Policy on the processing and use of personal data
1. KEY DEFINITIONS
- The Company is Lprint UAB, legal entity code: 306071605; registered office address: Kaunakiemio g. 1 A-36, KAUNAS website: lprint.com
- A data subject is a natural person from whom the Company receives and processes personal data.
- An employee is a natural person who has an employment relationship with the Company and who, by the decision of the Head of the Company, is appointed to process Personal Data or whose personal data is processed.
- Personal data means any information relating to an individual from which the identity of a person is known or can be directly or indirectly established. Personal data includes name, surname, personal identification number, social security number, passport or identity card number, residential address, telephone number, e-mail address, bank account number, information on marital status.
- Data controller – in this case, the Company, which determines the purposes and means of personal data processing and to which personal data is transferred for processing.
- Data transfer is the disclosure of personal data by transfer or otherwise making them available (except for publication in the media).
- Data processing means any operation carried out on personal data: collection, recording, storage, storage, classification, grouping, aggregation, modification (addition or correction), provision, publication, use, logical and / or arithmetic operations, retrieval , dissemination, destruction or other action or set of actions.
- Automatic processing of data means processing operations carried out in whole or in part by automatic means.
- Special personal data means data relating to a person’s racial or ethnic origin, political, religious, philosophical or other beliefs, trade union membership, health, sexual life, as well as information about a person’s criminal record.
- Consent means a voluntary statement by the data subject of his or her will to process his or her personal data for a purpose known to him or her. Consent to the processing of personal data must be expressed in a clear, written, equivalent or other form that clearly demonstrates the free will of the data subject.
2. GENERAL PROVISIONS
- This Policy regulates the actions of the Company and its employees in processing personal data using automatic and non-automatic personal data processing tools installed in the Company, as well as establishes the data subject’s rights, personal data protection implementation measures and other issues related to personal data processing.
- The Company collects data of Data Subjects, which they voluntarily submit by ordering or purchasing the Company’s goods and services by e-mail or telephone, or by visiting the Company’s office directly.
- In order to protect the privacy of the Data Subject, the Company undertakes to use the personal data transmitted by it exclusively for the purposes specified in this Policy and not to disclose this information to any third parties without the consent of the Data Subject, except in cases provided by law.
- It is considered that the Data Subject is informed and agrees that in cases when the Company’s service providers due to the specifics of their services, such as IT systems administration, could technically access the Data Subject’s data processed by the Company, cooperation agreements with these providers include provisions addressing the obligations and guarantees of service providers with regard to privacy and adequate protection of personal data.
- Personal data is processed in the Company for the following approved purposes:
- Processing and administration of the purchase-sale (order) of goods and services of the Company or the Data Subject;
- For identification of the data subject in the Company’s information systems;
- issuing or administering invoices and other financial documents for goods and services sold and purchased;
- fulfillment of other contractual obligations;
- information about goods and services, ongoing promotions and the Company’s news;
- The company’s business analysts and statistical analyzes, general research, which allows to improve services and improve their quality;
- Audits ordered by the Company and inspections performed by the state;
- concluding, executing and accounting of employment contracts with Data Subjects;
- For the proper performance of the Company’s obligations as an employer established by legal acts, application of benefits established by legal acts to Data Subjects;
- to maintain proper communication with the Data Subjects employed by the Company outside working hours;
- to ensure appropriate working conditions for Data Subjects.
- By submitting his personal data to the Company, the Data Subject confirms and voluntarily agrees that the Company shall manage and process the personal data of the Data Subject in accordance with this Policy and applicable legal acts.
- This Policy is obligatory for all employees of the Company who process the personal data provided to the Company or become aware of them in the course of their duties, and only in cases when it is necessary to achieve the objectives listed in Clause 15 of this Policy.
3. PERSONAL DATA AND PRIVACY
- The Company collects the following data about natural persons who are employees of the Company: Name, surname, address, e-mail address, Skype account name, telephone number, data of identity documents (passport, identity card) (date of issue) , place, date of validity, number), personal identification number, social security number, bank account number or other payment details, copies of documents confirming the marital status of the Data Subject.
- The Company collects the following data about natural persons who are the Company’s customers, suppliers, business partners or their representatives: Name, surname, address, e-mail address and telephone number of the data subject.
- All personal data of Data Subjects provided to the Company are collected, stored and processed in accordance with the General Data Protection Regulation of the European Union, the Law on Personal Data Protection of the Republic of Lithuania and other legal acts regulating personal data protection in the Republic of Lithuania. The Company ensures the protection of the received data and undertakes to use this information only for the purposes specified in Clause 15 of this Policy, and only to the extent specified in the Data Subject’s consent, and in cases, purposes and ways provided by law.
- In performing their duties and processing the personal data of the Data Subject, the employees of the Company shall observe the following principles:
- The information provided by the data subject is collected, processed and stored only for the legitimate business interest of the Company and in strict compliance with the applicable legal acts regulating the protection of personal data and this Policy.
- The data subject collects personal data only for the purposes defined in Clause 15 of this Policy and processes them accurately, fairly and lawfully.
- When collecting and processing personal data, the principles of purposefulness and proportionality are observed, therefore it does not collect or store the data of the Data Subject that is not necessary to achieve the Company’s business objectives.
- The Company strives for the data of the Data Subjects to be complete, up-to-date and accurate, therefore the data is constantly corrected and updated.
- The personal data of the data subject shall be stored for no longer than is necessary to achieve the purposes of data processing based on the legitimate business interests of the Company and for no longer than required by applicable legislation, and the data shall be destroyed immediately.
