These personal data protection rules regulate the basic principles and procedure for the collection, processing and storage of personal data, regulated by the EU General Data Protection Regulation (EU) 2016/679 (entered into force on May 25, 2018) and currently valid in Lithuania, personal data legal acts regulating protection.
The collection, processing and storage of the buyer's personal data is determined by these Rules, the rules for shopping in the online store and other laws and regulations.
Personal data is collected for defined and legitimate purposes.
Personal data is handled accurately and fairly.
Personal data is stored no longer than required by laws and regulations.
Personal data is processed only by those employees who have been granted such a right.
All information about processed personal data is confidential.
II. Collection, processing, storage of personal data
The Data Controller collects and uses the Buyer's personal data (name, surname, address, telephone number and e-mail address) for the processing of product orders.
The buyer's personal data is stored in the database of this online store for 2 years, counting from the date of the last purchase order. At the end of the data storage period, the Buyer's personal data is destroyed.
When purchasing goods in this online store, personal information is requested only when placing an order. Order confirmation is considered as consent to provide your personal data.
By agreeing to the processing of the Buyer's personal data for the purpose of selling goods and services in the Seller's online store, the Buyer also agrees that the e-mail specified by the Buyer e-mail address and/or phone number will be sent informational messages necessary to fulfill the order of goods. Letters are sent immediately after the confirmation of the order, letters informing about the change in the status of the order (confirmation and notification about the shipment, thanks for the purchase after receiving/picking up the order).
The Buyer has the right to apply to the manager of the electronic store with a request to submit all data collected in the electronic store about the Buyer. These are the data provided by the Buyer himself (e-mail address, home address, telephone, etc.) and data collected during his activity in the online store - order history, favorite products, other information. This information must be provided in a conventional paper or computer readable format.
The buyer also has the right to demand the deletion of data (the right to be forgotten) or their transfer, in a commonly used or computer-readable format.
This electronic store undertakes not to disclose the Buyer's personal data to third parties, except in cases where the information is necessary for a partner providing goods delivery or other services related to the proper fulfillment of the Buyer's order. In all other cases, the Buyer's personal data may be disclosed to third parties only in the cases and procedure provided by the legal acts of the Republic of Lithuania.
III. Changing, updating or destroying personal data
The buyer has the right to change and/or update the information provided in the order form.
The destruction of data is carried out in the following order: the responsible person - the manager of this electronic store, connects to the administration environment of the website and deletes all data after 2 years from the date of the last order.
IV. Data processing risk assessment
Data protection administration is assigned to the manager of this online store, who is responsible for the preparation and maintenance of the rules.
Risk assessment is carried out no more than once a month.
Network security measures are checked.
The physical location and security of the database is reviewed.
Database backups are created every 24 hours.
V. Granting the right to process personal data
The right to process personal data and the right of access to personal data in the online store is granted only to the manager of this online store.
The right to process personal data is granted only to the manager of this electronic store, for whom personal data is necessary for the fulfillment of customer orders.
VI. Technical protection measures
The company providing the hosting service for the online store is responsible for the security of the server data (physical security, backup recovery).
VII. Legislation and standards governing the processing of personal data
The Law on Legal Protection of Personal Data of the Republic of Lithuania (ADTAĮ).
General Data Protection Regulation (EU) 2016/679 (enters into force on 25 May 2018).
In 2017, for the manager of this electronic store February 22 Personal data controller status granted by the State Data Protection Inspectorate, no. P7591.