General Information

UAB Impeka, company code 167325952, address of the headquarters Gamyklos g. 34, Mažeikiai, (hereinafter referred to as the Data Controller) through this privacy policy (hereinafter referred to as the Privacy Policy) hereby establishes the terms how personal data processing is carried out in the company controlled by the Data Controller and while using the website http://www.impeka.lt (hereinafter referred to as the Website). The conditions set out in the Privacy Policy apply every time you visit the website, regardless of the device you use (computer, mobile phone, tablet, TV, etc.).

It is very important that you read the Privacy Policy carefully, as you accept the terms and conditions described in this Privacy Policy each time you visit the Data Controller’s website.

The Data Subject shall accept and not object to the controller’s management and processing of his or her personal data, including those provided directly or indirectly by visiting the website and using its services, for the purposes and in accordance with the procedures established in this Privacy Policy, Data subject's consent and legislation.

Persons under the age of 16 may not submit any personal data through the Data Controller’s Website. If you are under the age of 16, you must obtain the consent of your parents or other legal guardians before submitting your personal information.

Personal data shall mean any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data and an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Representative’ means a person representing Clients, Data Controller Partners, Service Providers, Suppliers, both natural and legal persons.

‘Applicant’ means a natural person or a Representative interested in goods and/or services sold by a Data Controller or interested in contacting the Data Controller on other matters.

The Data Subject for the purposes of this Privacy Policy shall include ‘Representative’, ‘Applicant’, ‘Client’, ‘Candidate’, ‘Partner’, ‘Service Provider’, ‘Supplier’, ‘Persons calling by phone’ or any other natural person whose personal data are processed by a Data Controller.

Data subject's consent’ means any freely given, specific and informed and unambiguous indication of his or her intentions by which the Data Subject, either by a statement or by a clear affirmative action, agrees to the processing of personal data relating to him or her.

‘Candidate’ means a person who is or intends to be involved in a selection of staff by the Data Controller.

‘Client’ means a natural person or Representative who buys goods or services from a Data Controller or has entered into a contract with a Data Controller for the sale of goods or the provision of services.

‘Partner’ means a natural or legal person that cooperates with the Data Controller or has entered into a cooperation agreement with the Data Controller (e.g. for the purpose of sale of goods).

'Service provider' means any natural or legal person who is able to offer or offers goods, services or works to, and cooperates with, the Data Controller or has entered into a contract with the Controller for the  purpose of sale of goods, services or works.

‘Persons calling by phone’ means a person making a call to the publicly published telephone number regarding sale of Data Controller's goods, provision of services and/or other matters.

‘Supplier’ means a natural or legal person supplying goods for data controller.

‘Direct marketing’ means any activity designed to offer goods or services to persons by post, telephone or any other direct means and/or to seek their opinion on the goods or services offered.

‘Processing of personal data’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, editing or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The Data Controller shall collect personal data in accordance with the requirements of the European Union and Lithuanian legislation in force and with the instructions of the controlling authorities. All reasonable technical and administrative measures shall be taken to protect data collected on Data Subjects against loss, unauthorised use and alteration.

This Privacy Policy has been drawn up in accordance with the  Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,  repealing Directive 95/46/EC (General Data Protection Regulation), the Law on the legal protection of personal data of the Republic of Lithuania and other legal acts of the European Union and the Republic of Lithuania. The terms used in the Privacy Policy shall be understood as defined in the General Data Protection Regulation and the Law of the Republic of Lithuania on the legal protection of personal data.

WHAT INFORMATION DO WE COLLECT ABOUT YOU?

Information you provide directly.

Information on how you use our website.

If you visit our website, we also collect information that reveals the specificities of the use of our services or automatically generates visit statistics. For more information, read the section “Cookies”.

Information from sources of third parties

We can obtain information about you from public and commercial sources (to the extent permitted by applicable legal acts) and link it with other information which we receive from or about you. In addition, we can obtain information about you from third parties’ social network services when you connect to them, e.g. thorough Facebook network accounts.

Other information collected by us

We can also collect other information about you, your device or your use of the content of our website with your consent.

You may choose not to provide us with certain information, however, in this case you may not be allowed to use the service we offer.

