Taking into account the Directive 95/46 (EC) of the European Parliament and the Council, which is currently transferred to the Law on the Legal Protection of Personal Data of the Republic of Lithuania, as well as taking into account the Regulation 2016/679 of the European Parliament and the Council, which comes into force in the EU countries from 2018/05/25 XNUMX, guided by the primary and secondary sources of EU law, international legal acts, the Constitution of the Republic of Lithuania, the Civil Code and the Labor Code of the Republic of Lithuania, tax administration, VAT, accounting, social insurance laws of the Republic of Lithuania and accompanying legal acts of the Government and Ministry of Finance of the Republic of Lithuania, which are also related to the legal protection of natural persons, "Pažangi Sveikata" UAB establishes the rules and principles of the internal procedure regarding the legal protection of personal data, because the protection of natural persons in the processing of personal data is a fundamental right, that is, every person has the right to the protection of his personal data.
These rules and principles apply to relations between UAB "Pažangi Sveikata" and Clients who use, have used, expressed the intention to use or are in some other way related to the services provided by UAB "Pažangi Sveikata", including relationships with clients that occurred before these rules and principles came into force . The right to the protection of personal data is not absolute, therefore the provisions and principles established in the rules are regulated taking into account the public purpose of the legal protection of personal data and are combined with other basic rights, based on the principle of proportionality and the economic and financial activities of UAB "Pažangi Sveikata".
Pažangi Sveikata UAB implements appropriate organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, as well as from any other unlawful processing. The aforementioned measures ensure a level of security that corresponds to the nature of the personal data to be stored and the risks posed by their processing, and are set out in these written rules.
Pažangi Sveikata UAB, authorizing the responsible persons to process personal data, determines that the data must be processed only according to the instructions of the head of the company and his authorized persons and the requirements of legal acts.
The rules and principles of personal data processing apply to all natural persons when processing their personal data, regardless of their citizenship or place of residence.
- GENERAL PRINCIPLES OF PERSONAL DATA MANAGEMENT
These personal data processing principles provide information on how Pažangi Sveikata UAB processes personal data, and all employees of the company who have received, receive or learn personal data in any way, process them or ensure the protection of personal data must follow these personal data processing principles.
Employees and authorized representatives of UAB "Pažangi Sveikata" must ensure that personal data is collected in the company defined consider for legitimate purposes and would not continue to be processed for purposes incompatible with established before collecting personal data, that is, the purposes are defined, legal and known in advance to the data subject.
Purposes must be established first and personal data collected later, not the other way around. Previous personal data collected legally and for certain purposes cannot be used for other purposes, unless the individual's consent has been obtained.
Employees and authorized representatives of UAB "Pažangi Sveikata" must use personal data for other purposes only when there is the consent of the person, it is determined by law or it is necessary for the protection of public interest.
UAB "Pažangi Sveikata" employees and authorized representatives must ensure that personal data is processed exactly, honestly ir legally, that is, personal data is received, collected and stored in accordance with the procedure established by legal acts, the person must be honestly informed about the purposes of using the data, the methods of obtaining it and the duration of storage. The data cannot be obtained by fraud or otherwise distorting the will of the person regarding data transfer.
UAB "Pažangi Sveikata" employees and authorized representatives must ensure that personal data is available accurate and, if necessary for the processing of personal data, are constantly updated. Inaccurate or incomplete data must be corrected, supplemented, destroyed or their processing stopped. Data is inaccurate if it is misleading or incorrect in relation to a matter of fact.
UAB "Pažangi Sveikata" employees and authorized persons must ensure that personal data is collected identical, suitable ir only of such scope, which is necessary for them to collect and further process. The collection of redundant data that is not necessary to achieve the purpose is prohibited. There must be a proportion (adequacy) between the amount of data and the desired goal, that is, there must be only as much data as is needed and no more.
UAB "Pažangi Sveikata" employees and authorized representatives must ensure that personal data is stored in such a way that the identity of data subjects can be determined no longer than is necessary for those purposes, for which these data were collected and processed, i.e. personal data are stored no longer than the purposes of data processing require. When personal data are no longer needed for the purposes of their processing, they must be destroyed, except for those that must be transferred to state archives in cases established by law.
Consent regarding the processing of personal data must be made known. There must be no doubt about the content and conditions of the consent and the expression of the individual's will.
The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of consent-based data processing carried out prior to the withdrawal of consent. The data subject is informed about this before giving consent. The company makes withdrawing consent as easy as giving it.
