"You can submit a request/complaint regarding a service purchased on our website to the State Consumer Rights Protection Authority (Vilniaus g. 25, 01402 Vilnius, e-mail: [email protected], tel. 8 5 262 67 51, fax. (8 5) 279 14 66, website www.vvtat.lt), as well as the territorial units of the State Consumer Rights Protection Service in the counties or by filling in the request form on the EGS platform http://ec.europa.eu/odr/.
On this privacy policy and cookies page you can find out what information we collect about you when you visit our website www.medvilne.com. We also provide information about what we do with this information and where it comes from. In addition, we provide information about the use of cookies on the website.
The controller of your personal data as a website visitor is:
UAB "Keturžiedė"
Company code: 303067231
VAT tax code: LT100007765515
Address: Ukmergės g. 9A-38, LT-49342 Kaunas
Phone number: +370 686 40 208
Email address: [email protected]
Processing of your personal data
Your data is processed for the following purposes:
For marketing purposes.
Sending newsletters (newsletters are not sent without your consent).
To ensure the functionality of the website, and to offer you a better browsing experience.
We use cookies to improve the quality of our services on www.medvilne.com.
For the successful delivery of goods through intermediaries (e.g. courier services, Lithuanian Post, bus shipments).
To answer your questions through the contact forms on our website, by email.
Data that is collected and processed on the website www.medvilne.com
UAB "Keturžiedė" collects the data below for the purposes mentioned above:
The basic data is obtained via contact forms: ip address, name, phone number, email, city, other data that you provide.
The data is obtained via email that you provide as the sender: ip address, name, email address, phone number, other additional data.
Data we receive if you make a purchase in our e-shop www.medvilne.com: ip address, name, address, contact details.
Data we receive during the conversation may also be collected and processed in order to carry out the order you have requested.
To whom do we provide your data
We guarantee that your data will not be sold, provided or otherwise transferred to third parties for purposes other than the consent given. We will only use your data as provided on this page. Of course, there is a situation where we are obliged to provide your data about you in accordance with the law or if we are required to do so by law enforcement authorities or a prosecuting authority.
Information communicated to third parties may only be as provided on this page:
Third party services provided for data storage, for website hosting purposes.
Third party tool like Google Analytics which allows us to collect information about you for general traffic and error checking of our website.
Courier service, Lithuanian Post or other institution to deliver your order.
How long is the data stored about you
Data is stored on our website for no longer than the legal period provided for by law, unless a longer retention period is stipulated by law. Your data will be stored on the website for the period of time set out below:
Contact form data - no longer than 24 months.
E-shop order - no longer than 24 months after the order has been fulfilled.
Additional data provided through other available contact channels - no longer than 24 months after contact with you and our company staff.
Newsletters
On our website, you can receive an offer where, by providing your email address, you will receive newsletters from our company about our latest products and services.
By obtaining your consent to send newsletters, we are fully entitled to do so. You can unsubscribe at any time by clicking on the "Unsubscribe" button in the email you receive and confirming your unsubscription in the next email.
Your email address will be processed for the purpose of sending newsletters until you unsubscribe. When a newsletter is sent and you click on the newsletter link data may be collected.
Your email address may be passed on to third parties providing special newsletter services for the sole purpose of sending it to you via their platform.
How are cookies used on our website and on your device?
We collect information about you using cookies and similar technologies that are legal. Cookies are small files (data files) that are temporarily stored on your device's hard drive (HDD, SSD). Cookies allow us to recognise your device on which you have accessed our website (logged in, accessed our site without registering). Cookies help us to recognize you, allowing you to see older information such as a completed order, a comment made, other information that has been made from your device through which you accessed our website. If you have accessed our website from a different device, the website will not recognise you and may not show your unfinished order.
Example of the use of cookies:
You placed an order > the internet went down > you didn't manage to order the product even though everything was set up. When the internet is back online, the website will be reloaded and, without cookie collection, the website will automatically stop displaying your order if you have not been able to complete it due to the internet outage error.
Cookies have been a common browsing practice around the world for many years. They are used by all the big sites like facebook.com, google.com, gmail.com, ebay.com and many others.
