Your personal data submitted with the order is stored and never transferred to third parties, except when required for the execution of the order or as required by the laws of the Republic of Lithuania.
Rules on the processing of personal data
I. Basic Concepts
1.1. Company - Imenza UAB, a company incorporated under the laws of the Republic of Lithuania, with its registered office at G May g. 14, Anykščiai, Republic of Lithuania, company code 154107957, information about the company is stored and stored in the Register of Legal Entities. Company websites: imenza.lt and dviraciudalys.lt
1.2. Data subject - a natural or legal person (buyer) whose data is processed in the Company.
1.3. Personal Data - means information related to a natural person - a Data Subject, which is listed in clause 2.4 of these Rules.
1.4. Processing of Personal Data - shall mean any action taken with Personal Data: collection, recording, storage, storage, classification, grouping, merging, modification (addition or correction), provision, use, deletion or any other act or set of actions.
1.5. Automatic processing of data means data processing operations wholly or partly carried out by automatic means.
1.6. Employee - means a person who has an employment or similar contract with the Company and who, by the decision of the Head of the Company, is assigned to process the Personal Data.
1.7. Data Controller - means a legal or natural person authorized by the Company to process personal data.
1.8. "Controller" means a legal or natural person, who alone or jointly with others determines the purposes and means of the processing of personal data.
1.9. Data Recipient - means the legal or natural person to whom the Personal Data is provided.
1.10.Inspection - the State Data Protection Inspectorate of the Republic of Lithuania.
1.11. Other terms used in these personal data processing rules correspond to the definitions laid down in the Law on Legal Protection of Personal Data of the Republic of Lithuania.
II. General provisions
2.1. This document regulates the actions of the Company and its Employees in processing Personal Data using the automated Personal Data Processing tools installed in the Company, as well as defining the rights of the Data subjects, Personal data breach risk factors, Personal Data implementing measures and other issues related to Personal Data processing.
2.2. Personal data must be accurate, relevant and not excessive in relation to the collection and further processing of personal data.
2.3. The purposes of the processing of personal data are the means necessary for the purchase and delivery of the goods and other legitimate and pre-defined purposes.
2.4. The Company is subject to paragraph 2.3. process the following Personal Data of the Data subjects for the purpose set forth in Clause 2:
2.4.3. Email address;
2.4.4. IP address;
2.4.5. telephone number;
2.4.6. place of residence (address);
2.4.7. bank current account;
2.4.8. details of the goods purchased by the Data Subject, their quantities, dates of purchase and other information relating to the goods.
2.5. By submitting to the Company its personal data, the Data Subject confirms and voluntarily agrees that the Company shall manage and process the Data Subject's personal data in accordance with these Rules, applicable laws and regulations.
Processing of Personal Data shall be governed by the Law on Legal Protection of Personal Data of the Republic of Lithuania, Regulation (EU) 2016/679, other laws and legal acts regulating the processing and protection of data, as well as these Rules.
Cookies used on the imenza.lt website:
Shopping cart cookie
When a visitor to the site clicks on the "Add to Cart" button, which is a cookie created on the product page, indicating the item code and the quantity of the item. The cookie is valid for up to 48 hours.
When a visitor goes to the shopping cart and changes the quantity of goods they wish to order, the cookie changes the desired quantity of goods.
If a visitor orders multiple items, the cookie records data about several items selected by the visitor with the desired quantity.
The cookie is deleted after the customer successfully orders the goods or after 48 hours. since the cookie was created.
When the buyer selects at least one item, a delivery cookie is created which defines by default that the customer wants the items to be delivered home. Unless the customer chooses another delivery method in the shopping cart, this cookie provides information to imenza.lt. to the store that the customer needs home delivery. If the customer chooses another delivery method, the newly selected delivery method is recorded in the cookie. The cookie is stored for up to 48 hours. The cookie is deleted after the customer successfully orders the goods or after 48 hours. since the cookie was created.
Website statistics use the standard Google Analytics tool.
III. Processing of personal data
3.1. Personal data is processed automatically using personal data processing tools provided by the Company and / or rented by the Company.
3.2. Only Employees and Managers have the right to process Personal Data. Each Employee and / or Controller designated to process Personal Data must maintain the confidentiality of Personal Data and comply with personal data protection legislation.
3.3. The employee / manager must:
3.3.1. to keep the Personal Data secret;
3.3.2. to process the Personal Data in accordance with the laws of the Republic of Lithuania, other legal acts and these Rules;
3.3.3. not disclose, transfer or make available by any means access to Personal Data to any person who is not authorized to process Personal Data;
3.3.4. Promptly notify the Chief Executive Officer or his designee of any suspicious situation that may endanger the security of the Personal Data.
3.4. Employees who automatically process personal data or access computers in areas of the local area where Personal Data is stored must use passwords. Passwords must be changed at least every 30 days, as well as in certain circumstances (eg changes in the employee, threat of hacking, suspicion that the password has become known to third parties, etc.). An employee working on a specific computer can only know their password.
3.5. The protection of personal data shall be organized, ensured and enforced by the Head of the Company or an Employee appointed by him.
3.6. The Employee loses the right to process the Personal Data when the Employee's employment or similar contract with the Company expires or when the Manager of the Company revokes the Employee's appointment to process the Personal Data.
3.7. The Operator loses the right to process the Personal Data upon termination of the Contractor's contract with the Company.
IV. Rights of data subjects and their enforcement
4.1. The Data Subject shall have the right to obtain from the Company, from which sources and which Personal Data have been collected, the purposes for which they are processed and to whom, by submitting an identity document to the Company. Access to Personal Data shall be made upon written request to the Company for access to Personal Data by mail, fax or email. by email.
