Privacy policy
GENERAL INFORMATION
Your personal data provided with your order is stored and never passed on to third parties, except when necessary for the execution of the order or when required by the laws of the Republic of Lithuania.
I. BASIC CONCEPTS
1. Company – Uterna, UAB, a company established under the laws of the Republic of Lithuania, whose registered office is located at Metalo g. 9, LT-28217 Utena, Republic of Lithuania, company code 110321710, the data on the company are collected and stored in the Register of Legal Entities. Company’s website: www.wheelde.com .
2. Data subject – a natural or legal person (buyer) whose data is processed by the Company.
3. Personal Data – means information relating to a natural person – Data Subject, which is listed in point 2.4 of these Rules.
4. Processing of Personal Data – means any act or set of acts performed on Personal Data, such as collection, recording, accumulation, storage, classification, grouping, aggregation, alteration (addition or correction), provision, use, destruction or any other act or set of acts.
5. Automatic processing – processing operations carried out wholly or partly by automatic means.
6. Employee – means a person who has entered into a contract of employment or similar with the Company and who has been appointed by decision of the Head of the Company to process Personal Data.
7. Data Processor – means a legal or natural person who is authorised by the Company to process Personal Data.
8. Data controller – a legal or natural person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
9. Data recipient – means a legal or natural person to whom Personal Data is provided.
10. Inspectorate means the State Data Protection Inspectorate of the Republic of Lithuania.
11. Other terms used in these personal data processing rules correspond to the terms defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania.
3. Personal Data – means information relating to a natural person – Data Subject, which is listed in point 2.4 of these Rules.
4. Processing of Personal Data – means any act or set of acts performed on Personal Data, such as collection, recording, accumulation, storage, classification, grouping, aggregation, alteration (addition or correction), provision, use, destruction or any other act or set of acts.
5. Automatic processing – processing operations carried out wholly or partly by automatic means.
6. Employee – means a person who has entered into a contract of employment or similar with the Company and who has been appointed by decision of the Head of the Company to process Personal Data.
7. Data Processor – means a legal or natural person who is authorised by the Company to process Personal Data.
8. Data controller – a legal or natural person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
9. Data recipient – means a legal or natural person to whom Personal Data is provided.
10. Inspectorate means the State Data Protection Inspectorate of the Republic of Lithuania.
11. Other terms used in these personal data processing rules correspond to the terms defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania.
II. GENERAL PROVISIONS
1. This document regulates the actions of the Company and its Employees when processing Personal Data using automated means of processing Personal Data installed in the Company, as well as establishes the rights of the Data Subjects, the risk factors for the violation of the protection of Personal Data, the means of implementation of the protection of Personal Data, and other matters related to the processing of Personal Data.
2. Personal Data must be accurate, relevant and only to the extent necessary for its collection and further processing.
3. The purposes of the processing of Personal Data are the means necessary for the purchase and delivery of goods and other legitimate and pre-defined purposes prior to the collection of data.
4. The Company shall process the following Personal Data of Data Subjects for the purposes set out in Section 2.3 of these Rules:
a. Name and surname b. Telephone number c. E-mail address d. IP address
5. By providing the Company with his/her Personal Data, the Data Subject confirms and voluntarily consents to the Company’s management and processing of the Data Subject’s Personal Data, in accordance with these Rules, applicable laws and regulations and other normative legal acts.
6. The processing of Personal Data shall be governed by the Law on Legal Protection of Personal Data of the Republic of Lithuania, Regulation (EU) 2016/679, other laws and regulations governing data processing and protection, as well as these Terms and Conditions. The website www.wheelde.lt uses cookies: Google Analytics, the standard Google Analytics tool is used for website statistics.
III. PROCESSING OF PERSONAL DATA
1. Personal data is processed automatically using personal data processing tools installed and/or rented by the Company.
2. Only Employees and Managers are entitled to process Personal Data. Each Employee and/or Processor who is assigned to process Personal Data is obliged to protect the confidentiality of Personal Data and to comply with the requirements of the legislation on the protection of personal data. The Employee/Controller shall:
a. Protect the confidentiality of Personal Data;
b. Process Personal Data in accordance with the laws of the Republic of Lithuania, other legal acts and these rules;
c. Not to disclose, transfer or allow access by any means to Personal Data to any person who is not authorised to process Personal Data;
d. Immediately notify the Head of the Company or his/her designee of any suspicious situation that may pose a threat to the security of Personal Data.
3. Employees who automatically process Personal Data or whose computers have access to areas of the local network where Personal Data is stored must use passwords. Passwords must be changed at least every 30 days, as well as in certain circumstances (e.g. a change of employee, a threat of hacking, a suspicion that the password has become known to third parties, etc.). Only the employee working on a particular computer can know his or her password.
