The purpose of the Privacy Policy is to inform how the personal data of data subjects are collected and processed, how long they are stored, to whom they are provided, what rights data subjects have and where to go to exercise them, or any other issues related to the processing of personal data.
Personal data is processed following the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating the protection of personal data.
Auksinės kopos Private Limited Liability Company is guided by the following basic principles of data processing:
- personal data are collected only for clearly defined and legitimate purposes;
- personal data shall be processed only lawfully and fairly;
- personal data are kept up to date;
- personal data shall be kept securely and for no longer than required by the stated purposes of processing or by law;
- personal data shall be processed only by those employees of the Company who are authorized to do so by their job functions or by duly authorized processors.
1. CONCEPT
- Data Controller – Closed Joint Stock Company “Auksinės kopos” (hereinafter referred to as the “Company”), legal entity code 252550150, registration address Jūros g. 30, Palanga.
- Data subject – any natural person whose data is processed by the Company. The Data Controller collects only those data of the data subject which are necessary for the performance of the Company’s activities and/or for visiting, using, and browsing the Company’s websites, Facebook or Instagram pages, etc. (hereinafter referred to as the “Website”). The Company ensures that the personal data collected and processed will be secure and will only be used for a specific purpose.
- Personal data means any information relating directly or indirectly to a data subject whose identity is known or can be identified, directly or indirectly, by reference to the data concerned. Processing of personal data means any operation performed on personal data (including collection, recording, storage, editing, alteration, access, retrieval, transmission, archiving, etc.).
- Consent means any freely given and informed indication by which the data subject agrees to the processing of his or her data for a specified purpose.
- Cookies – small pieces of textual information used on the Company’s website that is automatically generated when browsing the website and stored on the computer or other device used by the data subject (website visitor). Cookies are used to improve the browsing experience of visitors to the website and to analyze the traffic and behavior of visitors to the website.
2. SOURCES OF PERSONAL DATA
- The personal data shall be provided by the data subject. The data subject contacts the Company, registers for services, uses the services provided by the Company, purchases goods and/or services, participates in games organized by the Company, leaves comments, asks questions, subscribes to newsletters, contacts the Company for information, etc.
- The personal data is obtained when the data subject visits the Company’s website. The data subject fills in the forms on the website or, for whatever reason, leaves his or her contact details, etc.
- Personal data is obtained from other sources. Data is obtained from other bodies or companies, publicly accessible registers, etc.
3. PROCESSING OF PERSONAL DATA
- By providing personal data to the Company, the data subject agrees to the Company’s use of the collected data in the performance of its obligations to the data subject, in the provision of services expected by the data subject.
- The Company processes personal data for the following purposes:
- To ensure the maintenance and continuity of the Company’s business. For this purpose, the following data is processed:
- To conclude and perform contracts, personal data of suppliers (natural persons) may be processed: name(s), surname(s), personal identification number or date of birth, place of residence (address), telephone number, e-mail address, place of work, job title, bank account and the bank where the account is located, date, amount, the currency of the monetary transaction or transaction, and any other data provided by the individual, which the Company receives following the legislation in the course of the Company’s activities and/or which the Company is obliged to process by law and/or other legislation. For example, the data contained in the business certificate (type of activity, group, code, name, periods of activity, date of issue, amount), the number of the certificate of individual activity, data on whether the data subject is a VAT payer, and any other data necessary for the proper performance of the contractual and/or statutory obligations.
- For the administration of the company’s debtors, personal data of customers (debtors, natural persons) may be processed, such as name(s), surname(s), telephone number, e-mail address, amount of the debt, information on the goods and/or services rendered, other data related to the debt.
- Contracts, VAT invoices, and other related documents shall be stored by the time limits specified in the General Index of Document Storage approved by the Order of the Chief Archivist of Lithuania.
- Data relating to the administration of the Company’s debtors shall be kept no longer than is necessary for the purposes for which the personal data are processed.
