fbpx
×
Search
Generic filters

Privacy policy

LLC DEXTERA
GENERAL RULES ON THE PROTECTION OF PERSONAL DATA,

adopted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

I. BASIC DEFINITIONS

1. LLC DEXTERA, legal entity code 134665673, VAT payer code LT346656716, registered office and correspondence address Jonavos str. 260, LT-44131 Kaunas, contacts: e-mail: info@dextera.lt, phone no. 837 33 22 33. Hereinafter in the Rules on Processing and Use of Personal Data, referred to as the “Company”.
2. Data subject shall mean a natural person from whom the Company receives and processes personal data.
3. Employee shall mean a person who has entered into an employment or similar contract with the Company and is appointed by the decision of the Company’s executive officer to process Personal Data or processes such data in accordance with the job functions specified in his/her job description or whose personal data is processed.
4. Personal data shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a personal identification number, or one or more factors specific to the physical, physiological, economic, cultural or social nature.
5. Data recipient shall mean a natural or legal person, public authority, to whom the personal data are disclosed.
6. Disclosure of data shall mean disclosure of personal data by transmission or making them available by any other means (with the exception of publishing them in mass media).
7. Data processing shall mean any operation, which is performed with personal data such as collection, recording, accumulation, storage, classification, grouping, combining, alteration (supplementing or rectifying), disclosure, making available, use, logical and/or arithmetic operations, retrieval, dissemination, destruction or any other operation or a set of operations.
8. Data processor shall mean a legal or a natural person other than an employee of the data controller processing personal data on behalf of the data controller. The data processor and/or the procedure of its/his nomination may be laid down in laws or other legal acts.
9. Data controller shall mean a legal or a natural person who alone or jointly with others determines the purposes and means of processing personal data. Where the purposes of processing personal data are laid down in laws or other legal acts, the data controller and/or the procedure for its/his nomination may be laid down in such laws or other legal acts.
10. Special categories of personal data shall mean data concerning racial or ethnic origin of a natural person, his/ her political opinions or religious, philosophical or other beliefs, membership in trade unions, and his health, sexual life and criminal convictions.
11. Consent shall mean an indication of will be given freely by a data subject indicating his agreement to the processing of his personal data for the purposes known to him. His/ her consent with regard to special categories of personal data must be expressed clearly, in a written or equivalent form or any other form giving an unambiguous evidence of the data subject’s free will.
12. Direct marketing shall mean an activity intended for offering goods or services to individuals by post, telephone or any other direct means and/or for obtaining their opinion about the offered goods or services.
13. Third party shall mean a legal or a natural person, with the exception of the data subject, the data controller, the data processor and persons who have been directly authorised by the data controller or the data processor to process data.
14. Internal administration shall mean activity which ensures an independent functioning of the data controller (structure administration, personnel management, management and use of available material and financial resources, and clerical work).
15. Regulation shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
16. Rules shall mean these LLC DEXTERA General Rules on the Protection of Personal Data”.

II. GENERAL PROVISIONS

1. The Rules regulate the actions of the Company and its employees in processing Personal Data using automatic and non-automatic personal data processing tools installed in the Company, as well as establish the rights of the Data Subject, personal data protection implementation measures and other issues related to personal data processing.
2. The purpose of the Rules of Personal Data Processing in the Company is to regulate the processing of personal data in the Company, ensuring compliance with and implementation of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Law on Legal Protection of Personal Data and other related legal acts.
3. The Company collects data of the Data Subject, which he/she voluntarily provides by e-mail, registered mail, fax, telephone, directly arriving at the Company’s point of sale, registering on the Company’s website dextera.lt, dextera.eu or dextera.ru or by using the Company’s website (without registration).
4. Taking care of the Data Subject’s privacy, the Company undertakes to protect the Data Subject’s privacy and use the information provided exclusively for the purposes specified in these Rules, not to disclose this information to any third parties without the Data Subject’s consent, except the Company’s partners providing services related to the production, transportation, supply, distribution of products or other services related to the proper performance of services ordered by the Data Subject. The Company may also disclose the Personal Data of the Data Subject to third parties acting on behalf of the Company as Data Processors. Personal data may be disclosed only to those Data Processors with whom the Company has signed relevant agreements or cooperation agreements containing provisions discussing the transfer/disclosure of Personal Data and in which the Data Processor ensures adequate protection of the disclosed Personal Data. In all other cases, the Personal Data of the Data Subject may be disclosed to Third Parties only in accordance with the procedure provided for by the legal acts of the Republic of Lithuania. The Company may disclose the Personal Data of the Data Subject to governmental or law enforcement authorities upon their request and only if provided for by applicable law. The Company shall not use or disclose sensitive personal information, such as information about health, racial origin, religious beliefs or political views, and so on.
5. Personal data is processed and used depending on the purposes for which the Data Subject provided it to the Company or for other purposes approved by the Data Subject.
6. Purposes of the use of personal data of the data subject:

