Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter – the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating the protection of personal data.
UAB „Bioenergy LT“ follows the main data processing principles:
– personal data is collected only for clearly defined and legitimate purposes;
– personal data is processed only lawfully and fairly;
– personal data is constantly updated;
– personal data is stored securely and for no longer than required by the established data processing purposes or legislation;
– personal data is processed only by those employees of the Company who have been granted such a right in accordance with their work functions or by duly authorized data processors.
1.1. Data controller – UAB „Bioenergy LT“ (hereinafter – the Company), legal entity code 302956352, registered office address Staniūnų str. 83-1, Panevėžys.
1.2. Data subject – person whose data is processed by the Company. The Data Controller collects only information of the data subject that is necessary for the performance of the Company’s activities and (or) when visiting, using, browsing the Company’s websites, Facebook page, etc. (hereinafter referred to as the Website). The company ensures that the personal data collected and processed will be secure and will only be used for a specific purpose.
1.3. Personal data shall mean any information related directly or indirectly to a data subject whose identity is known or can be directly or indirectly established by reference to the data concerned. Processing of personal data means any operation performed on personal data (including the collection, recording, storage, editing, modification, granting of access, requesting, transmission, archiving, etc.).
1.4. Consent means any voluntary and deliberate consent by which the data subject agrees to the processing of his or her personal data for a specific purpose.
2. SOURCES OF PERSONAL DATA
2.1. Personal data is provided by the data subject himself. The data subject applies to the Company, uses the services provided by the Company, buys goods and (or) services, leaves comments, asks questions, subscribes to newsletters, applies to the Company for information, etc.
2.2. Personal data is obtained by the data subject visiting the Company’s website. The data subject fills in the forms contained in it or for some reason leaves his / her contact details, etc.
2.3. Personal data is obtained from other sources. Data are obtained from other institutions or companies, publicly available registers, etc.
3. PROCESSING OF PERSONAL DATA
3.1. By providing personal data to the Company, the data subject agrees that the Company will use the collected data in fulfilling its obligations to the data subject, providing the services that the data subject expects.
3.2. The Company processes personal data for the following purposes:
3.2.1. Execution of business assurance and continuity. The following data shall be processed for this purpose:
✓ For the purpose of concluding and executing contracts, personal data of suppliers (natural persons) may be processed: name (s), surname (s), personal identification code or date of birth, place of residence (address), telephone number, e-mail address, place of work, position, the bank’s current account and the bank where the account is located, the date, amount, currency and other data provided by the person himself, which the Company receives in accordance with legal acts in the course of the Company’s activities and/or which the Company is obliged to manage by law and/or other legislation. E.g. data contained in the business certificate (type of activity, group, code, name, periods of activity, date of issue, amount), number of the individual activity certificate, information if the data subject is a VAT payer, and other data necessary for the proper performance of the contract and/or legal obligations.
3.2.2. For the purpose of ensuring the security of the company’s employees, other data subjects, and assets (video surveillance). The following data shall be processed:
✓ video image. Video surveillance systems do not use facial recognition and/or analysis technologies, and the image data captured by them is not grouped or profiled according to a specific data subject (person). The data subject shall be informed about the video surveillance by means of information signs with the video camera symbol and the Company’s details, which shall be provided before entering the monitored area and/or premises. The field of surveillance of video cameras does not include premises where the data subject expects absolute protection of personal data.
3.2.3. Direct marketing (subscription to newsletters on the website www.bioenergy.lt). The following data shall be processed for this purpose:
✓ Name (s), surname (s);
✓ Means of communication (e-mail address).
3.2.4. For other purposes for which the Company has the right to process the personal data of the data subject when the data subject has given his or her consent, when the processing is necessary for the legitimate interest of the Company or when the Company is obliged to process the data by relevant legal acts.