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF PROVIDING RESPONSES, CONSULTATION, AND FULFILMENT OF A QUERY

Processing of personal data of Applicants, including Persons calling the Data Controller phone, for the purpose of a consultation, submission of a query and/or for other purposes.  The Data Controller shall process the following personal data of Applicants, including Persons calling by phone:

·         Name;

·         Surname;

·         Phone number;

·         E-mail address;

·         Position;

·         Workplace.

Personal data of Applicants shall not be communicated to third parties.

Personal data for the purposes of a consultation, submission of a query shall be processed on the basis of consent expressed when submitting personal data (Article 6(1)(a) of the General Data Protection Regulation).

PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF THE SALE OF GOODS OR THE PROVISION OF SERVICES

Processing of personal data of Clients. The Data Controller shall process the following personal data of Clients (Representatives):

·         Name;

·         Surname;

·         Personal identification number;

·         Date of birth;

·         Power of Attorney;

·         Authorisation term;

·         Represented person (connection with the represented person);

·         Position;

·         Workplace;

·         Phone number;

·         E-mail address;

·         Address;

·         Taxpayer identification number;

·         The amount of the payment (in the case of electronic commerce - details of the payment order, accounts);

·         Data on behavioural habits, priorities and satisfaction with services;

·         Other information relating to the goods or services being purchased.

Data are obtained directly from Clients or Representatives when performing the agreement concluded with the Client and/or from other third parties connected with the Data Subject.

We undertake not to transfer your personal data to any unrelated parties, except for the following cases:

Having obtained the Client’s consent for personal data disclosure;

In implementing our, as the Seller’s of goods or Service Provider’s, obligations (e.g., the data may be transferred to companies providing delivery (courier), logistics, archiving, audit, legal, financial service providers, Partners, Service providers, stakeholders and/or parties related with national, European and international payment systems, e.g., SWIFT);

In implementing the legitimate interests of the Data Controller (e.g., in the case of debt collection);

Disclosure of the data to authorised bodies according to the procedure established by legal regulations of the Republic of Lithuania.

The Data Controller may transfer personal data of Clients and other Data Subjects to Data Processors not specified in this Policy who provide services (carry out works) to the Data Controller and process personal data of Clients and Data Subjects on behalf of the Data Controller. Data Processors may process personal data only according to the Data Controller’s instructions and only to the extent necessary for the proper fulfilment of contractual obligations.  If the Data Controller involves data processors, the Data Controller shall take all necessary measures to ensure that the data processors have in place appropriate organisational and technical security measures and maintain secrecy of personal data.

Personal data processed on the basis of the Data Subject’s consent expressed when submitting personal data, and/or performance of the agreement concluded with the Data Subject (Article 6(1)(a) and (b) of the General Data Protection Regulation).

PERSONAL DATA PROCESSING FOR THE PURPOSE OF PERFORMING AGREEMENTS WITH PARTNERS, SERVICE PROVIDERS

When cooperating with Partners and Service Providers the Data Controller shall process the following personal data of natural persons or Representatives:

·         Name;

·         Surname;

·         Personal identification number;

·         Address;

·         Individual activity certificate number and date of issue;

·         In the case of e-commerce – data of a payment order;

·         Power of Attorney;

·         Authorisation term;

·         Represented person;

·         Position;

·         Workplace;

·         Phone number;

·         E-mail address;

·         Other information provided during cooperation or performance of the contract.

Data obtained directly from natural persons, Representatives and/or represented persons.

We undertake not to transfer your personal data to any unrelated third parties, except in the following cases:

·         Having obtained the Client’s consent for personal data disclosure

·         In implementing our, as the Data Controller’s, obligations (e.g., the data may be transferred to (courier), logistics companies providing services of delivery of goods, companies providing postal, archiving, audit, legal, financial services, service providers and/or parties related with national, European and international payment systems, e.g., SWIFT);

·         In implementing the legitimate interests of the Data Controller (e.g., in the case of debt collection);

·         Disclosure of the data to authorised bodies according to the procedure established by legal regulations of the Republic of Lithuania.

