1. Background information
1.1 This Privacy Policy sets out the terms and conditions for the processing of your Personal Data when using the Data Controller's Website.
1.2 The terms and conditions set out in this Privacy Policy apply each time you access the content and/or service we provide and purchase goods sold in our online shop.
1.3 This Privacy Policy has been prepared and Personal Data is processed on this Website in accordance with the requirements of the legislation of the Republic of Lithuania and the Regulation.
2. Terms used
2.1 In this Privacy Policy the following terms are used:
- "Personal Data" or "Data" means any information about a User who is identified or identifiable, directly or indirectly (Data Subject).
- "Processing" means any operation or sequence of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction.
- The "Data Controller" is Saffort Northern Europe, UAB, legal entity code 304447813, registered office at Vilkpėdės g. 2A, Vilnius, Lithuania, which determines the purposes and means of the processing of Your Data as defined in this Privacy Policy
- " Website" means the website of the Data Controller whose address is Saffort.lt.
- "You" or "User" means the natural person who has visited the Website of the Data Controller and whose Data is processed in accordance with this Privacy Policy.
- "Privacy Policy" means this Privacy Policy, which sets out the Controller's basic rules for the collection, collection, processing and storage of Personal Data applicable to Users' use of the Website.
- "Regulation" means Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which entered into force in the European Union on 25 May 2018 and repeals Directive 95/46/EC.
- "Cookies" are small text documents with a unique identification number that are transmitted from the Website to the hard drive of the User's computer to enable the Data Controller to distinguish the User's computer and to view the User's online activity.
- "Consent" means any freely given, specific and unambiguous expression of your will, duly informed, by a statement or by unambiguous acts, by which you agree to the processing of Personal Data relating to you.
2.2 In this Privacy Policy, the terms mentioned and hereinafter used shall be understood as they are defined and explained in the Regulation, which can be consulted by clicking on the following link here.
3. Personal data processed
3.1 In order to purchase the goods on the Website, the User must provide the Data Controller with the following Personal Data:
- Name
- Surname
- E-mail address
- Telephone number
- Address of the place of residence
- Bank account number
3.2 The Data Controller also uses cookies on the Website to collect Data that reveals the use of this Website, the User's behaviour or automatically generated visit statistics. More information about the cookies used on this Website can be found in section 6 of this Privacy Policy.
4. PURPOSES OF USING PERSONAL DATA
4.1 We process the Personal Data about you that you provide and that we collect for the following purposes:
4.1.1 To enable you to use our online shopping service;
4.1.2. for the payment of your shopping cart through the external payment service provider of your choice;
4.1.3. to fulfil your order and to deliver the purchased goods to the address you have provided;
4.1.4. for billing and accounting purposes;
4.1.5. to improve the performance of our Website;
4.1.6. to answer your questions and share information.
5. Disclosure of personal data
5.1 The Data Controller shall ensure that Users' Personal Data will not be sold, provided or otherwise transferred to third parties without lawful basis, nor used for purposes other than those for which it was collected. The Data Controller may only transfer Data in accordance with this Privacy Policy and the legislation of the Republic of Lithuania.
5.2 The Data Controller may transfer the User's Personal Data to third parties only:
5.2.1. in the cases provided by law and when it is necessary for the purposes of this Privacy Policy;
5.2.2. if the User's separate consent has been obtained for this transfer;
5.2.3. where it is necessary for the Data Controller to perform the contract concluded with the User and to properly provide the services;
5.2.4. the transfer of Data is obligatory if requested by law enforcement authorities in accordance with the procedure established by the legislation of the Republic of Lithuania;
5.2.5. in other cases provided for in the Regulation and the legislation of the Republic of Lithuania.
6. Use of cookies
//> //<!
7. Data storage periods
7.1 The Data Controller undertakes to store the Users' personal data for the specific period of time specified in the applicable laws and regulations of the Republic of Lithuania and/or in this Privacy Policy, but no longer than is necessary under the applicable laws and regulations of the Republic of Lithuania or in accordance with the purposes of this Privacy Policy for the purpose of Data processing.
7.2 If the User contacts the Data Controller directly via the e-mail address indicated on the Website or places an order for goods, the User Data shall be stored for 2 (two) years from the moment of such contact or order. After the expiry of this period, the User's Personal Data shall be erased, unless further processing is based on one of the grounds referred to in Article 6(1) of the Regulation and the Data Controller is required to process the Personal Data for a longer period of time than provided for in this paragraph, but no longer than necessary.
8. RIGHTS of Users
8.1 On the Website, Users have the following rights:
8.1.1. to know what Personal Data is processed and for what purpose;
8.1.2. to have access to their Personal Data and to download it in an easily readable format to their computer;
8.1.3. to request the rectification or completion of Personal Data if it is inaccurate or no longer relevant;
8.1.4. to request the erasure of Personal Data under one of the conditions set out in section 8.5 of the Privacy Policy (right to be forgotten);
8.1.5. request the Data Controller to restrict the processing of the User's Personal Data under one of the conditions set out in point 8.7 of the Privacy Policy;
8.1.6. to request the transfer of the Data to another Data Controller in accordance with the procedure set out in paragraph 8.8 of the Privacy Policy (right to transfer);
8.1.7. to lodge a complaint with the State Data Protection Inspectorate regarding unlawful processing of Personal Data or a Data breach;
8.1.8. to object to the processing of Personal Data where such Data is processed or intended to be processed for direct marketing purposes.
