MARKETING RULES

  1. SECTION

GENERAL PROVISIONS

  1. The following UAB “V. Padagas ir Ko” (hereinafter referred to as the “Company”) Marketing Rules (hereinafter referred to as the “Rules”), set out the principles, purposes and related data protection requirements of the Company’s performed marketing and advertising activities, as well as the processing of personal data and their implementation.

  2. The Rules have been drawn up in accordance with the General Data Protection Regulation (EU 2016/679) (hereinafter referred to as “GDPR”), the Law on the Legal Protection of Personal Data (No. 63-1479 of 3 July 1996), the Company’s personal data protection policy and other legal acts regulating the protection of personal data.

  3. Terms used in the Rules:

  1. Direct marketing – means activities designed to offer goods or services to persons by post, telephone or other direct means and/or to seek their opinion on the goods or services offered;

  2. Advertising – an activity to increase the visibility of the services provided by the Data Controller using visual means (photographs, video records, etc.);

In the following Rules, the terms direct marketing and advertising will be collectively referred to as “marketing”.

  1. Data controller -UAB V. Padagas ir Ko” (company code: 170015127, address: Pušies st. 20, Varkalių village, Plungės distr.) – a legal person who acts as a Personal Data Controller and who alone or jointly with others determines the purposes and means of data processing;

  2. Personal data – means information about an identified or identifiable natural person (data subject) for the purposes of marketing by the Data Controller, including, but not limited to, the person’s name, surname, position (duties), image (photograph), video (footage);

  3. Data Subject – means a natural person from whom the Company receives and processes personal data;

  4. Data processing – means any operation or series of operations performed in an automated or non-automated measure on personal data or personal data sets, such as collection, recording, sorting, systematizing, storing, adapting or modifying, extracting, familiarizing, using, disclosing by transmitting, distributing or otherwise making it available for use, as well as collation or interconnection with other data, restriction, deletion or destruction;

  5. Data processor – means the natural or legal person, public authority, agency or other institution – which processes personal data on behalf of the controller.

  6. Data recipient – is a natural or legal person, public authority, agency or other body to which Personal data is disclosed, whether it is a third party or not. However, public authorities which, under Union or Member State law, may receive personal data in the context of a specific investigation shall not be considered as recipients of the data; when processing such data, those public authorities comply with the applicable data protection rules that are compatible with the purposes of the processing;

  7. Third party – a natural or legal person, public authority, agency or other institution, which is not a data subject, controller, processor or is authorized to process personal data by direct authorization of the controller or processor.

  8. Data subject’s consent – means any voluntary, specific and unambiguous expression of the will of a duly informed data subject by means of a statement or unambiguous action by which he or she consents to the processing personal data related to him or her.

  1. SECTION

PRINCIPLES OF PROCESSING PERSONAL DATA

  1. The Data controller shall ensure that, when accepting and implementing these Rules, he strives to implement the following essential principles related to the processing of personal data:

    1. Personal data is processed in a lawful, fair and transparent manner (principle of legality, fairness and transparency) with respect to the Data subject;

    2. Personal data is collected for determined, clearly defined and legitimate purposes and shall not continue to be processed in a manner incompatible with those purposes;

    3. Further processing of personal data for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered incompatible with the original purposes (the principle of purpose limitation);

    4. Personal data is adequate, relevant and only necessary to achieve the purposes for which they are processed (the principle of reducing the amount of data);

    5. Efforts are made to ensure that personal data is accurate and, if necessary, kept up to date within a reasonable time after the fact of change has;

    6. All reasonable steps are taken to ensure that personal data which is not accurate in relation to the purposes of their processing is immediately erased or rectified within a reasonable time (principle of accuracy);

    7. Personal data is stored in such a form that the identity of the Data subject can be established no longer than is necessary for the purposes for which the personal data is processed;

    8. Personal data may be stored for longer periods, provided that personal data will be processed only for archiving purposes, in the public interest, for scientific or historical research purposes or for statistical purposes, subject to the implementation of appropriate technical and organizational measures, necessary to protect the rights and freedoms of the Data subject (principle of limitation of retention duration);

    9. Taking in account the general nature of the Personal data processed by the Data controller, the Personal data is processed in such a way that appropriate technical or organizational measures ensure adequate security of personal data, including protection against unauthorized processing or unlawful processing and against accidental loss, destruction or damage of personal data (the principle of integrity and confidentiality);

    10. The Data controller is responsible for complying with the above principles and must be able to demonstrate that they are being followed (accountability principle).

  1. SECTION

THE PURPOSES OF THE PROCESSING OF PERSONAL DATA AND THE CATEGORIES OF DATA PROCESSED

  1. UAB „V. Padagas ir Ko” processes personal data for the following purposes:

    1. For the purpose of UAB „V. Padagas ir Ko” direct marketing;

    2. For the purpose of UAB „V. Padagas ir Ko” publicizing and raising the profile of its activities and services.

  2. UAB „V. Padagas ir Ko” processes the following personal data for the purposes set out above:

    1. For the purposes of direct marketing, publicity and awareness-raising of the company’s activities, personal data of customers and third parties:

      1. Name;

      2. Surname;

      3. Email address.

  1. SECTION

RECEIPT, STORAGE AND DESTRUCTION OF PERSONAL DATA

  1. The personal data referred to in Clause 6 of these Rules shall be obtained and processed only with the consent of the Data Subject:

    1. The consent of customers and/or third parties to participate in the Company’s marketing shall be obtained directly from the customer in writing, informing the customer about the personal data collected, the purposes of the use of the data and his/her rights as a Data Subject and the information on their implementation.