It is prohibited to process personal data that reveal racial or ethnic origin, political views, religious or philosophical beliefs or membership in trade unions, as well as to process genetic data, biometric data in order to specifically determine the identity of a natural person, data about a natural person's sex life and sexual orientation, criminal record or punishment.
Employees and authorized representatives of Pažangi Sveikata UAB have the right to process personal data when:
- the data subject gives consent;
- a contract is concluded or executed where one of the parties is a data subject;
- according to the law, the data controller is obliged to process personal data;
- the official powers granted by laws and other legal acts to state and municipal institutions, institutions and companies or to the third person to whom personal data are provided are implemented;
- processing is necessary for a legitimate interest pursued by the data controller or a third party to whom the personal data is provided and if the interests of the data subject are not more important;
- such processing is necessary for work purposes in order to implement the rights and obligations of the data controller in the field of labor law in cases established by law;
- the data subject has published personal data publicly;
- they are necessary for the case to be heard in court.
The principles of legal protection of personal data must be applied to any information about a natural person whose personal identity is determined or can be determined from the data.
Pažangi Sveikata UAB ensures the confidentiality of personal data in accordance with the requirements of valid legal acts and the implementation of appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, accidental loss, alteration or destruction or other illegal processing.
UAB "Pažangi Sveikata" has the right to use data processors for processing personal data, but takes the necessary measures to ensure that such data processors process personal data in compliance with the company's instructions and valid legal acts and require that the aforementioned persons implement appropriate personal data security measures.
UAB "Pažangi Sveikata" provides personal data to state and municipal institutions, law enforcement institutions and the court, to other third parties to whom the law gives the right to receive, collect and process personal data, only after receiving a written request from the recipient of said personal data, which is justified and motivated.
If there are reasonable doubts about the validity, legality and suitability of the received request, UAB "Pažangi Sveikata" turns to the requester to clarify or properly indicate the legal grounds and reasons for the necessity and scope of providing personal data.
If there are doubts about the validity of the received request, the head of the company or his authorized persons also informs the supervisory authority for the legal protection of personal data, so that it provides appropriate consultations and submits appropriate conclusions.
In order not to violate the right of third parties to the inviolability of their private life, when implementing the data subject's right to access their personal data, i.e. when issuing copies of documents or other information, only personal data related to the data subject must be provided. In this case, it is necessary to provide only as much personal data as the data subject requests about himself, that is, to depersonalize copies of documents, for example, black out the data of third parties, make extracts of these documents, etc.
UAB "Pažangi Sveikata" informs the subject of personal data about received requests regarding the transfer of his personal data to third parties. After the company has transferred personal data to other data recipients, it provides the personal data subject with information on what, to whom and for what purpose the personal data was transferred.
UAB "Pažangi Sveikata" applies preventive measures so that personal data cannot be illegally accessed by third parties, that is, after the end of the calendar year, during the third quarter of the following year, the internal documents and electronic media of the company are audited. Information that is unnecessary is removed/deleted from electronic media. Documents that are not needed are destroyed. Documents that must be stored are archived and transferred to the archive for storage in accordance with the procedure established by legal acts and in accordance with the provisions of these rules.
UAB "Pažangi Sveikata" uses only certified software, computer programs and other telecommunication tools in compliance with legal regulations. Service providers must be legal or natural persons with certified and relevant qualifications.
When choosing organizational and technical data security measures, Pažangi Sveikata UAB must follow the General requirements for organizational and technical personal data security measures, approved by the Director of the State Data Protection Inspectorate in 2008. November 12 by order no. 1T-71(1.12.) (hereinafter - General requirements).
The use of secure protocols (e.g. https) and/or passwords must be ensured when providing personal data over external data transmission networks.
UAB "Pažangi Sveikata" on the social website www.facebook.com ir www.instagram.com personal data can only be provided for which the person has given explicit consent. Consent must be in writing or otherwise clearly expressed. However, the expression of consent must be such that UAB "Pažangi Sveikata" could later prove the expression of the will of the person who gave the consent. The company must clearly indicate to the person what data will be collected or received, for what purpose this data will be distributed, and how long the personal data will be in the public space. A person must be given the opportunity to choose the terms for the storage of his data in the public space.
In order not to violate the rights of third parties and if there are several people in the photo, each person in the photo must give consent for their personal data to be disseminated in the public space.
UAB On the "Advanced Health" website goldbeautyline.lt personal data can only be provided for which the person has given explicit consent. Consent must be in writing or otherwise clearly expressed. However, the expression of consent must be such that UAB "Pažangi Sveikata" could later prove the expression of the will of the person who gave the consent. The company must clearly indicate to the person what data will be collected or received, for what purpose this data will be distributed, and how long the personal data will be in the information system space. A person must be given the opportunity to choose the terms of his data storage terms in the space of the information system.