4.2. The data subject shall have the right to data portability. This right shall allow data subjects unhindered access to the personal data which they have provided to the controller in a systematic, customary and computer readable format and may transfer that data to another controller. Data portability is the right of the data subject to receive a subset of the personal data relating to the data subject processed by the controller and to store that data for further personal use.
4.3. Upon request of the Data Subject regarding the processing of his / her Personal Data, the Company shall reply whether the Personal Data related to him / her are processed and provide the Data subject with the requested data no later than 30 calendar days from the date of the Data subject's request. At the request of the data subject, such data shall be provided in writing to the address or e-mail address. email address.
4.4. The right to rectify, delete or suspend the processing of your Personal Data shall be provided to the Data Subject upon written request to the Company by mail, fax or email. by email or oral request if the Data Subject can be identified. Upon receipt of such a request, the Company shall promptly verify the Personal Data and, upon request of the Data Subject, promptly correct any incorrect, incomplete, inaccurate Personal Data.
4.5. The Company shall promptly notify the Data Subject of the rectification or erasure of the Personal Data, whether performed or not at its request.
4.6. The data subject may complain to the State Data Protection Inspectorate within 3 months from the date of receipt of the reply from the Company or within 3 months from the date of termination 4.3. The deadline for reply is set in paragraph. The data subject may lodge a complaint with the court in accordance with the procedure established by law against the actions (inaction) of the State Data Protection Inspectorate.
4.7. The Company also guarantees all other rights, guarantees and interests of the personal data subjects guaranteed by the laws and regulations of the Republic of Lithuania.
V. Transfer of Personal Data
5.1.Personal Data may be provided only to the Recipients of Data with whom the Company has entered into relevant agreements for the transmission / provision of Personal Data and the Recipient of Data ensures adequate protection of the transferred Personal Data. Personal data may also be transferred to third parties in other cases and according to the procedure provided by the laws and other legal acts of the Republic of Lithuania.
5.2. Personal data may only be transferred:
5.2.1. Venipak Lietuva, UAB, which provides contract delivery services to Data Subjects;
5.2.3. Telia Lietuva, AB, from which the Company purchases Internet and server rental services.
5.3. Unless required or permitted by law, the Company does not collect sensitive personal information such as age, health, racial or religious beliefs or political opinions.
VI. Risk factors for a personal data breach
6.1 A personal data breach is an act or omission that may or may not have an adverse effect and is contrary to the mandatory provisions of the law governing the protection of personal data. The degree, impact and consequences of a personal data breach will be determined on a case-by-case basis by a commission formed by the Head of the Company or a person authorized by him.
6.2. Risk factors for personal data breach:
6.2.1.net Accidental personal data breach due to accidental causes (data processing errors, deletion, destruction of data carriers, deletion of data records, detection of incorrect routes (addresses) during transmission of data, etc., or failure of systems due to power failure, computer virus etc., violation of internal rules, lack of system maintenance, software tests, inadequate data carrier maintenance, inadequate line capacity and protection, network integration of computers, protection of computer programs, insufficient supply of fax materials, etc.);
6.2.2. intentionally deliberately breaching the protection of Personal Data (unauthorized intrusion into Company premises, storage facilities for personal data, information systems, computer network, malicious breach of established rules for processing Personal Data, deliberate spread of computer virus, theft of Personal Data, unauthorized use of other Employee rights, etc. .);
6.2.3. unexpected accidental events (lightning, fire, flood, flooding, storms, burning of electrical installations, effects of changes in temperature and / or humidity, influence of dirt, dust and electromagnetic fields, accidental technical accidents, other irresistible and / or uncontrollable factors, etc.).
VII. Implementing measures for the protection of personal data
7.1. To ensure the protection of Personal Data, the Company implements or intends to implement the following Personal Data Protection Measures:
7.1.1. administrative (establishing secure procedures for the management of documents and computer data and their archives, as well as the organization of work in the various fields of activity, providing staff with personal data protection during and after employment or similar relationships, etc.);
7.1.2. hardware and software protection (administration of servers, information systems and databases, maintenance of workstations, business premises, protection of operating systems, protection against computer viruses, etc.);
7.1.3. communications and computer network security (filtering of shared data, applications, unwanted data packets (firewalls), etc.).
7.2. The personal data protection hardware and software must ensure:
7.2.1. installation of a repository of operating systems and databases, setting of copy technology and control of compliance;
7.2.2.the technology for continuous data processing (processing)
7.2.3. a strategy for updating systems operation in the event of emergencies (contingency management);
7.2.4. physical (logical) separation of application test environments from operating mode processes;
7.2.5. authorized use of the data, their inviolability.
7.3. All Employees who have the right to process or organize and enforce Personal Data must comply strictly with the Personal Data Protection Measures and any applicable rules, instructions or procedures established by the Company.
VIII. Term for processing of personal data
8.1. The Company starts processing the Personal Data from the registration of the Data Subject (Buyer) store and continue processing until the Data Subject Purchase Transaction is completed.
8.2. When Personal Data are no longer needed for the purposes for which they are processed, they shall be destroyed, except as required by law, to be transmitted to the State Archives.
9.1. Employees who violate the Law on Legal Protection of Personal Data of the Republic of Lithuania, other legal acts regulating the processing and protection of Personal Data or these Rules shall be subject to the liability measures provided by the laws of the Republic of Lithuania.
X. Final provisions
10.1. Supervision and, if necessary, review of compliance with the Rules shall be entrusted to the Head of the Company or his authorized person.
10.2. Responsible Employees shall be made aware of the Rules upon signature.