4. The protection of personal data shall be organised, ensured and enforced by the Head of the Company or an Employee appointed by him.
5. An Employee shall cease to have the right to process Personal Data when the Employee’s contract of employment or a similar contract with the Company expires or when the Head of the Company revokes the Employee’s appointment to process Personal Data.
6. The right to process Personal Data shall cease when the Processor’s contract with the Company is terminated.
2. Only Employees and Managers are entitled to process Personal Data. Each Employee and/or Processor who is assigned to process Personal Data is obliged to protect the confidentiality of Personal Data and to comply with the requirements of the legislation on the protection of personal data. The Employee/Controller shall:
a. Protect the confidentiality of Personal Data;
b. Process Personal Data in accordance with the laws of the Republic of Lithuania, other legal acts and these rules;
c. Not to disclose, transfer or allow access by any means to Personal Data to any person who is not authorised to process Personal Data;
d. Immediately notify the Head of the Company or his/her designee of any suspicious situation that may pose a threat to the security of Personal Data.
3. Employees who automatically process Personal Data or whose computers have access to areas of the local network where Personal Data is stored must use passwords. Passwords must be changed at least every 30 days, as well as in certain circumstances (e.g. a change of employee, a threat of hacking, a suspicion that the password has become known to third parties, etc.). Only the employee working on a particular computer can know his or her password.
4. The protection of personal data shall be organised, ensured and enforced by the Head of the Company or an Employee appointed by him.
5. An Employee shall cease to have the right to process Personal Data when the Employee’s contract of employment or a similar contract with the Company expires or when the Head of the Company revokes the Employee’s appointment to process Personal Data.
6. The right to process Personal Data shall cease when the Processor’s contract with the Company is terminated.
IV. RIGHTS OF DATA SUBJECTS AND THEIR IMPLEMENTATION
1. The data subject shall have the right to be informed, by providing the Company with a document proving his or her identity, of the sources and nature of his or her Personal Data, the purposes for which it is processed and to whom it is provided. Access to Personal Data shall be granted by submitting to the Company a written request for access to Personal Data by post or e-mail.
2. The data subject has the right to data portability. This right enables data subjects to obtain, without hindrance, the personal data which they have provided to the controller in a structured, commonly used and computer-readable format and to transmit those data to another controller. Data portability is the right of the data subject to obtain a subset of the personal data relating to the data subject processed by the controller and to store those data for further personal use.
3. The Company shall, upon receipt of an enquiry from a Data Subject regarding the processing of his or her Personal Data, respond as to whether the Personal Data relating to him or her is being processed and shall provide the Data Subject with the requested data no later than 30 calendar days from the date of the Data Subject’s request. At the Data Subject’s request, such data shall be provided in writing to the address or e-mail address provided.
4. The Data Subject shall be given the opportunity to rectify, erase or suspend the processing of his or her Personal Data by submitting a written request to the Company by post, fax or e-mail, or an oral request if the Data Subject can be identified. Upon receipt of such a request, the Company shall promptly verify the Personal Data and shall promptly correct any incorrect, incomplete or inaccurate Personal Data at the request of the Data Subject.
5. The Company shall promptly notify the Data Subject of the rectification or destruction of the Personal Data, whether or not carried out at his request.
6. The Data Subject may complain against the Company’s actions (inaction) to the State Data Protection Inspectorate within 3 months from the date of receipt of the response from the Company or within 3 months from the date on which the deadline for submitting the response set out in Section 4.3 expires. The data subject may appeal to the court against the actions (inaction) of the State Data Protection Inspectorate in accordance with the procedure established by law.
7. The Company shall also ensure all other rights, guarantees and interests of personal data subjects guaranteed by the laws and regulations of the Republic of Lithuania.
2. The data subject has the right to data portability. This right enables data subjects to obtain, without hindrance, the personal data which they have provided to the controller in a structured, commonly used and computer-readable format and to transmit those data to another controller. Data portability is the right of the data subject to obtain a subset of the personal data relating to the data subject processed by the controller and to store those data for further personal use.
3. The Company shall, upon receipt of an enquiry from a Data Subject regarding the processing of his or her Personal Data, respond as to whether the Personal Data relating to him or her is being processed and shall provide the Data Subject with the requested data no later than 30 calendar days from the date of the Data Subject’s request. At the Data Subject’s request, such data shall be provided in writing to the address or e-mail address provided.
4. The Data Subject shall be given the opportunity to rectify, erase or suspend the processing of his or her Personal Data by submitting a written request to the Company by post, fax or e-mail, or an oral request if the Data Subject can be identified. Upon receipt of such a request, the Company shall promptly verify the Personal Data and shall promptly correct any incorrect, incomplete or inaccurate Personal Data at the request of the Data Subject.
