2. DEFINITIONS. Personal data means any information about a natural person who is identified or identifiable (the data subject); a natural person who can be identified, whose identity can be determined directly or indirectly, in particular, by the identifier, such as his name, personal identification number, location data and internet identifier, or according to one or more features of physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Data subject – a person who buys goods at Komfovent UAB in trading premises or uses services, or provides services to the Company, or visits the Company’s premises or premises, or is interested in an employment opportunity in the Company, or is a representative of a legal entity, or a person who is browsing the websites www.komfovent.com, amalva.lt, social networking profiles facebook.com/Komfovent, facebook.com/Vedinimas, Linkedin, etc.
Request – the data subject’s request for the implementation of his rights.
Regulation – the so-called GDPR Regulation, 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data and repealing Directive 95/46/EC (General Regulation on the Protection of Personal Data).
3. PRINCIPLES FOR PERSONAL DATA PROCESSING. The Company processes personal data in accordance with the EU and Lithuanian laws regulating the processing of personal data.
The scope of processed personal data depends on the services provided or used, the goods and the information provided by the person when ordering and/or using the services, visiting or registering on the website, submitting their data for the purposes of the employment in the Company or visiting the Company’s premises or in its territory.
Data are only processed under the lawful processing criterion – to ensure the provision of services; with the consent of the person; When processing personal data, the Company is bound by relevant legislation; when the processing of personal data is required for the legitimate interest of the data controller or a third party.
The Company seeks to ensure that personal data is processed accurately, in good faith and lawfully, only for the purposes for which it was collected, in accordance with the principles and requirements for the processing of personal data clearly and transparently laid down by law.
4. PERSONAL DATA SOURCES. Personal data may be obtained from:
– directly from the data subject who submits them when ordering or purchasing goods, completing a request form on the website, sending a resume (CV) or otherwise contacting the Company;
– from the customer’s activity
– from the Company’s personal data processors or other external sources.
Data can also be obtained from publicly available sources, such as corporate websites.
Data can be generated when a person uses services, for example, by calling a phone, sending an instant message, email, ordering services, or visiting websites.
A person is not required to provide any personal data, but it may be that certain services, such as the sale of goods or billing, cannot be provided if personal data is not provided.
5. Purposes of PERSONAL DATA PROCESSING. Komfovent UAB processes personal data for the following purposes: customer relationship support; updating customer data; sale of products; shipping and delivery of products to the buyer; billing; administration and execution of contracts; debt recovery; handling of queries; search of employees; direct marketing; organization of loyalty programs and promotions; website traffic statistics, property and person protection; identification of persons; site visit statistics and analysis; submission, performance and defence of legal claims.
Data subject Groups – Buyers; business partners; employees; persons entering the field of video surveillance cameras; candidates, job seekers.
The following main categories of personal data can be processed, but not limited to: – full name, job title, position title, personal code, mobile phone number, CV, fax number, e-mail address, visit to the Company, and other information necessary for the sale of products and services, maintenance of relationships, contract administration and billing; IP address, site browsing history and date.
Videos are processed for the purpose of protecting property and individuals.
Data recipients and groups of recipients: state institutions and institutions, law enforcement agencies; auditors, legal and financial advisers; third-party registry management software; debt collection companies; companies providing physical security services.
6. VIDEO MONITORING FOR THE PROTECTION OF COMPANY’S PROPERTY AND PERSONS. Video surveillance is carried out in the Company at trade and production then use and in specially designated territories, at the following addresses:
- Ozo g. 10, LT-08200 Vilnius
- Lentvario g. 146, LT-25132 Vilnius.
Video surveillance is carried out for the purpose of protecting the Company’s assets and individuals. Data collected: video records.
Video surveillance is organized by the Company in such a way that the area (premises, parts of premises) does not exceed the necessary area of observation. Video surveillance on the premises and/or areas intended for private use of persons, i.e. toilets, showers, changing rooms, etc. are not carried out.