In order to strengthen the right to be forgotten in the online environment, the right to request deletion of data is extended so that if UAB "Pažangi Sveikata" has made personal data public, the company must inform the data controllers handling such personal data so that they delete all links to that personal data, their copies or duplicates.
- Personal details - any information related to a person from which it is possible to determine his identity, both directly and indirectly, based on characteristics of a physical, physiological, psychological, economic, cultural or social nature. Personal data is considered, for example, name, surname, residential address, facial image, personal identification number, fingerprint, iris, telephone number, e-mail address, Internet Protocol (IP) address, car number, etc.
- Data processing – any action or set of actions performed with personal data (collection, recording, storage, grouping, connection, change, publication, search, destruction, etc.).
- Automatic processing of data - data processing actions performed by electronic means, i.e. various information and communication means: computers, telephones, tablets, smart watches, video recorders, cameras, voice recorders, etc.
- Customer (data subject)- every person whose personal data is processed, that is, any natural person who uses, has used, has expressed the intention to use or is otherwise related to the services provided by MB Kosmetikos Parduotuvė.
- Pažangi Sveikata UAB (data controller) – a legal entity that uses personal data for professional purposes, that determines the purposes and means of data processing, i.e. what defined and legitimate purpose, based on the legal basis and what personal data is processed, to whom it is provided, how the rights of the data subject are ensured, what software is used for data processing etc.
- Recipient of the data – legal or natural person to whom personal data is provided
- Provision of data - disclosure of personal data by transmission or otherwise making them available, with the exception of publication in public media.
- Duomenu tvarkytojas – a legal or natural person (who is not an employee of the data controller) authorized by the data controller to process personal data.
- Special personal data - data related to the natural person's racial or ethnic origin, political, religious, philosophical or other beliefs, membership in trade unions, health, sex life, as well as information about the person's criminal record. Personal code is also special personal data.
- Consent - a voluntary statement of the will of the data subject to process his personal data for a purpose known to him. The consent to process special personal data must be expressed clearly - in writing, equivalent to it or in another form that undoubtedly proves the expressed will of the data subject.
- Video surveillance - processing of video data related to a natural person (hereinafter referred to as "video data") using automatic video surveillance devices (video and photo cameras, etc.), regardless of whether this data is saved on a medium.
- Profiling-any form of automated processing of personal data, when personal data is used to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects related to the work results, economic situation, state of health, personal hobbies, interests of that natural person , reliability, conduct, location or movement.
- Assigning pseudonyms-processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without the use of additional information, if such additional information is stored separately and technical and organizational measures are applied in relation to it in order to ensure that personal data are not assigned to a natural person whose identity is established or whose identity can be identified to determine
- Third country– a natural or legal person, public authority, agency or other body that is not a data subject, data controller, data processor, or persons who are allowed to process personal data by direct authorization of the data controller or data processor.
- Breach of personal data security–a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, transfer, storage or other processing of personal data, or unauthorized access to it.
- Health data-personal data related to the physical or mental health of a natural person, including data on the provision of health care services that reveal information about the state of health of that natural person.
- Rules are binding on the company-the provisions of the personal data protection policy, which the data controller or data processor complies with, when transferring personal data or performing a sequence of transfers to one or more third-country data controllers or data processors belonging to the same group of companies or to a group of companies performing joint economic activities.
III. PURPOSES AND BASIS OF PROCESSING PERSONAL DATA
- Contractual civil legal relations
- In the case of civil contractual legal relations, the collection of personal data is carried out to the extent determined by legal acts and the need to properly execute transactions. Collected data to maintain communications: name, address, phone numbers, e-mail postal addresses.
- Data on relationships with legal or natural persons, the customer must provide when there is a representation on behalf of a third party for purposes. A person must submit a power of attorney or power of attorney in the form prescribed by law. Copies of the mentioned documents are not made.
- If the client wishes and seeks to receive certain payment deferrals and other financial privileges in the transactions, due to which the financial burden and risk falls on Pažangi Sveikata UAB, then the client must provide adequate and proportionate financial data and data related to the client's reliability and performance evaluation, i.e. data on accounts, available property, transactions, loans, income and liabilities.
- In each case, taking into account the contractual relationship, the company's possible burden and risk, the responsible employees of the company assess the need for obtaining the volume of data and collect only those data that are necessary to achieve the goal.