5. The Company shall promptly notify the Data Subject of the rectification or destruction of the Personal Data, whether or not carried out at his request.
6. The Data Subject may complain against the Company’s actions (inaction) to the State Data Protection Inspectorate within 3 months from the date of receipt of the response from the Company or within 3 months from the date on which the deadline for submitting the response set out in Section 4.3 expires. The data subject may appeal to the court against the actions (inaction) of the State Data Protection Inspectorate in accordance with the procedure established by law.
7. The Company shall also ensure all other rights, guarantees and interests of personal data subjects guaranteed by the laws and regulations of the Republic of Lithuania.
V. TRANSFER OF PERSONAL DATA
1. Personal Data may only be provided to Data Recipients with whom the Company has signed appropriate agreements for the transfer/provision of Personal Data and the Data Recipient ensures adequate protection of the Personal Data transferred. Personal Data may also be transferred to third parties in other cases and in accordance with the procedure provided for in the laws and regulations of the Republic of Lithuania.
2. Asmens duomenys gali būti perduoti tik:
Telia Lietuva , AB, from whom the Company purchases online services.
3. The Company does not collect sensitive personal information, such as information about age health, racial origin, religious beliefs or political opinions, unless required or permitted by law.
2. Asmens duomenys gali būti perduoti tik:
Telia Lietuva , AB, from whom the Company purchases online services.
3. The Company does not collect sensitive personal information, such as information about age health, racial origin, religious beliefs or political opinions, unless required or permitted by law.
VI. RISK FACTORS FOR A PERSONAL DATA BREACH
1. Personal Data may only be provided to Data Recipients with whom the Company has signed appropriate agreements for the transfer/provision of Personal Data and the Data Recipient ensures adequate protection of the Personal Data transferred. Personal Data may also be transferred to third parties in other cases and in accordance with the procedure provided for in the laws and regulations of the Republic of Lithuania.
2. Asmens duomenys gali būti perduoti tik:
Telia Lietuva , AB, from whom the Company purchases online services.
3. The Company does not collect sensitive personal information, such as information about age health, racial origin, religious beliefs or political opinions, unless required or permitted by law.
2. Asmens duomenys gali būti perduoti tik:
Telia Lietuva , AB, from whom the Company purchases online services.
3. The Company does not collect sensitive personal information, such as information about age health, racial origin, religious beliefs or political opinions, unless required or permitted by law.
VI. RISK FACTORS FOR A PERSONAL DATA BREACH
1. Personal Data may only be provided to Data Recipients with whom the Company has signed appropriate agreements for the transfer/provision of Personal Data and the Data Recipient ensures adequate protection of the Personal Data transferred. Personal Data may also be transferred to third parties in other cases and in accordance with the procedure provided for in the laws and regulations of the Republic of Lithuania.
2. Asmens duomenys gali būti perduoti tik:
Telia Lietuva , AB, from whom the Company purchases online services.
3. The Company does not collect sensitive personal information, such as information about age health, racial origin, religious beliefs or political opinions, unless required or permitted by law.
2. Asmens duomenys gali būti perduoti tik:
Telia Lietuva , AB, from whom the Company purchases online services.
3. The Company does not collect sensitive personal information, such as information about age health, racial origin, religious beliefs or political opinions, unless required or permitted by law.
VI. RISK FACTORS FOR A PERSONAL DATA BREACH
1. A personal data breach is an act or omission that may lead to, or has the potential to lead to, unwanted consequences and is contrary to the mandatory provisions of the law on the protection of personal data. The degree of impact, damage and consequences of a personal data breach shall be determined on a case-by-case basis by a committee set up by the Head of the Company or his/her delegate.
2. Risk factors for a personal data breach:
a. unintentional, where the protection of Personal Data is violated for accidental reasons (data processing errors, deletion or destruction of information media, data records, incorrect routes (addresses) for the transmission of data, etc., or system failures due to power failure, computer virus, etc.),(e.g. violation of internal rules, lack of system maintenance, software tests, inadequate maintenance of data media, inadequate capacity and protection of lines, integration of computers in the network, protection of computer programs, inadequate supply of fax materials, etc.);
b. deliberate, when the protection of Personal Data is violated deliberately (unauthorised intrusion into the Company’s premises, personal data storage facilities, information systems, computer network, malicious violation of the established rules for the processing of Personal Data, deliberate spreading of a computer virus, theft of Personal Data, unauthorised use of the rights of another Employee etc.);
c. unexpected accidental events (lightning, fire, flood, inundation, storms, burning of electrical wiring, exposure to changes in temperature and/or humidity, the influence of dirt, dust and magnetic fields, accidental technical breakdowns, other factors beyond the user’s control and/or control, etc).