Types of cookies used on the website
The cookies used on our website medvilne.com can be of several types:
Necessary cookies - these are the most necessary cookies that make the website work.
Functional cookies - not essential, but provide additional functionality to make your browsing experience as comfortable as possible and to provide a better user experience.
Statistical cookies - cookies that collect information about you as a visitor, what you do on the website. They measure time, where you have been on the site, how many visitors there are at the moment, and can be used to produce an overall report on website traffic.
Consents you give as a visitor to our website to use cookies
Without changing your browser settings so that it does not accept cookies.
Click on the "I agree" button at the bottom of the table at the beginning of the website about the use of cookies and the privacy policy.
If you do not want the website to collect data about you
You can use additional browser add-ons, see below for guides on how to do this:
https://tools.google.com/dlpage/gaoptout/ Nebebus renkama Jūsų lankomumo statistika „Google Chrome“ naršyklėje.
https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/ – Automatiškai naikinami slapukai „Firefox“ naršyklėje.
„Internet Explorer“ naršyklės slapukų naikinimas https://support.microsoft.com/lt-lt/help/17442/windows-internet-explorer-delete-manage-cookies (pateikiama informacija).
„Firefox“ naršyklės slapukų šalinimas (Anglų k.) https://support.mozilla.org/lt/kb/Slapuk%C5%B3%20%C5%A1alinimas
„Google Chrome“ slapukų šalinimas https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=lt
Jūs galite bet kada atšaukti slapukų rinkimą pakeisdami savo naršyklės nustatymus, kad ji nerinktų slapukų pasinaudodami priedais prie naršyklės arba surasdami informaciją tarp paieškos sistemų apie tai.
List of cookies on our website:
Cookie viewing option
Cookies are simple text files. You can view them with all word processing programs. Here is how you can view them:
"Firefox
Chrome
Internet Explorer 8-11
Default cookies
Due to the way the internet and websites work, we are not always aware of cookies placed by third parties through our website. This is particularly the case when our website contains so-called embedded elements: texts, documents, images or short video clips that are stored on another party's website but displayed by us or through our website.
Therefore, if you come across such cookies on our website that we have not previously mentioned, please let us know. Alternatively, please contact the third party directly and ask them what cookies they have placed, why they have done so, the duration of the cookie and how they ensure your privacy.
General provisions
The Personal Data Processing Rules (hereinafter referred to as the "Rules") shall regulate the actions of the Company and its employees in processing personal data using automated and non-automated means of personal data processing installed in the Company, as well as determine the rights of the data subject, measures for the implementation of personal data protection and other issues related to the processing of personal data.
The purpose of the Rules on Processing of Personal Data in the Company is to regulate the processing of personal data in the Company, in accordance with the General Data Protection Regulation of the European Union No 2016/679, the Law on Legal Protection of Personal Data of the Republic of Lithuania, and to ensure the observance and implementation of other related legal acts.
The Company collects personal data that a person voluntarily provides by e-mail, registered mail, fax, telephone, by visiting the Company's shop directly, by registering on the Company's website and becoming a registered user (where the Company provides such an opportunity), by making a purchase of goods in the Company's e-shop or by using the Company's website.