When the time of video data storage is expired, another image data is automatically recorded on top, thus deleting the oldest data.
Videos may only be used for the disclosure of suspected criminal offenses, administrative law violations or damage to the Company’s employees, service providers, third parties, damage to the Company’s property, disclosure, and may only be transferred to persons entitled to receive such data.
Videos may be allowed to be reviewed and, if necessary, transmitted to law enforcement authorities upon written request from law enforcement authorities. If videos are reviewed not by law enforcement agencies, record previews must take place at the closed premises of the company. The data subject shall have the right to participate during such review; responsible employee of the company; law enforcement agencies.
Where there is reason to assume that a crime or other unlawful act is recorded in the video material, the necessary image data (episodes) is transferred to a secure medium and stored at all times while there is an objective need for storage.
The data subject shall have the right to review videos related to his data processing, the storage periods of which have not expired. At the request of the data subject, photos of the video records may be provided, or video records presented in the media provided by the data subject (i.e. applicant) or the company’s media.
Upon receipt of the data subject’s request to submit a video and finding third parties in the video, besides the data subject, third parties in the video must be depersonalised (covered) and other information that may violate the privacy of third parties is removed by retouching or by any other means of preventing the identification of third parties.
Video surveillance records may only be reproduced with the consent of the Company.
The personal data of data subjects submitted when applying for a specific vacancy in the Company is processed for determining the candidate’s suitability for a particular position, and for the purpose of concluding an employment contract with a potential employee.
If the data subject applies for a particular vacancy but the job offer is not submitted to him or the data subject has not indicated that he or she is applying for a specific vacancy, the Company, after obtaining the consent of the data subject, will keep the personal data in the Company’s database of candidates for future employee selection, for the period not exceeding 1 (one) year. During the period of data storage, the Company may consider the candidature of the data subject and offer him a job in the Company.
If the data subject does not agree to the regarding the storage and processing of his personal data in the Company’s database of candidates for future recruitment of employees, after the completion of selection to a specific vacancy of the Company, the data subject’s data will be destroyed.
8. DATA PROCESSING FOR DIRECT MARKETING. The data subject may, by submitting his full name, email address or telephone number to the Company, agree or disagree for his data to be used for direct marketing purposes. If the data subject gives his consent to the processing of his personal data for the purpose of direct marketing, the Company may process his personal data in order to provide offers of products and/or services.
These data will be processed for direct marketing purposes for no more than 5 years from the time they are processed or until the data subject withdraws the consent given to the data processing. If the data subject withdraws the consent for the processing of data for the purpose described in this chapter, only the fact of the consent of the data subject shall be stored for 10 (ten) years from the date of the withdrawal of the consent or cancellation of consent in order to bring, execute or defend the legal requirements of the Company.
The consent to use the data for the purpose of direct marketing may be withdrawn at any time by notification by email to firstname.lastname@example.org or by clicking on the unsubscribe link at the bottom of the newsletter sent by the Company.
9. PERSONAL DATA STORAGE TERM. Personal data is processed for no longer than necessary for the purpose of data processing or for no longer than required by data subjects and/or provided by law.
Usually, data is processed for 10 years from the expiration of the contract or the end of the relations with the customer. Data on employees is stored for the time provided in the Law on Archives.
Videos are kept for 14 days, except for the cases specified in the Policy when videos are stored for longer terms.
10. PROVISION OF PROCESSED DATA FOR OTHER ENTITIES. The Company does not provide the data processed to third parties without prior consent of the person (data subject), except in the manner prescribed by laws.
11. DATA CO-CONTROLLERS. A contract is concluded between the co-controllers of data, in which the co-controllersdetermine in a transparent manner their respective responsibilities for the fulfilment of obligations under the Regulation, defines the respective actual functions of the co-controllersand their relations with the data subjects. In case of the written request of the data subject, the data subject shall be given access to the substantive provisions of this Contract. The data subject can exercise his rights as set out in the Regulation in respect of each of the co-controllers.
