Privacy Policy

The purpose of the Privacy Policy is to provide information about how the personal data concerning data subjects is collected and processed, how long it is retained, to whom it is provided, what rights the data subjects have and where to apply for their implementation, and other matters related to the processing of personal data.

Personal data is collected and processed in accordance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the “GDPR Regulation”), the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.

UAB Edevita adheres to the following principles of data processing:

  • personal data is collected only for clearly defined and legitimate purposes;
  • personal data must be processed accurately, fairly and lawfully;
  • personal data is constantly updated;
  • personal data is stored safely and for no longer than required by the purposes of the data processing or legal acts;
  • personal data is processed only by those employees of the company whom have been granted such rights in accordance with their positions, or by duly authorised data processors

 

  1. DEFINITIONS
  • Data controller – UAB Edevita (hereinafter the “Company”), legal entity code: 304124048, address of the registered office:– Šaulių g. 19, Klaipeda, LT-94214.
  • The data subject is any natural person whose data is processed by the Company. The data controller collects only the data from subject which is necessary for the operation of the Company and (or) visiting, using, while browsing the Company’s websites, etc. (toliau – Svetainė). The Company ensures that the collected and processed personal data will be safe and will only be used for a specific purpose.
  • Personal data – means any information that directly or indirectly relates to a data subject whose identity is known or who can be directly or indirectly identified using the relevant data. Personal data processing means any activities performed on personal data (including collection, editing, recording, storage, modification, access, sending up queries, transfers, archiving, etc.).
  • Consent – any voluntary and deliberate confirmation by which the data subject agrees that his personal data is processed for a specific purpose.

 

  1. PERSONAL DATA SOURCE
  • Personal data is provided by the data subject himself/herself . A data subject is someone who contacts the Company, signs up for receiving the services, uses the services provided by the Company, buys services and/or goods, asks questions, contacts the Company for the purpose of providing information, etc.
  • Personal data is obtained when the data subject visits the website. The data subject fills in the forms contained in it or leaves his/her contacts for some reason, etc.
  • Personal data is obtained from other sources . Data is obtained from other institutions or companies, publicly accessible registers, etc.

 

  1. PERSONAL DATA PROCESSING
  • When submitting the personal data to the Company, the data subject consents to that the Company uses the collected data in fulfilling its obligations to the data subject in providing the services the data subject expects.
  • The Company processes personal data for the following purposes
    • The following data is processed for the purposes of contracts for the provision of services or the delivery of goods by the Company to the data subject and for their execution, or contacting, access to the data subject, tax accounting and performance control:
      • full name(s);
      • civic registration number;
      • date of birth;
      • details of the vehicle registration certificate;
      • contact details (telephone number, e-mail address);
      • residential address.
    • The following data is processed for debt management purposes:
      • full name(s);
      • personal civic registration/date of birth;
      • payment history;
      • address;
      • other debt-related information.
    • The following data is processed for the purposes of contracts for the provision of services and delivery of goods to the data subject and their execution, contact retention, access to the data subject, tax accounting and enforcement:
      • full name(s);
      • contact details (telephone number, e-mail address);
      • workplace and responsibilities (if information is provided as a representative of a legal entity);
      • residential address;
      • bank account details (if the services to the Company are provided by a natural person);
      • other data required for the proper performance of contract terms and/or statutory obligations (e.g. business license details: type of activity, group, code, name, activity periods, date of issue, amount, etc.).
    • The following data is processed for the purpose of processing requests, comments and complaints:
      • full name;
      • contact details (telephone number, e-mail address);
      • text of your question, comment, or complaint.
    • For direct marketing purposes, the following data is processed:
      • full name(s);
      • contact details (telephone number, e-mail address).
    • The following data is processed for the purpose of ensuring the safety of the Company employees, other data subjects and property (video surveillance):
      • Video surveillance systems do not use face recognition and/or analysis technologies to capture specific data subjects ‘(individuals’) image data or group, or profile them. The data subject is informed about the ongoing video surveillance by the information signs with the camera’s symbol and the Company’s details, which are presented before entering the surveyed area and/or the premises. The video surveillance area may not include the premises where the data subject expects absolute personal data protection.
    • For other purposes, in which the Company has the right to process the personal data of the data subject when the data subject has expressed his/her consent, when the data is to be processed for the legitimate interests of the Company, or when the data is processed by the Company according to the requirements of the relevant legislation.