- Provision of accommodation and catering services. For this purpose, the following data is processed:
- Name(s), surname(s), number of the identity document, date of arrival, date of departure, names of the spouse and/or minor child(ren) arriving together, number of adults and children who will use the services of the Hotel, food requirements, bank account details, bank, cost of the service, car registration number, power of attorney details (if the hotel is booked by a representative of a legal person), place of work and position, signature, other personal data related to the provision of the service.
- The data shall be kept for 10 years after the end of the contractual relationship with the customer.
- Providing real estate rental and sales services. For this purpose, the following data is processed:
- Name(s), surname(s), personal identification number, address, signature, price for renting and/or selling real estate, payment details for services, and other personal data related to the provision of services.
- The data shall be kept for 10 years after the end of the contractual relationship with the client.
- Inquiries, comments, and complaints The following data are processed for this purpose:
- Name(s), surname(s) and/or username, email address, telephone number, address, subject of the message, comment, feedback or complaint, text of the message, comment, feedback, or complaint.
- The data on inquiries, comments, and complaints shall be stored for 1 calendar year from the date of submission.
- Sale of gift vouchers. For this purpose, the following data is processed:
- Name(s), surname(s), value of the gift voucher, name(s) of the purchaser of the gift voucher, date of sale, number of the gift voucher, e-mail address, telephone number, expiry date of the gift voucher, billing details, name of the recipient of the voucher.
- Personal data is not stored.
- Conducting games, and competitions. For this purpose, the following data is processed:
- Name(s), surname(s) and/or username, telephone number, e-mail address.
- The personal data of the winning participants is stored until the date of collection of the prize. The personal data of non-winning entrants will not be stored.
- E-commerce. For this purpose, the following data is processed:
- Name(s), surname(s), telephone number, e-mail address, details of the product/service selected, and payment details of the product/service.
- The personal data is only stored to the extent and for the time necessary to achieve the stated purposes. When the customer’s data no longer needs to be processed, a decision is taken to destroy them, except for those that must be archived following the law or the Company’s internal local regulations.
- Use of cookies. The following data are processed for this purpose:
- IP addresses of visitors’ computers, data from visits to the website.
- The data is stored for the periods specified in the Company’s privacy policy (see below).
- Direct marketing. For this purpose, the following data is processed:
- Name(s), surname(s), email address, telephone number.
- The data is stored for 5 years after the date of consent. This period may be extended if the personal data are used or may be used as evidence or a source of information in a pre-trial or other investigation, including an investigation conducted by the DPAI, in civil, administrative, or criminal proceedings, or any other cases provided for by law. In such a case, personal data may be kept for as long as necessary for these processing purposes and destroyed as soon as they are no longer necessary.
- To ensure the security of the company’s employees, other data subjects, and property (video surveillance). For this purpose, the following data is processed:
- Video image. Video surveillance systems do not use facial recognition and/or analysis technologies, and the video data captured by them are not grouped or profiled according to a specific data subject (person). The data subject shall be informed about the video surveillance through information signs with the symbol of the video camera and the details of the Company, which shall be displayed before entering the monitored area and/or premises. The field of surveillance of CCTV cameras shall exclude premises where the data subject expects absolute protection of personal data.
- Personal data (image data) obtained by CCTV cameras shall be stored for up to 14 (fourteen) calendar days from the moment of their capture, after which they shall be automatically destroyed unless there are grounds to believe that an offense, a criminal offense or other unlawful acts have been committed (pending the outcome of the relevant investigation and/or legal proceedings).
- Other purposes for which the Company has the right to process the personal data of the data subject, where the data subject has expressed his or her consent, where the processing is necessary for the legitimate interest of the Company, or where the Company is obliged to process the data by the relevant legal acts.
4. USE OF COOKIES
- The company uses cookies on the website to improve and enhance the visitor experience.
- The following types of cookies may be used on the Company’s website:
- Technical (essential) cookies – help the website visitor to display the website and its content, and help ensure the functionality of the website. Technical cookies are necessary for the proper functionality of the website and do not require the consent of the website visitor.
- Functional cookies – are used to help the website visitor to use the Company’s website, to remember the choices and preferences made during browsing. Functional cookies are not necessary for the full functionality of the website, but they add functionality and improve your experience of using the Company’s website.