6. 1. For the processing, administration and execution of the purchase (order) of the data subject’s products/services;
6. 2. For the identification of the data subject in the Company’s data systems;
6. 3. For issuing invoices and other financial documents of purchased (ordered) services, product discount coupons;
6. 4. For solving problems related to the implementation, presentation and use of products/services;
6. 5. To contact the Data Subject to provide information about the manufactured products or available services, as well as in case of changes in the conditions of the products/services purchased by the Data Subject;
6. 6. For pre-trial and judicial debt recovery proceedings, where the Data Subject remains indebted after the services have been properly provided or products of suitable quality have been transferred;
6. 7. For direct marketing purposes, where such consent is given by the Data Subject in an appropriate form;
6. 8. For administrative, crime prevention detection and legal purposes;
6. 9. Business analysis and statistical analysis, general research that allows to improve services and improve their quality;
6. 10. For audit.

7. By submitting his/her Personal Data to the Company, the Data Subject confirms and agrees that the Company manages and processes the Personal Data of the Data Subject in accordance with these Rules, applicable laws and other regulatory legal acts.
8. The Rules must be followed by all employees of the Company who process Personal Data in the Company; or become aware of them in the course of their duties; or have access to databases containing Personal Data, including Data Processors or Third Parties used by the Company to provide the service (if applicable).
9. The collected Personal Data of the Data Subject, which the Company uses exclusively for the performance of accounting activities, as required by the laws of the Republic of Lithuania on accounting (e.g. invoicing, document archiving), shall not be treated as data processing and the provisions of the Regulation shall not apply.
10. The Rules have been prepared in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts governing the protection of personal data.

III. GENERAL PROVISIONS

1. The information collected by the Company may be:

1. 1. Name, surname of the data subject;
1. 2. Address;
1. 3. E-mail address;
1. 4. Phone number;
1. 5. Date of birth (only if the Data Subject partially pays the order amount at the time of submitting the order);
1. 6. Credit/debit card or other payment details (only if the customer pays by bank transfer using a card reader);
1. 7. Passport or identity card data (only if the Data Subject purchases products/services by leasing and only to the extent necessary to transfer Personal Data to the leasing company (bank));
1. 8. Information about the products/services purchased by the Data Subject (their quantities, purchase dates, prices of purchased services, purchase history);
1. 9. The Data Subject’s login name and password in encrypted form on the Company’s website.

2. The Company ensures the protection of the received data and undertakes to use this information only with the consent of the Data Subject and only in cases provided by law, as well as in cases necessary for the provision of the product/service ordered by the Data Subject.
3. The employees of the Company, in performing their duties and processing the personal data of the Data Subject, shall observe these principles:

3. 1. The information provided by the Data Subject is collected, processed and stored only in legitimate interest and in strict compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the Law on Legal Protection of Personal Data of the Republic of Lithuania, other legal acts of the Republic of Lithuania regulating this field and these Rules;
3. 2. The collection and processing of personal data shall comply with the principles of purposefulness and proportionality, shall not require the Data Subject to provide those data which are not necessary and thus shall not be collected;
3. 3. Only the data that is necessary for the provision of quality products/services shall be collected;
3. 4. The personal data of the Data Subject may be disclosed only by the employees of the Company with relevant competence and/or Third Parties used by the Company to provide the service, and only in cases when it is necessary to provide the service;
3. 5. The Company shall not disclose the Personal Data of the Data Subject to Third Parties, except in cases provided by law or if the Data Subject himself/herself obliges the Company to do so;
3. 6. The personal data of the Data Subject shall be stored for no longer than required for the purposes of data processing related to the proper provision of products/services, but in all cases no longer than 3 (three) years after the final provision of products/services or until the Data Subject requests deletion of collected data.

IV. MARKETING

1. By using the products/services provided by the Company and concluding agreements (purchase-sale, contracting, distribution, supply, etc.), the Data Subject may voluntarily give consent to the use of Personal Data provided for marketing purposes of the Company by actively expressing his/her consent in a special section of the relevant contract, by ticking it and confirming the final terms of the contract with his signature.
2. Possibilities of the data subject to receive the information sent by the Company:

2. 1. After visiting the Company’s website, the Data Subject has the opportunity to subscribe to the Company’s newsletters;
2. 2. After registering on the Company’s website and becoming a registered user, the Data Subject, among other things, has the opportunity to agree to receive the Company’s newsletters, information messages, offers, discounts, promotions, etc.;
2. 3. The Data Subject by provided his e-mail postal address, among other things, has the opportunity to agree to receive the Company’s newsletters, information notices, offers, discounts, promotions, etc.;
2. 4. The Data Subject, by providing his/her mobile phone number, has, among other things, the opportunity to agree to receive the Company’s newsletters, information messages, offers, discounts, promotions, etc. via SMS;
2. 5. The Data Subject by providing his/her residential address, has, among other things, the opportunity to agree to receive the Company’s newsletters, information notices, offers, discounts, promotions, etc. to his residential address.

