The purpose of the Privacy Policy is to inform how the personal data of data subjects is collected and processed, how long it is stored, to whom it is provided, what rights data subjects have and where to apply to exercise them or to resolve any other issues related to the processing of personal data.
Personal data is processed in compliance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts governing personal data protection.
Private Limited Company RIVONA UAB is guided by the following basic principles of data processing:
- personal data is collected only for clearly defined and legitimate purposes;
- personal data is processed only in a lawful and fair manner;
- personal data is kept up to date;
- personal data is kept securely and for no longer than required by the stated purposes of processing or by law;
- personal data shall only be processed by employees of the Company who are authorised to do so by virtue of their job functions or by duly authorized data processors.
1. CONCEPTS
1.1. The Data Holder is the Private Limited Liability Company RIVONA (hereinafter referred to as the Company), legal entity code 110512039, address Savanorių Ave. 176, Vilnius.
1.2. The Data Subject means any natural person whose data is processed by the Company. The Data Holder shall only collect the subject’s data that is necessary for the performance of the Company’s activities. The Company shall ensure that the personal data collected and processed is secure and is used only for the specific purpose.
1.3. Personal data shall mean any information relating, directly or indirectly, to a data subject whose identity is known or can be established, directly or indirectly, by reference to the data concerned.
1.4. Processing of personal data shall mean any operation performed in relation to personal data (including collection, recording, storage, editing, modification, access, retrieval, transmission, archiving, etc.).
1.5. Consent shall mean any freely given and informed acknowledgement by which the data subject agrees to the processing of his or her personal data for a specified purpose.
2. PROCESSING OF PERSONAL DATA
2.1. By providing personal data to the Company, the Data Subject gives his/her consent for the Company to use the collected data in the performance of its obligations to the Data Subject and in the provision of the services expected by the Data Subject. The Company processes personal data for the following purposes:
2.1.1. Cookies
When browsing the Website, the Company automatically collects and processes certain technical data about visitors to the Website through the use of cookies. The Company may process IP address, network and location data when provided by the Data Subject. Data is collected by means of cookies and other similar technologies on the basis of a consent given by the Data Subject.
Cookies are small text files that are placed on the Data Subject's device by a web browser when visiting the Website. We use cookies to ensure the efficient and secure operation of the Website, so that the Website is convenient, effective and meets the needs of the Data Subject.
2.1.2. Enquiries and claims
The Company shall process the Data Subject’s data – name, surname, e-mail address, subject and the text of the Data Subject’s enquiry, other data and information sent to the Company shall also be processed by the Company when the Data Subject contacts the Company by general e-mail, submits an enquiry, asks questions and submits any other information on the Company’s website.
In these cases, the Company processes the Data Subject's data in order to administer requests and complaints, to ensure the quality of the services provided, and to protect and defend our rights and legitimate interests. The Data Subject shall provide his/her data on the basis of consent, which shall be expressed by active measures.
2.1.3. Contests and games
For each contest or game, the Company specifies in the individual rules what data is required to participate. It is up to the Data Subject to choose whether or not to participate in the contests or games and to provide the relevant data.
The most common personal data processed by the Company is the Data Subject's name, surname, email address, telephone number, date of birth and any other personal data provided by the Data Subject in accordance with the requirements of the contest or game.
2.1.4. Video surveillance
Video surveillance is conducted to ensure the security of the Company's employees, other Data Subjects, and the assets of the vehicles. For this purpose, the Company collects the following data in the form of video images. The video surveillance systems do not use facial recognition and/or analysis technologies and the video data captured by them is not grouped or profiled according to a specific Data Subject. The Data Subject shall be informed about the video surveillance by means of information signs with the symbol of the video camera and the Company's details, which shall be displayed before entering the monitored area and/or premises. The field of surveillance of CCTV cameras shall exclude premises where the Data Subject expects absolute protection of personal data.
The recipients of the video data are the data processors engaged by the Company, i.e. companies providing security services, servicing the CCTV equipment, and managing the car park. Video data may only be provided to other recipients on the grounds set out in the legislation.
Video data is recorded and normally stored for up to 30 days. The specific storage period depends on the amount of video data recorded on the video data recorders. At the end of the retention period, the personal data shall be automatically destroyed by deleting it from the video recorders and the most recent video stream shall be recorded in the space left vacant.
2.1.5. Other purposes for which the Company has the right to process the Data Subject's personal data, where the Data Subject has expressed his/her consent, where the processing is necessary for the Company's legitimate interest, or where the Company is bound to process the data by the relevant legal regulations.
3. SUBMISSION OF PERSONAL DATA
3.1. The Company undertakes to respect the duty of confidentiality towards Data Subjects. Personal data may only be disclosed to recipients who provide services related to customer administration. Such persons may include website developers and administrators, database software providers and administrators, etc. The data recipients are entitled to process personal data only on the instructions of the Company and only to the extent necessary for the proper performance of their obligations under the contract. The Data Recipients are also obligated to ensure the security of the Data Subjects’ data in accordance with the applicable legislation. Accordingly, the Company shall only use Data Recipients that provide sufficient assurance that appropriate technical and organizational measures will be implemented in such a way that the receipt of the data complies with the requirements of the Regulation and that the Data Subject’s rights are protected.