 

  1. PROVISION OF PERSONAL DATA
  • The Company undertakes to preserve the confidentiality of data subjects. Personal data may only be disclosed to third parties if it is necessary for the drawing up and entry into contracts for the benefit of the data subject or for other legitimate reasons.
  • The Company may submit personal data to its data processors who provide services to the Company and process personal data. Data processors have the right to process personal data only in accordance with the instructions of the Company and only to the extent necessary for the proper fulfilment of obligations laid down in the Contract. The company only uses those data processors who ensure that the data processing will be carried out using the appropriate technical and organisational measures in compliance with the requirements of the GDPR Regulation and guarantees the protection of the data subject’s rights.
  • The Company may also provide personal data in response to requests from courts or public authorities to the extent necessary to properly enforce applicable legislation and instructions from public authorities.
  • The Company represents and warrants that personal data will not be sold or leased to third parties.

 

  1. PROCESSING OF PERSONAL DATA OF MINORS
  • Persons under the age of 14 cannot provide any personal data via the website. If a person who is under 14 years of age wants to use the services of the Company, it is mandatory to provide a written consent of one of their legal representatives (father, mother, guardian(s)) to process the personal data before providing personal information.

 

  1. PERSONAL DATA STORAGE TERM
  • The personal data collected by the Company is stored in printed documents and/or in the Company’s information systems. Personal data is processed no longer than is necessary for the purpose of data processing or no longer than required by data subjects and/or provided by law.
  • Although the data subject may terminate the contract and refuse from the Company’s services, the Company continues to be obliged to keep the date of the data subject for possible future claims or legal claims until the expiration of the data storage periods.

 

  1. RIGHTS OF THE DATA SUBJECT
    The data subject has the right:
  • to receive information on data being processing;
  • to obtain access to the data being processed;
  • to require the correction of data;
  • to request the deletion the data (“the right to be forgotten”). This right does not apply if the personal data requested to be deleted are also processed on another legal basis, such as when processing is necessary for the performance of the contract or the obligation to comply with applicable legislation;
  • to restrict the processing of the data;
  • to object to with data processing;
  • to data portability. This right may not adversely affect the rights and freedoms of others. The data subject shall not have the right to transfer personal data processed in manually structured documents such as in paper files;
  • to require that only automated data processing, including profiling, is applied;
  • to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.

 

  1. The Company must ensure the ability for the data subject to exercise the rights of the data subject specified in the Rules, except in cases established by law, when it is necessary to guarantee state security or defence, public order, prevention, investigation, detection or prosecution of criminal offences, important economic or financial interests of the state, prevention, investigation and detection of breaches of professional ethics, protection of the rights and freedoms of the data subject or other persons.

 

  1. PROCEDURE FOR IMPLEMENTING THE DATA SUBJECT’S RIGHTS
  • The data subject may contact the Company for the implementation of his/her rights electronically or by ordinary post by submitting a written request in person or via a representative at:
    • el. p. info@edevita.lt;
    • tel. +370 655 59825;
    • address: Šaulių g. 19, Klaipėda, LT-94214.
  • Upon receipt of the data subject’s request for submitting data or implementing other rights, the Company must verify the identity of the data subject in order to protect the data against unauthorised disclosure.
  • The Company’s answer to the data subject must be sent not later than within one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. If necessary, the specified period may be extended by an additional two months depending upon the complexity and number of requests.

 

  1. DATA SUBJECT’S RESPONSIBILITY
  • The data subject must:
    • inform the Company about changes in the submitted information and data. It is important for the Company to have valid and effective information of the data subject;
    • provide the necessary information so that at the request of the data subject the Company can identify the data subject and a certain that it communicates or cooperates with the specific data subject (to provide a personal identity document, or in accordance with the procedure laid down by legal acts or by electronic means of communication that allows the data subject to be properly identified). It is necessary in order to ensure the protection of data of the data subject and other persons so that the disclosure of the data subject’s information is restricted to the data subject, without prejudice to the rights of others.

 

  1. FINAL PROVISIONS
  • By transferring personal data to the Company, the data subject expresses their consent to this Privacy Policy, understands its provisions, and agrees to comply with it.
  • In developing and improving the Company’s activities, the Company has the right at any time to unilaterally make changes to this Privacy Policy. The Company has the right to unilaterally, partially or completely change the Privacy Policy by notifying there on the website edevita.lt.

The additions or changes to the Privacy Policy come into force from the day they are published, i.e., from the date they are placed on the website www.edevita.lt.