Definitions
Terms used in the document:
Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is a person who can be identified, in particular by reference to a particular identifier such as a name, a personal identification number, location data and an online identifier, or to one or more factors specific to that natural person's physical, physiological, genetic, mental, economic, cultural or social identity;
Data Subject - means a natural person from whom the Company receives and processes personal data;
Employee - means a person who has entered into an employment or similar contract with the Company and who, by decision of the Head of the Company, has been appointed to process Personal Data or whose Personal Data is processed;
Recipient - the person to whom the personal data are provided;
Provision of data means the disclosure of personal data by transmission or otherwise making them available (except for publication in the media);
"Processing" means any operation performed on personal data, such as collection, accumulation, storage, recording, classification, grouping, aggregation, alteration (addition or rectification), communication, disclosure, use, logical and/or arithmetical operations, retrieval, dissemination, erasure or any other operation or set of operations;
Automatic processing - processing operations carried out wholly or partly by automatic means;
Processor - a legal or natural person (other than an employee of the controller) authorised by the controller to process personal data. The processor and/or the procedure for appointing the processor may be laid down in laws or regulations;
Data controller - a legal or natural person who, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes of the processing are laid down by law or regulation, the controller and/or the procedure for appointing the controller may be laid down in that law or regulation;
Consent means any freely given, specific and unambiguous indication of the data subject's wishes, given freely and by means of a statement or an unambiguous act, by which he or she consents to the processing of personal data concerning him or her;
Direct marketing means the activity of offering goods or services to persons by post, telephone or other direct means and/or seeking their opinion on the goods or services offered;
Third party - a legal or natural person other than the data subject, the controller, the processor and persons directly authorised by the controller or processor to process the data;
Other terms used in these Rules shall be understood as defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating personal data processing.
Principles for processing personal data
The following principles apply to the processing of personal data by the Company:
The Company processes personal data only for the legitimate purposes defined in the Terms and Conditions;
Personal data is processed accurately, fairly and lawfully in accordance with the requirements of the law;
The Company shall process personal data in such a way that the personal data is accurate and kept up-to-date as it changes;
The Company shall process personal data only to the extent necessary to achieve the purposes of the processing;
personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed.
The personal data of the data subject may only be accessed by the Company's employees and/or third parties engaged by the Company to provide the service, who are competent to do so, and only where necessary to provide the service.
The Company respects the privacy of the Data Subject and undertakes to comply at all times with the Data Subject Data Protection Principles set out in these Rules.
Purposes of processing personal data
Personal data shall be processed and used in accordance with the purposes for which the Data Subject has provided them to the Company or for other purposes approved by the Data Subject.
Purposes of the use of the data subject's personal data:
for the processing and administration of the purchase (order) of goods or services by the data subject;
to identify the data subject in the Company's information systems;
to identify the data subject when logging into his or her account on the Company's website (where the Company provides this facility);
issuing and submitting vouchers, receipts, invoices and other financial documents for goods or services purchased/ordered;
resolving problems with the performance of the contract;
contacting the Data Subject in the event of a change in the terms and conditions of goods or services purchased by the Data Subject;
the fulfilment of other contractual obligations;
For the Company's Direct Marketing purposes;
for security, health, administrative, crime prevention disclosure and legal purposes;
Business analysts, for general research that helps improve the quality of goods or services;
to contact the Data Subject for the purpose of obtaining customer feedback on the goods or services purchased;
assessing a person's suitability for the job, contacting the relevant candidate, etc;
for audit.
By voluntarily providing the Company with his/her personal data, the Data Subject confirms and voluntarily consents to the Company's management and processing of the Data Subject's personal data in accordance with these Terms and Conditions, applicable laws and regulations and other normative legal acts.
All employees of the Company who process personal data contained in the Company or become aware of it in the performance of their functions, data processors engaged by the Company or third parties engaged by the Company to provide a data processing service, and only to the extent necessary to provide the service, shall be obliged to comply with the Terms.
The Company undertakes not to disclose personal data information to third parties without the Data Subject's consent, except, for the purpose of ensuring the proper performance of the contract, other services related to the proper performance of the services ordered by the Data Subject. The Company may also transfer the Data Subject's personal data to third parties who act as Data Processors on behalf of the Company. Personal Data may only be provided to Data Processors with whom the Company has signed the relevant Data Processing Agreements. The Data Subject shall be deemed to have been informed of, and to have consented to, this and the Company shall not be liable for damages arising from the use of the Data Subject's data by third parties to the extent permitted by law. In all other cases, the Data Subject's personal data may be disclosed to third parties only in accordance with the procedure provided for by the legislation of the Republic of Lithuania.