4. PROVISION OF PERSONAL DATA
4.1. The Company undertakes to respect the obligation of confidentiality vis-à-vis data subjects. Personal data may be disclosed to third parties only if this is necessary for the conclusion and performance of the contract for the benefit of the data subject or for other legitimate reasons.
4.2. The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. Data Controllers have the right to process personal data only in accordance with the Company’s instructions and only to the extent necessary to properly perform the obligations set forth in the contract. The Company shall use only those data controllers who sufficiently ensure that the appropriate technical and organizational measures are implemented in such a way that the data processing complies with the requirements of the Regulation and the rights of the data subject are protected.
4.3. The Company may also provide personal data in response to requests from the Court or public authorities to the extent necessary to properly comply with applicable legislation and instructions from previously mentioned institutions.
4.4. The Company guarantees that personal data will not be sold or rented to third parties.
5. PROCESSING OF PERSONAL DATA OF MINORS
5.1. Individuals under the age of 14 may not provide any personal information through the Company’s website. If a person is younger than 14 years of age, in order to use the Company’s services, the written consent of one of the representatives (father, mother, guardian, etc.) regarding the processing of personal data must be submitted before providing personal information.
6. TERM OF STORAGE OF PERSONAL DATA
6.1. Personal data collected by the Company is stored in printed documents and/or in the Company’s information systems. Personal data shall be processed for no longer than is necessary to achieve the purposes of the processing or for no longer than required by the data subjects and/or provided by law.
6.2. Although the data subject may terminate the agreement and refuse the Company’s services, the Company must continue to retain the data subject’s data due to possible future claims or legal pretensions until the data retention periods expire.
7. RIGHTS OF THE DATA SUBJECT
7.1. Right of access to data processing.
7.2. Right to correct the data.
7.3. Right to request deletion of data („The right to be forgotten “). This right shall not apply if the personal data requested to be deleted is also processed on another legal basis, such as processing necessary for the performance of the contract or the performance of an obligation under the applicable law.
7.4. Right to restrict data processing.
7.5. Right to object to data processing
7.6. Right to data portability. The right to data portability must not adversely affect the rights and freedoms of others. The data subject shall not have the right to data portability in respect of personal data which is processed manually in structured files, such as paper files.
7.7. The right to request that a decision based on automated data processing, including profiling, not be applied.
7.8. The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
8. The company must enable the data subject to implement the above rights of the data subject, except in cases regulated by law when it is necessary to ensure state security or defense, public order, prevention, investigation, detection, or prosecution of criminal activities, important state economic or financial interests, official or professional the prevention, investigation, and detection of breaches of ethics, the protection of the rights and freedoms of the data subject or of any other person.
9. PROCEDURE FOR IMPLEMENTING OF RIGHTS OF THE DATA SUBJECT
9.1. The data subject may apply to the Company for the implementation of his / her rights:
9.1.1.by submitting a written request in person, by post, through a representative, or by electronic means – by e-mail: firstname.lastname@example.org;
9.1.2. orally – by telephone +370 657 48008;
9.1.3. in writing – to address to: Staniunų str. 83-1, Panevezys, Lithuania.
9.2. In order to protect the data from unauthorized disclosure, the Company must verify the identity of the data subject upon receipt of a request from the data subject to provide data or implement other rights.
9.3. The company’s response shall be provided to the data subject no later than one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. This period may be extended by two months, if necessary, depending on the complexity and number of applications.
10. RESPONSIBILITY OF THE DATA SUBJECT
10.1. The data subject is obliged to:
10.1.1. inform the Company about changes in the information and data provided. It is important for the company to have correct and valid data subject information;
10.1.2. provide the necessary information in order to enable the Company to identify the data subject at the request of the data subject and to ensure that it is in real communication or cooperation with the specific data subject (provide an identity document or legal or electronic means to properly identify the data subject). This is necessary for the protection of the data subject and other persons, that the disclosed information about the data subject is provided only to the data subject, without prejudice to the rights of others.
11. FINAL PROVISIONS