- The personal data of the data subject are processed and can be obtained only by those employees of the Company for whom this information is necessary for the performance of their duties.
4. MARKETING AND CORRESPONDENCE
When purchasing the Company’s products and services, the Data Subject may voluntarily consent to the use of personal data provided by the Company for marketing purposes, expressing his / her consent by ticking the appropriate boxes in his / her consent to process his / her personal data.
- After confirming the consent to receive the Company’s marketing information, the Data Subject may receive by e-mail information notices about the goods and services, promotions, discounts, the Company’s news and customer surveys for the purposes of quality research.
- The Data Subject has the possibility to refuse the information sent by the Company by clicking on the provided refusal link of the Company’s offers and news in the newsletter or other letter sent to the Data Subject.
- A data subject may exercise his right to refuse to have his data processed for the purposes of direct marketing by informing the Company by post or by any other means of communication, except by telephone.
5. COOKIES AND IP ADDRESSES
- Part of the personally identifiable information is collected automatically at the time when the Data Subject visits the Company’s website, as the Data Subject’s Internet Protocol address must be recognized by the Company’s server. An IP address is a unique number assigned to each computer connected to the Internet, known as an Internet Protocol (IP) address. IP addresses are used to administer the website and diagnose possible problems.
- The Company’s website also uses data analysis tools – cookies.
- By visiting the Company’s website, the Data Subject agrees to the storage of cookies mentioned in this Policy on the Data Subject’s computer (device).
- Cookies are small data files that a web page places on the Data Subject’s computer. Cookies allow the web page to recognize the Data Subject’s browser, but do not allow the user to identify himself.
- No personal data of a page visitor is collected with the help of cookies. No personally identifiable information is passed on to any third parties during the storage of cookies.
6. SECURITY AND PROCESSING OF PERSONAL DATA
- In accordance with the applicable legal acts regulating the protection of personal data, the Company ensures that the data provided by the Data Subject is protected against any illegal actions: unlawful alteration, disclosure or destruction of personal data, identity theft, fraud and that the level of personal data protection is adequate. Requirements of legal acts of the Republic of Lithuania.
- The Company shall use appropriate business systems and procedures, security systems, technical and physical means to protect and defend the personal data entrusted to the Company by the Data Subject.
- Personal data shall be processed manually and automatically using the personal data processing facilities installed in the Company.
- Personal data of data subjects may be processed only by persons authorized by the Head of the Company.
- Every employee who processes personal data or has access to personal data accidentally signs an employee’s non-disclosure agreement and processes personal data in strict accordance with the applicable legislation of this Policy, in all cases protecting personal data confidentiality. The principle of confidentiality must be observed by the Company’s employee even after the employment relationship has ended. The employee loses the right to process personal data when the contract validating his employment relationship with the Company expires, or when the head of the Company revokes the employee’s authorization to process personal data.
- Employees who automatically process personal data or from whose computers access the local area network or cloud areas where personal data is stored must use passwords. Passwords must be changed periodically, as well as in certain circumstances (eg change of employee, threat of burglary, suspicion that the password has become known to third parties, etc.). An employee working on a particular computer can only know their password.
- The employee responsible for computer maintenance shall ensure that personal data files are not “shared” from other computers, unless this is necessary to achieve the Company’s business objectives, and antivirus programs are set to update periodically automatically.
- The computer maintenance officer shall make copies of the data files on the computers. If these files are lost or damaged, the responsible employee must restore them no later than within 3 (three) working days.
- Excessive, irrelevant, inaccurate and otherwise unnecessary copies of the Company’s documents and data files containing personal data shall be immediately destroyed in such a way that these documents and files cannot be reproduced and their content cannot be reproduced.
- Documents of data subjects and their copies, financial, accounting and reporting, archival or other files containing personal data shall be stored in lockers or safes locked in well-protected premises.
7. RIGHTS OF THE DATA SUBJECT
- The data subject has the following fundamental rights:
- know that the Company processes his personal data;
- to get acquainted with their personal data processed by the Company and to find out how they are processed;
- to demand that the Company correct, destroy his personal data or suspend the processing of data, except for storage, when his personal data is processed in violation of the applicable legal acts;
- refuse to process his personal data or revoke in whole or in part his consent to the processing of his personal data, unless he has placed an order for goods and services with the Company or has a valid contract for the purchase of goods and services;
- A data subject who has submitted an identity document shall have the right to get acquainted with the personal data held and processed by the Company and to receive information from which sources and which personal data have been collected, for what purpose they are processed and to whom. Upon receipt of the Data Subject’s written request (by registered mail or e-mail), the Company shall provide the requested data in writing (by registered mail or e-mail) or indicate the reasons for refusing to comply with such request no later than within 30 calendar days from the date of receipt of the Data Subject’s request. The response shall be provided to the Data Subject in the same form as the request, unless the Data Subject’s request expresses a wish to receive the information in another way.
- The data subject must provide the Company with complete and correct personal data and inform the Company if any of his / her personal data provided to the Company changes. The Company will not be liable for any damage caused to the Data Subject due to the Data Subject providing incorrect and / or incomplete personal data or failing to properly and timely inform about their changes.
- The Company cannot fully guarantee that its website will function continuously and without any disruptions or errors, that it will always and completely be protected from viruses or other malicious components, but the Company uses security systems and technical measures to prevent cyber security incidents.
9. VALIDITY AND CHANGE OF POLICY
- This Policy and any subsequent versions thereof shall enter into force upon their approval by the order of the Head of the Company. Each valid version of the Policy must be posted on the Company’s website.