Kėdainių konservų fabrikas UAB (hereinafter referred to as the Company or we) seeks to inform you in detail about the processing of your personal data, whether you communicate with us in person, by visiting us or by electronic means, by submitting inquiries, complaints, requests, statements, information about violations and/or feedback (hereinafter referred to as the Inquiry), whether by concluding the Agreements or in any other way of your choice. This document shall apply to you if we process your personal data.
The request shall mean your written request to learn about your data processed by us, request their correction or suspend collection of data and delete your personal data (“forget you”).
This information is important. Please read it carefully. We may change the policy to keep pace with emerging or changing requirements, and ongoing progress, therefore, please review it regularly.
1. PERSONAL DATA WE PROCESS
Personal data (hereinafter referred to as the Personal Data or the data) shall mean any information that may be used to identify an individual, as well as any other information, necessary for the proper performance of both pre-contractual and contractual obligations and for the proper response to the Inquiry and Request, for marketing purposes, as well as to perform other activities that are not prohibited by law or mandatory activities.
The personal data included in the policy are:
Identification and contact information provided by you: name, surname, personal ID number, telephone number, e-mail address and address.
Other information: which is necessary for the performance of the Agreement and about the collection of which you will be informed in the specific agreement concluded with you.
Record of a telephone conversation (if any);
Video data recorded by video surveillance equipment (if any);
Information about your IP address or its device ID (if you contact us by electronic means).
2. GROUNDS AND PURPOSES OF PROCESSING OF YOUR DATA
We only use your data to: i) properly perform the Agreement; ii) resolve your requests or claims arising from the performance of the Agreement; iii) to respond to Inquiries. We can also analyse and systematise the data/information obtained on the basis of these documents in order to improve the quality of our activities and services provided to you, to expand the range of services provided, taking into account your opinion and suggestions; iv) provide you with tailored direct marketing offers corresponding to your needs.
If you do not consent to your personal data being used for direct marketing purposes, please inform us immediately; v) in order to ensure our and your security and security of the property, we perform video surveillance and processing of your video data (this provision shall be valid only upon arrival at the Company’s premises or another object of the Company featuring video surveillance cameras); vi) in order to ensure the provision of services remotely, we may record telephone conversations or other communications between you and us. For this purpose, we also save your telephone number, IP address and other data identifying you, the content, duration, time and other technical data of the call (you will be informed about the recording of telephone conversations as soon as we answer the call. If you do not agree with this, you have the right to terminate the telephone communication and contact us in another way acceptable to you).
3. PERIOD OF PROCESSING AND RETENTION OF YOUR DATA
3.1. We process and retain your data: (A) for the period of validity of the Agreement; B) during the period of response to the Inquiry; C) for the period specified in the legal acts of the Republic of Lithuania; D) during marketing period.
3.2. Upon expiration/termination of the Agreement, upon response to the Request, we shall destroy or reliably and irrevocably depersonalise your data in the following procedure and terms:
i) we shall delete the specific personal data necessary for the performance of the Agreement and response to the Inquiry no later than within 10 business days of the date of expiry of the Agreement, after the response to the Inquiry, if these data are not required to be stored in accordance with the legal acts of the Republic of Lithuania, and if there are no preconditions for legal proceedings. In the event of preconditions of legal proceedings, these data shall be deleted within the terms specified in paragraph ii) of this clause;
ii) other personal data that are not required to be stored in accordance with the archiving procedure established in the legal acts of the Republic of Lithuania, and if you have fully paid for the services provided under the Agreement, shall be destroyed no later than within 6 months of the date of expiration of the Agreement. In the event of legal proceedings, we shall retain the data for an additional 30 business days after the date of the specific litigation and the effective date of the final decision, and in the case of enforcement/recovery, following the date of such enforcement/recovery period;
(iii) the recording of the telephone conversation (if any) and the video data (if any) recorded by the video surveillance equipment shall be destroyed within 30 days following the expiry/termination periods of the Agreement (if the said equipment allows retention for such a period; where such retention capacity is not available, the data shall be deleted after each period of 30 calendar days), unless there is a precondition for a legal dispute, in which case we shall delete the data within the terms specified in paragraph ii) of this clause;
iv) we will delete your IP address or device ID (if you contact us by electronic means) within 60 days of such request, unless such data is required for ongoing litigation between the Parties, in which case it shall be destroyed in accordance with paragraph ii);
v) we shall retain the data collected for marketing purposes for as long as you use our services and for 1 year after you stop using the services. In the event of your Request to “forget you”, we will delete only the data used for the marketing purposes within 30 days of the date of such request;
vi) we shall retain and process the personal data, which according to the legal acts of the Republic of Lithuania must be archived, in accordance with the terms established in those legal acts.