- If the objectives set out in 4.3 of these rules are implemented. and 4.4. points, it is possible to collect data on the client's place of residence for tax purposes, that is, data on the country where the client's place of residence is located, taxpayer identification number, citizenship.
- UAB "Pažangi Sveikata" has the right to use external and internal registers when it is necessary to execute the contract or to take actions at the customer's request before the conclusion of the contract or in the execution of legal duty. The company's actions regarding the collection or receipt of personal data must be adequate and proportionate.
- In outgoing VAT invoices - invoices, incoming VAT invoices - invoices or invoices, freight bills, CMR documents, receipts for cash receipts, cash receipts and other documents that record economic - financial transactions, personal data entries are made only those that are necessary and which are determined by law.
- The manager of UAB "Pažangi Sveikata" company or his authorized persons make sample documents, which indicate which personal data are required to be recorded and which are determined by law. Responsible persons who carry out economic and financial operations have been familiarized with the information specified in this point.
- The principles of legal protection of personal data specified in these rules of procedure must be applied to personal data obtained in contractual civil legal relations.
- If a person has voluntarily submitted additional, i.e. redundant personal data, it is considered that the person has consented to the collection, evaluation and proper handling of the above-mentioned personal data in civil contractual legal relations.
- Personal data obtained in contractual civil legal relations must be archived in accordance with the procedure established by law. After the day when the need to protect them disappears, a person's right "to be forgotten" must be properly implemented.
- Taking into account that civil legal relations are subject to a general statute of limitations of 10 years, and for individual civil relations laws establish shorter statutes of limitations, that the Tax Administration Act, the Social Insurance Act and other legal acts establish statutes of limitation of 5 years or shorter, contracts between individuals that are terminated or that ended 5 years ago or earlier, and for which there are no legal proceedings between Pažangi Sveikata UAB and the client, in accordance with the provisions of the Law of the Republic of Lithuania on Documents and Archives (Valstybės žinios, 1995-12-30, No. 107-2389), must be attached for further storage in the archive. In this way, further efficient management and availability of documents will be ensured, documents will be protected from damage, loss, illegal use, alteration, destruction.
- UAB "Pažangi Sveikata" has the right to collect personal data for the provision of additional services to the client, for asking the client's opinion, for market research and statistical data, for the organization of games and promotions, for the legitimate interest in improving the company's services and introducing new products to the market and providing new services .
- In each specific case, which is mentioned in 4.13. point or is not mentioned in it, UAB "Pažangi Sveikata" must clearly present to clients or individuals the purposes of personal data collection, what data will be collected and how long the received data will be stored. The person must give his consent in writing and indicate that he understood the purposes of data collection, the scope of data collection and the storage terms of the obtained data.
- Personal data obtained for the provision of additional services to the client, for asking the client's opinion, for market research and statistical data, for the organization of games and promotions, for the legitimate interest in improving the company's services and introducing new products to the market and providing new services, must be destroyed by law according to the established procedure, within 3 months from the day of the disappearance of the need to store them, that is, the person's right "to be forgotten" must be properly implemented.
- When performing sales operations through the E-store, customers and the scope of their data submission must be limited.
- A customer (a legal entity or a natural person) who is engaged in economic and commercial activities and wishes to purchase goods other than to meet his personal needs, must provide the data necessary for the execution of the transaction and which are determined by legal acts.
- The customer (consumer) who wishes to purchase goods to satisfy his personal needs must provide the data necessary for the delivery of the goods, i.e. name and address. However, a person can only provide an address and a nickname with an identification code if the goods are delivered by a courier service and the goods are delivered personally by the courier.
- Recipients of personal data
- Personal data is transferred to recipients such as:
- State institutions and institutions, other persons performing the functions assigned to them by law. The data is transferred according to the written request or mandatory according to the requirements established by the legal acts.
- Credit and financial institutions, third parties involved in the trading, settlement and reporting cycle. Only those data that are required to complete the settlement procedures or are mandatory in accordance with the requirements established by legal acts are transferred.
- Auditors, legal and financial consultants. Only those data that are necessary for the performance of the task are transferred. A confidentiality agreement is signed.
- Third parties managing registries or mediating the provision of personal data from such registries. The data is transferred according to the written request or mandatory according to the requirements established by the legal acts.
- Debt collection companies to which the client's claims are transferred, courts, non-judicial dispute resolution bodies and bankruptcy administrators. The data are transmitted only which are necessary for the performance of the task, according to the submitted inquiry or mandatory according to the requirements set by legal acts. A confidentiality agreement may be signed with the relevant persons.
- Persons who ensure proper fulfillment of the client's obligations to Pažangi Sveikata UAB, such as guarantors, guarantors, guarantors. The data is transferred according to the written request. Only those data that are necessary for the performance of the task are transferred.