3.2. The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. The processors shall have the right to process the personal data only on the instructions of the Company and only to the extent necessary for the proper performance of their obligations under the contract. The Company shall only use processors that provide sufficient guarantees that appropriate technical and organizational measures will be implemented in such a way that the processing complies with the requirements of the Regulation and that the rights of the Data Subject are protected.
3.3. The Company may also provide Customer Data in response to requests from the courts or public authorities to the extent necessary to properly comply with applicable law and public authorities' orders.
3.4. The Company guarantees that personal data will not be traded or rented to any third party.
4. STORAGE PERIOD FOR PERSONAL DATA
4.1. The Data Subject's data shall be kept for a maximum of 1 year from the date of the last submission.
4.2. Other data is also stored for the terms specified in the Privacy Policy.
5. RIGHTS OF THE DATA SUBJECT
5.1. To have access to their personal data and how it is processed. The Data Subject has the right to access his or her data processed, the purposes of the processing, the storage period, his or her rights, information on whether automated decision-making, including profiling, is used and its rationale.
5.2. Request correction of their personal data.
5.3. To object to the processing of personal data.
5.4. Withdraw their consent to the processing of personal data for direct marketing purposes at any time.
5.5. Request deletion of their data (“Right to be forgotten”). This right does not apply if the personal data for which erasure is requested is also processed on another legal basis, such as processing necessary for the performance of a contract or the performance of an obligation under applicable legislation.
5.6. Right to data portability. The right to data portability must not adversely affect the rights and freedoms of other individuals.
5.7. Right to restrict processing of personal data.
5.8. Right to lodge a complaint about the processing of personal data.
5.9. The Company shall be obligated to enable the Data Subject to exercise the above-mentioned rights of the Data Subject, except in the cases provided by law, where it is necessary to ensure national security or defence, public order, the prevention, investigation, detection or prosecution of criminal activities, important economic or financial interests of the State, the prevention, investigation and detection of breaches of official or professional ethics, or the protection of the rights and freedoms of the Data Subject or of any other person.
6. DATA SECURITY
6.1. The Company shall protect personal data against loss, misuse, unauthorised access, disclosure, or alteration by implementing appropriate technical and organisational measures.
6.2. The Company recommends that visitors additionally observe minimum security measures for the protection of personal data:
6.2.1. do not visit suspicious websites or open links of unknown origin;
6.2.2. update their software and install appropriate anti-virus protection.
7. INFORMATION ON VIDEO AND PHOTOGRAPHY DURING EVENTS
7.1. The Company informs that various events in the premises of the TILŽĖ Shopping and Entertainment Centre may be photographed and/or filmed, which may result in visitors being recorded. The captured images may be used on websites, social networking accounts or otherwise made publicly available for advertising, marketing, publicity and related purposes in the manner and form chosen by the Company.
7.2. The Company processes such video data of visitors on the basis of consent. By participating in a filmed or photographed event, the Data Subject consents to their image being captured and used by the Company in the ways and according to the procedures set out in this notice. The Data Subject may withdraw the consent given by sending an email to info@rivona.lt.
7.3. The Company shall ensure that the Data Subject's personal data is used under the necessary security measures.
7.4. The Company will process the video data for one year from the date of capture or until the Data Subject's consent is withdrawn. Such personal data may, in certain cases, be retained for a longer period of time if this is necessary for the protection of the Company's rights and legitimate interests and in other cases provided for by legislation.
7.5. The Company may use other persons to capture or process the image data to whom the data may be transmitted.
8. YOU CAN CONTACT US TO EXERCISE YOUR RIGHTS AS A DATA SUBJECT:
8.1. By written application in person, by post, by a representative or by electronic means - email: info@rivona.lt.
8.1.1. in writing, address: Tilžės Str. 225, LT-76200, Šiauliai.
8.2. In order to protect against unauthorised disclosure of data, the Company is obligated to verify the identity of the Data Subject upon receipt of a written request from the Data Subject to provide the data or to exercise other rights.
8.3. If no solution can be found in an amicable manner, the Data Subject has the right to contact the State Data Protection Inspectorate (www.ada.lt), which is responsible for the supervision and enforcement of the legislation on the protection of personal data.
9. RESPONSIBILITIES OF THE DATA SUBJECT
9.1. Inform the Company of any changes to the information and data provided. It is important for the Company to have correct and valid information about the Data Subject.
9.2. Provide the necessary information to enable the Company to identify the Data Subject upon written request of the Data Subject and to verify that it is communicating or cooperating with a specific Data Subject (to provide a document proving the identity of the Data Subject, or to provide proof of identity by means of a procedure established by law or by means of electronic communication that permits the proper identification of the Data Subject). This is necessary for the protection of the Data Subject's data and the data of other persons, so that the information disclosed about the Data Subject is only provided to the Data Subject, without prejudice to the rights of other persons.
10. FINAL PROVISIONS
10.1. By transferring personal data to the Company, the Data Subject accepts this Privacy Policy, understands its provisions, and agrees to comply with it.
10.2. In the course of developing and improving the Company's business, the Company has the right to unilaterally change this Privacy Policy at any time. The Company has the right to unilaterally, partially, or completely change the Privacy Policy by notifying on its the website rivona.lt.
10.3. Amendments or changes to the Privacy Policy shall come into force from the date of their publication, i.e., from the date on which they are posted on the website rivona.lt.
Cookie settings