) shall be kept for no longer than 5 (five) years from the last order placed on the Company's Internet site;
    2.5.2. personal data shall be processed for implementing the loyalty program referred to in 1.12, processed no more than before the cancellation of the consent to participate in the loyalty program or until the loyalty program is terminated;
    2.5.3. Customer personal data is processed for the purposes of direct marketing referred to in paragraph 1.15. processed no more than until cancellation (withdrawal) of the consent to receive advertising.
    3.2.6. When personal data is no longer needed for the purposes of their processing, they are destroyed, except those that, in cases prescribed by law, must be transferred to state archives.
    3.1. The personal data protection is organized, provided and maintained by the Company's manager.

    3. Rights of the data subject and the procedure for their implementation
    3.1. Rights of the data subject:
    3.1.1. know (be informed) about the processing of your personal data in the Company;
    3.1.2. get acquainted with the Company's processed personal data and how they are processed;
    3.1.3. to refuse to process his personal data;
    3.1.4. request correcting, refinement or addition of incorrect or incomplete personal data, destroying personal data or stopping processing of your personal data, save for storage;
    3.1.5. require the deletion of data ("the right to be forgotten"). This right is valid on one of the following grounds:
    3.1.5.1. personal data are no longer needed to achieve the purposes for which the data were collected or otherwise processed;
    3.1.5.2. the data subject cancels the consent on which the processing was based and there is no other legal basis for processing the data;
    3.1.5.3 personal data was processed illegally;
    3.1.5.4. personal data must be erased in accordance with a legal obligation imposed by European Union or national law;
    3.1.6. the right to data portability: the data subject has the right to receive personal data relating to him that he provided to the controller in a systematic, commonly used and computer-readable format and has the right to transfer that data to another controller and the controller to whom the personal data has been submitted, should not create obstacles when:
    3.1.6.1. data processing is based on consent or contract;
    3.1.6.2. data are processed by automated means.
    3.2. The data subject has the right to submit a complaint to the supervisory authority regarding the allegedly unlawful processing of his or her personal data.
    3.3. The data subject has the right to authorize a non-profit institution, organization or association which is properly established in accordance with the law of the Republic of Lithuania and the objectives established by its statutes correspond to the public interest which is in the domain of the protection of the rights and freedoms of the data subject as regards the protection of their personal data on his behalf to file a complaint and to exercise on his behalf certain rights under the General Data Protection Regulation
    3.4. Procedure for the implementation of data subject rights:
    3.4.1. a person must submit a written request to the Company (in person, by post, through a representative, or by electronic means) to fulfil the rights specified in clause 3.1. The application must be legible and signed by the person, the application must contain: name, surname, place of residence, data for maintaining contact and information on which of the above rights and to what extent he wishes to be implemented;
    3.4.2. When applying, the person must confirm his identity:
    3.4.2.1. if the application is submitted upon arrival directly to the Company - to provide a personal identification document or a copy certified by the legal acts of the Republic of Lithuania;
    3.4.2.2. if the application is submitted by post - to provide a copy of a person's identity document approved in accordance with the procedure established by the Republic of Lithuania;
    3.4.2.3. if the application is filed through a representative - submit a document confirming the representation;
    3.4.2.4. if the application is submitted by electronic means - to sign by electronic signature;
    3.4.3. the right of the data subject to refuse to process his personal data for direct marketing purposes is implemented by informing the data subject about his or her disagreement with the Company by e-mail or telephone and providing information about all accounts created on the Company's Internet site;
    3.4.4. if the data subject has his or her account on the Company's website, to view and edit the personal information provided on the Company's website and may visit its account in the contact details. Through its own account on the Company's website, the data subject may exercise his right to object to the processing of his personal data for direct marketing purposes.
    3.5. The requests referred to in Clause 3.4.1 of this Policy are dealt with by the Director of the Company. The application is examined and the response to the person is submitted not later than within 30 days from the date of receipt of the request.
    3.6. When submitting applications in accordance with Clause 3.4.1. the data subject should not manifestly abuse his rights. If the data subject abuses his right (for example, he applies to the Company for information about the processing of his personal data more than once every six months), the Company has the right to require the data subject to recover the administrative costs associated with the execution of such requests.
    3.7. The data subject's refusal to process his personal data for direct marketing purposes shall respond promptly, within the shortest possible time. For personal data not to be further processed for direct marketing purposes, employees of the company must be responsible for the computer maintenance.

    4. Cookies and their use

    4.1 Part of the information is collected automatically when the data subject visits the Company's website, as the Internet Protocol address of the data subject must be identified by the Company's server.
    4.2. The company's web site also uses data analysis tools - cookies.
    4.3. By using the Company's Internet site, the data subject agrees to record cookies used on this site on the data subject's computer (device). Each time you visit the Company's website, by changing the settings of your Internet browser accordingly, the data subject can accept or refuse to use cookies, but in such a case the Company cannot guarantee the quality of browsing the web page.

    5. Personal data protection

    5.1. The Company implements organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, and any other unlawful management.
    5.2. When personal data security breaches are detected, the Company will immediately remove them.
    5.3. Company employees respect the principle of confidentiality, as provided for in Section 2.4 of the Policy.
    5.4. Antivirus software should be constantly updated on the computers of the company.
    5.5. In case of breach of personal data security, the Company informs the supervisor without undue delay and, if possible, within 72 hours after becoming aware of a breach of personal data security, unless personal data breach should jeopardize the rights and freedoms of natural persons. If the personal data breach is not communicated to the supervisory authority within 72 hours, the reasons for the delay shall be attached to the notification.
    5.6. In the event of a breach of personal data security that could seriously jeopardise the data and rights of natural persons, the Company unjustifiably informs the data subject about the breach of personal data security.

     

    6. Liability

    6.1. The data subject must provide the Company with complete and correct personal data of the data subject and inform about the relevant changes in personal data.
    6.2. The company is not able to fully guarantee that the Company's website will function without any interruption and that it will be completely protected against viruses. Under no circumstances shall the Company be liable for direct or indirect damages related to the use of the materials available on the Company's website. The data subject is informed that any material that the data subject downloads, downloads or otherwise receives using the Company's website is obtained solely at the discretion and risk of the data subject, and therefore the data subject is responsible for the damage done to the data subject himself or his computer system.
    6.3. The data subject who has his or her account on the Company's website must ensure the security of its login data. The Company is not liable for damage sustained by the data subject due to improper implementation of the obligation provided for in this clause.
    6.4. Unless otherwise specified, the intellectual property rights (including copyrights) on the content and information of the Company's web site are owned by the Company. Without the prior written consent of the Company, it is prohibited to reproduce, translate, adapt or otherwise use any part of the Company's web site. It is prohibited to perform any other actions that violate or may violate the Company's intellectual property rights on the website and contravene fair competition.

    7. Final provisions

    7.1. This Policy shall be updated at least once every two years or after amendments to the legislation regulating the protection of personal data.
    7.2. The policy is publicly available on the Company's website. Corporate customers are provided with this Policy by electronic means.
    7.3. Employees with Policy are introduced by signing.
    7.4. The Company has the right to modify this Policy in whole or in part. The data subjects are introduced with the amendments in accordance with the procedure set out in Sections 7.2-7.3 of the Policy.
    7.5. Data subjects can contact the employees of the Company, on the contacts indicated on the Company's website, in any matter related to this Policy.