- Other persons related to UAB "Pažangi Sveikata" service provision, such as archiving, postal service providers, other authorized parties.
- Only those data that are necessary for the performance of the task are transferred. A confidentiality agreement must be signed with authorized persons.
- Pažangi Sveikata UAB uses safe, reliable and certified data transmission channels. If there are doubts about the security of the personal data transmission channel, the company makes every effort to clarify the problematic issues in order to eliminate all doubts about the security of the personal data transmission channel.
- RIGHTS OF THE CUSTOMER AS A DATA SUBJECT
- Demand correction of his personal data if they are incorrect, incomplete or inaccurate.
- Do not consent to the processing of his personal data, if the basis for the processing of personal data is legitimate interests, including marketing purposes.
- Demand the deletion of his personal data, which are processed only with his consent, if the customer withdraws the corresponding consent. This right is limited if the personal data that is requested to be deleted is also processed on another legal basis, such as the processing is necessary for the performance of a contract or is the fulfillment of an obligation according to applicable legislation.
- To receive training on whether UAB "Pažangi Sveikata" processes his personal data and, if so, to familiarize himself with them.
- To receive the personal data provided by him, which is processed on the basis of his consent or contract performance, in writing or in a commonly used electronic form and, if possible, transfer such data to another provider.
- Withdraw your consent to the processing of personal data.
- If a person believes that his personal data is being processed in violation of his rights and legitimate interests in accordance with the applicable legal acts, he can submit a complaint about the processing of personal data to the manager of Pažangi Sveikata UAB. UAB "Pažangi Sveikata" is obliged to examine a person's complaint and submit a reasoned and justified answer in writing within 3 working days from the date of receipt of the complaint.
- A person who does not agree with the decision made by UAB "Pažangi Sveikata" can submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate, whose website address www.ada.lt.
- The customer has the right to apply to UAB "Pažangi Sveikata" in order to submit inquiries, withdraw consents given, submit requests or complaints regarding the implementation of the data subject's rights.
Pažangi Veikata UAB
March 11 st. 106-28 LT-49371
Telephone number. +370 645 42426
email Mr. firstname.lastname@example.org
Director Simona Kuzminaitė
- RESPONSE TO PERSONAL DATA PROTECTION VIOLATIONS
- In the event of a breach of personal data security, the responsible persons of UAB "Pažangi Sveikata" notify the competent law enforcement authority and supervisory authority without undue delay and, if possible, no later than within 72 hours after they become aware of the breach of personal data security In the territory of the Republic of Lithuania, unless the violation of personal data security should not endanger the rights and freedoms of natural persons.
- Upon learning of a personal data security breach, the data processor notifies the data controller without undue delay and indicates in the notification:
- a) the nature of the personal data security breach is described, including, if possible, the categories and approximate number of relevant data subjects, as well as the categories and approximate number of relevant personal data records;
- b) name and contact details of the data protection officer or other contact person who can provide more information;
- c) the likely consequences of a breach of personal data security are described;
- d) a description of the measures taken or proposed to be taken by the data controller to eliminate the personal data security breach, including, where appropriate, measures to reduce its possible negative consequences.
- If it is not possible to provide the information at the same time, the information may be provided in stages without further delay.
- The data controller shall document all personal data security breaches, including the facts related to the personal data security breach, its impact and corrective actions taken.
- VALIDITY AND AMENDMENT OF RULES AND PRINCIPLES
- The client can familiarize himself with the summary of the internal rules and operating principles of UAB "Pažangi Sveikata" regarding the legal protection of personal data and the corresponding provisions online goldbeautyline.lt
- UAB "Pažangi Sveikata" has the right to unilaterally change these rules and principles at any time, informing customers about essential changes on the website goldbeautyline.lt also by informing customers by mail or e-mail. by mail, SMS or other means.
- According to the principle of transparency, the information addressed to the public or the data subject must be concise, easily accessible and understandable, presented in clear and simple language and, in addition, use visualization where necessary. Information should be provided in electronic form, such as on a website, when it is intended for public release.
- Pažangi Sveikata UAB must provide conditions for submitting requests electronically, especially in cases where personal data is processed electronically. UAB "Pažangi Sveikata" must respond to the data subject's requests without undue delay and no later than within one month and indicate the reasons when it does not intend to satisfy any requests submitted by the client.
- Pažangi Sveikata UAB must provide the data subject with all additional information necessary to ensure fair and transparent data processing, taking into account the specific circumstances and context of personal data processing.