Date of last revision: 25-06-2020
1. GENERAL PROVISIONS
1. 2. Your personal data controller UAB “Bonameda” (hereinafter - we or the Company), legal entity code 140927183, registration address Draugystės St. 17-1, LT- 51229 Kaunas, business address Breslaujos St. 3B, LT-44403 Kaunas.
2. WHAT PERSONAL DATA DO WE PROCESS?
2. 1. We process your Personal Data obtained in the following ways:
2. 1. 1. When you provide the Personal Data to us;
2. 1. 2. When we collect your Personal Data using the Website, when you contact us by phone or e-communication means, visit us;
2. 2. We collect, use and otherwise process your Personal Data in order to offer and sell our products, to fulfill our contractual obligations, as well as to pursue our or third parties' legitimate interest, performing instructions of the legal acts or duties.
2. 3. When providing the Personal Data to us, you are responsible for the correctness, completeness, relevance of these Personal Data. When you provide the Personal Data of other people (such as your employees, etc.), you are responsible for the consent of such person that the person‘s Personal Data would be provided to us. If necessary (for example, such person asks us about receiving his/her Personal Data), we will identify you as the provider of such data.
2. 4. We process your Personal Data for the following purposes and under the following conditions:
Purpose of the processing of Personal Data
Personal Data processed
Time limits for the processing of the Personal Data
Legal basis for the processing of the Personal Data
Conclusion of contracts with activity partners
Name, surname, position, personal identification code (only if necessary), address (only if necessary), telephone number, e-mail address of the partner natural person or legal entity participant, representative, other natural persons specified in the contract.
The data are stored
during the term of the contract and 5 years after the end of the contract.
Processing of the data is necessary for conclusion and performance of the contract (Art.6 p.1(b) of GDPR)
Sending of the direct marketing informational communications and implementation of the market researches.
Name, surname, telephone number, e-mail address, name of the workplace, name of the department where the client works, area of interest, date of birth (year, month and day if the client wishes to be greeted on the occasion of the birthday), e-mail interaction (information on whether the newsletter was read, when and how many times it was read / opened, whether it was forwarded, what operating system and e-mail server (its location) were used)
Data shall be stored for 5 years from the date of receipt of the consent.
Data subject's consent (Art. 6(1)(A) of GDPR) .
Management and administration of website www.bonameda.com
Name, surname, e-mail address, telephone (contact form on the website), IP address, information collected by cookies
The data provided in the contact form are stored for 1 year from the date of contact.
IP address is stored for 14 days.
Data subject's consent (Art. 6(1)(a) of GDPR) .
Execution of financial operations and bookkeeping, debt management
Name, surname, personal identification number, address, e-mail address, contact telephone number, account number, payment institution, transaction amount, date, time, currency, transfer amount, payment history, debt details.
The data are stored in accordance with the legislation governing financial transactions and accounting.
The data outside the scope of the above-mentioned legislation shall be stored for the entire duration of the contract and for 10 years after the end of the contract.
Conclusion and performance of the contract with the data subject (Art. 6(1)(B) of the GDPR) .
Seeking to fulfill a legal obligation imposed on the controller (6(1)(c) of the GDPR).
You have the right to object or at any time withdraw your consent to process your data for the above purposes when your Personal Data are processed on the basis of your consent.
2. 5. To the extent provided by applicable legal acts, in addition to the information you provide, our automatically collected Personal Data, when you use the Website, other digital channels, we can also obtain the information about you from other sources, such as publicly available registers, databases, social networking platforms and other third parties.
2. 6. You have the right to modify and update your information provided to us. In some cases (for example, when selling our products), we need to have accurate, up-to-date information about you, so we can ask you to periodically confirm that the information we have about you is correct.
2. 8. In some cases, we process your Personal Data as data processors. When processing the Personal Data in this way, we act in accordance with the instructions of the data controller. In such a case, all information about processing of your Personal Data will be provided to you by the controller of your Personal Data.
3. HOW DO WE USE YOUR PERSONAL DATA AND WHAT PRINCIPLES DO WE FOLLOW?
3. 1. We collect and process only the Personal Data that are required in order to achieve the purposes for which they are collected. We do not collect or store the Personal Data that would be unrelated to our activities.
