INDIVIDUAL COMPANY “GERA PRAKTIKA”
(Legal entity code: 302941286)
Order No. AD-2 of the director of the
Individual company of 9 August 2023
SECTION I. GENERAL PROVISIONS
2. This Policy is addressed to the persons who visit the website (https://gerapraktika.com/) belonging to this Company, use the information and services provided on the website.
3. For the purposes of this Policy, a data subject is any natural person whose personal data is processed by individual company Gera praktika.
4. By using the services, continuing to browse the website, the Visitor (website user) confirms that he/she has read this Policy, understands its provisions and agrees to comply with them.
5. The Data Controller shall ensure that by adopting and implementing this Policy, it aims to implement the following fundamental principles regarding the processing of personal data:
5.1. Personal data shall be processed in a lawful, fair and transparent manner in relation to the Data Subject (the principle of lawfulness, fairness and transparency);
5.2. Personal data are collected for specified, clearly defined and legitimate purposes and are not further processed in a manner incompatible with those purposes;
5.3. Further processing of personal data for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered incompatible with the original purposes (purpose limitation principle);
5.4. Personal data are adequate, relevant and only necessary for the purposes for which they are processed (principle of data minimisation);
5.5. Efforts are made to ensure that personal data are accurate and, where necessary, updated within a reasonable period of time from the date of change;
5.6. All reasonable steps are taken to ensure that personal data which are not accurate in relation to the purposes for which they are processed are erased without undue delay or rectified within a reasonable period of time (principle of accuracy);
5.7. Personal data are kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed;
5.8. Personal data may be retained for longer periods if the personal data is processed solely for archiving purposes, in the public interest, for scientific or historical research purposes or for statistical purposes, after the implementation of the appropriate technical and organisational measures necessary to safeguard the rights and freedoms of the Data Subject (principle of limitation of the retention period);
5.9. Personal data shall be processed in such a way as to ensure, taking into account the generic nature of the personal data processed by the Data Controller, that appropriate technical or organisational measures are in place to ensure adequate security of the personal data, including protection against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage (principle of integrity and confidentiality);
5.10. The Data Controller is responsible for ensuring compliance with the above principles and must be able to demonstrate compliance with them (principle of accountability).
6. This Policy has been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), the Law of the Republic of Lithuania on the Legal Protection of Personal Data (hereinafter referred to as the Law), and other legislation of the EU and the Republic of Lithuania. The terms used in the Policy shall be understood as defined in the GDPR and the Law.
9.1. visit the Website operated by the Company and use the facilities provided by them;
9.2. seek to enter into or enter into a contract with the Company;
9.3. purchase services provided by the Company;
9.4. agree to receive direct marketing communications from the Company or subscribe to the Company’s newsletter;
9.5. provide the Company with your goods or services;
9.6. contact the Company‘s customer service department;
9.7. otherwise communicate or cooperate with the Company as a customer, supplier or other person who has a business or consumer relationship with the Company.
10. Contact details of the person responsible for the protection of personal data at the Company: e-mail: email@example.com.
SECTION II. THE PURPOSES OF THE PROCESSING OF PERSONAL DATA AND THE CATEGORIES OF PERSONAL DATA COLLECTED
11. Depending on who you are (customer, supplier, website visitor, etc.) and how you interact with the Company (in person, online, by telephone, etc.), the Company may process different types of Personal Data about you.
12. Please see below for the categories of Personal Data that we may collect:
|Purpose of data processing||Categories of data and personal data processed||Term of data processing||Legal basis for processing|
|Contracting with a company (receiving services)||Personal identification data: name*|
Contact details: email address, telephone number*
Service details: date of purchase, description of the service, price*
|Personal data shall be stored for the duration of the contract and for 10 years from the date of termination of the contract (in accordance with the General Index of Document Retention Periods approved by the Chief Archivist of the Republic of Lithuania on 9 March 2011 (Order No. V-100)||The processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR)|
|Sending direct marketing messages and newsletters||Personal identification and contact details: name, surname, email address, telephone number||Personal data shall be stored and processed for the period of validity of the consent, unless the consent is revoked earlier. The data subject’s consent to receive direct marketing communications is valid for 5 years from the date of consent||BDAR 6 str. 1 dalies a) punktas (duomenų subjekto sutikimas tokiam duomenų tvarkymui)|
SECTION III. PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES
13. The Company processes your personal data for the purpose of direct marketing after obtaining your explicit consent to such processing, e.g. when you subscribe to our newsletters, etc. (the basis for the processing of the data is your freely given consent to the processing of the data).
14. For the purpose of direct marketing, we may process your name, surname, email address, telephone number.
15. Your personal data may be processed for direct marketing purposes in the following ways:
16. You can receive our newsletter with our offers, promotions and news by email;
17. You can receive invitations to events, offers and similar information by email.
18. You can unsubscribe from our newsletters at any time. You can do this by clicking on the link at the bottom of the newsletters we send you.
19. We also use Facebook, Google and other online advertising providers. You can read about the privacy policies of these service providers, the data they collect and the personal data protection measures they apply in the privacy policies of these service providers. For more information on how they work, as well as information on how you can object to the display of such advertisements or the use of such data, please refer to the information provided by these service providers: https://lt-lt.facebook.com/policies/ads; https://policies.google.com/technologies/ads.
SECTION IV. TO WHOM YOUR PERSONAL DATA IS PROVIDED
20. The Company shall not transfer your personal data to any third party without your prior consent, except as described below.