3. All the methods set forth in Item 2 of Section 4 of the Rules are possible only if the Data Subject has given direct consent to the advertising and only in the manner for which the Data Subject’s consent has been given.
4. The Company also gives the Data Subject the opportunity to refuse the information sent by the Company:

4. 1. The Data Subject has the option of refusing the information sent by the Company by clicking on the link provided to refuse the Company’s offers and news in the newsletter or other letter sent to the Data Subject (if submitted by e-mail);
4. 2. The data subject has the option of refusing the information sent by the Company by replying with a short SMS message with the text: “I refuse to receive advertising” (if the SMS was submitted by short message);
4. 3. The data subject has the option of refusing the information sent by the Company by sending a notice to the Company by registered mail, e-mail or by phone (if it was provided at the residential address by registered mail).

5. In any case, if the Buyer does not wish his/her the Personal Data to be used for Direct Marketing purposes after purchasing the products/services, the Buyer may write an e-mail to marketingas@dextera.lt or call the general Dextera.lt customer service phone number 8 800 000 13 and indicate that he/she does not wish to receive e-mails and/or short SMS messages.
6. The data provided by the Data Subject, which is used for direct marketing purposes, helps to ensure continuous improvement and development of the Company’s website and the Company’s services as well as provides an opportunity to submit the best possible product/service offers.
7. Personal Data shall be collected, processed and used for marketing purposes in such a way as to prevent the disclosure of the data subject’s identity or other personal data which could lead to the identification of the data subject.
8. It is prohibited to collect the personal identification number of the Data Subject for direct marketing purposes.
9. The Data Subject may exercise his right to refuse to have his data processed for the purpose of direct marketing upon arrival at any of the Company’s trading venues and by submitting a written request.
10. The Company undertakes to remove the Data Subject’s contacts from the database sending advertising messages no later than on the next business day.
11. In any case, the burden of proving the Data Subject’s consent to the use of personal data for marketing purposes lies with the Company.

V. SECURITY AND PROCESSING OF PERSONAL DATA

1. Pursuant to the Law on the Legal Protection of Personal Data of the Republic of Lithuania, the legal acts of the European Union and others regulating data protection, the Company shall implement the measures that would prevent illegal access or illegal use of the Data Subject’s data. The Company shall ensure that the data provided by the Data Subject is protected from any illegal actions: illegal alteration, disclosure or destruction of Personal Data, theft of personal identity, fraud and that the level of protection of Personal Data complies with the requirements established by the legal acts of the Republic of Lithuania.
2. The Company uses appropriate business systems and procedures to protect and safeguard the personal data entrusted to the Company by the Data Subject. The Company uses security systems, technical and physical means that restrict access to and use of the Data Subject’s personal data on the Company’s servers. Only employees of the Company with special permits have the right to see the personal data of the Data Subject provided to the Company on the basis of agreements.
3. Personal Data is processed non-automatically and automatically by using the personal data processing tools installed in the Company.
4. Personal Data of Data Subjects may be processed only by employees authorized by the General Director of the Company or those employees of the Company who, according to the specifics of their work and official functions, need to know Personal Data (e.g. managers concluding agreements with Buyers).
5. Every employee who processes Personal Data shall:

5. 1. Sign a confidentiality commitment regarding data processing;
5. 2. Process Personal Data in strict accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other relevant legislation;
5. 3. Protect the confidentiality of Personal Data. He/she shall observe the principle of confidentiality and keep confidential any information relating to Personal Data which he/she has obtained in the performance of his duties unless such information is in the public domain in accordance with the provisions of applicable laws or regulations. The principle of confidentiality shall be observed by the Company’s employee even after the employment relationship has terminated;
5. 4. Not disclose, transfer or facilitate access to Personal Data by any means to any person who is not authorized to process Personal Data;
5. 5. In order to prevent the accidental or unlawful destruction, alteration, disclosure of Personal Data, as well as any other unlawful processing, he/she shall store documents and data files properly and securely and shall avoid making unnecessary copies. Copies of Company documents containing Personal Data shall be destroyed in such a way that these documents could not be reproduced and their contents could not be identified;
5.6. Immediately notify own manager of any suspicious situation that may pose a threat to the security of Personal Data and take measures to prevent such a situation.

6. Employees who automatically process Personal Data or from whose computers can be gained access to areas of the local network where Personal Data is stored must use passwords. Passwords must be changed periodically (in all cases at least every 3 (three) months). In the event of certain circumstances (e.g. change of employee, the threat of burglary, the suspicion that the password has become known to third parties, etc.) password must be changed immediately. An employee working on a particular computer can only know his/her own password.
7. The employee in charge of computer maintenance (or) the entity providing computer/systems maintenance services shall ensure that Personal Data files are not “shared” from other computers and that antivirus programs are updated periodically.
8. The employee in charge of computer maintenance (or) the entity providing computer/systems maintenance services shall make copies of the data files on the computers. If these files are lost or damaged, the employee in charge (or) the entity providing computer/systems maintenance services shall restore them within 3 (three) working days.
9. The employee shall lose the right to process Personal Data upon the termination of the employee’s employment or similar contract with the Company or upon the revocation of the employee’s appointment/authorization to process Personal Data by the executive officer of the Company.
10. Documents of data subjects and their copies, financing, accounting and reporting, archival or other files containing Personal Data shall be stored in lockers or safes. Documents containing Personal Data shall not be kept in a visible place accessible to everybody.
11. In order to ensure the protection of personal data, the Company shall implement or plan to implement these Personal Data protection measures:

11. 1. Administrative (establishment of secure management of documents and computer data and their archives, as well as the organization of work in various fields of activity, an acquaintance of personnel with personal data protection, etc.);
11. 2. Hardware and software protection (administration of servers, information systems and databases, workplaces, maintenance of the Company’s premises, protection of operating systems, protection against computer viruses, etc.);
11. 3. Security of communications and computer networks (filtering of shared data, programs, unwanted data packets (firewalling, etc.);

12. Personal data protection hardware and software shall ensure:

12. 1. Installation of a copy storage system for operating systems and databases;
12. 2. The continuous data processing process technology;
12. 3. Contingency strategy for the upgrade of the operation of the systems (contingency management);
12. 4. Authorized use of data, their inviolability.

13. The Data Processors or Third Parties used by the Company to provide the ordered services shall guarantee the necessary technical and organizational measures for the protection of Personal Data and ensure that such measures are complied with. To inform the Company about the intention to enter into agreements with auxiliary data processors and obtain prior written consents of the Company regarding their appointment.

VI. RIGHTS OF THE DATA SUBJECT

1. The Data Subject has the following fundamental rights:

1. 1. To know about the processing of his Personal Data;
1. 2. Get an access with own Personal Data and how it is processed;
1. 3. Request the rectification, destruction of the Data Subject’s personal data or the suspension, except for storage, of the Data Subject’s personal data processing activities when the Data Subject’s personal data are processed in violation of the provisions of applicable and in force;
1. 4. To object against the processing of the Data Subject’s Personal Data.

2. The Data Subject shall also have the right to refuse to provide Personal Data. In this case, the Data Subject automatically waives their claim regarding the quality of the products/services provided by the Company, as the requested data may be necessary in order to properly provide the products/services requested by the Data Subject.
3. The right of the Data Subject to access his / her Personal Data shall be exercised in the following order:

3. 1. The Data Subject shall have the right, upon presenting a document to the Company certifying his identity or upon confirming his identity in accordance with the procedure laid down by legal acts or by means of electronic communications which permit a person’s identification, to obtain information on the sources and type of his personal data which have been collected, the purpose of their processing and the data recipients to whom the data are disclosed or were disclosed at least during the past year. If the request is sent by the Data Subject by post or by courier, a notarized copy of the Data Subject’s identity document must be attached to the request. When a person’s information is requested by his or her representative, he or she shall provide proof of representation and proof of his or her identity. If the request of the Data subject’s representative is made in writing, the controller shall provide him with a written reply.
3. 2. Data Subjects may submit a request for access to Personal Data to the Company’s Legal Department by e-mail: teise@dextera.lt or send a request by registered mail to Jonavos str. 260, LT-44131 Kaunas.
3. 3. Upon receipt of a request from the Data Subject regarding the processing of his / her Personal Data and verification of the identity of the Data Subject, the Data Subject shall be provided with information as to whether the Personal Data relating to him/her are processed and the data requested.
3. 4. Upon receipt of the Data Subject’s request for access to his / her Personal Data, the information shall be provided no later than within 30 calendar days from the date of the Data Subject’s request. At the request of the Data Subject, such data must be provided in writing. The Company shall provide such data to the Data Subject free of charge once a calendar year. When providing data for remuneration, the amount of remuneration shall not exceed the cost of providing the data. The amount of remuneration for the provision of data shall be determined by the data controller in accordance with the description of the remuneration procedure for the provision of data to the Data Subject approved on 28th of February 2001 by resolution of the Government of the Republic of Lithuania no. 228 “On Approval of the Description of the Remuneration Procedure for the Provision of Data to the Data Subject”.
3. 5. The Company has the right to reasonably refuse to exercise the rights of the Data Subject in the circumstances provided for in Paragraph 2 of Article 23 of the Law on Legal Protection of Personal Data of the Republic of Lithuania.

4.The right of the Data subject to request the correction, deletion of the personal data of the Data subject or suspension of the processing of such data shall be exercised in accordance with the following procedure:

4.1. In order for the Company to delete the processed and/or stored personal data, the data subject must submit a request to the Company for the deletion of personal data, indicating which of his/her personal data is requested to be deleted.
4.2. The request can be submitted to the Company’s Legal Department’s email address teise@dextera.eu, sent by registered mail to Jonavos str. 260, LT-44131 Kaunas or by prior arrangement handed over upon physical arrival at the indicated address. In all cases when submitting requests, the identity of the requesting data subject must be confirmed as provided for in Article 3.1. of the Rules.

