Marketing rules

INDIVIDUAL ENTERPRISE “GERA PRAKTIKA”
(Legal entity code: 302941286)

APPROVED BY
Director of Individual Enterprise “Gera Praktika”
Order No. AD-3 of 9 August 2023

I. SECTION. GENERAL PROVISIONS

1. These Marketing Rules (hereinafter referred to as the Rules) of Individual Enterprise “Gera praktika” (hereinafter referred to as the Company) set out the principles, purposes and data protection requirements of the Company’s marketing and advertising and the processing of personal data related thereto and their implementation.

2. The Rules have been drawn up in accordance with the General Data Protection Regulation (EU 2016/679) (hereinafter referred to as the GDPR), the Law on the Legal Protection of Personal Data (No. 63-1479 of 3 July 1996), the Company’s personal data protection policy and other legal acts governing the protection of personal data.

3. The terms used in the Rules:

3.1. Direct marketing means an activity which is designed to offer goods or services to persons by e-mail, telephone or other direct means and/or to seek their opinion on the goods or services offered;

3.2. Advertising means an activity aimed at increasing the visibility of the services provided by the Data Controller through the use of visual means (photographs, videos, etc.); In the following, the terms direct marketing and advertising will be referred to collectively as “marketing”.

3.3. Data Controller means Individual Enterprise “Gera praktika” (company code: 302941286, address: Mykolo Marcinkevičiaus g. 19-14, LT-08433 Vilnius) – a legal entity which acts as a Personal Data Controller and which, alone or jointly with others, determines the purposes and means of data processing;

3.4. Personal Data means information about an identified or identifiable natural person (data subject) for the purposes of marketing by the Data Controller, including, but not limited to the person’s name, surname, job position, image (photograph), video (footage);

3.5. Data Subject means a natural person from whom the Company receives and processes personal data;

3.6. Data Processing means any operation or sequence of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction;

3.7. Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

3.8. Data Recipient means a natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not to a third party. However, public authorities which, under Union or Member State law, may receive personal data in the context of a specific investigation shall not be considered as recipients of the data; when processing those data, those public authorities shall comply with the applicable data protection rules that are compatible with the purposes of the processing;

3.9. Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor or persons authorised to process personal data under the direct authority of the controller or processor;

3.10. Consent of the data subject means any freely given, specific and unambiguous indication of the data subject’s wishes, given by a duly informed person, by means of a statement or an unambiguous act, by which he or she consents to the processing of personal data concerning him or her.

II. SECTION. PRINCIPLES OF PERSONAL DATA PROCESSING

4. The Data Controller ensures that, in adopting and implementing these Rules, it aims to implement the following fundamental principles relating to the processing of personal data:

4.1. Personal Data are processed in a lawful, fair and transparent manner in relation to the Data Subject (the principle of lawfulness, fairness and transparency);

4.2. Personal Data are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes (principle of lawfulness, fairness and transparency);

4.3. Further processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is not considered incompatible with the original purposes (purpose limitation principle);

4.4. Personal data are adequate, relevant and only necessary for the purposes for which they are processed (data minimisation principle);

4.5. Efforts are made to ensure that personal data are accurate and, where necessary, are updated within a reasonable period of time from the date of the change;

4.6. Every reasonable step is taken to ensure that personal data which are not accurate in relation to the purposes for which they are processed are erased without undue delay or rectified within a reasonable period of time (principle of accuracy);

4.7. Personal data are kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed (principle of accuracy);

4.8. Personal data may be retained for longer periods if the personal data are processed solely for archiving purposes, in the public interest, for scientific or historical research purposes, or for statistical purposes, subject to the implementation of appropriate technical and organisational measures necessary to safeguard the rights and freedoms of the Data Subject (the principle of limitation of the retention period);

4.9. Personal data are processed in such a way as to ensure, by means of appropriate technical or organisational measures, adequate security of the personal data, including protection against unauthorised or unlawful processing or against accidental loss, destruction or damage, taking into account the generic nature of the personal data processed by the Data Controller (integrity and confidentiality principle);

4.10. The Date Controller is responsible for ensuring compliance with the above principles and must be able to demonstrate compliance with them (principle of accountability).

III. SECTION. THE PURPOSES OF THE PROCESSING OF PERSONAL DATA AND THE CATEGORIES OF DATA PROCESSED

5. Individual Enterprise “Gera praktika” processes personal data for the following purposes:

5.1. for direct marketing purposes;

5.2. for the purpose of publicity and awareness-raising of the activities and services provided (organisation of events).

6. For the purposes set out above, individual enterprise “Gera praktika” processes the following personal data:

6.1. For the purposes of direct marketing (sending newsletters), publicity and awareness-raising of the company’s activities, we process the following personal data of our customers:

6.1.1. email address.

IV. SECTION. RECEIPT, STORAGE AND DESTRUCTION OF PERSONAL DATA

7. The personal data referred to in Clause 6 of these Rules shall be obtained and processed only with the consent of the Data Subject:

7.1. The consent of customers and/or third parties to participate in the Company’s marketing is obtained directly from the customer in writing, informing the customer of the personal data collected, the purposes for which the data are used and his/her rights as a Data Subject and their exercise.