2. Risk factors for a personal data breach:
a. unintentional, where the protection of Personal Data is violated for accidental reasons (data processing errors, deletion or destruction of information media, data records, incorrect routes (addresses) for the transmission of data, etc., or system failures due to power failure, computer virus, etc.),(e.g. violation of internal rules, lack of system maintenance, software tests, inadequate maintenance of data media, inadequate capacity and protection of lines, integration of computers in the network, protection of computer programs, inadequate supply of fax materials, etc.);
b. deliberate, when the protection of Personal Data is violated deliberately (unauthorised intrusion into the Company’s premises, personal data storage facilities, information systems, computer network, malicious violation of the established rules for the processing of Personal Data, deliberate spreading of a computer virus, theft of Personal Data, unauthorised use of the rights of another Employee etc.);
c. unexpected accidental events (lightning, fire, flood, inundation, storms, burning of electrical wiring, exposure to changes in temperature and/or humidity, the influence of dirt, dust and magnetic fields, accidental technical breakdowns, other factors beyond the user’s control and/or control, etc).
VII. IMPLEMENTING MEASURES FOR THE PROTECTION OF PERSONAL DATA
1. In order to ensure the protection of Personal Data, the Company has implemented or intends to implement the following measures to protect Personal Data:
a. administrative (establishing procedures for the secure management of documents and computer data and their archives, as well as for the organisation of the work of the various areas of activity, familiarising staff with the protection of personal data at the time of recruitment and at the end of the employment or similar relationship, etc);
b. hardware and software protection (administration of service stations, information systems and databases, maintenance of workstations, company premises, protection of operating systems, protection against computer viruses, etc.);
c. Protecting communications and computer networks (filtering shared data, applications, unwanted data packets (firewalls), etc.).
2. The technical and software measures for the protection of personal data must ensure:
a. setting up storage for copies of operating systems and databases, establishing copying techniques and monitoring compliance;
b. the technology of the continuous data processing process
c. a strategy for resuming the operation of the systems in the event of unforeseen events (contingency management);
d. the physical (logical) separation of the application testing environment from the operating mode processes;
e. authorised use of the data and its integrity.
3. All Employees who have the right to process Personal Data or to organise and carry out its protection must strictly comply with the requirements of the Personal Data Protection Measures established by the Company and with the requirements of the relevant rules, instructions or procedures.
a. administrative (establishing procedures for the secure management of documents and computer data and their archives, as well as for the organisation of the work of the various areas of activity, familiarising staff with the protection of personal data at the time of recruitment and at the end of the employment or similar relationship, etc);
b. hardware and software protection (administration of service stations, information systems and databases, maintenance of workstations, company premises, protection of operating systems, protection against computer viruses, etc.);
c. Protecting communications and computer networks (filtering shared data, applications, unwanted data packets (firewalls), etc.).
2. The technical and software measures for the protection of personal data must ensure:
a. setting up storage for copies of operating systems and databases, establishing copying techniques and monitoring compliance;
b. the technology of the continuous data processing process
c. a strategy for resuming the operation of the systems in the event of unforeseen events (contingency management);
d. the physical (logical) separation of the application testing environment from the operating mode processes;
e. authorised use of the data and its integrity.
3. All Employees who have the right to process Personal Data or to organise and carry out its protection must strictly comply with the requirements of the Personal Data Protection Measures established by the Company and with the requirements of the relevant rules, instructions or procedures.
VIII. TIME LIMIT FOR PROCESSING PERSONAL DATA
1. The Company shall start processing Personal Data from the moment of registration of the Data Subject (buyer) in the Company’s e-shop and shall continue the processing until the completion of the purchase transaction by the Data Subject.
2. When Personal Data are no longer required for the purposes of their processing, they shall be destroyed, except for those that must be transferred to public archives in the cases established by law.
2. When Personal Data are no longer required for the purposes of their processing, they shall be destroyed, except for those that must be transferred to public archives in the cases established by law.
IX. LIABILITY
1. Employees who violate the Law on Legal Protection of Personal Data of the Republic of Lithuania, other legal acts regulating the processing and protection of Personal Data, or these Rules shall be subject to the measures of liability provided for by the laws of the Republic of Lithuania.
X. FINAL PROVISIONS
1. The supervision and, where necessary, review of compliance with the Rules shall be entrusted to the Chief Executive Officer of the Company or his/her delegate.
2. Responsible Employees are familiarized with the Rules by signing.
2. Responsible Employees are familiarized with the Rules by signing.
Updated at 2024-10-11