The Data Controller may transfer personal data of natural persons, Representatives to Data Processors not specified in this Policy who provide services (carry out works) to the Data Controller and process personal data of natural persons, Representatives on behalf of the Data Controller.

Processing of personal data in performing agreements with Service Providers and Suppliers shall be carried out on the basis of performance of the agreement and/or of the legitimate interest of the Data Controller (Article 6(1)(b) and (f) of the General Data Protection Regulation).

 PERSONAL DATA PROCESSING FOR THE PURPOSE OF DIRECT MARKETING

 The Data Controller seeks to share with recipients of newsletters only relevant news and other useful information. This is performed in accordance with this Privacy Policy.

The following personal data of Clients and other Data Subjects may be processed for the purpose of direct marketing:

·         Name;

·         Surname;

·         E-mail address.

Having sent a newsletter, the Data Controller may collect statistics on the Data Subject’s behaviour related to the use and content of the newsletter (e.g., whether the newsletter was read, what links were opened by the Data Subject).

The Data Subject’s e-mail address may be used for providing advertising on Facebook, Google and other advertising platforms, adapting the advertising to the targeted audience.

For the purposes of direct marketing, profiling of your personal data may take place according to the personal data you have provided in order to offer you individually adapted solutions and suggestions. You may at any time withdraw your consent or object to the automated processing of your personal data, including profiling (if applicable).

Personal data obtained directly from Data Subjects. The Data Controller may transfer Personal data only to third parties who provide specialised services in order to send e-messages, adapt the type of advertising ordered through advertising platforms.

Personal data of Clients and other Data Subjects processed on the basis of consent expressed when submitting personal data and agreeing with their processing for the purpose of direct marketing, or on the basis of the Data Controller’s legitimate interest (Article 6(1)(b) and (f) of the General Data Protection Regulation and Article 69(2) of the Law of the Republic of Lithuania on Electronic Communications when personal data are processed on the basis of the Data Controller’s legitimate interest).

Please be informed that the Data Subject shall have the right to disagree or to withdraw the consent to process his (her) personal data for direct marketing purposes at any time without specifying the motives of the disagreement:

·         By clicking the button “unsubscribe” at the bottom of the newsletter, or by

·         notifying by e-mail info@impeka.lt or calling at the phone number +370 443 66 395.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF ENSURING THE SECURITY OF STAFF, CLIENTS AND THE PROTECTION OF ASSETS (VIDEO SURVEILLANCE)

For the purposes of the security of personnel, clients and other persons accessing the video-surveillance field, as well as the protection of property (video-surveillance), the Data Controller shall process image data of its personnel and of clients and other persons accessing the video-surveillance field in order to ensure their security and that of property.

Please be informed that your video data is being recorded by the Data Controller’s video-surveillance equipment when you visit the Data Controller’s territory around the building, and at the premises located at Gamyklos g. 34, Mažeikiai. Video data may be handed over only to law enforcement authorities in accordance with the procedures laid down by the legislation of the Republic of Lithuania and to insurance companies in the event of an incident which may be recognised as an insured event. Video data shall be transmitted only to the extent relevant to the incident under investigation.

The Data Controller may provide video data of personnel and of clients and other persons accessing the video-surveillance field to Data Processors not covered by this Policy, who provide services/work to the Data Controller and process the image data of personnel and clients and other persons accessing the video-surveillance field on behalf of the Data Controller.

Processing of personal data for the purposes of video surveillance shall be carried out on the basis of the legitimate interest of the Data Controller (Article 6(1) (f) of the General Data Protection Regulation).

PERSONAL DATA PROCESSING FOR THE PURPOSES OF SELECTION OF CANDIDATES TO JOB VACANCIES

For the staff selection purposes the Data Controller shall process personal data voluntarily provided by the Candidate to the extent to which such personal data were provided.  The Data Controller may process the below specified data of Candidates:

·         Name;

·         Surname;

·         Date of birth;

·         Phone number;

·         E-mail address;

·         Residence address;

·         Educational attainment;

·         Workplace;

·         Completed courses;

·         Language skills;

·         Computer skills;

·         Person’s photo (only if it is submitted by the Candidate with his (her) CV; the Data Controller shall not require the submission of the photo);

·         Recommendations;

·         Other data voluntarily submitted by the Candidate specified in his (her) CV or other presented documents.