4. SOURCES FROM WHICH WE COLLECT YOUR PERSONAL
We usually receive your data directly from you – when you contact us to enter into or amend the Agreement, or submit an Inquiry in any of your chosen ways. When concluding and executing the Agreement, and
following its termination, in the event of legal proceedings or recovery procedure, in response to the Inquiry, we may collect your data: a) from data pertaining to you provided publicly by you or third parties; b) from legal entities, if you are the representative, employee, contractor and the like of these legal entities; c) from partners or other legal entities that use our services or whose service we use in order to provide services to you.
If, in order to provide services under the Agreement in an adequate and objective manner or to examine your Inquiry we need to gather additional information or investigate significant circumstances, we may link the data you provide to the data we have and/or data collected during the execution of the Agreement and examination of your Inquiry, e.g., we can check video surveillance records, interview our employees and etc.
If the information (including documents) for conclusion or modification or termination of the Agreement is submitted from a computer in the Company’s or a third party’s network, there is a risk that the visited websites will be recorded in the browser’s history and/or the Company’s or third party’s network register. This can be avoided by presenting the information using a computer that is not in the network.
It is also important to note that, the information for the conclusion, modification or termination of the Agreement or the Request may contain metadata that may reveal the notifier’s personal information that is not related to the information provided. Therefore, it is important to remove the metadata not related to the Inquiry prior to submitting information.
5. DISCLOSURE CASES AND THIRD PARTIES WE DISCLOSE YOUR DATA TO
We may transfer your data for processing to the third parties who provide legal services to us, as well as services related to accounting and data administration. Such persons may include website and social questionnaire developers and administrators, database software vendors and administrators, data centre, hosting and cloud service providers, and etc. In each case, we provide the data controller with only as much data as is necessary to execute a specific order or provide a specific service. The data processors we engage may process your personal data only in accordance with our instructions and may not use them for other purposes or transfer them to other persons without our consent. Moreover, they must ensure the security of your data in accordance with applicable legislation and written agreements and contracts concluded with us.
If the event described in the Inquiry can be deemed insured, we shall pass on your Inquiry and data to the insurance company (-ies), in which we have insured our third-party liability, property, or which provide us with other coverage related to the event indicated in your Inquiry. The insurance companies act as independent data controllers and process your data in accordance with the terms and regulations set forth by the insurance company.
Your data may also be provided to the competent authorities or law enforcement institutions, e.g., police, law enforcement or supervisory authorities and the State Enterprise Centre of Registers, but only upon their request or only when required by applicable legal acts, or in cases where, in the procedure provided for by law, we seek to ensure our rights, safety of our other customers, employees and resources, and to make, provide and defend legal claims.
We may combine available information pertaining to you obtained from different sources. The inquiry (information about the violation, complaint, etc., i.e., where you do not require a response) can be submitted anonymously or with your personal data. In the latter case, the personal information of the notifier will be known only to those persons who will examine the information received. However, if necessary, the notifier may be summoned to court as a witness, thus losing anonymity.
6. TERRITORIES AND JURISDICTIONS, IN WHICH WE PROCESS YOUR PERSONAL DATA
Usually, we process and store your personal data within territory of the European Union or the European Economic Area (EU/EEA), however, we may transfer your personal data outside the EU/EEA, for example, when necessary for the conclusion and performance of the agreement or if you granted consent to such transfer. We shall transfer your personal data outside the EU/EEA, if at least one of the following measures is implemented:
• The European Commission has recognised that the state ensures an adequate level of protection of personal data.
• The recipient of the data in the United States of America is certified in accordance with the requirements of an EU-U.S. agreement called the Privacy Shield.
• The agreement is concluded in accordance with the standard conditions approved by the European Commission;
• Compliance with codes of conduct or other safeguards under the General Data Protection Regulation have been ensured.