- Analytical cookies – used to obtain information about how visitors use the Company’s website. This is necessary to enable us to optimize and improve the Company’s website. Analytical cookies allow us to collect data about the web pages you have viewed, the pages you came from, the emails you have opened and responded to, and the date and time information. This also means that we may use information about you and how you use this website, such as the frequency of your visit, the number of clicks on a particular page, the search terms used, etc.
- Commercial (targeting or advertising) cookies – used to provide personalized advertising to a visitor to the Company’s website. This is called “remarketing” and is based on browsing actions, such as the products and/or services you have searched for, and viewed.
- Access to statistical data about visitors to the Company’s website is available to the Company’s employees who are responsible for analyzing this data and improving the website.
- Technical records may also be accessed by the Company’s partners who provide content management tools for the Company’s website.
- The data collected using cookies are stored by the Company for no longer than is necessary to achieve the purposes of the processing or for no longer than is required by the data subjects and/or provided for by law.
- More detailed information about cookies can be found at org.
- If you do not agree to our use of cookies, you can change your browser settings and control the number of cookies. Useful links on how to refuse cookies can be found below:
- For Chrome: https://support.google.com/chrome/answer/95647?hl=en;
- For Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies;
- For Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac;
- Edge browser: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy.
- The Company’s website currently uses the following cookies:
Cookie name | Description of the purpose of the cookie | Supplier | Validity |
5. USE OF SOCIAL NETWORKS
- Any information you provide via social media (including messages, the use of the “Like” and “Follow” boxes, and other communications) is under the control of the operator of the relevant social network.
- Our Company currently has an account on the social network Facebook, whose privacy policy is available at https://www.facebook.com/privacy/explanation;
- Our Company currently has an account on the social network Instagram, whose privacy policy is available at https://help.instagram.com/519522125107875.
- We recommend that you read the privacy notices of third parties and contact the service providers directly if you have any questions about how they use your data.
6. SENDING NEWSLETTERS
- For sending newsletters
7. E-COMMERCE
- The e-shop of the private limited liability company “Auksinės kopos” is built on the R-Keeper platform. The data collected for e-commerce is stored on R-Keeper servers. The privacy policy of the e-commerce platform is available at:
- R-Keeper Privacy Policy: https://rkeeper.com/privacy-policy/.
- The Company uses the Paysera, TransactPro, Neofinance, and Demipay platforms to accept payments. The privacy policies of the payment acceptance platforms can be found at:
- Paysera Privacy Policy: https://www.paysera.lt/v2/lt-LT/sutartys/privatumo-politika-2020
- TransactPro privacy policy: https://www.transactpro.eu/uploads/documents/1530542107-personal-data-protection-policy.pdf
- Neofinancial Privacy Policy: https://www.neofinancial.com/privacy-policy
- Our website is protected by a security protocol based on a data encryption system certificate (SSL). The web address of such a shop contains the letter “s”: “https://”.
- Our website is protected by a security protocol based on a data encryption system certificate (SSL). The web address of such a shop contains the letter “s”: “https://”.
8. PROVISION OF PERSONAL DATA
- The Company undertakes to respect the duty of confidentiality towards data subjects. Personal data may be disclosed to third parties only if this is necessary for the conclusion and performance of a contract for the benefit of the data subject or other legitimate reasons.
- The Company may provide personal data to its data processors who provide services to the Company and process personal data The Company’s data processors are entitled to process personal data only on the instructions of the Company and only to the extent necessary for the proper performance of their obligations under the contract. The Company shall only engage processors who provide sufficient guarantees that appropriate technical and organizational measures will be implemented in such a way that the processing complies with the requirements of the Regulation and that the data subject’s rights are protected.
- The Company may also provide personal data in response to requests from courts or public authorities to the extent necessary for the proper exercise of the applicable law and for compliance with instructions from public authorities.
- The company guarantees that personal data will neither be sold nor rented to third parties.
