1 General information
Legal details of the Controller:
UAB “MECOM GRUP”
Registered office address: Konstitucijos pr. 12, Vilnius
tel. + 37052638638
e- mail: email@example.com
Company code: 111733421
1.2. You have the right to obtain information on how your personal data is processed at any time by contacting us via our general email address: firstname.lastname@example.org
1.6. We confirm that your data will be collected and processed in accordance with the requirements of applicable European Union and Republic of Lithuania legislation and the instructions of the controlling authorities.
2. Key definitions
2.1. ‘Direct marketing’ means any activity the purpose of which is to offer goods or services to persons by post, phone or any other direct means and/or to seek their opinion on the goods or services offered.
2.2. ‘Personal data’means information that can be used directly or indirectly to identify you as a specific private individual, to contact you or to determine your location. The source of the collection of personal data depends on your way of communication with us.
2.4. ‘Controller’ means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
2.5. ‘Processor’means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
2.6. ‘State Data Protection Inspectorate’means the authority which controls the data protection of information systems and the lawfulness of the provision and use of data.
3. The purposes for which we collect information
3.1. The legal basis on which the Company processes your personal data depends on the purpose for which and the context in which we collect personal data.
The purposes of data collection are the following:
- a) direct marketing;
- b) customer service;
- c) fraud prevention and legal compliance;
- d) administration of events and contests;
- e) customer complaints management;
- f) compliance with legal requirements;
- g) information security.
4. What information we collect about you, the legal basis for collecting such information, to whom we transfer it and how long it is kept
4.1. Direct marketing
For the purpose of direct marketing, we collect and process your name, surname, email address, telephone number, date of birth, etc. (hereinafter referred to as the ‘identity data’). We process this data only on the basis of your consent; without your consent the Company cannot process or otherwise collect your personal data. The above data is processed in the interests of the Company: to inform you about ongoing events, games/contests or promotions, as well as to inform you about the services or surveys relevant to you.
The personal data we hold may also be used for profiling of your personal data for the purpose of direct marketing in order to provide you with personalised offers. You may withdraw your consent or object to the automated processing of your personal data, including profiling, at any time.
Please be aware that we may also use your personal information (such as the services you have used, your location, your behaviour, etc.) to form an opinion about what may be of interest to you and to display certain types of advertisements on our website accordingly.
If you no longer wish to have your personal data processed for the purpose of direct marketing, including profiling, you can send an email to email@example.com and object to the processing of your personal data for the purpose of direct marketing and/or to the non-application of only automated processing, including profiling, of your personal data, without providing any reasons for your objection.
The data will be processed for a period of 8 (eight) years from the date of your consent to receive direct marketing information.
4.2. Customer service
For the purpose of customer service, we collect and process your identity data. Your identity data is processed in order for us to provide our services and administer your enquiries or comments, and the processing is also necessary when you contact us and we respond to your queries. This data is processed at your request when you have contacted the Company regarding the services provided by the Company.
The data will be processed for a period of 3 (three) years from the date of the last contact with you or the end of the business relationship with the user. Correspondence relating to personal injury, accidents and other health and safety issues may be retained for a longer period in the event of litigation or settlement.
4.3. Fraud prevention and legal compliance
For the purpose of fraud prevention and legal compliance, your identity data is collected. Your personal data is processed for our legitimate interests in order to prevent fraud, to stop fraud or criminal act. Your personal data may also be processed for the establishment, exercise and defence of a legal claim.
In this case, the personal data you provide may be shared with companies that provide certain services to us. Please note that these companies may only process the personal data you provide on our instructions.
The data will be processed for a period of 5 (five) years from the date of notification of fraud or criminal act. However, this period may be extended, as appropriate, until a final decision has been taken on fraud or criminal act.
4.4. Administration of events and contests
For the purpose of organising events and contests, your identity data is collected. For this purpose, your personal data may only be processed with your consent to participate in the contest or event being organised. The Company may process your personal data for the purpose of administration of the event, for the purpose of contacting you about the event, and for the purpose of evaluating the organisation of the event.
The Company will process your personal data for the purposes of the Company’s legitimate interests: to organise and administer the event, and to contact participants about the event.
The data will be processed for a period of 1 (one) month after the end of the event.
4.5. Customer complaints management
For the purpose of customer complaints management, your identity data will be processed. This data will be processed in order to administer your enquiries and complaints. The data will be processed for our legitimate interest in improving our services. Also in order to evaluate and develop our services.
We may share your personal data with the relevant Mecom Grupp group companies if your complaint and/or enquiry relates to (an)other Mecom Grupp group company(ies).
All personal data relating to the resolved claim and/or enquiry will be retained for a maximum of 2 years from the date of receipt of the complaint and/or enquiry.
4.6. Compliance with legal requirements
For the purpose of compliance with legal requirements, your identity data is collected. The legal basis for the processing of this data is to comply with our legal obligation. The Company processes this data in order to comply with various legal requirements applicable to the Company.
The data will be processed for a period of 8 (eight) years from the date of obtaining your consent to process your personal data.
5. How we process your data
Your data is processed by both automated means and physical means, which includes automated decision-making and profiling for different processing purposes.
The Company implements suitable measures to safeguard your rights, freedoms and legitimate interests, including the right to obtain human intervention.
Your personal data is protected against loss, unauthorised use and alteration. We have put in place physical and technical measures to protect all information we collect for the purposes of providing our services. We remind you that although we take reasonable steps to protect your information, no website, online transaction, computer system or wireless connection is completely secure.
6. Your rights
5.1. You have the following rights:
- i. to know (be informed) about the processing of your data (the right of information);
- ii. to access your data and information on how it is processed (the right of access);
- iii. to request the rectification or, taking into account the purposes of the processing, the completion of personal data which is incomplete (the right to rectification). Please note that we may need to verify the correctness of the new data you provide;
- iv. to have your data erased or to suspend the processing of your data (other than storage) (the right to erasure and the right ‘to be forgotten’), where there are reasonable grounds for doing so. Please note that we may not be able to comply with your request to erase your data in all cases due to legal regulation;
- v. the right to request from the Controller restriction of processing of personal data on one of the legitimate grounds (the right to restriction);
- vi. the right to the portability of the data that you have provided to us (the right to portability);
- vii. the right to object to the processing of personal data or to withdraw your consent where the processing is carried out or intended to be carried out in the interests of the Company. In this case, the Company will stop processing your data unless it has evidence that there are legitimate grounds to continue processing the data. Where the processing relates to direct marketing, you have the right to object at any time and the Company will stop processing your data for the purpose of direct marketing;
- viii. the right to withdraw your consent to the processing of your personal data. We may do so where your consent provides a legal basis for us to process your personal data. You can withdraw your consent to receive marketing communications by using the unsubscribe link contained in any marketing communication we send to you. To withdraw your consent for other purposes, you should email your request to: firstname.lastname@example.org .
- ix. the right to lodge a complaint with the State Data Protection Inspectorate. We would be grateful if you contacted us before doing so and gave us the opportunity to resolve the dispute amicably.
You may exercise your rights by submitting a request to the Company via our general email address: email@example.com.
7. Sharing and transferring your personal data
7.1. We do not transfer your personal data outside the European Economic Area.
7.2. Your personal data may be transferred to other companies within the same group of companies as the Company (who will act as Processors engaged by us or as independent Controllers), law enforcement authorities, courts and other public authorities, but only to the extent allowed by laws.
7.3. We may also share your personal data with companies that provide us with services such as payment services, sending of direct marketing communications, etc. We may share some of your personal data with our partners who organise events or contests in which you have expressed an interest in participating.
8. Validity and amendments