Data obtained directly from Candidates and/or third parties providing job search, selection and/or intermediation services (e.g., employment agencies, job search online portals, career social networks (e.g., Linkedin), etc.).  These data shall not be transferred to third parties.

Data of Candidates shall be processed on the basis of consent declared when submitting personal data and/or on the basis of the Candidate’s request prior to conclusion of the contract (Article 6(1)(b) and (b) of the General Data Protection Regulation).

WHAT WE DO TO PROTECT YOUR INFORMATION

Personal data shall be protected against loss, unauthorised use and changes.  We have implemented organisational and technical measures to protect all information collected by us for the purposes of provision of services.  Please be reminded that despite appropriate actions taken by us to protect your information, no website, online transaction, computer system or wireless communication is completely secure.

The Data Controller shall apply different periods of storage of Personal data in observance of requirements of legal acts and according to personal data processing purposes.

Personal data storage period:

Personal data processing purpose

Period of storage

Processing of Data Subjects’ personal data for the purposes of consultation, fulfilment of a query

1 (one) year from the day of the consultation, fulfilment of the query,  except where the Data Subject applies for provision of the Data Controller’s services.  In such case, the general time limit of 10 (ten) years shall apply.

Processing of personal data of Clients for the purpose of sale of goods and provision of services

10 years after tge last contact, or 10 (ten) years after its expiration.

Processing of personal data of natural persons, Representatives for the purpose of performance of agreements with Partners, Service Providers, Suppliers

The term of validity of the agreement and 10 (ten) years after its expiration.

Processing of personal data of Data Subjects for direct marketing purpose

5 (five) years from the day on which the consent is given, unless the Data Subject requests the extension of this time limit.

When the Data Subject’s personal data are processed for the direct marketing purpose on the basis of consent or legitimate interest of the Data Controller, the Data Controller shall stop processing the Data Subject’s personal data for the direct marketing purpose (shall immediately destroy them) as soon as the Data Subject objects the processing of personal data for such purpose.

Processing of personal data for the purposes of ensuring the security of staff, clients and the protection of assets (video surveillance)

30 calendar days Where video data are used as evidence in civil, administrative or criminal proceedings or in other cases provided for by law, the video data may be stored to the extent necessary for these purposes of the processing and destroyed as soon as it is no longer necessary.

Processing of personal data of Candidates for staff selection purposes

6 (six) moths after the end of staff selection. For a longer retention of Candidates’ CVs and other data the Candidate’s consent shall be required

Exemptions from the periods of storage may be applied to the extent they do not infringe the rights of Data Subjects and are in compliance with legal requirements.

On expiration of the established time limits, unless they have been extended, the data shall be destroyed in a manner which prevents them from being recovered.

 YOUR RIGHTS

The Data Subject whose data are processed while implementing the Data Controller’s activities shall have the following rights:

·         The right to know (be informed) about the processing of his (her) data;

·         Right to access own data and know how they are processed;

·         Right to rectification of personal data or to supplement incomplete personal data having regard to the purposes of their processing;

·         Right to erasure (‘right to be forgotten’), i.e. to stop actions of processing of own data (except for storage);

·         Right to restriction of processing of personal data under a valid reason;

·         Right to data portability, where the Data Subject has provided his (her) personal data to the Data Controller in a structured, commonly used and machine-readable format;

·         Right to object to processing of personal data when they are processed or intended to be processed for direct marketing purposes including profiling to the extent related to such direct marketing;

·         Right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.

he Data Subject shall have the right to submit to the Data Controller in writing any request or order concerning processing of personal data in one of the following ways: deliver directly to the address: UAB "Impeka", Gamyklos g. 34, Mažeikiai; by post: UAB "Impeka", Gamyklos g. 34, Mažeikiai; by e-mail: info@impeka.lt.

Having received such a request or order the Data Controller shall, not later than within one month from the date of request, submit the answer and carry out or refuse to carry the actions specified in the request.  Where appropriate, the specified time limit may be extended for two more months, considering the complexity and number of requests. In such case, the Data Controller shall notify the Data Subject about such extension within one month from the date of request, also specifying the reasons for the refusal.