Collection and processing of personal data
The personal data information collected by the Company may include: the Data Subject's name, surname, telephone number, email address, the address for receiving goods or services purchased, postcode, the name of the company on whose behalf the Data Subject is acting, credit/debit card or other payment details, information about the goods purchased by the Data Subject (quantities, dates of purchase, prices of the purchased goods, purchase history), the Data Subject's login name and a coded form of the password on the Company's website (if the Company provides such an option). Video recordings may be made in the Company's shop premises in accordance with the procedure established by law and this information shall be used only for security purposes and in accordance with the procedure established by law. The Company's website may collect certain information about the Data Subject's visit, such as: the Internet Protocol (IP) address of the Internet access used by the Data Subject; the date and time of the Data Subject's visit to the Company's website; the other websites visited by the Data Subject while on the Company's website; the browser used; the information on the Data Subject's computer's operating system; the versions of the mobile applications; the language settings; and others. If the Data Subject uses a mobile device, data may also be collected to identify the type of mobile device, the device settings, as well as the geographical (longitude and latitude) coordinates. This information is used to improve the Company's website, to analyse trends, to improve products and services and to administer the Company's website. The data subject voluntarily provides this data by using the services provided by the Company, by becoming a registered user of the Company's website or by visiting the Company's website.
All personal data provided and received by the Data Subject shall be collected, stored and processed in accordance with the requirements set out in the Law on Personal Data Protection of the Republic of Lithuania and other legal acts regulating the protection of personal data in the Republic of Lithuania. The Company shall ensure that the data provided by the Data Subject are protected against any unlawful actions: unauthorised alteration, disclosure or destruction of personal data, identity theft, fraud and that the level of protection of personal data complies with the requirements of the legislation of the Republic of Lithuania.
Persons authorised to process the personal data of staff members shall observe the principle of confidentiality and shall keep secret any information relating to personal data of which they have knowledge in the performance of their duties, unless such information is public pursuant to the provisions of applicable laws or regulations. The obligation of confidentiality of personal data shall also apply to transfers of duties, employment or contractual relationships.
Documents containing personal data must not be kept in a visible place accessible to all. Personal data contained in the texts of relevant documents (contracts, orders, requests, etc.) shall be stored in accordance with the time limits specified in the Index of General Document Retention Periods approved by Order of the Chief Archivist of Lithuania. Other personal data shall be kept for no longer than is necessary to achieve the purposes set out in this procedure. The terms of storage of individual personal data shall be determined by the Head of the Company.
Rights of the personal data subject
Data subjects' rights and means of exercising them:
be aware of the collection of your personal data. When collecting personal data, the Company must inform the Data Subject what personal data will be processed by the Company, the purpose for which the relevant data will be processed, to whom and for what purpose it may be provided and/or the consequences of not providing personal data. The Data Subject shall have the right to access his/her personal data and to request the rectification, correction or completion of his/her incorrect or incomplete personal data. The data subject may also object to the processing of certain optional personal data concerning him or her;
access to your personal data and how they are processed. The data subject shall have the right to request from the Company information on what and for what purpose his or her personal data are processed. Upon receipt of a request in writing (by registered mail or e-mail) from a Data Subject, the Company shall provide the requested data or give reasons for refusing such request within 30 calendar days of receipt of the request in writing (by registered mail or e-mail). The response shall be provided to the Data Subject in the same form in which the request was received, unless the Data Subject's request expresses a wish to receive the information in another way;
request the rectification, destruction of your personal data or suspension of the processing of your personal domains;
to receive the Data you have provided in a structured, readable format, if this meets the criteria defined by law;
in exceptional circumstances, the Data Subject has the right to refuse the processing of the Data where the data processed is optional data. Where Data is processed for direct marketing purposes, the Data Subject may object to such Processing (right to object). The Company shall, upon receipt of a request to cease processing of non-mandatory Personal Data, immediately cease such processing, unless it is contrary to legal requirements, and shall inform the Employee thereof;
withdraw at any time any consent given by the Data Subject when registering or using the services provided by the Company. Such withdrawal will not affect the lawfulness of the Processing of Data carried out prior to the withdrawal and based on the consent given;
refuse to provide personal data;
lodge a complaint with a supervisory authority if the rights of the Data Subject are violated;
view and edit the personal information and contact details of the Data Subject on the Company's website (if the Data Subject is a registered user of the Company's website). The Data Subject may do so by visiting the relevant sections of the Company's website.