5. If the Data Subject is a registered user of the Company’s website, he/she may view and edit the personal information provided on the Company’s website and the contact details of contacting the Data Subject by visiting the relevant sections of the Company’s website.

VII. OBLIGATIONS OF THE DATA CONTROLLER

1. Each Data Recipient to whom the Personal Data has been disclosed shall be notified by the Data Controller of any rectification, erasure or restriction of the processing of the Personal Data as provided for in paragraph 1 of Section 6 of these Rules.
2. When concluding contracts with persons under the age of 16 (sixteen), the Company shall obtain the consent of the minor’s representatives in accordance with the law (guardians).
3. The Data Controller and/or the Data Processor, upon finding out of a personal data breach that results in careless or unlawful destruction, loss, alteration, unauthorized disclosure, transfer, storage or other processing of Personal Data, or unauthorized access to them, shall immediately share this information with each other.
4. The Company shall authorize a lawyer in the event of a data breach immediately, but not later than within 24 hours to fill in the personal data breach form (Annex No. 1 to these Rules) and notify the Data Controller. Among other things, immediately afterwards, it shall make special entries in the personal data protection breach log (Annex No. 2 to these Rules). In addition, no later than within 72 hours it shall notify the supervisory authority – the State Data Protection Inspectorate about the breach.
5. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
6. The communication to the Data Subject referred to above shall not be required if any of the following conditions are met: (i) the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the Personal Data affected by the personal data breach, in particular those that render the Personal Data unintelligible to any person who is not authorised to access it, such as encryption; (ii) the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in paragraph 4 of Section 7 is no longer likely to materialise; (iii) it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the Data Subjects are informed in an equally effective manner.

VIII. DATA DISCLOSURE

1. The Company, as the Data Controller, has the right to disclose Personal Data to the following entities for the purposes of accounting, archiving or proper performance of the contract:

1. 1. The State Social Insurance Fund Board under the Ministry of Social Security and Labour;
1. 2. State Tax Inspectorate under the Ministry of Finance of the Republic of Lithuania;
1. 3. Labour Exchange;
1. 4. Other public institutions.

2. The data described above shall be disclosed on the basis of contracts or in exceptional cases without contracts when it is directly obliged by the legal acts of the Republic of Lithuania. The Company has signed agreements in the appropriate written form on the secure disclosure of data to the Data Recipients.

IX. INTELLECTUAL PROPERTY RIGHTS

1. Unless otherwise stated, the software necessary for the Company’s services is available or used on the Company’s website and the intellectual property rights (including copyrights) to the content and information on the website belong to the Company. Without the prior written consent of the Company, it is prohibited to reproduce, translate, adapt or in any other way use any part of the Company’s website (any content, logo, software, products, services, etc.) in the commercial and economic activities of third parties. It is prohibited to perform any other actions that may infringe the Company’s property rights to the Company’s website, as well as contradict fair competition, advertising, infringe copyright, other legal acts and current practices.
2. Any illegal use of rights or any of the above actions shall constitute a material infringement of the Company’s intellectual property rights (including copyright and others).

X. LIABILITY

1. The Data Subject shall provide the Company with complete and correct Personal Data of the Data Subject and inform about relevant changes in the Personal Data of the Data Subject. The Company shall not be liable for any damage caused to the Data Subject and (or) Third Parties due to the fact that the Data Subject provided incorrect and/or incomplete Personal Data or did not properly and timely inform about their changes.
2. The Company shall not be responsible for communication failures that prevent users of the Company’s website and other persons from accessing the website or using the services.
3. The Company is not in a position to fully guarantee that the operation of the Company’s website will be uninterrupted and without any disruptions or errors, or that the Company’s website will be fully protected from viruses or other harmful components. Herewith the Data Subject is informed that any material that the Data Subject reads, downloads or otherwise receives when using the Company’s website is at the sole discretion and risk of the Data Subject and that the Data Subject is solely responsible for any damage caused to the Data Subject and the Data Subject’s computer system.
4. The registered Data Subject is responsible for the storage and/or transfer of his/her login data to third parties. In the case where the services provided on the Company’s website are used by a third party who has logged in to the Company’s website using the Data Subject’s login data, the Company shall consider this person to be the Data Subject.
5. The Company shall also publish the contacts of its representative on the website dextera.lt regarding the processing of Data Subjects’ requests.
6. The company authorizes a specialist of the legal department to fill in the personal data breach form (Annex No. 1 to these Rules) in the event of a data breach, immediately (no later than within 24 hours) and notify the Data Controller. Among other things, immediately afterwards, it shall make special entries in the personal data protection breach log (Annex No. 2 to these Rules). In addition, it shall notify the supervisory authority – the State Data Protection Inspectorate about the breach no later than within 72 hours.

