General Provisions
- This privacy policy (hereinafter referred to as the “Policy”) governs the principles and procedures of personal data processing by UAB Eidvina, located at Gailiūnų g. 45, Gailiūnų k., Druskininkai, email info@diaura.lt, with company code 304176340 (hereinafter referred to as the “Data Controller”), and the terms of operation of its website https://diaura.lt/ (hereinafter referred to as the “Website”).
- This Policy is intended for individuals who visit the Company’s website (https://diaura.lt/), use the information provided on the site, and the services offered. The term “Data Subject” in this Policy refers to any natural person whose personal data is processed by UAB Eidvina.
- By using the services or continuing to browse the Website, the visitor (user of the website) confirms that they have read this Policy, understand its provisions, and agree to comply with them.
- The Data Controller ensures that by adopting and implementing this Policy, the following essential principles related to personal data processing are followed:
- Personal data is processed lawfully, fairly, and transparently (principle of lawfulness, fairness, and transparency);
- Personal data is collected for specified, explicit, and legitimate purposes and is not processed further in a manner incompatible with those purposes;
- Further processing of personal data for archival purposes in the public interest, scientific or historical research purposes, or statistical purposes is not considered incompatible with the initial purposes (principle of purpose limitation);
- Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimization);
- Efforts are made to ensure that personal data is accurate and updated within a reasonable period if necessary;
- All reasonable steps are taken to ensure that inaccurate personal data, considering the purposes for which it is processed, is deleted or rectified without delay (principle of accuracy);
- Personal data is kept in a form that allows the identification of Data Subjects for no longer than necessary for the purposes for which the personal data is processed;
- Personal data may be stored for longer periods if it will only be processed for archival purposes in the public interest, scientific or historical research purposes, or statistical purposes, with appropriate technical and organizational measures implemented to safeguard the rights and freedoms of the Data Subject (principle of storage limitation);
- Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage (principle of integrity and confidentiality);
- The Data Controller is responsible for ensuring compliance with the above principles and must be able to demonstrate such compliance (principle of accountability).
- This Policy is based on Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and the free movement of such data (the GDPR) and the Law on Legal Protection of Personal Data of the Republic of Lithuania (the ADTAĮ), as well as other legal acts of the European Union and the Republic of Lithuania. The terms used in this Policy have the meanings defined by the GDPR and ADTAĮ.
- We recommend that you take the time to read this Privacy Policy thoroughly. If you do not agree with the processing of your personal data as described in this Privacy Policy, you have the right not to provide your personal data to the Company. Additionally, if we process your personal data based on your consent, you may withdraw that consent at any time without affecting the lawfulness of the data processing based on consent before its withdrawal.
- This Privacy Policy explains how the Company collects and uses your personal data when you:
- Visit the Website and/or the Company’s social media accounts or use the opportunities provided by them;
- Seek to conclude or have concluded a contract with the Company;
- Purchase the services provided by the Company;
- Agree to receive direct marketing messages from the Company or subscribe to the Company’s newsletter (you will find unsubscribe and preference management functions at the bottom of each newsletter);
- Provide goods or services to the Company;
- Contact the Company’s customer service department;
- Otherwise communicate or cooperate with the Company as a customer, supplier, or another person with business or consumer relations with the Company.
- The contact details of the person responsible for personal data protection in the Company: email info@diaura.lt.
Purposes of Personal Data Processing and Categories of Collected Personal Data
- Depending on who you are (customer, supplier, Website visitor, etc.) and how you interact with the Company (in person, online, by phone, etc.), the Company may process different personal data about you.
- Below are the categories of personal data we may collect:
Purpose of Data Processing | Categories of Data and Processed Personal Data | Data Retention Period | Legal Basis for Data Processing |
---|---|---|---|
Order Placement | Personal identification data: name * Contact details: email address, phone number, address (when goods are delivered to the buyer’s specified address) * Service data: purchase date, description, price * Payment data: bank account number, goods description, price | Personal data is retained for the duration of the contract and 10 years after the contract expires (in accordance with the General Document Retention Schedule approved by the Chief Archivist of Lithuania on March 9, 2011, order No. V-100) | Processing is necessary for the conclusion and performance of the contract (GDPR Article 6(1)(b)) |
Website Administration | Account login information: username, password | Personal data is retained during the active account usage period and 1 year after the last login | Processing is necessary for the conclusion and performance of the contract (GDPR Article 6(1)(b)) |
(* Required data if you wish to enter into a contract with the Company or submit an inquiry through the website.)
WHERE YOUR PERSONAL DATA IS SHARED
- The company does not transfer your personal data to any third parties without your prior consent, except in the cases described below.
- We may transfer your data to third parties who assist us in our operations and in administering the provision of services. Such parties may include data centers, companies providing hosting and related services, advertising companies, companies that develop, provide, support, and enhance software, companies providing IT infrastructure services, telecommunications companies, companies performing and providing internet browsing or activity analysis services, security service providers, and similar.
- To provide specific services, we may transfer your personal data to other service providers, such as courier services, email service providers, newsletter dispatch services, social media account administrators, customer service centers, and data protection officer service providers.
- In each case, we provide the data processor with only the data necessary to fulfill a specific task or provide a particular service.
- The data processors we engage may process your personal data only according to our instructions. Additionally, they must ensure the security of your data in accordance with applicable legal regulations and the written agreements we have concluded with them.
- Data may also be provided to competent government or law enforcement agencies, such as the police or regulatory authorities, but only upon their request and only when required by applicable laws or in situations and procedures stipulated by law, to ensure the security of our rights, our customers, employees, and resources, and to assert, file, and defend legal claims.