3. 2. When processing your Personal Data:
3. 2. 1. We comply with the requirements of valid and applicable legislation, including the GDPR;
3. 2. 2. We process your Personal Data in a lawful, fair and transparent manner;
3. 2. 3. We collect your Personal Data for specified, clearly defined and legitimate purposes and do not process the Data in a way incompatible with those purposes, except to the extent permitted by law;
3. 2. 4. We will take all reasonable steps to ensure that the Personal Data that are inaccurate or incomplete, in accordance with the purposes for which they are processed, would be rectified, supplemented, suspended or destroyed without delay;
3. 2. 5. We store them in such a form that your identity can be established for no longer than is necessary for the purposes for which the Personal Data are processed;
3. 2. 7. We ensure that your Personal Data would be processed in such a way that, by appropriate technical or organizational measures, the adequate security of personal data would be ensured, including protection against unauthorized or unlawful processing of data and against unintentional loss, destruction or damage.
4. WHICH ENTITIES CAN RECEIVE YOUR PERSONAL DATA FROM US?
4. 1. We may transfer your Personal Data:
4. 1. 1. If there is your consent to the disclosure of the Personal Data;
4. 1. 2. To companies of the Group of companies to which we belong : UAB “Energenas”, UAB “Sophimeda”, UAB “Inospectra”;
4. 1. 3. To our partners or trusted third parties helping us to offer or sell our products, to carry out our activities, such as distributors, auditors, consultants, insurance companies, etc.;
4. 1. 4. State and local offices and institutions, law enforcement institutions, courts, other persons performing functions entrusted by law, in accordance with the procedure provided for in legal acts of the Republic of Lithuania. We provide these entities with mandatory information required by law or specified by the entities themselves;
4. 1. 5. To used Personal Data processors (such as IT, server services, site administration companies, etc.). We require that processors would store, process and handle the Personal Data as responsibly as we do and only in accordance with our instructions;
4. 1. 6. If necessary, to companies that intend to buy or would buy our business;
4. 1. 7. To debt collection companies to which claims on a customer's debt are transferred, courts, out-of-court dispute resolution bodies and bankruptcy administrators.
4. 2. Your Personal Data may be transferred outside the European Economic Area (EEA). Your Personal Data will only be transferred outside the EEA under the following conditions:
4. 2. 1. The Data are transferred only to our reliable partners who ensure the provision of our services to you;
4. 2. 2. Data processing agreements have been signed with such partners, by which they ensure the security of your Personal Data in accordance with the requirements of the law;
4. 2. 3. The Commission of the European Union has decided on the suitability of the country in which our partner is established, i.e., an adequate level of security is ensured;
4. 2. 4. You have given your consent to transfer of your Personal Data outside the European Economic Area.
5. RIGHTS OF THE DATA SUBJECT
5. 1. As a data subject, you have the following rights with regard to your Personal Data:
5. 1. 1. To know (be informed) about the processing of your Personal Data (right to know);
5. 1. 2. To access your Personal Data and to know how they are processed (right of access);
5. 1. 3. To require rectification or, taking into account the purposes of the processing of Personal Data, supplement the incomplete Personal Data (right to rectification);
5. 1. 4. To require the destruction of your Personal Data or suspend your Personal Data processing operations (except storage) (the right to destroy and the right “to be forgotten”);
5. 1. 5. To require to restrict the processing of the Personal Data for one of the legitimate reasons (the right to restrict);
5. 1. 6. The right to transfer data (the right to transfer). This right will only be exercised if the grounds for its exercise and the appropriate technical means exist and these means would ensure that the risk of the security breach of the data of other persons will not arise during transfer of the required Personal Data;
5. 1. 7. To object to the processing of your Personal Data, when we process the Personal Data on the basis of our legitimate interest or the legitimate interest of a third party, including profiling. If you object, we will only be able to further process your Personal Data for compelling legitimate reasons that take precedence over your interests, rights and freedoms, or to make, enforce or defend legal claims;
5. 1. 8. To revoke your consent to processing of your Personal Data when the Personal Data are processed with consent, including when such data are processed or intended to be processed for direct marketing purposes, including profiling *, insofar as it relates to such direct marketing.