7. LEVEL OF SECURITY OF YOUR DATA
When processing personal data, we comply with the requirements of data protection legislation, including the GDPR. We use a variety of security technologies and procedures to protect your personal information from unauthorised access, use or disclosure. We carefully select data controllers and require them to use appropriate measures that can protect your confidentiality and ensure the security of your personal information. However, the security of the transmission of information via the Internet or mobile communication cannot be absolutely guaranteed; any transmission of information to us in the specified ways is performed at your own risk.
8. RIGHTS GRANTED TO YOU BY THE DATA PROTECTION LEGISLATION
The right to access your personal data processed: You shall have the right to receive our confirmation on whether we process your personal data, as well as the right to access your personal data processed by us and information about the purposes of data processing, categories of data processed, categories of recipients, processing period, and sources of data.
Right to rectify personal data: If the data you provided to us has changed or you believe that the information pertaining to you that we process is inaccurate or incorrect, you shall have the right to request that this information is changed, adjusted or corrected.
Right to lodge a complaint: If you believe that we process your data in prejudice to the requirements of the data protection legislation, we ask you to first contact us directly. If you are not satisfied with the solution we have proposed or in your opinion we did not take the necessary action at your request, you shall have the right to lodge a complaint with the supervisory authority, which in the Republic of Lithuania is the State Data Protection Inspectorate (A. Juozapavičiaus g. 6, 09310 Vilnius; tel.: (+370 5) 271 2804, 279 1445; e-mail: firstname.lastname@example.org).
The right to delete the data (the right “to be forgotten”): In certain circumstances specified in the data processing legislation (when personal data are processed unlawfully, the grounds for data processing has seized to apply, etc.), you shall have the right to request in writing that we delete your personal data.
Right to restrict data processing: In certain circumstances specified in the data processing legislation (when personal data are processed unlawfully, you dispute the accuracy of the data, you have objected to the processing on the basis of our legitimate interest, etc.), you shall also have the right to inform us in writing about the restriction of processing of your data.
9. PRINCIPLES OF PERSONAL DATA PROTECTION WHICH WE COMPLY WITH
We comply with the following principles when collecting and using the personal data you entrust to us, as well as data received from other sources:
9.1. Your personal data are processed in a lawful, fair and transparent manner (principle of lawfulness, fairness and transparency).
9.2. Your personal data are collected for specified, explicit and legitimate purposes and shall not be further processed in a way incompatible with those purposes (purpose limitation principle).
9.3. Your personal data are adequate, relevant and only necessary for the purposes for which they are processed (data minimisation principle).
9.4. The personal data processed are accurate and, where necessary, updated (principle of accuracy).
9.5. Your personal data are stored in such a form that personal identification can be carried out no longer than is necessary for the purposes for which your personal data are processed (principle of storage limitation).
9.6. Your personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of integrity and confidentiality).
10. OUR OBLIGATIONS
When collecting and using the personal data you entrust to us, as well as data received from other sources, we shall be obliged:
10.1. To process your personal data only for clearly defined and legitimate purposes.
10.3. To process your personal data legally, accurately, transparently, fairly and in such a way as to ensure the accuracy, identity and security of the processed personal data.
10.4. To ensure that redundant personal data are not processed.
10.5. To process your personal data no longer than is necessary for the purposes for which the personal data are processed.
10.7. To perform other duties provided for in legal acts.
11. HOW TO CONTACT US AND HOW WE RESPOND
11.1. You can submit all Requests related to data processing in the following ways:
- By e-mail: email@example.com
- Online at www.kkf.lt
- By post to: Kėdainių g. 50, Šingaliai, Kėdainiai
C/O: Kėdainių konservų fabrikas UAB, Marketing Manager
11.2. Our details as a data controller and processor:
Kėdainių konservų fabrikas UAB
Legal entity code: 161612618
Head office address: Kėdainių g. 50, Šingaliai, Kėdainiai, Republic of Lithuania
11.3. We shall reply to your Request regarding the date processed no later than within 30 (thirty) calendar days of the date of receipt of the Request. In exceptional cases requiring additional time, we shall, upon due notification, have the right to extend the deadline for submission of the requested data or other requirements specified in your Request to 60 (sixty) calendar days of the date of your request.
We shall refuse to satisfy your request by reasoned response, if the circumstances specified in the GDPR and other legal acts have been established, by notifying you in writing.
In certain cases, deleting cookies might slow down the browsing speed, limit the functions of certain websites or block access to the website.