MB NATURA TUBS


PRIVACY POLICY


I. GENERAL PROVISIONS

1. The purpose of the Privacy Policy is to inform how the personal data of data subjects (hereinafter referred to as customers) is collected and processed, to clarify how long it is stored, to whom it is provided, what rights customers have and where to apply for their implementation or other issues related to the processing of personal data.
2. MB "Natura tubs" processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter referred to as the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data
3. Personal data is processed in accordance with these basic data processing principles:
3.1. personal data is collected only for clearly defined and legitimate purposes;
3.2. personal data is processed only lawfully and fairly;
3.3. personal data are kept up to date;
3.4. personal data is stored securely and for no longer than is required by the established purposes of data processing or by law;
3.5. personal data is processed only by those employees of MB "Natura tubs" who have been granted such a right in accordance with their job functions or duly authorized data processors.

II. BASIC CONCEPTS

4. Data controller – MB "Natura tubs" (hereinafter – the Community), legal entity code 306734107, registration address Prancūzų street 77-11, Kaunas, Lithuania.
5. Client - any natural or legal person whose data is processed by the Community.
6. The Data Controller collects only those customer data that is necessary for the performance of Community activities and (or) when visiting, using, browsing the Company's Website, Facebook social network account, etc. (hereinafter referred to as the Website). The Community shall ensure that the personal data collected and processed is secure and used only for a specific purpose.
7. 'Personal data' means any information relating, directly or indirectly, to a customer whose identity is known or can be directly or indirectly established through the use of relevant data. Processing of personal data is any actions performed with personal data (including collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).
8. Consent – any freely and knowingly given confirmation by which the customer agrees to the processing of his personal data for a specific purpose.

III. SOURCES OF PERSONAL DATA

9. Personal data is provided by the customer himself. The customer addresses the Community, uses the services provided by the Community, buys goods and /or services, leaves comments, asks questions, subscribes to newsletters, addresses the Community to request information, etc.
10. Personal data is obtained when the customer visits the Community Website. The Client fills out the forms in it or for some reason leaves his contact details, etc.
11. Personal data comes from other sources. Data are obtained from other institutions or companies, publicly available registers, etc.