* According to the Personal Data provided by you, for the purpose of direct marketing, profiling of your Personal Data can be carried out in order to offer you individually tailored solutions and offers. You may at any time revoke or object to your consent to processing of the Personal Data by automated processing, including profiling.
5. 2. If you do not want that your Personal Data would be processed for direct marketing purposes, including profiling, you can refuse such processing by clicking on the appropriate link in the e-mail with news or by sending an e-mail to email@example.com or calling +370 37 280710.
5. 3. We may waive your rights listed above, except for refusing to process the Personal Data in cases where the Personal Data are processed with your consent, when the provisions of BDAR allow your request to be denied, or, when in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of criminal offenses, breaches of official or professional ethics, also, the protection of the rights and freedoms of the data subject, other persons and protection of our rights and freedoms.
5. 4. When your Personal Data are processed on the basis of consent, you may revoke such consent at any time. We will immediately, within a reasonable period of time, terminate the processing of your Personal Data. Withdrawal of the consent does not automatically oblige us to destroy your Personal Data or provide you with information about the Personal Data we process, therefore, if you want us to perform these steps as well, you must specify such a request separately.
5. 5. You may submit any request or instruction related to the processing of the Personal Data to us in writing in one of the following ways: by delivery directly to: Breslaujos St. 3B, LT-44403 Kaunas, by e-mail: firstname.lastname@example.org. When making such a request, we may, in order to better understand the content of your request, ask you to complete the necessary forms, as well as provide an identity document or other information that will help us verify your identity. Upon submission of the request by e-mail, depending on its content, we may ask to come to us or submit a request in writing.
5. 6. Upon receipt of your request or instruction regarding the processing of the Personal Data, we will respond no later than within 1 month from the date of the request and will perform the actions specified in the request or inform you why we refuse to perform them. If necessary, this period may be extended by a further two months, depending on the complexity and number of requests. In this case, we will notify you of such an extension within 1 month after receiving the request.
5. 7. If the Personal Data is deleted at your request, we will retain only copies of information that is necessary to protect our legitimate interests and others, to comply with the obligations of state or local authorities, to resolve disputes, to identify disruptions or to comply with agreements concluded.
6. WHICH AUTHORITIES CAN ACCEPT YOUR COMPLAINT?
6. 2. If you think that your rights have been violated in accordance with BDAR, you can file a complaint to our supervisory authority - the State Data Protection Inspectorate, more information and contact details can be found on the Inspectorate's website (https://vdai.lrv.lt/). We strive to resolve all disputes promptly and peacefully, so we invite you to contact us first.
7. 3. You can choose whether you want to accept cookies.
7. 4. 1. Compulsory cookies: cookies are necessary for the system to work.
7. 4. 2. Functional cookies: cookies designed to analyze visiting of the website, memorize user preferences and customize them for the website so that we can provide enhanced functionality.
7. 4. 3. Third-party cookies: these cookies are used by third parties.
7. 5. Cookies used on our website:
The name of the cookie
Functions performed by the cookie
Purpose of processing of the Data
Period of validity
To separate the user
It registers a unique ID that is used to generate statistics about how a visitor uses the site.
To separate the user
It registers a unique ID that is used to generate statistics about how a visitor uses the site.
To accelerate the query frequency
Analytical data processing
It is indicated whether java system is supported
Until the end of the session
This cookie is used to send the data to Google Analytics about a visitor's device and behavior. It tracks the visitor on devices and marketing channels.
Until the end of the session
8. EXTERNAL SITES
8. 1. The Website may contain links to external sites, such as our partner sites or sites that promote our products. By following such links to any of the sites, please note that these sites and the services accessed through them have their own separate privacy policies and we do not assume any responsibility or liability for these policies or the personal data that are collected on these sites. Please review these policies before submitting the personal information on these sites or using any services.
9. CONTACT US
10. FINAL PROVISIONS