RULES FOR PROCESSING PERSONAL DATA
I. General provisions
1. These personal data protection rules regulate the basic principles of collection, processing and storage of personal data and the procedure, on the basis of which the Data Controller Dovilės Kalvaitienė individuali veikla, certificate number 614649, address - Gedimino g. 3A, Vilkaviškis, Lithuania e-mail address - auksarankems@gmail.com, in the online storewww.darau.lt handles the Buyers' personal data.
2. The collection, processing and storage of the Buyer's personal data shall be governed by these Terms and Conditions, the rules of shopping in the online store www.darau.lt and other laws and regulations.
3. Dovilė Kalvaitienė's individual activity is guided by the following basic principles of personal data processing:
3.1. personal data is collected for defined and legitimate purposes;
3.2 Personal data is processed accurately and fairly.
3.3 Personal data is processed lawfully, i.e. only in cases where:
3.3.1. the conclusion or performance of a contract to which the data subject is a party;
3.3.2. the individual activity of Dovilė Kalvaitienė is obliged to process personal data by law;
3.3.3. the processing of personal data is necessary for the purposes of the legitimate interest pursued by Dovilė Kalvaitienė's individual activity.
3.4 Personal data is kept up to date.
3.5 Personal data shall not be stored for longer than required by law or regulation.
3.6 Personal data shall be processed only by those employees who have the right to do so.
3.7 All information about the personal data processed is confidential.
II. Collection, processing, storage of personal data
1. The Data Controller collects and uses the Buyer's personal data (name, address, telephone number and e-mail address) to process orders for goods or services. By registering or making a purchase, the Customer consents to the processing of the e-mail address and telephone number provided for direct marketing purposes. If the Buyer does not wish to have his/her e-mail address and telephone number processed for the purpose of direct marketing, he/she must inform the Seller at the e-mail address auksarankems@gmail.com.
2. Dovilė Kalvaitienė's individual activity may use data not directly related to the Buyer's person for statistical purposes, i.e. data on purchased goods. Such statistical data will be collected and processed in such a way as to prevent the disclosure of the Buyer's identity or other personally identifiable data.
3. The Buyer's personal data shall be stored in the online shop's database for a period of 10 years from the date of the last purchase contract. Upon expiry of the retention period, the Buyer's personal data shall be destroyed.
III. Transfer of personal data to third parties
1. The Data Controller undertakes not to disclose the Buyer's personal data to third parties, except for the Data Controller's partners who provide delivery services or other services related to the proper execution of the Buyer's order. In all other cases, the Buyer's personal data may be disclosed to third parties only in accordance with the procedure provided for by the legislation of the Republic of Lithuania.
IV. Modification, update or destruction of personal data
1. You have the right to change and/or update the information provided in the registration form;
2. The deletion of data is carried out in the following order: the responsible person (in the absence of a responsible person, the head of the company) logs in to the administration environment of the website and deletes all the data within 10 years after the conclusion of the last purchase contract (purchase in the online shop www.darau.lt).
V. Transmission of information or claims
1. The Buyer, having authorised the processing of his/her personal data, shall have the right to request the modification of the personal data or to suspend the processing, with the exception of archiving and statutory obligations.
2. Dovilė Kalvaitienė individuali darbības, having received a request from the Buyer regarding the processing of personal data, will provide the Buyer with a response no later than within 30 calendar days from the date of the Buyer's request. Only those requests concerning the processing of personal data that are submitted in writing (by e-mail to auksarankems@gmail.com or by post to Gedimino g. 14 - 31, Vilkaviškis LT70145) will be considered.
VI. Amendment of the Rules
1. Dovilė Kalvaitienė individually has the right to amend the Terms and Conditions in part or in full by notifying the online shop www.darau.lt .
2. Amendments or changes to the Terms and Conditions shall come into force from the date of their publication, i.e. from the date on which they are posted in the online shop system.
3. If the Buyer does not agree with the new version of the Terms and Conditions, the Buyer has the right to refuse it in writing (by e-mail to auksarankems@gmail.com or by post to Gedimino 4. 14 - 31, Vilkaviškis LT70145), provided that the Buyer does not use the services of the online store.
4. If the Buyer continues to use the services provided by the online shop after the addition or amendment of the Terms and Conditions, the Buyer shall be deemed to accept the new version.
VII. Risk assessment of data processing
1. The administration of data protection shall be assigned under a separate order and shall be the person responsible for the preparation and maintenance of all documentation, rules and instructions.
VIII. Authorisation of the processing of personal data, familiarisation with the rules
1. The right to process personal data and the right of access to personal data contained in the online shop shall be granted, modified and revoked by order of the owner.
2. The right to process personal data shall be granted only to those employees who need the personal data for the performance of their duties. And only for the activities specified (order processing and direct marketing purposes)
3. The employees of Dovilė Kalvaitienė are informed of these rules and are obliged to comply with them.
IX. Organisational safeguards
1. The staff member who has been granted access shall ensure the confidentiality and security of administrative passwords and other access data;
2. The password shall be changed once every 30 calendar days;
3. The password must be at least 8 (eight) characters;
4. The password characters shall consist of: numbers, letters and special characters;
5. The employee who created the password shall use the password only for logging in to the administration of the online shop and shall not pass the password on to another person.
X. Technical security measures
1. The security of the server data is the responsibility of the company providing the online shop hosting service (physical security, backup recovery).
2. The company uses the SSL protocol to ensure the security of the data during transmission.
XI. Legislation and standards governing the processing of personal data
1. Law on Legal Protection of Personal Data of the Republic of Lithuania
2. Order of the Director of the State Data Protection Inspectorate No 1T-71 of 12 November 2008 (Žin., 2008, No 135-5298).