8.2 Any requests or instructions relating to the processing of the User's Personal Data may be submitted by the User to the Data Controller in writing at the contact details (email or postal address) provided in this Privacy Policy.
8.3 The User must provide a document confirming his/her identity or identify himself/herself by permitted means of electronic communication together with the request, except in the case of a written request submitted directly, where it is possible to identify the User at the time of the request.
8.4 Upon receipt of such a request or instruction, the Data Controller shall, no later than 30 (thirty) days from the date of the request, provide a response and perform the actions specified in the request or refuse to perform them, stating the reasons for the refusal. If necessary, the time limit may be extended by a further two months depending on the complexity and number of requests. In this case, the Data Controller shall inform the User of such extension within 30 (thirty) days of receipt of the request, together with the reasons for the delay.
8.5 In the event of a request by the User for erasure of his/her Data, the Data Controller undertakes to erase the Personal Data without undue delay, provided that one of the following reasons can be given for this:
8.5.1. the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed;
8.5.2. the User withdraws the Consent on which the processing of the Personal Data is based and there is no other legal basis for processing the Personal Data;
8.5.3. the User does not consent to the processing of the Personal Data on the basis of a legitimate interest of the Data Controller and the Data Controller does not establish overriding legitimate grounds to continue processing the Personal Data;
8.5.4. the Personal Data has been processed unlawfully;
8.5.5. the Personal Data must be erased in accordance with a legal obligation under European Union or Republic of Lithuania law.
8.6 The Data Controller shall implement the erasure of the Data by encrypting the Users' Personal Data in such a way that it cannot be traced back to the person to whom it belongs.
8.7 The Data Controller shall be obliged to restrict the processing of the User Personal Data without undue delay in one of the following cases:
8.7.1. the User contests the accuracy of the Personal Data for a period of time within which the Data Controller may verify the accuracy of the Personal Data;
8.7.2. the processing of the Personal Data is unlawful and the User does not consent to the erasure of the Personal Data and instead requests the restriction of its use;
8.7.3. the Data Controller no longer needs the Personal Data for the purposes set out in paragraph 4 of this Privacy Policy, but the User needs it to assert, exercise or defend legal claims;
8.7.4. the User has objected to the processing of the Personal Data on the basis of legitimate grounds of interest of the Data Controller, pending verification that the Data Controller's legitimate grounds override the User's grounds.
8.8 The User has the right to transfer the Personal Data held about him or her to another Data Controller, and the Data Controller to whom the Personal Data has been provided must not prevent this where:
8.8.1. the processing of the Data is based on the User's Consent or contract; and
8.8.2. the processing is carried out by automated means.
8.9 In exercising his right to data portability, the User shall have the right to request that the Data Controller transmits his Personal Data directly to another Data Controller, where technically feasible.
8.10. The Data Controller reserves the right to refuse requests from the User, with the exception of requests to opt-out of direct marketing offers, and to have recourse to an out-of-court dispute resolution body where necessary to ensure: (i) the fulfilment of the legal obligations imposed on the Data Controller; (ii) the maintenance of public order or the prevention of criminal offences; (iii) the protection of the rights and freedoms of consumers or other persons; or (iv) in the case of other cases referred to in Article 23.1 of the Regulation. In any event, the Data Controller shall clearly state the reasons for refusing to comply with the Users' requests.
8.11 All responses to the User shall be provided in a concise, transparent, comprehensible and easily accessible form in clear and plain language. The Data Controller shall provide free of charge a copy of the Personal Data processed, in electronic or paper format, at the User's choice, and upon repeated request by the User, the Data Controller may charge a reasonable fee, determined in accordance with the administrative costs of producing such copy, not exceeding 50 (fifty) Euros.
8.12. If the User notices unlawful processing of his Data or if a dispute arises with the Data Controller, he shall have the right at any time to apply to the out-of-court dispute resolution authority in Lithuania, the State Data Protection Inspectorate, in accordance with the procedure set out in its website, which is accessible here.
9. CHANGES TO THE PRIVACY POLICY
9.1 The Data Controller shall have the right to update this Privacy Policy after taking into account the changes in the laws and regulations of the Republic of Lithuania.
9.2 The Data Controller recommends that Users regularly visit the Website to discover the latest version of the Privacy Policy. In the event of a material change to the Privacy Policy that has a significant impact on the protection of Users' Data, the Data Controller may notify the changes to the Privacy Policy to the contact details provided by the User.
10. CONTACT INFORMATION
All documents and questions relating to this Privacy Policy may be sent to the contacts listed below:
By post: Vilkpėdės g. 2A, Vilnius, Lithuania.
[ mail].