Please allow us to collect data about how you use our website. We will use it to improve our website, make your browsing experience and our business decisions better. To learn more, please read our Cookie Notice.
1. Purpose of Policy and main concepts
- defines the Company’s obligation and responsibility in attempt to respect and preserve personal privacy;
- explains, how the Company is collecting, using and stores storing (processes) personal data;
- informs data subjects, how their personal data are processed and what rights of each data subject are.
While processing personal data of data subjects we are acting in compliance with the General Data Protection Regulation of the European Parliament and Council, Law on Legal Protection of Personal Data of the Republic of Lithuania, Law on Electronic Communications of the Republic of Lithuania. Other directly applicable legal acts, and instructions of competent authorities.
1.1. Main concepts used in the Policy:
1.1.1. data subject shall mean a natural person, whose data are processed by the Company;
1.1.2. personal data shall mean any information relating to a natural person (data subject) who is known or who can be identified directly or indirectly by reference to such data as a personal identification number or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
1.1.3. processing of personal data shall mean any operation carried out with personal data: collection, recording, accumulation, storage, classification, grouping, connecting, changing (supplementation or correction), provision, publication, use, logical and/or arithmetical operations, search, dissemination, destruction or any other action or set of actions;
1.1.4. consent of data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, for example, written (including given by electronic means) or oral declaration. Silence, pre-ticked boxes or inactivity should not therefore constitute consent;
1.1.5. data controller shall mean a legal or a natural person which alone or jointly with others determines the purposes and means of processing personal data. The Company shall be regarded a data controller in this Policy;
1.1.6. data processor shall mean a legal or a natural person other than an employee of the data controller, processing personal data on behalf of the data controller;
1.1.7. employee means a person, who gas made an employment contract or contract of similar character with the Company;
1.1.8. supervisory authority shall mean State Data Protection Inspectorate;
1.1.9. direct marketing shall mean an activity intended for offering goods or services to individuals by post, telephone or any other direct means and/or for obtaining their opinion about the offered goods or services;
1.1.10. Company’s website – www.altechna.com;
1.1.11. General Data Protection Regulation shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
1.1.12. client shall mean a natural person older than 16 years, who has registered on the Company’s website and is using or intends to use the Company’s services and has provided personal data for this purpose;
1.1.13. other concepts used in the Rules correspond to the concepts defined in the General Data Protection Regulation and Law on Legal Protection of Personal Data of the Republic of Lithuania.
1.2. Hereby it is attempted to help the data subjects to use their rights.
1.3. This Policy is also applied to protection of personal data of other data subjects (i.e. not clients or employees), whose personal data are processed or will be processed by the Company in the future.
1.4. The personal data processed by the Company are accurate, suitable and within the scope necessary for their collection and further processing. The personal data may be updated regularly, if necessary.
1.5. Only the persons older than 16 years have a right to create their account on the Company’s website and to submit their personal data for processing.
1.6. The personal data of the clients are collected:
1.6.1. for the purpose of provision of the Company’s services (processing and administration of services (orders)), client’s identification in the Company’s information system, client’s identification when connecting to own account on the Company’s website, and for issuance of invoices and other financial documents;
1.6.2. for direct marketing if data subject gives his/her consent.
1.7. The Company is processing following data for the purposes indicated in the clause 1.6 of the Policy: name, surname, e-mail address, country of residence, represented company, job, phone number, e-mail address.
1.8. The legal ground for processing of personal data specified in the clause 1.6.1. is the Company’s duty to execute the contract made with the data subject and/or to undertake actions to conclude the contract upon request (order) of the data subject.
1.9. The legal ground for processing of personal data specified in the clause 1.6.2 is consent given by the data subject.
1.10. When personal data are processed for the purpose of direct marketing, the data subject has a right to object free of charge to such processing and to withdraw the consent.
2. Processing of personal data
2.1. Only the employees have a right to process personal data of the clients in the Company, including their transmission to the third persons specified in the clause 2.2 herein. Every employee has to preserve the secret of client’s personal data and to comply with the requirements of legal acts on personal data protection and these Rules.
2.2. In implementation of the Company’s agreements for services, the clients’ personal data may be transmitted only to the Company’s partners, who act as data processors on behalf of the Company and who provide services of delivery of shipments and other services related to the execution of agreement for services (personal data shall be disclosed only within the purpose necessary to provide certain services). The clients’ personal data may be provided only to the data processors, with whom the Company has made contracts containing provisions on transmission/disclosure of personal data and if the data processor secures the protection of personal data required by the General Data Protection Regulation. In all other cases the clients’ personal data may be disclosed to the third persons only in accordance with terms and conditions of legal acts of the Republic of Lithuania.