21. We may transfer your data to third parties to assist us in the operation and administration of the Services. Such persons may include companies providing data centres, hosting and related services, companies providing advertising, marketing services, companies developing, providing, maintaining and developing software, companies providing information technology infrastructure services, companies providing connectivity services, companies analysing and providing analysis of internet browsing or online activity, companies providing security services, security services, etc.
22. In each case, we only provide the data processor with the data necessary for the execution of a specific order or the provision of a specific service.
23. The data processors we use may only process your personal data on our instructions. They must also ensure the security of your data in accordance with applicable law and written agreements with us.
24. Data may also be disclosed to competent government or law enforcement authorities, such as the police or supervisory authorities, but only upon their request and only when required by applicable law or in the cases and according to the procedures provided for by law, in order to safeguard our rights, the safety of our customers, employees and resources, and to assert, bring, submit and defend legal claims.
SECTION V. HOW WE ENSURE YOUR DATA SECURITY
25. In order to protect your data, the Company shall take appropriate measures consistent with data protection and data security laws and regulations, including requiring the Company’s service providers/processors to use appropriate measures to protect the confidentiality of your personal data.
26. Depending on the state-of-the-art technology, the cost of implementing the measures and the nature of the data to be protected, the Company has in place technical and organisational measures to protect against risks such as the destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, your data.
SECTION VI. YOUR OBLIGATIONS
SECTION VII. YOUR RIGHTS
28. Data protection legislation gives you a number of rights in relation to the processing of your personal data.
29. You have the right to have access to your personal data processed by us:
29.1. You have the right to ask us to confirm whether we are processing your personal data and, in such cases, to request access to the personal data we are processing about you. To exercise the above right, please submit a written request to us at firstname.lastname@example.org.
30. You have the right to have inaccurate data corrected.
30.1. If you believe that information about you is incorrect or incomplete, you have the right to request its rectification. To exercise the above right, please submit a written request to us at paštuinfo@gerapraktika.com.
31. You have the right to object to the processing of your personal data:
31.1. You have the right to object to the processing of your personal data where the processing is based on our legitimate interests. However, despite your objection, we will continue to process your data if we have reasonable grounds to do so. To exercise the above right, please submit a written request to us at paštuinfo@gerapraktika.com.
32. You have the right to request the erasure of your personal data (right to be forgotten):
32.1. You have the right to request that we erase your personal data in certain circumstances. However, this does not apply if we are required by law to keep the data. To exercise the above right, please submit a written request to us at paštuinfo@gerapraktika.com.
33. You have the right to restrict the processing of your personal data:
33.1. You also have the right to restrict the processing of your personal data in certain circumstances. To exercise the above right, please submit a written request to us at paštuinfo@gerapraktika.com.
33.2. You have the right to contact the State Inspectorate for the Protection of Personal Data directly or by email at email@example.com with a complaint regarding the improper processing of personal data. firstname.lastname@example.org.
35. Cookies are small text files that are stored in a Person’s browser or device (personal computer, mobile phone or tablet).
36. The Company uses the following categories of cookies:
36.1. Strictly mandatory cookies: cookies that are necessary for the functioning of the system. For example, some cookies allow us to identify registered users and ensure that they can access the entire system. If a user refuses these cookies, they may no longer be able to see the entire system;
36.2. Performance cookies: cookies that allow us to analyse how users use the system and to monitor the performance of the system. This allows the Company to select appropriate offers and to quickly identify and correct any problems, thus ensuring a high-quality browsing experience. For example, performance cookies allow us to track which pages are the most popular and to determine why some pages display error messages;
36.3. Functionality cookies: cookies that allow us to remember users’ preferences and tailor them to the website/mobile app so that the Company can provide enhanced functionality;
37. The following cookies are used on the website https://gerapraktika.com/:
|Tipas||Slapuko pavadinimas||Paskirtis||Domenas||Galiojimo terminas|
Used to determine which website display language the visitor has chosen
38. Cookies used on the website do not identify the user of the website. Visits to the Website are registered anonymously, identifying the personal computer, mobile phone or tablet and the IP address, and the information collected is not disclosed to third parties, except as provided by law.
39. By opening the Website and clicking on the “I Agree” button in the pop-up box, the surfer agrees to the storage of cookies on his/her computer, mobile phone or tablet.
40. In order to withdraw the consent given, the surfer may delete or block cookies by selecting the appropriate settings in his/her browser to refuse all or part of the cookies. Please note that using browser settings that block cookies (including essential cookies) may cause problems for the person using all or part of the Website.
41. Personal data collected by cookies is processed in accordance with the provisions of the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and other legal acts regulating the protection of personal data.
42. In accordance with the requirements of the legislation, the Website applies security measures to prevent unauthorised disclosure and use of personal data.
SECTION IX. FINAL PROVISIONS
43. The legal relations related to this Policy shall be governed by the law of the Republic of Lithuania.
44. The Data Controller shall not be liable for damages, including damages caused by interruptions in the use of the Website, for loss or corruption of data caused by the actions or omissions of the person himself/herself or of third parties acting with the person’s knowledge, mistakes, deliberate damage, or any other improper use of the Website.
45. The Data Controller shall also not be liable for any disruption of access to and/or use of the Website and/or damage caused by such disruption or damage resulting from the acts or omissions of third parties not related to the Data Controller or the person, including power failures, Internet access failures, etc.
46. The Data Controller has the right to amend the Policy in part or in full.
47. Amendments or changes to the Policy shall come into effect from the date of their publication on the Website.
48. If, after the addition or modification of the Policy, a person continues to use the Website and/or the services provided by the Data Controller, the person shall be deemed not to have objected to such additions and/or modifications.
49. For all data processing issues, you can contact us by email at email@example.com.