IV. PROCESSING OF PERSONAL DATA

12. By providing personal data to the Community, the Customer agrees that the Community will use the collected data to fulfil its obligations to the customer, providing the services/ goods that the customer expects.
13. The Community shall process personal data for the following purposes:
13.1. Provision of warranty service for products purchased by customers, administration of Community debtors. The following data are processed for this purpose:
13.1.1. For the purpose of providing warranty service services for goods purchased by customers, personal data of customers (natural persons) may be processed: name(s), surname(s), telephone number, e-mail address, other data related to the sale of goods and /or provision of services; personal data of customers (legal entities): name, company code, VAT payer's code, telephone number, e-mail address, settlement account, bank, information about services provided and / or goods sold, other data related to indebtedness.
13.1.2. In the administration of Community debtors, personal data of customers (debtors, natural persons) may be processed when transferring debts for recovery: name(s), surname(s), telephone number, e-mail address, amount of arrears, information about the services provided and/or goods sold, other data related to the debt; personal data of customers (legal entities): name, company code, VAT identification number, telephone number, e-mail address , settlement account, bank, information about services provided and / or goods sold, other data related to debt.
13.1.3.. Contracts, VAT invoices and other related documents are stored in accordance with the terms specified in the Index for the Storage of General Documents, approved by the Order of the Chief Archivist of Lithuania.
13.1.4. Data related to the administration of the Company's debtors is stored for no longer than is necessary for the purposes for which personal data are processed.
13.1.5. The legal basis for data processing is the need to perform a contract to which the customer is a party as a data subject or in order to take action at the customer's request before concluding a contract with him (Article 6 (1) (b) of the GDPR), when the processing of certain personal data is obliged by law (Art. 6 (1) (c) of the GDPR) and the need to pursue the legitimate interests of the Community in improving its activities and business success indicators (Art. 6 (1) (f) of the GDPR).
13.2. Carrying out the assurance and continuity of the company's activities. For this purpose, the following data are processed:
13.2.1. For the purpose of concluding and performing contracts, personal data of suppliers (natural persons) may be processed: name(s), surname(s), personal identification number or date of birth, place of residence (address), telephone number, e-mail address, workplace, position, signature, data contained in the business certificate (type of activity, group, code, name, periods of performance of the activity, date of issue, amount), number of the certificate of individual activity, data or data subject is a VAT payer, the bank's checking account and the bank, the amount of the service / product, currency and other data provided by the person himself, which is received by the Company in accordance with the legislation in the course of the company's activities and / or the processing of which the Company is obliged by laws and / or other legal acts.
13.2.2. For the purpose of concluding and executing contracts, the data of the supplier's representatives is processed: name(s), surname(s), telephone number, e-mail address, company name, address, position, credential data (number, date, date of birth of the proxy person, signature).
13.2.3. Contracts, VAT invoices and other related documents are stored in accordance with the terms specified in the Index for the Storage of General Documents, approved by the Order of the Chief Archivist of Lithuania.
13.2.4. The legal basis for data processing is the need to perform a contract to which the customer is a party as a data subject or in order to take action at the customer's request before concluding a contract with him (Article 6 (1) (b) of the GDPR), when the processing of certain personal data is obliged by legal acts (Art. 6 (1) (c) of the GDPR).
13.3. Administration of inquiries, comments and complaints. For this purpose, the following data are processed:
13.3.1. Name(s), surname(s) and/or user name, e-mail address, telephone number, address, subject of request/comment/complaint, text of the request/comment/complaint.
13.3.2. Data on inquiries, comments and complaints are stored for 1 year from the moment they are submitted.
13.3.3. The legal basis for the processing is that the processing is necessary for the purposes of the legitimate interests of the controller or of a third party, unless such interests or fundamental rights and freedoms of the data subject, which make it necessary to ensure the protection of personal data, take precedence over them, in particular when the data subject is a child (Article 6(1)(f) of the GDPR) and the consent of the data subject (Article 6(1)(a) of the GDPR).
13.4.Direct marketing. For this purpose, the following data is processed:
13.4.1. Name(s), surname(s), e-mail address, telephone number.
13.4.2. The data is stored for 3 years after the date of receipt of consent. This period may be extended if personal data is used or can be used as evidence or a source of information in a pre-trial or other investigation, including in an investigation conducted by the VDAI, in civil, administrative or criminal proceedings, or in other cases provided for by law. In this case, personal data may be stored for as long as is necessary for these purposes of data processing and destroyed immediately when it becomes no longer necessary.
13.4.3. The legal basis for data processing is the consent of the data subject (Article 6 (1) (a) of the GDPR) and the need to pursue the legitimate interests of the Company in improving its activities and business success indicators (Article 6 (1) (f) of the GDPR).
13.5. Administration of whistleblowers of irregularities in the Community:
13.5.1. Personal data of the notifiers: name(s), surname(s), personal identification number, place of work (employment or contractual relationship with or in connection with the Community), position, telephone number, personal e-mail address or address of residence.
13.5.2. Data on the violation: the violation, the place where the violation was committed, the time, other information collected about the violation.
13.5.3 Person(s) who may have committed the offence: name(s), surname(s), place of employment, position.
13.5.4. Witness(s) to the infringement: name(s), surname(s), position, place of work, telephone number, e-mail address.
13.5.5. Documents and data are stored in accordance with the terms specified in the Index for the Storage of General Documents, approved by the Order of the Chief Archivist of Lithuania.
13.5.6 Legal basis for data processing – where certain personal data are required to be processed by law (BDAR 6 str. 1 d. c punktas).
13.6. For other purposes for which the Community has the right to process personal data of the data subject, when the data subject has expressed his consent, when the data needs to be processed for the legitimate interest of the Company or when the Company is obliged to process the data by the relevant legislation.

IV. USE OF SOCIAL NETWORKS

14. All information that is provided via social media (including messages, the use of likes and follow fields, and other communications) is controlled by the operator of the respective social network.
15. The Community has an account on the social network Facebook, the privacy policy of which is located at the address https://www.facebook.com/privacy/explanation;
16. Community account on the social network "Instagram", the privacy policy of which is located at the address https://help.instagram.com/519522125107875;
17. Community customers are advised to read the privacy notices of third parties and contact the service providers directly if they have any questions about how they use your personal data.

