PRIVACY POLICY

We, Dovaina, UAB, legal entity code: 158859156, registered office address: Uolės g. 16, Dovainonys, Kaišiadorys District (hereinafter referred to as the Company), respect the privacy of each person and the protection of personal data, therefore we have drawn up these privacy policy rules, according to which, among other things, the Company will process the personal data provided to the Company by its customers and employees. By using the services of the dovaina.lt website, the person confirms that he/she has read, understood and accepted this privacy policy.

1. General Provisions

1.1. This privacy policy (hereinafter – the Policy) governs, among other things, the collection, processing and storage of personal data by the Company as a data controller.
1.2. The Company is engaged in economic and commercial activities, which include the production of food industry equipment starting with an idea, drafting of a project, equipment installation and maintenance, metal processing, production, cleaning and coating of non-standard metal products and structures, trade in spare parts for trucks, trailers and buses and other services. For the provision of these services, the Company processes personal data in accordance with the legal grounds and data processing purposes specified in the Policy and the legal acts applicable to the Company.
1.3. This Policy is intended for persons who use or intend to use the Company’s services or visit the website dovaina.lt.

2. Principles of Personal Data Processing

2.1. The Company processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter – the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts governing the processing of personal data.
2.2. The scope of personal data processed depends on the Company’s services ordered or used and the information provided by the website visitor when ordering and / or using the Company’s services, visiting or registering on the website.
2.3. The company follows, among other things, the basic data processing principles set forth below:

• Personal data is only collected for clearly defined and legitimate purposes.
• Personal data is processed only in lawful and fair manner.
• Personal data is constantly updated.
• Personal data is stored securely and for the period no longer than required by the established data processing purposes or legislation.
• Personal data is processed only by those employees of the Company who have been granted such a right in accordance with their job functions.

2.4. At the Company data is processed only in accordance with one or more criteria of lawful processing – (i) to ensure the provision of services under the contract (i.e. to fulfil the contract or to take action at the request of the data subject before entering into the contract); (ii) upon the consent of the data subject; (iii) when the processing is necessary to fulfil a legal obligation of the Company; (iv) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company; (v) when personal data need to be processed for the legitimate interests of the Company or a third party (see Article 6 (1) of the Regulation, http://www.privacy-regulation.eu/en/6.htm).
2.5. When processing and storing personal data, the Company implements organizational and technical measures that ensure the protection of personal data from accidental or illegal destruction, alteration, disclosure, as well as from any other illegal processing. Only those employees of the Company and auxiliary service providers have access to the personal data processed by the Company for whom it is necessary to perform their job functions or to provide services to the Company.
2.6. The Company’s customer or potential customer, employees and any other natural persons are responsible for ensuring that the personal data provided by them is accurate, correct and complete. In case of changes in the personal data provided by them, they must immediately notify the Company. The Company shall not be liable for any damage caused to a person and / or third parties due to the fact that the person provided incorrect and / or incomplete personal data or did not apply for completion and/or alteration of the data due to the changes.

3. Sources of Personal Data

3.1. Personal data is usually obtained directly from the data subject (the Company’s client or potential client, employees or candidates), who provides it by visiting the website, using the Company’s services, providing services to the Company, working or seeking employment with the Company.
3.2. In cases provided for by law or upon a consent, personal data may also be obtained from third parties (e.g. temporary employment agencies, recruitment agencies, public authorities and relevant registers).
3.3. Although the customer is not required to provide any personal data to the Company, certain services may not be provided to him/her or he/she will not be employed with the Company if the personal data is not provided.

4. Purposes of Personal Data Processing

4.1. The Company processes personal data for the following main purposes:

• For the purposes of administration and performance of contractual relations, in order to properly fulfil contractual obligations, to maintain relations with suppliers, partners and customers in business development, provision of services and cooperation;
• Providing the services listed on the website;
• For the purposes of internal administration of the Company and staff administration;
• For direct marketing and other marketing purposes;
• When fulfilling the requirements established by legal acts in the field of waste management and other areas and providing data to the authorities (data controllers);
• Video surveillance is installed in the Company’s production premises and common areas to ensure the security of the Company’s equipment and property.

5. Provision and Recipients of Personal Data

5.1.  The Company shall have the right to transfer the personal data of its customer representatives or employees to third parties which require the processing of such customer personal data or the purposes specified in this Policy or legislation.
5.2.  The Company undertakes to transfer customer data to third parties only to the extent and only in cases where it is necessary for the provision of the respective services and/or fulfilment of the obligations laid down in the legislation. Where personal data are not necessary for the provision of a particular service, they shall not be transmitted. The Company shall only transfer personal data to the aforementioned third parties on the basis of an agreement on the provision of data or a specific piece of legislation, strictly in compliance with the requirements laid down in the legislation.
5.3.  The Company undertakes to respect the confidentiality obligation in respect of the personal data of customers, employees, potential customers or employees. Personal data may be disclosed to third parties only if it is necessary for the conclusion and performance of the contract for the benefit of the data subject or for other legitimate reasons.
5.4.  The Company may provide the personal data processed to its data processors (sub-contractors) which provide IT, accounting, debt recovery or other ancillary services to the Company and process personal data on behalf of the Company. Data processors shall have the right to process personal data only in accordance with the instructions of the Company and only to the extent that is necessary to properly discharge the obligations laid down in a contract. The Company shall only use the processors which provide sufficient assurance that appropriate technical and organizational measures are implemented in such a way that the processing complies with the requirements of the Regulation and ensures the protection of the data subject’s rights.
5.5.  In addition, the Company may also provide customer data responding to the requests of courts, bailiffs or the authorities to the extent necessary for proper enforcement of the applicable legislation and instructions of the authorities.