12. DATA PROCESSORS. Data can be managed by processors providing accounting, site maintenance, data centre and/or server rental, IT maintenance, external audit, security and other services to the Company.
Data processors have the right to process personal data only in accordance with the instructions of the Company and only to the extent necessary for the proper fulfilment of obligations laid down in the Contract. The Company, through the use of data processors, seeks to ensure that the processors implement the appropriate organizational and technical security measures and maintain the confidentiality of personal data.
13. RIGHTS OF DATA SUBJECTS. Every data subject has the following rights:
- the right to know (be informed) about the processing of your personal data;
- the right to access personal data processed by the processors and the manner in which they are is processed, namely, to obtain information on the period of storage of personal data, technical and organizational measures applied to ensure data security, to obtain information from what sources, and what of one’s personal data is collected, for what purpose they are processed, to whom they are provided;
- the right to request the correction, destruction or deletion of personal data or to discontinue the processing of personal data, save for the storage, when the data are processed without complying with the legal provisions;
- the right to disagree with the processing of one’s personal data, except where such personal data are processed due to a legitimate interest pursued by the later controller or a third person to whom personal data are provided and if the interests of the data subject are not more important;
- the right to demand that personal data are destroyed if this is not in conflict with the principles of processing of personal data;
- the right to demand the restriction of processing of personal data; the right to require that the personal data provided by him, if they are processed on the basis of his consent or contract, and if they are processed by automated means, would be forwarded by the data controller to another data controller, if this is technically feasible (data portability);
- the right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
- The data subject who has submitted an identity document or in accordance with the procedure established by laws or electronic means of communication, which allows a person to be properly identified, having confirmed his identity, must personally, by post, by courier or by e-mail send a written request (hereinafter the Request) for the implementation of his rights. The Company, upon receipt of the data subject’s request, must provide an answer within 30 calendar days of receipt of the request from the data subject. You can submit your request in the following ways:
Tel. No. 8 5 2779701
By e-mail: email@example.com.
At the address: Ozo g. 10, LT-08200 Vilnius.
14. ASSURANCE OF DATA SECURITY. The Company must implement appropriate organisational and technical data security measures intended for the protection of personal data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. All personal data and other information provided by the data subject shall be treated as confidential.
Access to personal data is restricted to the employees, service providers and authorized data processors who need it to perform their work functions or to provide services.
15. COOKIES. We use the cookies on our Website, to customize the functioning of our Website as much as possible, and can contribute to ease of use when navigating our Website.
What is a cookie?
A cookie is a small file placed onto your device that enables our Website features and functionality. For example, cookies enable us to identify your device, secure your access to the Website. They enable the Website to store the data, such as:
- Login data (IP address of the logging-in device, login time, location from which the login is attempted);
- Type of browser;
- Demographic data (age group, sex);
- Data about the fact how you browse the Website (which sections you visit, what products are you interested in).
We use the cookies to:
- Understand, improve, and research products, features, and services, including when you access our Website from other websites, applications, or devices such as your work computer or your mobile device;
- Recognize the returning visitors of the Website; cookies help us show you the right information and personalize your experience; cookies also help avoiding re-registration or re-filling of the information by you each time you visit the Website;
- Analyse your habits so that the functioning of the Website would be convenient, efficient and would conform to your needs and expectations, for example, by ensuring that the Visitors would, without difficulty, find everything they are looking for;
- Measure the flows of the information and data being sent to our Website; we use the cookies for accumulation of statistical data about the number of users of the Website and their use of the Website;
We may, to the extent allowed by applicable laws, link the data, received from the cookies, with other information obtained about you from other legal sources (i.e., information about the use of the services, online account, our Loyalty program, etc.).