2.3. The Company observes the confidentiality principle and keeps in secret any information related to personal data that was learnt while implementing the job functions, unless such information was public according to the valid laws or other legal acts.
2.4. Term of personal data processing: personal data shall be processed until they are not already needed for the processing purposes:
2.4.1. The clients’ personal data collected and processed in order to provide the Company’s services (clause 1.6.1) shall be stored for the period not exceeding 10 years after the last order made via the Company’s website;
2.4.2. The personal data processed for the purpose of direct marketing specified in the clause 1.6.2 shall be processed not longer than until the moment when the consent to receive advertising is withdrawn (revoked).
2.5. When personal data are no longer needed for their processing purposes, they shall be destroyed, save for the data that may be processed for other purposes and on other grounds or that have to transmitted to national archives in cases specified in the laws.
2.6. The personal data protection shall be organized, secured and implemented by the authorized employee of the Company.
3. Rights of the data subject and their implementation procedure
3.1. Rights of the data subject:
3.1.1. to know (be informed) about the processing of his/her personal data in the Company;
3.1.2. to have an access to his/her personal data and to be informed of how they are processed in the Company;
3.1.3. to object against the processing of his/her personal data;
3.1.4. to request rectification, specification, supplementation or destruction of his/her incorrect or incomprehensive personal data or suspension of further processing of his/her personal data, with the exception of storage;
3.1.5. to request erasure of the data (“right to be forgotten”). This right is valid where one of the following grounds applies:
184.108.40.206. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
220.127.116.11. the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
18.104.22.168. the personal data have been unlawfully processed;
22.214.171.124. the personal data have to be erased for compliance with a legal obligation in the European Union or domestic law to which the controller is subject;
3.1.6. right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
126.96.36.199. the processing is based on consent or on a contract; and;
188.8.131.52. the processing is carried out by automated means.
3.2. The data subject may appeal against supposed unlawful processing of his or her personal data to the supervisory authority.
3.3. The data subject has a right to authorize a non-profit organization, institution or association that was incorporated properly according to the law of the Republic of Lithuania, whose objectives indicated in the Articles of Association are in compliance with public interest and that is operating in the area of protection of rights and freedoms of the data subject within the scope related to personal data protection to lodge a complaint in his/her name and to use certain rights provided in the General Data Protection Regulation.
3.4. Implementation procedure of the data subject’s rights:
3.4.1. The person, who wants to implement the rights listed in the clause 3.1., has to submit a written application to the Company (personally, by post, via representative or by electronic communication means). The application has to be legible, signed by the person and contain the following data: person’s name, surname, residence, contact data and information, which of the aforementioned rights and in what scope, she or he desires to implement;
3.4.2. Upon submission of the application, the person must identify himself or herself by the following means:
184.108.40.206. If the application is delivered directly on arrival to the Company – to present personal identity document or its copy certified according to the legal acts of the Republic of Lithuania;
220.127.116.11. If the application is delivered by post – to present the copy of personal identity document certified according to the legal acts of the Republic of Lithuania;
18.104.22.168. If the application is delivered via representative – to present the document confirming representation;
22.214.171.124. If the application is delivered by electronic communication means – to sign by valid e-signature;
3.4.3. The right of the data subject to object to processing of his/her personal data for direct marketing shall be implemented by the notification of the Company about the data subject’s objection by e-mail and by provision of information about all the accounts created on the Company’s website;
3.4.4. If the data subject has an account on the Company’s website, she or he may review and edit personal information and contact data provided on the Company’s website by visiting own account. The data subject may also use this account to implement the right to object to processing of his/her personal data for direct marketing.
3.5. The Company’s authorized person shall examine the applications indicated in the clause 3.4.1 herein. The application has to be examined and the response has to be given not later than in 30 calendar days upon the application’s submission.
3.6. When the data subject submits applications according to the clause 3.4.1, she or he should not misuse his or her rights evidently. If the data subject misuses his or her right (for example, refers to the Company regarding information on the processed personal data more often than once in six months), the Company has a right to demand that the data subject would cover the administrative costs related to implementation of such applications.
3.7. The objection of the data subject to processing of his or her personal data for direct marketing should be responded immediately, as soon as possible. The responsible employees of the Company have to secure that personal data would not be further processed for the purpose of direct marketing.
