of the website daviva.lt
1.3. These rules apply to the User every time he/she logs on to the Website and orders services from the Data Controller.
2. Used terms
· “Consent” means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
· “Cookies” are type of small messages with a unique identification number that is transmitted to the User's hard disk drive so that the Data Controller could distinguish the User's computer from the Internet and see it on the Internet.
· “Data Controller” is Daviva, UAB, legal entity code 302600185, registered address at: R. Kalantos str. 49, LT-52303 Kaunas, Lithuania, e-mail: email@example.com, a legal entity that determines the purposes and means of Data Processing of data subjects.
· “Data Processing” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
· “Newsletter” means a newsletter sent by the Data Controller to the User about the latest news, special offers and updates on the Data Controller’s sold goods.
· “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”).
· “User” is a natural person (data subject) who has visited the Website and provided his/her Personal Data to the Data Controller.
· “Regulation” means 2016/679 Regulation on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, which entered into force in the European Union on 25 May 2018.
· “Website” is the internet website of the Data Controller, the address of which is www.daviva.lt.
3. Purposes of Processing Personal Data
3.1. Personal Data of the User is processed by the Data Controller for the following purposes:
3.1.1. For selling goods and providing services as indicated on the Website.
3.1.2. For sending the Newsletter. The Data Controller with prior consent of the User sends notifications about the special offers, updates or changes on the Data Controller’s goods services.
3.1.3. For contacting the Data Controller. If the User wants to contact the Data Controller, under the rules specified on the Website, the User has to fill in the contact form with his/her Personal Data.
5.1. The Data Controller undertakes not to disclose or transfer Personal Data of the User to third parties and not to use for the purposes other than they were collected.
5.2. The Data Controller may transfer the User’s Personal Data to third parties only under the following cases when it is necessary to complete the contract with the User and provide services properly – to partners of the Data Controller. For these partners, the Data Controller will provide only as much of Personal Data as will be required to fulfil a specific commitment. The Data can also be disclosed if the individual Consent of the User on such transfer of Data has been received or Data transfer is obligatory upon the demand of law enforcement agencies in accordance with the procedure established by legal acts of the Republic of Lithuania.
7.3. The Data Controller after receipt of such User’s request or order shall respond and perform the steps in the request or refuse to perform stating the reasons for refusal no later than within 30 (thirty) days from the date of receipt. If necessary, the specified period may be extended by another 2 (two) months depending on the complexity and number of requests. In this case, within 30 (thirty) days from receipt of the application, the Data Controller informs the User of any such extension, together with a reason for the delay.
7.4. The User has a right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him/her is being processed, and, where that is the case, access to the Personal Data and the following information:
7.4.1. the purposes of the Processing;
7.4.2. the categories of Personal Data concerned;
7.4.3. the recipients or categories of recipient to whom the Personal Data have been or will be disclosed;
7.4.4. where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
7.4.5. the existence of the right to request from the Data Controller rectification or erasure of Personal Data or restriction of Processing of Personal Data concerning the User or to object to such Processing;
7.4.6. the right to lodge a complaint with a supervisory authority;
7.4.7. where the Personal Data is not collected from the User, any available information as to their source.
7.5.1. the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
7.5.2. the User withdraws consent on which the Processing is based, and where there is no other legal ground for the Processing;
7.5.3. the User objects to the Processing of his/her Data and Data Controller does not determine overriding legitimate grounds for the further Processing;
7.5.4. the Personal Data have been unlawfully processed;
7.5.5. the Personal Data have to be erased for compliance with a legal obligation in European Union or laws of the Republic of Lithuania.
7.6. In the answer to request of the Users regarding the exercise of the right to be forgotten, the Data Controller undertakes to answer in detail providing the grounds and (or) explanation on why there is no possibility to exercise such right when there is an overriding ground of legitimate interest or, when it is possible – how to exercise such right.
7.7.1. the accuracy of the Personal Data is contested by the User for a period enabling the Data Controller to verify accuracy of the Personal Data;
7.7.2. the Data Processing is unlawful and the User opposes the erasure of the Data and requests the restriction of its use instead;
7.7.4. when the User has objected to Processing until the verification whether the legitimate grounds of the Data Controller override those of the User.
7.8. The Data Controller might not satisfy the User’s requests, except for requests to refuse direct marketing offers and to apply to an out-of-court dispute resolution body, in cases it is necessary to ensure:
7.8.1. execution of established legal obligations of the Data Controller;
7.8.2. public order and prevention of crimes;
7.8.3. rights and freedoms of other Users or other third parties; or
7.8.4. in other cases, specified by the applicable laws of the Republic of Lithuania and the Regulation.
7.9. All the answers to the User are provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The Data Controller shall provide a copy of the processed Personal Data in electronic or paper format free of charge at the User's choice, and upon repeated request of the User, the Data Controller may charge a reasonable fee based on the administrative costs of making such a copy, not exceeding 50 (fifty) euros.
7.10. If the User has discovered the unlawfulness of its Data Processing or in the event of a dispute with the Data Processor, he/she has a right, at any time, to apply to the out-of-court dispute resolution authority in the Republic of Lithuania – the State Data Protection Inspectorate, under the rules specified on its website, which can be found here.