VII. PROVISION OF PERSONAL DATA

18. The Community shall ensure compliance with the duty of confidentiality vis-à-vis customers. Personal data may be disclosed to third parties only if it is necessary for the conclusion and performance of the contract for the benefit of the customer, or for other legitimate reasons.
19. The Community may provide personal data to its processors which provide services to The Community and process personal data on behalf of the Community. Processors shall have the right to process personal data only in accordance with the instructions of the Community and only to the extent necessary for the proper performance of the obligations laid down in the contract. The Community shall use only processors who are sufficiently confident that appropriate technical and organisational measures are implemented in such a way that the processing complies with the requirements of the Regulation and ensures the protection of customer rights.
20.The Community may also provide personal data in response to requests from a court or public authority to the extent necessary for the proper enforcement of the applicable legislation and instructions of public authorities.
21. The Community guarantees that personal data will neither be sold nor rented to third parties.

VIII. PROCESSING OF PERSONAL DATA OF MINORS

22. Persons under the age of 14 may not provide any personal data through the Community Website. If a person is under the age of 14, in order to use the Community services, it is mandatory to provide the written consent of one of the representatives (father, mother, guardian(s)) to the processing of personal data before providing personal information.

IX. TERM OF STORAGE OF PERSONAL DATA

23. Personal data collected by the Community is stored in printed documents and /or in the Company's information systems. Personal data shall be processed for no longer than is necessary to achieve the purposes of data processing or for no longer than is required by the data subjects and/or provided for by law.
24. Although the customer may terminate the contract and refuse Community services, the Community continues to be obliged to keep the customer's data due to possible future claims or legal claims until the expiry of the data retention periods.

X. CUSTOMER RIGHTS

25. The Customer, as a data subject, has the following rights:
25.1. receive information about data processing.
25.2. to get acquainted with the processed data.
25.3. to request the rectification of data.
25.4. to request the erasure of data ("Right to be forgotten"). This right does not apply if the personal data for which erasure is requested is also processed on another legal basis, such as processing necessary for the performance of the contract or is the performance of an obligation under the applicable legislation.
25.5. restrict data processing.
25.6. to disagree with data processing.
25.7. to data portability. The right to data portability must not adversely affect the rights and freedoms of others. The Customer does not have the right to data portability in relation to those personal data that are processed manually in systematized files, for example, in paper files.
25.8. to request that a decision based solely on automated data processing, including profiling, not be applied.
25.9. submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
26. The Community must enable the Client to exercise the above rights of the Client as a data subject, except in cases provided for by law, when it is necessary to ensure the security or defense of the state, public order, the prevention, investigation, detection or prosecution of criminal activities, important economic or financial interests of the state, the prevention, investigation and detection of violations of official or professional ethics, the protection of the rights and freedoms of the data subject or other persons.

XI. PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT

27. The Client may apply to the Community for the exercise of his rights:
27.1. by submitting a written request in person, by mail, through a representative or by electronic means of communication – by e-mail: info@naturatubs.eu;
27.2. orally by phone: +370 67557373;
27.3. in writing – at the address: Prancūzų street 77-11, Kaunas, Lithuania.
28. When protecting data from unauthorized disclosure, the Community must verify the customer's identity upon receipt of a customer's request to provide data or exercise other rights.
29. The Community shall reply to the customer no later than one month from the date of receipt of the customer's request, taking into account the specific circumstances of the processing of personal data. This period may, if necessary, be extended by a further two months, depending on the complexity and number of requests.

XII. CUSTOMER RESPONSIBILITY

30. The data subject must:
30.1. to revise without delay the information previously provided in the light of changes in the information and data provided.
30.2. to provide correct identifying information so that upon receipt of the Client's request, the Community can identify the customer and make sure that it is communicating or cooperating with a real specific customer (to provide an identity document or in accordance with the procedure established by legal acts or by electronic means of communication that would allow the proper identification of the data subject). This is necessary for the protection of the data of the Client and other persons, so that the disclosed information about the Client is provided only to the Client, without violating the rights of other persons.

XIII. FINAL PROVISIONS

32. By transferring personal data to the Company, the customer agrees to this Privacy Policy, understands its provisions and agrees to comply with it.
33. The Community has the right to unilaterally change this Privacy Policy at any time.
34. The Community has the right to unilaterally, partially or completely change the Privacy Policy by notifying the Website www.naturatubs.eu.
37. Additions or amendments to the Privacy Policy shall take effect from the date of their publication, i.e. from the date when they are placed on the Website www.naturatubs.eu.