6. Personal Data Processing for Direct Marketing Purposes

6.1. The Company may process the data subject’s contact details for direct marketing purposes. The consent to use personal data for direct marketing purposes can be given via e-mail, by subscribing to the newsletter sent by the Company, by subscribing to the news on the Company’s social network accounts, by leaving the consent on the Company’s website (by ticking the appropriate box), by signing a questionnaire or agreement with the Company, or otherwise informing the Company’s administration in writing. The consent for direct marketing should be voluntary, it is not a prerequisite for the contractual relationship with the Company, and it does not affect the relationship between the data subject and the Company.
6.2.  The Company may send informational messages if the person has given consent to the Company to use his/her data for direct marketing purposes and to the Company’s customers without separate consent for the marketing of similar services, provided they are given a clear, free and easily enforceable opportunity to object or refuse such use of their contact details and provided they did not initially object to such use of their data when sending each message.
6.3.  The Company may send e-mail notifications for direct marketing purposes.
6.4.   A person may withdraw his/her consent in relation to direct marketing at any time by giving notice to e-mail address  or by getting in touch with the Company by another method.

7. Time Limits for Personal Data Storage

7.1.  Personal data collected by the Company shall be stored in printed documents and/or electronically in the Company’s information systems. Personal data shall be processed for no longer than necessary for achieving the purposes of the processing, or for no longer than requested by the data subjects and/or provided for in the legislation. Generally, personal data are processed for 10 years after the termination of the contractual relationship.
7.2.  Although the customer may terminate the contract or refuse the Company’s services, the Company must continue to store the personal data of the customer’s representatives due to possible future claims or legal claims until the data retention periods expire.
7.3.  The Company seeks not to store any outdated or unnecessary information and to ensure that personal data and other information about clients are regularly updated, correct and destroyed in time.

8. Rights of Data Subjects

8.1. The rights of a data subject shall include but shall not be limited to:

• The right to receive information on personal data processed by the Company, the sources from which and the ways in which the personal data were collected and on the basis on which they are processed;
• The right to request the Company to correct his/her personal data, suspend their processing, destroy them if the data are incorrect, incomplete or inaccurate, or if they are no longer required for the purposes for which they were collected. In this case, the data subject must submit a request, upon receipt of which the Company will verify the provided information and take the necessary actions. The accuracy and veracity of the available personal data are very important for the Company;
• The right to request the Company to destroy personal data or suspend the processing of such personal data, except their storage in case the person who has reviewed his/her personal data, finds that his/her personal data are processed unlawfully or unfairly;
• The right to object to the processing of his/her personal data when such data are processed or are intended to be processed for the purpose of direct marketing or for a legitimate interest pursued by the Company or a third party to which such personal data are provided;
• The right to withdraw his/her consent to the processing of his/her personal data for direct marketing purposes at any time;
• If the data subject is concerned about the Company’s actions (omissions) that may not comply with the requirements of this Policy or legislation, he/she may contact the Company and get free assistance.
  
  

8.2. A person may exercise all his/her rights as a data subject by contacting the Company via e-mail:  .
8.3. If the issue with the Company cannot be resolved, the customer has the right to contact the State Data Protection Inspectorate (ada.lt), which is responsible for the supervision and control of personal data protection legislation.

9. Cookies

9.1.  In order to improve the browsing experience on the Company’s website, the Company may use cookies – small pieces of textual information that are automatically created while browsing the website and are saved on the website visitor’s computer or other terminal device.
9.2.  The information collected by cookies enables more convenient browsing of the Company’s website and learning more about the behaviour of the Company’s website visitors, analysing trends and improving both the website and the Company’s services or information provided on the website. The Company uses cookies to process depersonalised personal data.
9.3.  If a visitor of the website does not consent to cookies being recorded on his/her computer or another device, he/she may change his/her browser settings and turn off all cookies or turn them on (off) one at a time. However, the Company notes that in some cases this may slow down the browsing, limit certain website functionalities or block access to certain pages of the website. More detailed information on cookies used by the Company is available at www.google.com/privacy_ads.html.

10.  Final Provisions

10.1. This Policy shall be governed by the law of the Republic of Lithuania and of the European Union.
10.2.   The Company reserves the right to amend Policy, therefore, visitors of the website are kindly asked to check regularly for any updates of the Policy and review the amended or new provisions.