1.1. Personal Data – any information relating to an identified or identifiable natural person (the data subject), directly or indirectly, in the first instance, by means of an identifier or according to one or more physical, physiological, genetic, mental, economic, cultural data or data of social identity;
1.2. Data Controller – MB Dirginta / dirginta.lt;
1.3. Data Subject – a customer or internet website visitor whose personal data are processed by a data controller or data processor for the purposes of e-commerce, inquiry administration, direct marketing or loyalty program administration;
1.4. Internet Website – the company’s website accessible at the address: www.dirginta.lt, where the services are delivered.
1.5. E-commerce – a form of commercial activity in which contracts are concluded and, where necessary, performed using information technologies and facilities by means of exchanging electronic data messages via computer networks;
1.6. Direct Marketing – the activity of offering goods and services to individuals and/or seeking their opinion on the goods or services offered, by post, telephone or other direct means.
1.7. A Cookie – a small file consisting of letters and numbers that is sent to each person visiting dirginta.lt. A cookie helps distinguish you from other users of the internet website.
1.8. An Account –the result of the customer’s registration with dirginta.lt, which leads to the creation of an account that stores the customer’s personal data and order history.
2.1. The Policy sets out the main provisions for the collection, storage and processing of personal data.
PRINCIPLES FOR PROTECTION OF PERSONAL DATA
3.1. Your personal data is processed lawfully, fairly and transparently (the principle of legality, fairness and transparency);
3.2. Your personal data is collected for specified, expressly defined and legitimate purposes and not further processed for purposes incompatible with those established before the collection of personal data (the purpose limitation principle);
3.3. Your personal data under processing is adequate, relevant and includes only those data that are required for the purposes for which they are processed (the data reduction principle);
3.4. Your personal data under processing is accurate and, if necessary, updated (the principle of accuracy);
3.5. Your personal data is kept in a form that allows for identification of data subjects no longer than necessary for the purposes for which the personal data is processed (the principle of limitation of storage life);
3.6. Your personal data is processed in such a way that would ensure, by appropriate technical or organizational measures, due security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage (the the principle of integrity and confidentiality).
RIGHTS OF A DATA SUBJECT
4.1. The right of access to your personal data and learning how they are processed:
4.1.1. The data subject shall have the right of access to his/her personal data under processing, to learn the purposes of processing, the storage period, his/her rights, information whether automated decision-making is applied, including profiling, and its rationale;
4.1.2. All data recipients or categories of recipients to whom the data have already been or will be disclosed must be disclosed to the data subject;
4.1.3. To provide the data under processing to the data subject in writing and free of charge. In specific cases (where the data subject manifestly abuses his/her rights, unreasonably or disproportionately, repeatedly requests for information, extracts or documents on their repetitive content), such provision of information and data to the data subject may be charged, i.e. the controller may charge a reasonable fee, taking into account the administrative costs of providing the information or notifications or actions requested; or may refuse to act on the request. The duty to prove that the request is manifestly unfounded or disproportionate is vested in the controller.
4.1.4. To provide information in the commonly used electronic format unless otherwise requested.
4.2. The right to request rectification of your personal data:
4.2.1. The data subject shall have the right to request that the controller would rectify inaccurate personal data concerning him/her without undue delay. Depending on the purposes for which the data were processed, the data subject shall have the right to request that incomplete personal data would be supplemented by submitting an additional request;
4.2.2. Each data recipient to whom personal data have been disclosed shall be notified by the controller of any rectification, deletion of personal data or restriction of processing of personal data, unless this is not feasible or requires a disproportionate effort to do so. At the request of the data subject, the controller shall inform the data subject of those data recipients;
4.3. The right to object to processing of personal data:
4.3.1. The data subject shall have the right to object to the processing of personal data concerning him/her, including profiling, at any time and for reasons specific to his/her case. The controller shall no longer process personal data unless the controller proves that the processing is carried out for legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or for the purpose of bringing, enforcing or defending legal claims;
4.3.2. Where personal data are processed for the purposes of direct marketing, the data subject shall have the right at any time to object to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, in so far as such direct marketing is concerned;
4.3.3. The data subject shall be expressly informed of the right to object no later than during the first contact with the data subject, and this information shall be provided clearly and separately from all other information.
4.4. The right to request deletion of data (the right to be forgotten):
4.4.1. The data subject shall have the right to request that the controller would delete personal data relating to him/her without undue delay, and the controller shall be obliged to delete personal data without undue delay if this can be justified for one of the following reasons:
4.4.2. When personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
4.4.3. When the personal data subject withdraws the consent and there is no other legal basis for processing the data;
4.4.4. When the personal data subject does not consent to the processing of the data and there are no priority legitimate reasons to process the data;
4.4.5. When personal data are processed unlawfully;
4.4.6. When personal data have to be deleted due to the legal obligation imposed on the controller;
4.4.7. When personal data are collected in the context of the provision of information society services;
4.4.8. Where the controller makes personal data public and is obliged to delete personal data, the controller shall take reasonable steps, taking into account available technology and implementation costs, including technical measures, to inform the data processors that the data subject has requested that such processors would delete all references to those personal data or copies or duplicates thereof;
4.4.9. When personal data are no longer necessary for the purposes for which they were collected or otherwise processed and when the personal data subject withdraws consent and there is no other legal basis for processing including the following legal grounds: the processing is required to exercise the right to freedom of expression and information; compliance with an established legal obligation to process the data, or the performance of the task carried out in the public interest, or the performance by the controller of the functions vested by public authorities; reasons of public interest in the field of public health; archival purposes in the public interest, scientific or historical research purposes or statistical purposes; bringing, enforcing or defending the legal claims.
4.5. The right to data portability:
4.5.1. The data subject shall have the right to receive personal data concerning him/her which he/she has provided to the controller in a structured, commonly used and computer-readable format and to transmit those data to another controller, and the controller to whom the personal data have been provided must not impede doing this when:
4.5.2. The processing is based on a consent or an agreement;
4.5.3. Data are processed by automated means.
4.5.4. In exercising their right to data portability, the data subject shall have the right to have personal data transmitted directly from one controller to another, where this is technically feasible.
4.5.5. This right shall be exercised without prejudice to the right to have data deleted (the right to be forgotten).
4.5.6. The right to data portability must not adversely affect the rights and freedoms of others.
4.6. The right to restrict the processing of personal data:
4.6.1. The data subject shall have the right to request that the controller would restrict the processing of the data in one of the following cases:
4.6.2. The personal data subject disputes the accuracy of the data for a period during which the controller can verify the accuracy of the personal data;
4.6.3. The processing of personal data is unlawful and the data subject does not consent to the deletion of the data and instead requests a restriction on their use;
4.6.4. The controller no longer needs personal data for the purposes of processing, but they are needed by the data subject to bring, enforce or defend legal claims; or
4.6.5. The data subject objects to the processing of the data until it is confirmed that the legitimate reasons of the data controller take precedence over those of the data subject.
4.6.6. Where the data processing is restricted in accordance with the above paragraphs, such personal data may be processed, except for storage, only with the consent of the data subject or for the purpose of bringing, enforcing or defending legal claims or protecting the rights of another natural or legal person or for reasons of public interest of a Member State;
4.6.7. The data subject who has obtained a restriction on data processing in accordance with the above paragraphs shall be informed by the controller before lifting the restriction on data processing.