9. PROCESSING OF PERSONAL DATA OF MINORS
- Persons under the age of 14 may not submit any personal data through the Company’s website. If a person is under the age of 14, to benefit from the Company’s services, the written consent of a representative (parent, mother, guardian) for the processing of the personal data is required before the submission of personal information.
10. STORAGE PERIOD FOR PERSONAL DATA
- Personal data collected by the Company shall be stored in printed documents and/or in the Company’s information systems. Personal data shall not be processed for longer than is necessary to achieve the purposes of the processing or for longer than is required by the data subjects and/or provided for by law.
- Although the data subject may terminate the contract and refuse the Company’s services, the Company shall remain obliged to retain the data subject’s data for possible future claims or legal claims until the expiry of the retention periods.
11. RIGHTS OF THE DATA SUBJECT
- Right to receive information about the processing of data.
- Right of access to the data processed.
- The right to have the data rectified.
- The right to have the data erased (‘Right to be forgotten’). This right does not apply if the personal data for which erasure is requested is also processed on another legal basis, such as processing necessary for the performance of a contract or for the performance of an obligation under applicable law.
- Right to restrict processing.
- The right to object to processing.
- Right to data portability. The right to data portability shall not adversely affect the rights and freedoms of others. The data subject shall not have the right to data portability in respect of personal data processed in non-automatically structured files, such as paper files.
- The right to request that a decision based solely on automated processing, including profiling, is not applied.
- The right to complain about the processing of personal data with the State Data Protection Inspectorate.
12. The Company shall enable the Data Subject to exercise the above-mentioned rights of the Data Subject, except in cases provided by law, where it is necessary to ensure national security or defense, public order, prevention, investigation, detection, or prosecution of criminal activities, important economic or financial interests of the State, prevention, investigation, and detection of breaches of official or professional ethics, or protection of the rights and freedoms of the Data Subject or any other person.
13. PROCEDURE FOR THE EXERCISE OF THE DATA SUBJECT’S RIGHTS
- The data subject may contact the Company to exercise his/her rights:
- by submitting a written request in person, by post, through a representative, or by electronic means – by e-mail: info@akopos.lt;
- orally by telephone: +370 614 16646;
- in writing to the following address: Jūros g. 30, Palanga.
- To protect the data from unauthorized disclosure, the Company shall verify the identity of the data subject upon receipt of a data subject’s request to provide data or exercise other rights.
- The Company’s reply to the data subject shall be provided no later than one month from the date of receipt of the data subject’s request, depending on the specific circumstances of the processing of personal data. This period may be extended by a further two months if necessary, depending on the complexity and number of requests.
14. RESPONSIBILITIES OF THE DATA SUBJECT
- The data subject shall:
- inform the Company of any changes to the information and data provided. The Company needs to have correct and valid data subject information;
- provide the necessary information to enable the Company to identify the data subject at the request of the data subject and to verify that it is communicating or cooperating with the data subject (by providing proof of identity or using a legal procedure or electronic communication that allows for the proper identification of the data subject). This is necessary for the protection of the data subject’s data and the data of others so that the information disclosed about the data subject is provided only to the data subject, without prejudice to the rights of other persons.
15. FINAL PROVISIONS
- By providing the Company with personal data, the data subject accepts this Privacy Policy, understands its provisions, and agrees to abide by it.
- The Company has the right to unilaterally modify this Privacy Policy at any time as part of the development and improvement of the Company’s activities. The Company has the right to unilaterally, partially, or completely change the Privacy Policy by notifying you on the website akopos.lt.
- Amendments or changes to the Privacy Policy shall come into force from the date of their publication, i.e. from the date on which they are posted on the website akopos.lt.
REQUESTS AND COMPLAINTS “You may submit a request/complaint regarding a service purchased on our website to the State Consumer Rights Protection Service (Vilniaus g. 25, 01402 Vilnius, e-mail: tarnyba@vvtat.lt, tel. 8 5 262 67 51, fax. (8 5) 279 14 66, website www.vvtat.lt), as well as the territorial units of the State Consumer Rights Protection Service in the counties or by filling in the request form on the EGS platform http://ec.europa.eu/odr/.