Personal data is any data that may directly identify the individual (you or any other personal data subject). The policy describes personal data protection and responsible data collection, handling, processing, storage, and erasure.
The Company collects personal data for the following legitimate interests:
- Providing information to existing or future customers about the goods and services (marketing).
- Ensuring webpage functioning (strictly necessary cookies) and assessing as to which information customers are interested in while browsing the webpage or social network accounts online (information analysis using cookies).
- Communicating with customers by email or through the forms provided on the webpage (providing information).
- Cookies that help ensure the security of the webpage can also be used.
This allows the Company to improve the relevant content that is displayed to webpage visitors.
WHICH PERSONAL DATA CAN BE COLLECTED
This section includes a full list of personal data that can be collected on the webpage or other Company accounts. It does not mean that this data will be collected about all customers; for some services, fewer personal data may be collected.
- Full name, email address, postal address, phone number.
- Identification information about the device, including its browser, that is used to view the content of the webpage (e.g. IP address which allows identifying the device online).
- Any information provided in messages or comments on the webpage. When visitors post comments on the webpage, the Company collects the data that is visible in the commenting form and stores the visitor’s IP address and browser user entry to protect itself from spam.
- Cookies are short text files that are stored on the device to ensure proper functioning of the webpage. Specifically, the following cookies are used (for more information about them, please visit respective webpages of the service providers):
- Cookie consent.
- Trackers are not used on the Company’s webpage.
- Other provided information that may be considered personal data (comments, opinions, correspondence).
The Company does not collect:
- Any special-category (sensitive) personal data. Please be informed that in cases of unsanctioned attempts to break into the webpage or other Company-managed resources, personal data (technical login details) may be collected to prevent cybercrime and protect legitimate interests of the Company.
Also, the Company is entitled, at its discretion, to erase any personal data provided if they are redundant and unnecessary for its operation.
WHICH PERSONAL DATA CAN BE COLLECTED
Personal data can be collected in the following ways:
- Upon agreeing to receive Company newsletters or other marketing material.
- From opinions or comments posted on the Company’s webpage or social network accounts.
- Through mentioning the Company on other social platforms, e.g. clicking “Like” or selecting “Follow” on social networks. Note. When using the functionalities of social networks, such as Facebook, personal data and actions recorded (e.g. clicking “Like”) are handled in accordance with the privacy rules of respective social networks.
- While browsing the webpage on any device (cookies allow identifying the specific device from which the user connects to the webpage).
WHAT PERSONAL DATA ARE USED FOR
Personal data are collected for a specific purpose and cannot be used for any other purposes without consent or legal grounds. Personal data can be collected and used, respectively, for the following purposes:
- To ensure the quality of content provided on the webpage.
- To provide the services ordered, e.g. sending newsletters or other information and personalised login to the webpage (account).
- Sales of goods (when the Company sells or buys goods, it is obliged to store information according to the laws of the Republic of Lithuania).
- To collect statistical data about the use of the webpage and social network accounts.
- To respond to queries or any other correspondence.
- When a query concerns the data of a specific person, it may be provided only upon identifying that the requestor is indeed that person, e.g. upon providing an identity document.
- When the Company is required to provide information to national institutions in accordance with the applicable laws of the Republic of Lithuania.
- To protect the legitimate interests of the Company.
TO WHOM PERSONAL DATA CAN BE TRANSFERRED
Personal data can be transferred to legal persons operating within the European Union who are also bound by the GDPR and other regulations related to the protection of personal data. The Company can transfer personal data in the following cases:
- Because third parties are used to store webpage content, they are data administrators (they cannot use personal data but they can have access to some of the data).
- When, on legally reasonable grounds, respective institutions make legitimate requests to provide specific personal data, i.e. the Company is fulfilling its duties and obligations.
- Messages from visitors may be checked by an automated anti-spam system of the webpage.
The Company encourages its visitors to be careful and responsible when providing their personal data. When personal data are voluntarily provided in comments or other pages of user generated content, the Company cannot be held accountable for how others may use this personal data. Also, the Company cannot be held accountable for all webpages with links on the Company’s webpage or their personal data handling policies and procedures.
PERSONAL DATA STORAGE TERM
- Having consented to receiving marketing information (newsletters) by email or SMS, personal data are stored for two years or until a request to revoke the consent is received.
- If a purchase/sale of goods/services agreement has been implemented, data about it are stored for 10 years or another term set forth in the laws of the Republic of Lithuania.
- Cookies are stored for terms specified in the policies of cookie applications (e.g. Google) and may differ. Please note that you can reject cookies in the Company’s webpage cookie selection window.
- When you register on the Company’s webpage, the Company protects all the personal data that you provide upon registering your account. This data can also be seen and edited by webpage administrators.
TECHNICAL MEASURES OF PERSONAL DATA PROTECTION
The Company applies various technical measures to protect its webpage:
- Use of secure webpage and online protocols for safe information transfer online (https:).
- Personal data encryption in databases.
- Restriction and management of access rights.
- IT security measures of hosting and data centre service providers (firewalls, security zones, etc.).
Detailed information about the security measures applied is confidential and can only be provided in specific cases to law enforcement institutions.
Please be informed that Digital Ocean services are used for hosting the webpage; servers are located in data centres in the European Union.
DATA SUBJECT RIGHTS AND GDPR IMPLEMENTATION PRINCIPLES
General Data Protection Regulation is available here.
In following GDPR, the Company observes the following GDPR principles:
- Personal data must be handled lawfully, fairly, and transparently in relation to the data subject (principle of lawfulness, fairness, and transparency).
- Personal data are collected for the stated and clearly defined legitimate purposes and are not handled further in ways that are not compatible with these purposes.
- Available personal data should be adequate, appropriate, and only of the scope required for the purposes for which they are handled (principle of data reduction). /li>
- Personal data need to be accurate and updated as necessary (principle of accuracy).
- Personal data must be stored in the form that would allow identifying data subjects for as long as it is necessary for the purposes for which personal data are handled (principle of limiting the storage period).
- Personal data must be handled so as to ensure adequate personal data protection, including protection from unauthorised or illegitimate data handling and its accidental loss, erasure or corruption when respective technical or organisational measures are applied (principle of integrity and confidentiality).
Data manager (Pažangi Energija, UAB) is accountable and should be able to prove that GDPR is observed (principle of accountability). According to GDPR, data subject has the following rights:
- The right to be informed about personal data handling.
- The right to get familiarised with the personal data handled.
- The right and possibilities to request correction of the personal data that is available to the manager or administrator.
- The right to “be forgotten” (to have personal data erased).
- The right to restrict or revoke prior consent for handling personal data.
- The right to data transfer (possibility to receive the collected personal data in electronic formats).
- The right to reject personal data handling (e.g. profiling for marketing purposes),
If you have an account on this webpage, you can contact us at the following address for any queries about personal data handling. If the issue cannot be resolved directly, you can submit a query or a complaint to the State Data Protection Inspectorate using the contact details available on vdai.lrv.lt/en .
Personal data are managed by Pažangi Energija, UAB. For queries regarding personal data protection, please contact email@example.com.