HOW WE ENSURE THE SECURITY OF YOUR DATA
- To protect your data, the Company takes appropriate measures in line with data protection and data security laws and regulations, including requiring the Company’s service providers/contracted data processors to use appropriate measures to protect your personal data and its confidentiality.
- Depending on current technology, the cost of implementing measures, and the nature of the data being protected, the Company has implemented technical and organizational measures to guard against risks such as the destruction, loss, alteration, unauthorized disclosure, or unauthorized access to your data.
YOUR RESPONSIBILITIES
- We would like to remind you that it is your responsibility to ensure, as far as it depends on you, that the data you provide us is accurate, complete, and up-to-date. Moreover, if you provide us with data about other individuals, it is your responsibility to collect and provide such information in accordance with legal requirements. For example, you must inform other individuals whose data you provide to the Company about the contents of this Privacy Policy and obtain their consent for the provision of their personal data.
YOUR RIGHTS
- Data protection laws grant you numerous rights regarding the processing of your personal data.
- You have the right to access the personal data we process: You have the right to request confirmation from us whether we process your personal data and, in such cases, to request access to the personal data we process. To exercise this right, please submit a written request via email to info@diaura.lt.
- You have the right to request the correction of inaccurate data: If you believe that the information we have about you is incorrect or incomplete, you have the right to request its correction. To exercise this right, please submit a written request via email to info@diaura.lt.
- You have the right to object to the processing of your personal data: You have the right to object to the processing of your personal data when it is being processed based on our legitimate interests. However, if there are justified reasons to continue processing the data, we will proceed with the processing despite your objection. To exercise this right, please submit a written request via email to info@diaura.lt.
- You have the right to request the deletion of your personal data (right to be forgotten): Under certain circumstances, you have the right to request that we delete your personal data. However, this does not apply if we are legally obligated to retain the data. To exercise this right, please submit a written request via email to info@diaura.lt.
- You have the right to restrict the processing of your personal data: In certain circumstances, you also have the right to restrict the processing of your personal data. To exercise this right, please submit a written request via email to info@diaura.lt.
- You have the right to file a complaint regarding improper data processing: You have the right to submit a complaint directly to the State Data Protection Inspectorate or via email at ada@ada.lt regarding any improper handling of your personal data.
INFORMATION ABOUT COOKIES USED
- The Data Controller uses cookies on the Website to distinguish one user from another. Cookies help the Data Controller ensure a better experience for those browsing the Website and improve the Website itself.
- Cookies are small text files stored in a person’s browser or device (personal computer, mobile phone, or tablet).
- The Company uses the following categories of cookies:
- Strictly Necessary Cookies: These cookies are essential for the system’s operation. For example, some cookies allow us to identify registered users and ensure they can access the entire system. If the user refuses these cookies, they may not see the full content of the system.
- Performance Cookies: These cookies allow us to analyze how users interact with the system and monitor its performance. This enables the Company to choose suitable offers and quickly detect and fix issues, ensuring a high-quality browsing experience. For instance, performance cookies help track which pages are most popular and why some pages show error messages.
- Functional Cookies: These cookies allow us to remember user preferences and adjust them for the website/mobile app to provide enhanced features.
- Targeting Cookies: The Company may use cookies to display advertisements promoting the Company’s products that are relevant to specific users. Please note that the Company does not allow third parties to advertise their products and services on the Website.
- Information about cookies used on the website https://diaura.lt/ can be found in the cookie settings window, accessible by clicking the cookie icon in the bottom left corner of the browser window.
- Users can change their cookie preferences by clicking on the cookie settings icon in the bottom left corner of the browser window.
- The cookies used on the Website do not allow the identification of the Website user. Visits to the Website are registered anonymously by recognizing the personal computer, mobile phone, or tablet and the IP address. Such collected information is not shared with third parties, except in cases provided by law.
- By opening the Website and clicking the “I agree” button in the pop-up box, the person browsing agrees that cookies will be stored on their computer, mobile phone, or tablet.
- To withdraw consent, the person browsing can delete or block cookies by selecting the appropriate settings in their browser to reject all or some cookies. It should be noted that using such browser settings that block cookies (including essential cookies) may result in difficulties using all or part of the Website’s functions.
- The personal data collected by cookies is processed in accordance with the provisions of the Republic of Lithuania’s Law on the Legal Protection of Personal Data, the Republic of Lithuania’s Law on Electronic Communications, the European Parliament, and Council Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and other legal acts regulating personal data protection.
- In accordance with the legal requirements, security measures are applied on the Website to prevent the unlawful disclosure and use of personal data.
FINAL PROVISIONS
- Legal relations related to this Policy are governed by the law of the Republic of Lithuania.
- The Data Controller is not responsible for damage, including damage caused by disruptions in the Website, for data loss or damage resulting from the actions or inactions of the person themselves or third parties acting with the person’s knowledge, errors, intentional harm, or improper use of the Website.
- The Data Controller is also not responsible for login and/or usage disruptions of the Website and/or damage resulting from such disruptions caused by third parties unrelated to the Data Controller or the person, including power outages, internet access issues, etc.
- The Data Controller has the right to partially or completely change the Policy.
- Amendments or changes to the Policy come into effect from the day they are published on the Website.
- If, after the Policy is amended or changed, the person continues to use the Website and/or services provided by the Data Controller, it is considered that the person does not object to such amendments and/or changes.
- For any questions regarding data processing, you can contact us via email at info@diaura.lt.
- This Privacy Policy applies from October 1, 2024.