XI. FINAL PROVISIONS

1. When providing information about himself/herself at the Company’s trading venues and concluding orders/contracts or visiting the Company’s website, the Data Subject is deemed to have read and agreed to the provisions of these Rules by implied actions (Article 6. 173 of the Civil Code of the Republic of Lithuania).
2. These Rules, drawn up in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other relevant legislation.
3. The Company shall have the right to partially or completely change the Rules by placing an advance notification about the proposed changes on the Company’s website. Supplements or amendments to the Rules shall take effect from the date of their publication, i.e. when they are posted on the Company’s website. If the Data Subject does not agree with the new version of the Rules, the Data Subject has the right to refuse to use the services provided by the Company and the Company’s website. If, after supplementing or amending the Rules, the Data Subject continues to use the services provided by the Company or the Company’s website, it shall be considered that the Data Subject agrees with the new version of the Rules.
4. The law of the Republic of Lithuania shall apply to the relations arising on the basis of these Rules.
5. All disagreements arising from the implementation of these Rules shall be resolved through negotiation. If no agreement is reached within 30 (thirty) calendar days, disputes shall be resolved in accordance with the procedure established by the legal acts of the Republic of Lithuania.
6. The personal data breach form has been approved in accordance with the requirements of Annex 1 to the General Rules for the Protection of Personal Data.
7. The form of the personal data breach log has been approved in accordance with the requirements of Annex 2 to the General Rules on the Protection of Personal Data.

PRIVACY POLICY RULES,

adopted in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

I. BASIC DEFINITIONS

1. LLC DEXTERA, legal entity code 134665673, VAT payer code LT346656716, registered office and correspondence address Jonavos str. 260, LT-44131 Kaunas, contacts: e-mail: info@dextera.lt, phone no. 837 33 22 33. Hereinafter in the Rules on Processing and Use of Personal Data, hereinafter referred to as the “Company”.
2. Dextera.lt shall mean e-shop located at dextera.lt.
3. Buyer shall mean 1) a capable natural person, i.e. a person who has reached the age of majority and whose capacity is not restricted by court order; 2) a minor between the ages of fourteen and eighteen who has the consent of his or her parents or guardians unless he or she is emancipated; 3) a legal person.
4. Account shall mean the result of the buyer’s registration with Dextera.lt, due to which an account is created that conserves his/her personal data and order history.
5. Social accounts shall mean Dextera.lt Facebook, Twitter or other accounts on social networks, which provide information about Dextera.lt and the goods/services provided.
6. Goods shall mean all goods (products) provided to the Buyer by Dextera.lt.
7. Services shall mean all services provided to the Buyer by Dextera.lt.
8. Password shall mean a unique combination of letters and numbers created by the Buyer and known only to him/her, which is entered for the first time when registering on Dextera.lt, and later in order to log in to the Account.
9. Order shall mean Confirmation of the Goods / Services as well as terms and conditions selected by the Buyer in the Account.
10. Browser shall mean is a program for displaying internet sites (webpages) on the web or personal computer.
11. Personal datashall mean any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a personal identification number, one or more factors specific to the physical, physiological, economic, cultural or social nature.
12. Privacy policy – this document, which provides the basic rules for the collection, accumulation, processing and storage of Personal Data using Dextera.lt.
13. IP address shall mean a unique number assigned to each computer connected to the Internet, known as an Internet Protocol (IP) address, that can be used to identify a person.
14. Direct marketing shall mean an activity intended for offering goods or services to individuals by post, telephone or any other direct means and/or for obtaining their opinion about the offered goods or services.

II. GENERAL PROVISIONS

1. Dextera.lt Privacy Policy provides the main rules for collecting, storing and processing Personal Data for the Buyer using the Services offered by Dextera.lt.
2. The Privacy Policy is designed to protect and defend the Personal Data of Dextera.lt Buyers from illegal use.
3. Individuals are considered to be familiar with this Policy when, by completing a registration form, submitting a notification notice or ordering form, they agree to be bound by the Procurement Rules, of which this Policy forms an integral part.
4. The purpose of the Privacy Policy Rules to regulate the processing of personal data on the Company’s website Dextera.lt, ensuring compliance with and implementation of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Law on Legal Protection of Personal Data and other related legal acts.
5. The Company collects data of the Data Subject, which it voluntarily provides by e-mail, registered mail, fax, telephone, directly arriving at the Company’s point of sale, registering on the Company’s website dextera.lt or by using the Company’s website (without registration).
6. The Buyer may perform the purchase Dextera.lt actions by registering with Dextera.lt, as well as without registering. The Buyer who does not execute the registration is required to provide the following Personal Data – name, surname, telephone number, e-mail, postal address, delivery address. The Buyer is responsible for providing his/her Personal Data.
7. Persons wishing to register with Dextera.lt must provide the following mandatory details: (i) Name; (ii) Surname; (iii) E-mail; (iv) Phone No. An Account is created during registration. In the account, the Buyer enters his/her own data and therefore he/she is solely responsible for the accuracy of this data. The Buyer is given a User ID. The Buyer may at any time adjust and/or complete the Personal Data in the Account.
8. The Buyer shall have the right to apply to Dextera.lt by e-mail marketingas@dextera.lt for account cancellation.
9. Dextera.lt requires the Buyer to provide the personal identification number only when ordering the Dextera.lt Goods/Services in instalments and only for the purpose of transferring the data to the leasing company (bank).
10. The Company’s website dextera.lt may contain links to and from the websites of the Company’s partners, advertising suppliers and related persons. Please note that the websites of other persons to which the Buyers access by selecting the links on the website dextera.lt have their own privacy policies and the Company does not accept any responsibility for these privacy policies. Buyers are advised to read the privacy policies of these other websites before submitting any Personal Data.