The Data Controller may refuse enabling data subjects to implement the above specified rights, except for disagreement with personal data processing for direct marketing purpose when in the cases established by laws it is necessary to ensure the prevention, investigation and identification of crimes, infringements of business or professional ethics, and the protection of rights and freedoms of the Data Subject or other persons.

THIRD PARTY WEBSITES, SERVICES AND PRODUCTS ON OUR WEBSITE

The Data Controller’s Website may contain advertising banners of third parties, links to their websites and services which are not controlled by the Data Controller, e.g., a link to the Data Controller’s Facebook profile.  The Data Controller shall not be responsible for the safety and privacy of the information collected by third parties. You must read the privacy provisions applicable to third party websites and services which you use.

If you provide your personal data using Facebook, we understand that you give your consent to us to get in touch with you by the specified contact phone number or e-mail and to submit the offers of services.

COOKIES

When you visit the Data Controller’s website, we want to provide content and functionalities that are tailored to your specific needs. This requires the use of cookies. A cookie is a small text file that a website stores on your computer or mobile device when you visit the site. They help the Data Controller to recognise you as returning visitor of a certain website, to remember the history of your visiting the website and to adapt the content accordingly. Cookies also help to ensure proper operation of websites, monitor the duration and frequency of visits to websites and collect statistical information on the number of visitors to websites.

Descriptions of cookies used on our website

Cookie                 

Description/Purpose

Time of creation

Storage duration 

Data used

__utmc

Google Analytics cookies that identify unique visitors and monitor user sessions

During the first visiting of the page

Until closing the browser

IP addresses and unique ID numbers used for compiling reports. The report provides statistical results. Monitoring performed via Google Analytics.

__utmb

Google Analytics cookies that identify unique visitors and monitor user sessions

During the first visiting of the page

Until closing the browser

IP addresses and unique ID numbers used for compiling reports. The report provides statistical results. Monitoring performed via Google Analytics. 

__utmt

Google Analytics cookies that identify unique visitors and monitor user sessions

During the first visiting of the page

Until closing the browser

IP addresses and unique ID numbers used for compiling reports. The report provides statistical results. Monitoring performed via Google Analytics.

__utmz

Google Analytics cookie identifying the source of traffic to the site, what search engine was used, what link was followed, what keyword was used, and the location of the user during the visiting of the page.

Upon opening the page

6 months 

IP addresses and unique ID numbers used for compiling reports. The report provides statistical results. Monitoring performed via Google Analytics.

__utma

 Google Analytics cookies that identify unique visitors and monitor user sessions

During the first visiting of the page

2 years

IP addresses and unique ID numbers used for compiling reports. The report provides statistical results. Monitoring performed via Google Analytics. 

 6f23c04236f0d208270c00b207d8c639

Used to save the user’s language settings

During the first visiting of the page

1 year

Language code

How to manage and delete cookies

When you use a browser to access our content, you can configure your browser to accept all cookies, reject all cookies or get notification when the cookie is downloaded. Each browser is different, so if you don't know how to change cookie settings, go to the help menu. Your device’s operating system may include additional cookie controllers. If you do not want the information to be collected through cookies, use a simple procedure included in many browsers that allows you to opt out of cookies. To find out more about how to manage cookies, please visit: http://www.allaboutcookies.org/manage-cookies/.

Please note, however, that in some cases the deletion of cookies may slow down web browsing, limit the functioning of certain functions of the website or block access to the website.

FINAL PROVISIONS

Supplements or amendments to the Privacy Policy shall enter into force from the day of their publication on the Website.

When the Data Subject uses the Website and of services provided by the Data Controller after supplementing or amending the Privacy Policy, it shall be considered that the Data Subject does not object to such supplements and/or amendments.

CONTACT US

If you have any questions concerning the information provided in this Privacy Policy, you are kindly invited to get in touch with us in any manner convenient for you:

Phone: +370 443 66 395

E-mail: info@impeka.lt

By post: UAB Impeka, Gamyklos g. 34, Mažeikiai;

Updated on 14.05.2019