The personal data of the website visitors and other data subjects shall be processed pursuant to legislation and by implementing appropriate technical and organisational measures to protect the personal data.
The website contains links to websites which are not owned by the Controller. The Controller shall not be responsible for any privacy policies applied by such websites, and we therefore recommend you to be proactive and read privacy policies applied to a website to which you are redirected.
We need the cookies on the website to be able to do the following::
- Ensure the appropriate functioning of the website;
- Ensure the optimal functioning speed and security of the website;
- Find out about visits to the website and its individual pages/sections, analyse the website visitor flows (visit date and time, specific browsers used, specific device types used and sizes of the screens of the devices used) and in this manner improve the website on an ongoing basis and satisfy your needs better.
The specifications of the cookies used by the Controller are provided in the table below.
|NAME OF THE COOKIE||FUNCION OF THE COOKIE||EXPIRATION|
|PHPSESID||Is used for implementing the functionality of the website||Until the end of the browsing session|
|Google Analytics cookie, used to to distinguish unique users.|
|_gid||Google Analytics cookie, used to to distinguish unique users.|
|Google Analytics cookie, skirtas rinkti ir saugoti informaciją apie vartotojų elgseną svetainėje|
|_gat_gtag_UA_108748350_1||Google Analytics cookie, used to to distinguish unique users.|
Cookies placed during visits to the Controller’s fan pages on social media platforms
When you visit the Fan Pages, the administrators of the social media platforms will place cookies on your device, and these cookies will collect your personal data. Cookies are placed on your device both in case you are a registered user of the respective social media platform and in case you do not have an account on the respective social media platform. The Controller (UAB „BRD“) does not have access to the collected personal data and only receives from the administrators of the social media platforms statistical information about visits to the Fan Pages.
To receive comprehensive information about your personal data processed for the purpose of administration of the Fan Pages, please familiarise yourself with the following:
- TheGoogle cookies policy and the Youtube privacy and security centre provisions (regarding the personal data used by YouTube).
You can restrict or block cookies by changing your browser settings. If you do not want websites to place any cookies on your device, change your browser settings in such a manner as to ensure that you are notified about cookie placement beforehand or that your browser block all cookies. You will have to adjust your settings for each browser of each of your devices.
Comprehensive information about cookies and their operation principles and settings can be consulted online at http://www.allaboutcookies.org.
To be able to respond to your inquiry and save evidence of correspondence (in order to pursue the legitimate interest to ensure the effective communication and prevent any disputes regarding the provision of services to persons), the Controller shall process the following information that you provide:
- In case an inquiry is sent via the contact form, the following data shall be processed: given name, surname, company name, e-mail address, phone number, country, and contents of the inquiry.If you do not provide the aforementioned information, you will not be able to contact us/place your inquiry via the contact form.
- In case an inquiry is sent via tawk.to, the following data shall be processed: content of correspondence with the Controller’s representative and the IP address from which correspondence takes place.
- In case an inquiry is sent to the e-mail address specified on the website, the following data shall be processed: given name, surname, e-mail address, e-mail date and time, and content of correspondence with the Controller’s representative.
Personal data provided together with the requests and further correspondence between you and the representative of the Controller will be retained for as long as will be necessary to accomplish a specific task and to ensure the implementation of the rights of the Controller.
|When the request is sent via the account of the social networking websites Facebook and LinkedIn, the personal data provided by you can be disclosed to the managers of these social networking websites and other persons with whom the managers of the social networking websites Facebook, LinkedIn share personal data. For further information, make yourself familiar with the privacy policies of the social networking websites Facebook and LinkedIn|
PROCESSING OF PERSONAL DATA OF USERS OF THE SELF-SERVICE WEBSITE
At the request of the client the Controller shall provide access to the self-service website (the client section). The Controller shall process the following personal data for the purpose of administering the self-service website: given name, surname and e-mail address.