  2. Customers whose consent is the basis for the processing of their personal data for the purpose of carrying out marketing activities shall be informed that they have the right to withdraw their consent to the processing of their personal data for the purpose of marketing at any time, without prejudice to data lawfully processed on the basis of their consent prior to the withdrawal of consent:

    1. Persons who receive newsletters by e-mail or reminders/notifications by text message may withdraw their consent to direct marketing at any time by contacting the Company directly by telephone or e-mail (marketing@padagas.lt) or by clicking on the link in the newsletter.

  3. Personal data processed for the purposes referred to in Clause 5 of these Rules shall be stored in accordance with the General Index of Document Retention Periods approved by the Chief Archivist of Lithuania, but no longer than required for the purposes of personal data processing referred to in Clause 6 of these Rules:

    1. Consents to the processing of personal data – 1 year (after the expiry of the retention period of the personal data for which consent was given);

    2. Contracts for goods, works, services, transfer-acceptance acts for goods, works and services – 10 years (after the expiry (end) of the contract).

  4. Personal data provided in consents, contracts and other documents are stored on a server used by the Company and/or in hard paper copies in a locked cabinet in the Company’s administration premises.

  5. At the end of the retention period, the personal data contained in the above-mentioned documents shall be transferred to the archive and stored in accordance with the Order of the Chief Archivist of the Republic of Lithuania of 9 March 2011 (Order No. V-100) which approves the General Index of Document Retention Periods, within the time limits indicated in the Index of Document Retention Periods, and shall be destroyed on expiry of the time limits.

  6. Data destruction is carried out by destroying paper copies of documents using special paper shredders and deleting electronic versions from all applications and systems used by the Company, without any possibility of restoring them.

  1. SECTION

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

  1. Personal data processed for the purposes of marketing as set out in these Rules is/may be transferred to recipients such as:

    1. State bodies and institutions, other persons exercising functions assigned to them by law (e.g. the State Tax Inspectorate, SODRA (social insurance fund), law enforcement authorities, UAB “V. Padagas ir Ko” supervising authorities).

    2. Parties which maintain registers and/or IT systems (where personal data is processed) or which mediate in the provision of personal data from such registers;

    3. Companies and/or individuals providing advertising and marketing services;

  2. Other persons related to UAB “V. Padagas ir Ko” activities, such as archiving, postal service providers, Partners, Suppliers, other authorized parties related to UAB “V. Padagas ir Ko” marketing process implementation.

  1. SECTION

DATA SUBJECTS RIGHTS AND THEIR IMPLEMENTATION

  1. The data protection legislation provides Data Subjects whose personal data is processed for the purposes set out in these Rules with rights in relation to the processing of personal data:

    1. Right of access to personal data processed: the data subject has the right to request confirmation from the Company as to whether his or her personal data is being processed and, in such cases, to request access to the processed personal data. In order to exercise this right, the Data Subject may submit a written request to the Company’s person responsible for data protection at: apskaita@padagas.lt;

    2. The right to have inaccurate personal data rectified: if the Data Subject considers that information about him or her is incorrect or incomplete, he or she has the right to request its rectification. In order to exercise the above-mentioned right, the Data subject can submit a written request to the Company by e-mail: apskaita@padagas.lt

    3. Right to object to the processing of personal data: the Data subject has the right to object to the processing of personal data where the personal data are not processed on the basis of the legitimate interests of the Company. However, despite the Data subject’s objection, the Company will continue to process your data if there are reasonable grounds for continuing to process the data. In order to exercise the above-mentioned right, the Data subject can submit a written request to the Company by e-mail: apskaita@padagas.lt

    4. The right to request the erasure of personal data (right to be forgotten): in certain circumstances, the Data Subject has the right to request that the Company erases your personal data. However, this provision does not apply if the Company is required to store personal data by law. In order to exercise the above-mentioned right, the Data subject can submit a written request to the Company by e-mail: apskaita@padagas.lt

    5. The right to restrict the processing of personal data: in certain circumstances, the Data Subject also has the right to restrict the processing of his or her personal data. In order to exercise this right, the Data subject can submit a written request to the Company by e-mail: apskaita@padagas.lt

    6. The right to lodge a complaint about the improper processing of personal data with the State Data Protection Inspectorate directly at L. Sapiegos str. 17, 10312 Vilnius, Lithuania, e-mail: ada@ada.lt).

  2. The Company shall, upon receipt of a request to cease processing personal data which is subject to optional processing, cease the processing of such data within 30 calendar days of the Data Subject’s request, unless this is contrary to the requirements of the legislation, and shall inform the Data Subject in writing thereof.

  1. SECTION

FINAL PROVISIONS

  1. These Rules shall apply to all “V. Padagas ir Ko” Data subjects whose personal data is processed for the purposes of marketing as set out in the Rules.

  2. The Company shall have the right to amend/update these Rules at any time in the event of changes to the marketing process and/or legislation governing the Company’s activities and/or marketing. Data Subjects may familiarize themselves with the changes to the Rules by visiting the Company or the Company’s website at http://www.padagas.lt/.

  3. These Rules shall enter into force on 9 November 2021.