4. Cookies and their usage
4.1. In order to improve the client’s experience while visiting the Company’s website, we are going to use the cookies – small portions of textual information that are created automatically while browsing the website and that are stored in the client’s computer or another terminal device. The information collected with the help of cookies allows us securing the opportunity to the client to browse more conveniently, to submit attractive offers and to learn more about behaviour of the website’s users, to analyse the tendencies and to improve the website, servicing and services provided by the Company.
4.2. When using the website, the client agrees to the usage procedure of cookies and may decide whether to accept cookies. If the client disagrees to recording of cookies into his or her computer or other terminal device, the client may change the browser’s settings and turn off all the cookies or turn on/off each of them separately. However, we would like to note that in some cases this may slow down browsing speed, restrict operation of certain functions of websites or block access to the website. More information is available at AllAboutCookies.org or www.google.com/privacy_ads.html.
4.3. We use the information collected with the help of cookies for the following purposes:
4.3.1. Usage of functional cookies and provision of services. The cookies are very important for operation of our website and e-services and secure smooth and safe usage experience to the user. For example, upon the user’s request, there is no need to enter the name, surname, password and other data every time the user logs in.
4.3.2. Expansion of services. If we monitor usage of cookies, we may improve operation of our website and e-services. For example, we receive information, which sections of our website are the most popular, to which websites our users are referred from our website, from which websites they are referred to our website, and how long the users stay on our website.
4.3.3. Analysis of usage. The Company is using cookies to collect statistical data on the visitors to our websites and their usage of e-services and to evaluate the advertising effectiveness. For example, the company may collect information from e-mails and newsletters sent for marketing purpose in order to learn whether the e-mails were opened and whether the users were induced to carry out any actions, for example, whether the user pressed the link in the e-mail to our website.
4.3.4. Targeted marketing orientation. The company may use cookie to collect information needed to provide certain advertising or content to some browser and to create different target groups.
5. Security of personal data
5.1. The Company must implement appropriate organisational and technical measures intended for the protection of personal data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing.
5.2. When the Company detects violations of personal data security, it shall remove them immediately.
5.3. The Company’s employees have to follow the confidentiality principle provided in the clause 2.3 herein.
5.4. The antivirus software has to be updated continuously in the Company’s computers.
5.5. If personal data security was violated, the Company shall notify the supervisory authority thereof without unreasonable delay and, if possible, within 72 hours after having learnt of such violation of personal data security, unless violation of personal data security should not cause hazard to rights and freedoms of natural persons. If the supervisory authority is not notified about violation of personal data security in 72 hours, the reasons of delay have to be attached to the notification.
5.6. When big hazard to rights and freedoms of natural persons may be caused because of violation of personal data security, the Company shall notify the data subject thereof without unreasonable delay.
6.1. The data subject must submit thorough and accurate personal data to the Company and to inform it about appropriate changes of the personal data.
6.2. The Company has no possibility to guarantee completely that functioning of the Company’s website will be unhindered and completely protected against any viruses. The Company shall never assume responsibility for direct or indirect losses resulting from usage of material or documents available on the Company’s website. The data subject is notified that any material read, downloaded or otherwise received via the Company’s website is received exclusively at the discretion and risk of the data subject, who will be solely responsible for any damage caused to the data subject or his/her computer system.
6.3. The data subject who has an account on the Company’s website has to secure safety of his/her logging-in data. The Company shall not be held liable for any damage incurred by the data subject due to improper implementation of the obligation provided herein.
6.4. Unless provided otherwise, the intellectual property rights (including copyrights) to the content and information of the Company’s website belong to the Company. It is forbidden to reproduce, translate, adapt or use otherwise any section of the Company’s website without a written advance consent of the Company. It is forbidden to perform any other actions that would or could violate the Company’s intellectual property rights to its website or that would not be in compliance with fair competition.
7. Final provisions
7.1. This Policy shall be updated at least once in two years or if the legal acts regulating personal data protection change.
7.2. The Policy is publicly available on the Company’s website. The Company’s clients are familiarized with this Policy by electronic means.
7.3. The Company has a right to change this Policy completely or partially.
7.4. The data subjects may use the contacts provided below or general contacts provided on the Company’s website if they want to make inquiries about any issues related to this Policy.
+370 5 272 5738
Mokslininku st. 6A, Vilnius LT-08412, Lithuania