III. PROCEDURES FOR STORAGE AND USE OF PERSONAL DATA

1. The Buyer agrees that his name, surname, e-mail address, telephone number, IP address will be processed by Dextera.lt for the purposes of activity analysis. Accordingly, Dextera.lt gives the Buyer the right to express his/her consent or disagreement when registering on Dextera.lt or placing an order fro the processing of his/her name, surname, e-mail address, telephone number, IP address by Dextera.lt for direct marketing purposes.
2. If the Buyer does not wish the Personal Data specified in Clause 3 of this Privacy Policy to be used for Direct Marketing purposes after purchasing the Goods / Services, the Buyer must log in to his/her Account at Dextera.lt and uncheck the box next to the statement “Subscription for the Newsletter”. Among other things, in all cases the Buyer can send an e-mail to marketingas@dextera.lt or call the general Dextera.lt customer service phone number 8 800 000 13 to indicate that he/she does not wish to receive e-mails and/or short SMS messages.
3. The Company confirms that the Personal Data provided by the Buyer will be processed only in order to properly provide the Buyers with the Goods/Services provided in the e-shop Dextera.lt. The Company also confirms that the Personal Data provided by the Buyer will be processed for the purposes of Direct Marketing if such consent is given by the Buyer and is not revoked.
4. The retention period for personal data to be used for Direct Marketing purposes shall be three calendar years from the date of submission of such data.
5. Personal data related to e-commerce shall be stored for 2 (two) years from the date of the Person’s last connection to the e-shop system or the Person’s last purchase on the Website.
6. The data of persons who have submitted a request in the form specified in the Website in a special chat program shall be stored for 1 (one) year from the last action performed by the Person (request, reply or other), or by submitting a request via Facebook chat program, User by submitting his/her Personal Data in the said programs, shall be deemed to have voluntarily agreed to disclose such data in connection for the acquisition of the services offered by the Company. In this case, the Company considers that the User, by voluntarily disclosing the Personal Data, agrees that the Company will collect and store them as described in accordance with the procedure established in these Rules.
7. The Company undertakes not to disclose the Buyer’s Personal Data to third parties, except in the following cases:

7. 1. If there is a Buyer’s consent to the disclosure of the Personal Data;
7. 2. Company’s partners providing production, transportation, supply, distribution or other services related to the proper performance of the Goods / Services ordered by the Buyer;
7. 3. The Company may also transfer the Buyer’s Personal Data to third parties acting on behalf of the Company as Data Processors. Personal data may be transferred only to those Data Processors with whom the Company has signed relevant agreements or cooperation agreements that contain provisions discussing the transfer/provision of personal data and the Data Processor ensures adequate protection of the transferred personal data;
7. 4. In all other cases, the Buyer’s Personal Data may be disclosed to third parties only in accordance with the procedure provided for by the legal acts of the Republic of Lithuania. The Company may transfer the Personal Data of the Data Subject to governmental or law enforcement authorities upon their request.

8. Despite the fact that the Company makes every reasonable effort to protect Personal Data, the Company cannot guarantee the secure transfer of data to the e-shop. Any data transfer procedures are performed at the sole risk of the Buyer. From the moment of receiving the data, the Company applies extremely strict procedures for the protection of the Buyer’s Personal Data as well as technical and organizational measures in order to ensure protection against unauthorized access to the Personal Data.
9. The Company also uses the contact details of the Buyers who have purchased the Goods / Services electronically for the purposes of market research in order to assess the satisfaction of the Company’s customers with the Company’s activities and, accordingly, to improve the quality of the Company’s activities. Replies to messages sent and/or calls for this purpose are anonymous. In case the Buyer does not want to receive such notifications and (or) calls, he/she may inform the Company about the refusal of such notifications by e-mail marketingas@dextera.lt.
10. The Company’s website may collect certain information about the Buyer’s visit, such as (i) the Internet Protocol (IP) address through which the Buyer accesses the Internet; (ii) the date and time of the Buyer’s visit to the Company’s website; (iii) Other websites that the Buyer visits while on the Company’s website; (iv) The browser used; (v) Information about the Buyer’s computer operating system; (vi) Mobile App Versions; (vii) Language Settings. If the Buyer uses a mobile device, data may also be collected to determine the type of mobile device, device settings, as well as geographical (longitude and latitude) coordinates. This information is used to improve the Company’s website, analyse trends, improve products and services and administer the Company’s website. The Buyer voluntarily provides this data by the services provided by the Company, by becoming a registered user of the Company’s website or by visiting the Company’s website.

