UAB “GITOMA”
j.a.k. 302905087, Jonavos g. 254, II floor, LT-44132 Kaunas (hereinafter referred to as the Company)

PRIVACY POLICY

1. General provisions
1.1. We take care of your personal data protection and privacy, and this Privacy Policy (hereinafter referred to as the Policy) informs you about the processing of personal data, the rights of the data subject, personal data protection measures and other matters related to the processing of personal data.
1.2. The Company collects personal data which is voluntarily submitted by the person by e-mail, registered mail, fax, telephone, direct access to the Company’s shop, which is monitored by video cameras, registered with the Company’s website and became a registered user (where such a possibility is provided by the Company) purchase in the Company’s e-shop or using the Company’s website.
1.3. All personal data received by the Company are stored, stored and processed in accordance with the Law on Protection of Personal Data of the Republic of Lithuania, the European Union General Data Protection Regulation No. 2016/679 and other legal acts regulating the protection of personal data in the Republic of Lithuania.
1.4. The Company ensures that the level of protection of personal data processed by Bednrovas complies with the requirements of legal acts of the Republic of Lithuania.

2. Definitions
2.1. The terms used in the document are:
2.1.1. Personal data – Any information about a natural person whose identity is identified or can be identified (the data subject). A natural person who can identify himself is a person whose identity can be identified, in particular according to a particular identifier, such as a given name, personal identification number, location data and internet identifier, or one or more physical, physiological, genetic, psychological, economic, cultural or social identity;
2.1.2. Data subject – means the natural person from whom the Company obtains and manages personal data;
2.1.3. The data recipient is the person to whom personal data is provided;
2.1.4. Data provision – the disclosure of personal data by transmitting or otherwise making available (except publication in mass media);
2.1.5. Data management is any action taken by personal data: collecting, storing, storing, writing, classifying, grouping, merging, modifying (adding or editing), provision, publication, use, logical and / or arithmetic operations, search, dissemination, destruction or other action or set of actions;
2.1.6. Automatic data processing – data processing operations, fully or partially performed by automated means;
2.1.7. Data controller is a legal or physical person (who is not a controller’s employee) who is authorized by the data controller to process personal data. The data controller and / or his appointment procedure may be specified in laws or other legal acts;
2.1.8. “Data controller” means a legal or natural person who, alone or in association with others, establishes the purposes and means of processing personal data. If the purpose of the processing is determined by laws or other legal acts, the controller and / or the procedure for assigning it may be specified in those laws or other legal acts;
2.1.9. “Consent” means any express, unambiguous, express and unequivocal expression of the will of the duly notified data subject in a statement or unambiguous manner in which he accepts the processing of personal data relating to him;
2.1.10. Direct marketing – the activity of offering goods or services by post, telephone or other direct means and / or asking their opinion on the goods or services offered;
2.1.11. Third person means a legal or natural person other than the data subject, the data controller, the processor and the persons who are directly authorized by the data controller or data processor to process the data;
2.1.12. Other terms used in this Policy are understood as defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data.

3. What are the guiding principles for handling personal data?
3.1. The Company follows the following principles in the processing of personal data:
3.1.1. The Company shall only process personal data for legitimate purposes and for the purposes defined in the Policy;
3.1.2. Personal data is handled accurately, honestly and lawfully, in accordance with the requirements of the legislation;
3.1.3. The company treats personal data in such a way that personal data is accurate and is constantly updated in the event of a change;
3.1.4. The Company carries out the processing of personal data only to the extent that is necessary for the purpose of the processing of personal data;
3.1.5. personal data shall be stored in such a way that the identity of the data subjects can be determined for no longer than is necessary for the purposes for which the data were collected and processed.
3.1.6. The personal data of the data subject can be found only by employees of the Company and / or third persons who have been involved in the provision of the service with the relevant competence and only in cases where it is necessary for the provision of the service.
3.2. The Company respects the Privacy of the Data Subject and undertakes to comply with the Data Protection Principles of the Data subject specified in these Policies.