Cookies used on the Website
Each time you visit our Website, the long-term (persistent) cookies may be created, which stay in your browser after you sign-up and will be read by us when you return to our Website or a partner site that uses our services, and not deleted after you finish browsing our Website, and the short-term (session) cookies, which expire or are deleted after you finish browsing our Website (i.e., they usually last during the current visit to our Website or browsing session).
However, we note that the necessary cookies, as specified below, are necessary for functioning of our Website, and in case of your objections, we will not be sure about functioning of the Website or any of its portions or functionalities. If you do not accept leaving the information that necessary cokies collect, please close this Website and delete the cookies from your browser.
Please follow the instructions how to delete cookies from your browser bellow:
We recite below the main types of cookies used on the Website according to their types, collected data, and duration of storage.
Cookies used by the Company
Strictly necessary cookies
These cookies are required for the operation of our Website. They include, for example, cookies that enable storage of information filled by you during the browsing session, enable you to log into secure areas of our Website. Without these cookies operation of the Website would be impossible or its functioning may be severely affected.
These improve the functional performance of our Website and make it easier for you to use. These cookies remember the settings selected by the Visitors (for example, the settings of language and time zone). With the use of these cookies, the Visitors may avoid the changes of settings during each visit of the Website. These cookies also remember changes made by you in the Website (for example, in case you leave comment on the Website). These cookies do not track your behaviour in other websites.
Analytical / performance cookies
Marketing, targeting and advertising cookies
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will then use this information to make advertising displayed on it more relevant to your interests. The advertising cookies let us know whether you have already seen the specific advertisement or a certain type of advertisement, and how much time has elapsed since you saw it. We may use the cookies set by another entity so that we could provide the advertisement oriented more specifically to you. They are also used so that we could see the certain advertisements only a certain number of times and that it would help to measure the efficiency of advertising.
All information about the cookies used by us is recorded below:
|Name of the cookie||Description/Type||Moment of creation||Duration||Data used/collected|
|_ga||Statistics||Entering the website||2 years||unique id|
|_gid||Statistics||Entering the website||24 hours||unique id|
|pll_language||Functional cookies||Entering the website||2 years||language code|
|wordpress_test_cookie||Functional cookies||Entering the website||24 hours||custom value|
Analytical cookies. The analytic cookies help us track the number of users and the periodicity of their visits.
Other third-party cookies – in some web pages of our Website, the other entities (for example, social networks) may also use their own anonymous cookies designed so that the programmes or applications developed by them would suit your needs. Due to the specific features of the functioning of the cookies, our Website does not have access to the information transmitted by these cookies, likewise other entities do not have access to the information collected by the cookies set by us.
How are cookies used for advertising purposes?
Cookies and other ad technology such as beacons, pixels, and tags help us serve relevant ads to you more effectively. They also help us provide aggregated auditing, research, and reporting for advertisers, understand and improve our service, and know when content has been shown to you.
Refusal or blocking the cookies
Many web browsers are set so that they would automatically accept cookies. The Visitors may, at their discretion, block or delete cookies and similar unique identifiers, if the settings of their browser or device enable them to do so. Nevertheless, if you refuse or block the cookies or other similar technologies, some functions of the Website may be inaccessible to you or they may operate not so efficiently.
Nevertheless, we draw your attention that necessary cookies are necessary for functioning of our Website, and in case of your objections, we will not be sure about functioning of the Website.
You may require that we delete all the data about you, as collected and processed with the help of the cookies, by contacting to the email address firstname.lastname@example.org. Such data will be deleted not later than within 30 working days after contacting to the above-mentioned email address.
You may find more information about how to delete cookies, as well as the other useful information related to the use of the cookies, on the website www.allaboutcookies.org
16. OTHER PROVISIONS. By submitting your data, you agree that Komfovent UAB may contact you regarding your request.
By email: Ozo g. 10, 08200 Vilnius
Telephone: +370 5 2300585
By e-mail: email@example.com