IV. BUYER’S RIGHTS

1. The Buyer has these fundamental rights:

1. 1. To know about the processing of his personal data;
1. 2. Have access to their own personal data and how it is processed;
1. 3. Request the rectification, destruction of the Buyer’s personal data in possession of the Company;
1. 4. To object to the processing of the Buyer’s Personal Data.

2. The Buyer, upon submitting a written request (together with an identity document), shall have the right to access the Buyer’s Personal Data contained and processed in the Company and to receive information from which sources and which Buyer’s Personal Data has been collected, for what purpose and to whom it is transferred. Upon receipt of the Buyer’s request, the Company shall provide the requested data no later than within 30 calendar days from the date of receipt of the Buyer’s request or indicate the reasons for refusing to comply with such request in the same form as the Buyer’s request or in another form to receive data proposed by the Company and accepted by the Buyer.
3. The Buyer may submit a request for access, adjustment or cancellation of the Personal Data collected by the Company concerning him/her by e-mail: teise@dextera.lt or by registered mail sent to the Company’s address, Jonavos str. 260, LT-44131 Kaunas.
4. If the Buyer is a registered user of the Company’s website Dextera.lt, he/she can view and edit the personal information provided on the Company’s website and contact details of contacting the Buyer by visiting the relevant sections of the Company’s website Dextera.lt.
5. The Buyer, among other things, shall have the right to refuse to provide Personal Data and not to accept the Privacy Policy. In this case, the Buyer will not be able to purchase the Goods Services in the e-shop Dextera.lt, as the requested data may be necessary to properly provide the Goods / Services desired by the Buyer.
6. At the moment of acceptance-transfer of the Goods / Services, the Company’s employees may ask the Buyer to submit an identity document, which is used only for proper identification of a person. In this case, no copies of the identity document shall be made.
7. After the cancellation of the Account the Buyer’s Personal Data may be stored on the Company’s server for up to six months in order to implement the requirements provided for in Clause 4 of Part 4 of the Privacy Policy, , unless the data provided by the Buyer was: (i) used for illegal activities; (ii) Identity theft or other misconduct suspected or under investigation by relevant law enforcement authorities; (iii) the Company has received complaints related to the respective Buyer or if the Company has noticed violations of the Rules committed by the respective Buyer. These data shall be destroyed upon lawful instructions from law enforcement or other authorized authorities.
8. The Company, with the help of internal organizational and technical measures, ensures that the Personal Data provided by the Buyer to Dextera.lt is protected from any illegal actions: (i) Unauthorized alteration of the Personal Data; (ii) Disclosure; (iii) Destruction; (iv) Identity theft; (v) Fraud.
9. Personal data is protected from loss, unauthorized use and alteration. All Buyers’ Passwords are encrypted, servers related to Personal Data can be accessed only by persons authorized by the Personal Data Controller and only through a secure certificate, which is additionally protected by a password, as well as all Dextera.lt pages that require Personal Data entry are executed via https : // protocol.
10. The Buyer undertakes and must store his/her login password and login name as well as other data. The Buyer undertakes and must not disclose Personal Data to any other third party, either about himself or about third parties, if such Personal Data of third parties was available to him/her, and immediately inform the Company about the noticed violations.
11. Any request or instruction related to the processing of Personal Data must be submitted by the Buyer to the Company in writing in one of the following ways: (i) By sending such request or instruction to the Company by registered mail to Jonavos str. 260, LT-44131 Kaunas; (ii) By sending such a request or instruction to the e-mail address teise@dextera.lt
12. Complaints of individuals regarding improper or illegal processing of personal data are investigated by the State Data Protection Inspectorate, registered office address A. Juozapavičiaus str. 6, LT-09310 Vilnius, www.ada.lt.

V. FINAL PROVISIONS

1. The Privacy Policy can be consulted and printed at any time on Dextera.lt. Buyers will always be informed about all future changes and/or amendments to the Privacy Policy by announcing the new version of the Privacy Policy on Dextera.lt, and by creating a technical opportunity for Buyers to read and to accept the new version of the Privacy Policy during the first connection to Dextera.lt after the entry into force of the new version of the Privacy Policy.
2. The Company shall not be responsible for communication failures that prevent users of the Company’s website and other persons from accessing the website or using the services.
3. The Company is not in a position to fully guarantee that the operation of the Company’s website will be uninterrupted and without any disruptions or errors, that the Company’s website will be fully protected from viruses or other harmful components. Herewith the Data Subject is informed that any material that the Data Subject reads, downloads or otherwise receives when using the Company’s website is at the sole discretion and risk of the Data Subject and that the Data Subject is solely responsible for any damage caused to the Data Subject and the Data Subject’s computer system.
4. The registered Data Subject is responsible for the storage and/or transfer of his/her login data to third parties. In the case where the services provided on the Company’s website are used by a third party who has logged in to the Company’s website using the Data Subject’s login data, the Company shall consider this person to be the Data Subject.
5. Buyers’ questions, comments and wishes related to the Privacy Policy shall be provided at the e-mail address teise@dextera.lt