The Controller shall store the personal data collected for the purpose of administering the self-service website until the deletion of your account or for 5 years after your last login.
You can delete your self-service website account by e-mailing your request to the Controller to : [email protected] Your account will be deleted within 7 business days from the date confirmation about the receipt of your e-mail is sent, and you will receive an e-mail notification about the deletion of your account.
Each visitor of the website may subscribe to newsletters about the Controller’s goods, promotions and events by entering his or her e-mail address in the newsletter subscription form available on the website. Legal basis for processing of the e-mail address of a newsletter subscriber is the subscriber’s consent to receive the newsletters.
The Controller’s newsletters shall also be sent to buyers of the Controller’s goods on the legal basis of the Controller’s legitimate interest to notify its clients about promotions and similar goods or services, except in cases where the respective client, prior to purchasing goods or services or later, expresses his or her disagreement to the processing of his or her personal data for the purpose of direct marketing. The following personal data of clients shall be processed for the purpose of direct marketing: given name, surname and e-mail address.
The personal data processed for the purpose of direct marketing shall be provided to the data processors used by the Controller and administering the respective e-mailing and sent e-mail analysis programmes.
Both newsletter subscribers and other newsletter recipients may unsubscribe from the Controller’s newsletters at any time by clicking the link available in each newsletter or by e-mailing their respective request to: [email protected] If the consent is not withdrawn, a person’s personal data shall be processed for the purpose of direct marketing for 5 years from the end of the calendar year in which the person subscribed to newsletters or last acquired a product.
LOGGING OF PHONE CALLS AND RECORDING OF CONVERSATIONS
o ensure proper quality of service in relation to individuals and to avoid disputes, the Controller handles the data about the calls of the individuals who call the customer service phone number (both incoming and outgoing calls, for example, when the caller whose call was missed is contacted), telephone number, duration of conversation, waiting time, type of the call and connection. The Controller also records telephone conversations. The telephone conversation is recorded with the consent of the caller, while other data of the call are collected in fulfilling the legitimate interest of the Controller to conduct effective communication and to avoid disputes related to service in relation to individuals. The data are retained for 6 months following the date of the phone call.
The data of phone calls are transferred to processors that are responsible for the administration of phone calls of the individuals who call the Controller and recording of telephone conversations.
If you do not consent to telephone conversation recording, please send an e-mail message to [email protected] or arrive to the registered office of the Controller.
Video surveillance shall be carried out in the Controller’s territory and in the premises in Mokslininkų St. 6A, Vilnius. Video surveillance shall be carried out for the purpose of assurance of the safety of the Controller’s property and of the security of employees. Legal basis for processing of video data is the Controller’s legitimate interest to prevent any damages that the Controller may incur if it is deprived of its property or if it fails to ensure employee security.
The doors of the premises under video surveillance shall be provided with visual signs visible before a person enters the area that is under video surveillance.
Video data shall be provided to a data processor, i.e. a security service; in case of any suspicions of a crime or other offence, the data may also be provided to law enforcement authorities. Video data shall be recorded and stored for 14 calendar days. If any video data is used as evidence by law enforcement authorities, this data shall be stored for a term required for the purpose for which this data is processed.
PERSONAL DATA OF PROSPECTIVE EMPLOYEES
The Controller shall only process the personal data of prospective employees for the purpose of employee selection and employment and in pursuance of the Controller’s legitimate interest to evaluate a candidate’s suitability for the respective position.
The Controller shall obtain the personal data of candidate employees directly from the respective prospective employee who sends his or her CV to the Controller as well as from the companies that provide employee selection services to the Controller.
In addition to the data provided by a person who wishes to work in the Controller’s company, the Controller may collect and process in other manners other publicly accessible data of a candidate, i.e. look for information on the internet, check a candidate’s profiles on social media platforms (e.g. LinkedIn, Facebook, Twitter), etc. The Controller may also contact a candidate’s former employers specified in the candidate’s CV and ask such former employers to provide information about the candidate’s qualifications, professional skills and competencies.