4. For what purposes do we handle personal data?
4.1. Personal data is processed and used in accordance with the purposes for which the Data Subject has submitted them to the Company or other purposes approved by the Data Subject.
4.2. The purposes of the use of the data subject’s personal data:
4.2.1. The processing and administration of goods or services performed by the data subject;
4.2.2. Identification of the data subject in the Company’s information systems;
4.2.3. Identification of the data subject when logging in to his / her account on the Company’s website (when such a possibility is provided by the Company);
4.2.4. Purchase (order) of goods or service coupons, confirmations, invoices and other financial documents for the issue and presentation;
4.2.5. problems with solving the contract;
4.2.6. communication with the Data subject, in case of changes in the conditions of the goods or services purchased by the Data subject;
4.2.7. other contractual obligations;
4.2.8. For direct marketing purposes of the company;
4.2.9. security, health, administrative, crime prevention and legal purposes;
4.2.10. business analysts for general research that can improve the quality of goods or services;
4.2.11. to contact the Data Subject, for the purpose of obtaining customer feedback on purchased goods or services;
4.2.12. the candidate’s job for the job evaluation, communication with the relevant candidate, etc.;
4.2.13. for audit.
4.3. The data subject, voluntarily submitting to the Company his personal data, confirms and voluntarily agrees that the Company will manage and process the personal data of the Data Subject, in accordance with applicable Policies and other regulatory enactments.
4.4. The Company undertakes, without the Data Subject’s consent, not to disclose personal information to third parties, except for ensuring proper performance of the contract, other services related to the proper performance of the services ordered by the Data subject. The Company may also transfer personal data of the Data Subject to third parties acting as Data Managers on behalf of the Company. Personal data may only be provided to those Data Handlers with whom the Company has signed the relevant Data Management Agreement. The Data Subject is deemed to be informed, agrees to and agrees with and the Company shall not be liable for damages arising from the use of the data of a third party in the data of the Data Subject to the extent permitted by law. In all other cases, the personal data of the Data subject may be disclosed to third parties only in accordance with the procedure provided by legal acts of the Republic of Lithuania.

5. What personal data do we handle?
5.1. The personal data collected by the Company may include: Name, first name, surname, code, telephone number, e-mail address, address of receipt of purchased goods or services, address of domicile / residence, name of the company acting on behalf of the data subject, credit / debit cards or other payment details, information about the goods and services purchased by the Data subject (their quantities, purchase dates, prices of purchased goods and services, purchase history), the data subject’s login name and password-encoded form on the Company’s website (if the Company gives such a possibility). Some information about the visit of the Data subject may be collected on the Company’s website, for example: the address of the Internet Protocol (IP) using the Data subject reaches the Internet; Date and time of the visit of the data subject to the Company’s website; other web pages that the Data subject visits on the Company’s website; used browser; Information about the computer’s operating system of the Data subject; mobile gadget versions; language settings and more. If the Data Subject uses a mobile device, data can also be collected to determine the type of mobile device, device settings, as well as geographic (longitude and latitude) coordinates. This information is used to improve the Company’s website, to analyze trends, improve the products and services, and administer the Company’s website. The data subject voluntarily submits these data using the services provided by the Company, becoming a registered user of the Company’s website or visiting the Company’s website. The company also collects and manages video and / or audio data by observing the cameras of the company’s salons and warehouses at Jonava g. 254, II floor, Kaunas LT-44132; Vytenio g. 50, Vilnius LT-03229; Minijos g. 35, Klaipėda LT-91207.
5.2. Personal data information collected by the Company may be any of the above not specified in this article, however, personal data received and lawfully handled by the Company by the voluntary company or otherwise received by the data subject.

6. What are the rights of the data subject?
6.1. Data subject rights and their implementing measures:
6.1.1. Know your personal data collection. The data subject has the right to access his or her personal data;
6.1.2. get acquainted with your personal data and how they are processed. The data subject has the right to apply to the Company with the request to provide information as to what and for what purpose his personal data are processed;
6.1.3. request rectification, destruction of your personal data or suspension of your personal domain management;
6.1.4. Receiving the submitted data shall be read in a structured form if it meets the criteria defined by law;
6.1.5. The data subject has the right to refuse the processing of data when processing non-mandatory data. When Data is processed for direct marketing purposes, the Data Subject may object to such Handling (right to object). Upon receipt of an application for the termination of the processing of personal data which is not subject to processing, the Company shall immediately terminate such processing, unless it conflicts with the requirements of legal acts, and inform the person thereof;
6.1.6. at any time cancels any consent given by the Data Subject when registering or using the services provided by the Company. Such a waiver will not affect the legality of the Data Management performed before the refusal and based on the consent given;
6.1.7. refuse to provide personal data;
6.1.8. submit a complaint to the supervisory authority if the data subject’s rights are violated;
6.1.9. review and edit the personal information provided on the Company’s website and contact details of the Data Subject (if the Data Subject is a registered user of the Company’s website). The Data subject can do this by visiting the relevant sections of the Company’s website.