8. Customers whose consent is the basis for the processing of their personal data for the purpose of carrying out marketing shall be informed that they have the right to withdraw their consent to the processing of their personal data for the purpose of marketing at any time, without prejudice to data lawfully processed on the basis of their consent prior to the withdrawal of consent.

8.1. Individuals who receive newsletters by e-mail may withdraw their consent to direct marketing at any time by contacting the Company directly by telephone or by e-mail (info@gerapraktika.com), as well as by using the contact details provided on the website https://gerapraktika.com/.

9. Personal Data processed for the purposes referred to in Clause 5 of these Rules shall be stored in accordance with the General Index of Document Retention Terms approved by the Chief Archivist of Lithuania, but no longer than required for the purposes of processing personal data referred to in Clause 6 of these Rules.

9.1. Consents to the processing of personal data – 1 year (after the expiry of the retention period of the personal data for the processing of which the consent was given);

9.2. Consent to the processing of personal data for the purpose of direct marketing is valid for 2 years from the date of consent. Upon expiry of the period of validity of the consent, the data subject must give a new consent, and the Company shall no longer process the data for the purpose of direct marketing in the absence of the consent.

10. The personal data provided in the consents, contracts and other documents are stored on the server and/or cloud used by the Company.

11. Upon expiry of the retention period, the personal data contained in the above-mentioned documents shall be transferred to the archive and stored in accordance with the terms specified in the General Index of Document Retention Terms approved by the Chief Archivist of the Republic of Lithuania on 9 March 2011 (Order No. V-100), and shall be destroyed upon expiry of the terms.

12. Data destruction shall be carried out by destroying paper copies of documents using special paper shredders and by deleting the electronic versions from all the applications and systems used by the Company, without any possibility of restoring them.

V. SECTION. TRANSFER OF PERSONAL DATA TO THIRD PARTIES

13. Personal data processed for the purposes of marketing as set out in these Terms and Conditions is/may be transferred to recipients such as:

13.1. State bodies and authorities, other persons exercising functions assigned to them by law (e.g. the State Tax Inspectorate, law enforcement authorities, authorities supervising the Company).

13.2. Parties that maintain registers and/or IT systems (in which personal data is processed) or that act as intermediaries for the provision of personal data from such registers;

13.3. Companies and/or individuals providing advertising, marketing services;

13.4. Other persons related to the Company’s activities, such as archiving, postal service providers, Partners, Suppliers, other authorised parties related to the Company’s marketing activities.

VI. SECTION. RIGHTS OF DATA SUBJECTS AND THEIR IMPLEMENTATION

14. The data protection legislation provides Data Subjects whose personal data are processed for the purposes set out in these Rules with rights in relation to the processing of personal data:

14.1. The right of access to the personal data processed: The Data Subject shall have the right to request confirmation from the Company as to whether his or her personal data is being processed and, in such cases, to request access to the personal data being processed. In order to exercise this right, the Data Subject may submit a written request to the Data Protection Officer of the Company at info@gerapraktika.com;

14.2. The right to have inaccurate personal data rectified: if the Data Subject considers that the information about him/her is incorrect or incomplete, he/she has the right to request its rectification. In order to exercise the above right, the Data Subject may submit a written request to the Company at info@gerapraktika.com;

14.3. The right to object to the processing of personal data: The Data Subject shall have the right to object to the processing of personal data where the processing is not based on the legitimate interests of the Company. However, notwithstanding the Data Subject’s objection, the Company will continue to process your data where there are valid reasons for continuing to process the data. In order to exercise the above right, the Data Subject may submit a written request to the Company at info@gerapraktika.com;

14.4. The right to request the erasure of personal data (right to be forgotten): under certain circumstances, the Data Subject has the right to request that the Company erases your personal data. However, this does not apply if the Company is required by law to keep personal data. In order to exercise the above right, the Data Subject may submit a written request to the Company at info@gerapraktika.com;

14.5. The right to restrict the processing of personal data: in certain circumstances, the Data Subject also has the right to restrict the processing of his/her personal data. In order to exercise this right, the Data Subject may submit a written request to the Company at info@gerapraktika.com;

14.6. The right to lodge a complaint regarding improper processing of personal data with the State Data Protection Inspectorate directly at L. Sapiegos g. 17, Vilnius or by e-mail to ada@ada.lt.

15. The Company, upon receipt of a request to cease the processing of optional personal data, shall, within 30 calendar days of the Data Subject’s request, cease the processing of such data, unless it is contrary to the requirements of the legislation, and shall inform the Data Subject thereof in writing.

VII. SECTION. FINAL PROVISIONS

16. These Rules apply to all data subjects of Individual Enterprise “Gera praktika” whose personal data is processed for the purposes of marketing as specified in the Rules.

17. The Company has the right to change/update these Rules at any time in the event of changes in the marketing process and/or legislation governing the Company’s activities and/or marketing. Data Subjects may consult the changes to the Rules by visiting the Company or the Company’s website at https://gerapraktika.com/.