The Controller shall store the data about a candidate provided by the candidate and/or collected by the Controller independently for 6 months from the end of the respective employee selection procedure. The term of storage of the personal data shall only be extended upon receipt of the candidate’s consent to process personal data. If a consent to the processing of a candidate’s personal data upon expiry of the 6-month term after the end of the respective employee selection procedure is not obtained, then, on expiry of the said term, all personal data of the respective employee (both the data provided by the candidate and the data collected by the Controller) shall be destroyed.
PROCEDURE OF EXERCISE OF THE RIGHTS
All data subjects whose personal data the Controller processes shall enjoy the following rights:
|✓ The right of access to personal data processed by the Controller||The right of access to personal data and the right to demand rectification of inaccurate personal data shall be implemented by sending a written application to the address of seat of the Controller or to the e-mail address : [email protected] (in case an application signed with an electronic signature is presented). In your application to access your personal data, please specify categories of personal data you wish to access as well as types of information listed in Article 15(1) of the Regulation you wish to receive.|
|✓ The right to demand rectification of inaccurate or incomprehensive personal data||An application to access to video data must additionally specify which specific premises of the Controller you visited and when you visited them. The right to access to video data shall be exercised by visiting the seat of the Controller for the purpose of viewing the respective video recordings or by receiving a copy of the respective video recordings on an external data holder.|
|✓ The right to erasure of unlawfully processed personal data||This right shall be exercised by sending a written application to the address of seat of the Controller or to the e-mail address [email protected] (in case an application signed with an electronic signature is presented).|
If the application is reasonable, the Controller shall erase the data subject’s data within 30 days from the receipt of the application.
|✓ The right to restriction of the processing of personal data, until the purpose for which the personal data is processed is verified, until it is established whether the interests of the data subject who disagrees to the processing of personal data supersede the interests of the Controller or not, as well as in cases where personal data is processed unlawfully, but the data subject disagrees that this data be deleted.||This right shall be exercised by sending a written application to the address of seat of the Controller or to the e-mail address [email protected] (in case an application signed with an electronic signature is presented). If a data subject requests that the processing of only some of his or her personal data processed by the Controller be restricted, the application must specify the categories of personal data the processing of which should be restricted.|
If the application is reasonable, the processing of personal data shall be restricted within 5 business days from the receipt of the application.
|✓ The right to data portability||This right shall be exercised by sending a written application to the address of seat of the Controller or to the e-mail address: [email protected] (in case an application signed with an electronic signature is presented). If a data subject requests the transfer of only some of the personal data processed by the Controller, the application must specify the categories of personal data in respect of which the right to data transferability is requested.|
If the application is reasonable, the Controller shall, within 30 days from the receipt of the application, provide you or the data controller specified by you your personal data in a computer-readable format (depending on your request, systemised personal data shall be sent by e-mail or recorded on an external data holder).
|✓ The right to object to the processing of personal data||This right shall be exercised by sending a written application to the address of seat of the Controller or to the e-mail address [email protected] (in case an application signed with an electronic signature is presented).|
If a data subject objects to the processing of his or her personal data, it will be evaluated whether his or her legitimate interest, by reason of which he or she disagrees to the processing of your personal data, supersedes the legitimate interest of the Controller, on which the Controller grounds the processing of your personal data, or not.
|✓ The right to lodge a complaint with the competent supervisory authority||This right may be exercised by lodging a complaint with the State Data Protection Inspectorate in connection with any actions of the Controller related to the processing of your personal data.|
|In cases where you exercise your rights by submitting a written request by sending a letter by post to the address of the registered office of the Controller, the request must be accompanied with a copy of the personal document (passport, Personal Identity Card) certified by the Notary Public.|
|UAB BRD |
Mokslininkų str. 6A, Vilnius