7. What are the cookies and what are they used for?
7.1. The company’s website uses data analysis tools – cookies.
7.2. By using the Company’s Internet site, the Data Subject agrees that the Data subject’s computer (device) be recorded on the Internet.
7.3. Cookies are the small amount of data the website places on the Data subject’s computer. Websites do not have memory. When a data subject navigates through different web pages, the data subject will not be identified as the same user. Cookies allow the website to recognize the Data Subject’s browser. The main purpose of cookies is to remember the data subject’s options, for example, the preferred webpage language. Cookies also help to identify the Data Subject when it returns to the same webpage. They help to tailor the website to personal needs. Cookies can not be used to run programs or transfer viruses to your computer. Cookies are only for the Data subject and can only be read by the web server of the domain that sent the Data Subject a cookie. One of the most important goals of cookie is to provide a convenient function to save time on the Data subject. For example, if the Dataset uses a website for personal use or browses the web page, cookies will then help the website remember the specific information when they visit. It’s easier to present relevant content, easier to browse through the webpage, and more. After returning to the website, the Data Subject can find the information it has previously provided, thus facilitating the use of already customized website features.
7.4. The processing of cookies does not allow the direct or indirect identification of the user’s identity.
7.5. The following types of cookies can be used on the company’s website:
7.6. Technical cookies: their help to the users of the Company’s website The company strives to provide an advanced and easy to use web page that automatically adapts to their desires and needs.
7.7. Functional cookies: They allow you to remember the choices of the Data subject and, together, effectively use the web page.
7.8. Analytical cookies: they help to understand how visitors of the Company use the Company’s website, find weak and strong parts of the website, optimize the work of the website.
7.9. Commercial cookies: these cookies are used by the Company to place Company’s advertisements on other web pages.
7.10 Each time you visit the Company’s website, the Data Subject may accept or refuse to use cookies, however, in such a case the Company can not guarantee the quality of the webpage’s browsing. Most web browsers automatically accept cookies, but if the Data subject wants, the browser can easily be modified to not accept them. Thus, the Data Subject has the ability to delete or block any part of the cookie from their computer at any time by using the Internet browser on their computer. After blocking cookies, for some technical reasons, some parts of the Company’s web site may not function or operate properly to the Data Subject.
7.11. No personal customer data is stored with the help of cookies.
7.12 Information is not provided to any third parties when the required cookies are recorded.

8. What are the website indicators and how are they used?
8.1. The company can use not only cookies but also a website indicator. It’s a thumbnail image of just one pixel that appears to the subject of the computer as part of a webpage or as an HTML e-mail. Directly or through other service providers, these images are used by the Company as an Internet advertisement or on third-party websites to determine whether the advertised user carries out an order, analyzing user traffic and optimizing the services offered.
8.2. The company may add website indicators to promotional emails or newsletters to determine whether mail has been opened. Some website indicators may be added by third-party service providers to determine the effectiveness of the company’s promotional campaigns or e-mail communication. The Website Indicator can be used to place a persistent cookie on the Data subject’s computer. It will then be able to recognize the Data subject’s computer every time they visit certain pages or by sending e-mails and collect anonymous information about the traffic of such pages. The Company prohibits the use of website indicators for collecting or accessing personal information.

9. Intellectual property
9.1. Unless indicated otherwise, the software necessary for the Company’s services is available or used on the Company’s website and intellectual property rights (including copyrights) to the content and information of the website belong to the Company. In addition to the prior written consent of the Company, it is not allowed to reproduce, translate, adapt or otherwise use any part of the Company’s web site (any content, logo, software, products, services, etc.) in commercial activities of third parties.

10. Final provisions
10.1. This Policy may be updated subject to changes in the law governing the processing of personal data, and we recommend that you periodically analyze the Policy.
10.2 The relations arising from this Policy are governed by the law of the Republic of Lithuania.