Measures to ensure the security of personal data
Access rights to personal data and the authority to process personal data shall be granted, deleted and amended by order of the Head of the Company.
Personal data is processed non-automatically and automatically using the personal data processing tools applied by the Company.
The Company shall implement and ensure appropriate organisational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure or any other unauthorised processing.
The Company shall have access to the personal data of personal data subjects only to those persons who have been authorised to have access to such data and only when necessary to achieve the purposes set out in the Rules.
The Company shall ensure the security of the premises where personal data are stored, the proper placement and review of technical equipment, compliance with fire safety rules, proper network management, maintenance of information systems and the implementation of other technical measures necessary to ensure the protection of personal data.
The Company shall take measures to prevent accidental or unlawful destruction, alteration, disclosure or any other unauthorised processing of personal data by keeping the documents and data files entrusted to it in a proper and secure manner.
If an employee or other Data Processor has doubts about the reliability of the security measures in place, he/she shall contact his/her line manager to assess the security measures in place and, if necessary, initiate the acquisition and implementation of additional measures.
When processing personal data, the employee or other Data Processor must:
process personal data in strict compliance with the laws of the Republic of Lithuania, other legal acts, instructions and the Rules;
protect the confidentiality of personal data. Such staff member shall observe the principle of confidentiality and shall keep secret any information relating to personal data of which he has become aware in the performance of his duties, unless such information is public pursuant to the provisions of applicable laws or regulations. The principle of confidentiality shall continue to apply after the termination of the employment relationship;
not to disclose, transmit or allow access to personal data to persons who are not authorised to process personal data;
store documents and data files properly and avoid making unnecessary copies. Copies of company documents containing personal data must be destroyed in such a way that they cannot be reproduced and their contents cannot be identified;
immediately notify the Head of the Company or his/her designated person in charge of any suspicious situation that may pose a threat to the security of personal data and take measures to avoid such a situation.
destroy copies of redundant documents containing personal data in such a way that they cannot be reproduced and their contents cannot be identified.
Employees or other responsible persons who automatically process personal data or whose computers have access to areas of the local network where personal data are stored shall use passwords created in accordance with the relevant rules. Passwords shall be changed periodically, at least once every three months, as well as in certain circumstances (e.g. a change of employee, a threat of hacking, a suspicion that the password has become known to third parties, etc.).
A staff member working on a particular computer can only know his or her password. The employee shall give the password in a sealed envelope to the Company's authorised responsible person. Passwords shall be kept in a safe or other secure place and shall be used only in case of emergency.
At least once a month, a copy of the personal data on the computers shall be made by a designated staff member or other Data Processor.
The staff member responsible for maintaining the computers must ensure that personal data files are not "seen" (shared) by other computers and that anti-virus programs are updated periodically.
The staff member responsible for maintaining the computers makes copies of the data files on the computers. In the event of loss or damage to these files, the responsible staff member must restore them within a few working days.
An employee shall cease to have the right to process personal data when the employee's contract of employment or a similar contract with the Company expires, or when the Company's manager revokes the employee's appointment to process personal data.
In order to ensure the protection of personal data, the Company has implemented or intends to implement the following personal data protection measures:
administrative (establishing procedures for the secure management of documents and computer data and their archives, as well as for the organisation of the work of the various areas of activity, familiarising staff with the protection of personal data, etc.);
hardware and software security (administration of information systems and databases, maintenance of workstations, Company premises, protection of operating systems, protection against computer viruses, etc.);
Protecting communications and computer networks (filtering shared data, applications, unwanted data packets, etc.)
The technical and software measures for the protection of personal data must ensure:
setting up storage for copies of operating systems and databases, establishing copying techniques and monitoring compliance;
Continuous processing technology;
authorised use of the data and its non-vulnerability.
An employee or other Data Processor who discovers a breach of the processing of personal data shall immediately inform his or her line manager so that the Company can take immediate measures to prevent unlawful processing of personal data and, if necessary, inform the supervisory authority for the processing of personal data and the Data Subject of the situation.
