1. What does this Privacy Policy mean?
In this privacy policy (hereinafter – the Privacy Policy), we provide you with information on how Preneta, UAB (hereinafter – the Company) processes your personal data obtained when you visit our website or social media accounts, when you submit inquiries, and in other similar cases. Hereinafter, all persons whose data are processed by the Company are referred to as Data Subjects.
2. About the Company
The Company means Preneta, UAB, legal entity code 303473926, located at Darbo g. 16, LT-52102 Kaunas, Lietuvos Respublika, Republic of Lithuania, and the data about the Company are collected and stored in the Register of Legal Entities of the Republic of Lithuania. Contact email for personal data protection matters: info@preneta.lt.
3. What is personal data?
Personal data is any information collected by the Company about a Data Subject that can be used to identify the Data Subject and is stored electronically or by other means.
Personal data includes any information, including the Data Subject name, surname, address, phone number, health information, and other information collected by the Company about Data Subjects for the purposes specified in this Privacy Policy or in a separate consent or agreement between the Data Subject and the Company.
4. Processing of personal data when registering persons with the Company
| Categories of Data Subjects | Legal basis for data processing (Article 6 GDPR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage and deletion terms |
|---|---|---|---|---|---|
| Registration of persons | |||||
| Persons who register for a visit | Article 6(1)(a) GDPR (consent) | Name, surname, date of birth, age, email address, phone number, special category health data, to the extent provided by the person voluntarily. | None | IT equipment administrators and suppliers | Until the start of the registered visit |
| Representatives of persons who register for a visit | Article 6(1)(c) GDPR (legal obligation) | Name, surname, email address, phone number, relationship with the person (basis of representation) | None | IT equipment administrators and suppliers | Until the start of the registered visit |
5. Increasing Company awareness and carrying out marketing, publishing client reviews
| Categories of Data Subjects | Legal basis for data processing (Article 6 GDPR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage and deletion terms |
|---|---|---|---|---|---|
| Increasing Company awareness and carrying out marketing, publishing client reviews | |||||
| Persons who have agreed that the Company may publish their personal data | Article 6(1)(a) GDPR (consent) | Name, surname, review about the services provided, other information that the person chooses to publish, email address, signature, consent date. | Visitors of the website https://preneta.lt | Website administrator | 5 years from receipt of consent |
6. Direct marketing
| Categories of Data Subjects | Legal basis for data processing (Article 6 GDPR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage and deletion terms |
|---|---|---|---|---|---|
| Direct marketing (service offers, visit reminders, etc.) | |||||
| Persons who have agreed to receive direct marketing | Article 6(1)(a) GDPR (consent) | Name, surname, email address, phone number. | None | Marketing service provider | Personal data is stored for 2 years from the date of consent |
7. Video surveillance for the purpose of property and personal security
| Categories of Data Subjects | Legal basis for data processing (Article 6 GDPR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage and deletion terms |
|---|---|---|---|---|---|
| Video surveillance for the purpose of property and personal security | |||||
| Persons who have agreed that the Company may publish their personal data | Article 6(1)(f) GDPR (legitimate interest) | Personal image data (image) | None | Video surveillance equipment supplier | 14 calendar days from the creation of the video recording |
8. Direct marketing
| Categories of Data Subjects | Legal basis for data processing (Article 6 GDPR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage and deletion terms |
|---|---|---|---|---|---|
| Direct marketing (service offers, reminders, etc.) | |||||
| Persons who have agreed to receive direct marketing | Article 6(1)(a) GDPR (consent) | Name, surname, email address, phone number. | None | Marketing service provider | Personal data is stored for 2 years from the date of consent |
9. Video surveillance for the purpose of property and personal security
| Categories of Data Subjects | Legal basis for data processing (Article 6 GDPR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage and deletion terms |
|---|---|---|---|---|---|
| Video surveillance for the purpose of property and personal security | |||||
| Persons entering the video surveillance area | Article 6(1)(f) GDPR (legitimate interest) | Personal image data (image) | None | Video surveillance equipment supplier | 14 calendar days from the creation of the video recording |
10. Conclusion and performance of Company contracts with legal entities and natural persons as contractors
| Categories of Data Subjects | Legal basis for data processing (Article 6 GDPR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage and deletion terms |
|---|---|---|---|---|---|
| Conclusion and performance of contracts with legal entities and natural persons | |||||
| Employees, employees of the contractor legal entity | Article 6(1)(f) GDPR (legitimate interest in relation to employees of the contractor), Article 6(1)(b) GDPR (contract in relation to the employee) | Name, surname, email address, phone number, content of correspondence | Supplier legal entity | None | 10 years after expiry of the contract |
| Contractor | Article 6(1)(b) GDPR (contract) | Name, surname, personal identification number, contact details (phone number, email address), individual activity number, bank account details, other information specified in the contract with the natural person | None | None | 10 years after expiry of the contract |
11. Protection of legitimate interests
| Categories of Data Subjects | Legal basis for data processing (Article 6 GDPR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage and deletion terms |
|---|---|---|---|---|---|
| Protection of rights and interests | |||||
| Other party to a dispute, employees of the other party to a dispute | Article 6(1)(f) GDPR (legitimate interest) | Name, surname, position, date, circumstances of the dispute, other information related to the dispute | Law enforcement authorities, lawyers (attorneys), courts, bailiffs | None | 5 years from the date the court decision becomes final |
12. Contact us
There are several ways you can contact the Company: by phone or email. We receive, review, and respond to all messages ourselves. If you contact us, we may process the data you provide, i.e. name, surname, email address, phone number, content of the enquiry (information that you choose to provide to us).
Such data will be processed in order to answer your questions and review your suggestions. If you do not provide your contact details, we will not be able to contact you and respond to you.
The specified personal data is stored for 1 year from receipt of the enquiry and/or request, unless other retention periods are established in this Privacy Policy or by law.
All personal data that you provide when communicating with us is used only for the purposes specified above.
Please note that we may need to contact you by post, email, or phone. Therefore, please inform us of any changes to your personal data.
13. Website
Our website https://preneta.lt uses cookies. A cookie is a small file consisting of letters and numbers that, with your consent, we place in your browser or on the hard drive of your computer. We use different cookies for different purposes. Cookies also help us distinguish you from other website users, thus ensuring a more pleasant website browsing experience and allowing us to improve the website.
14. Social media tools
The information you provide to us through social media tools, including messages, use of Like and Follow fields, and other communication, is controlled by the social network controller.
Our website contains links to our social media accounts.
We process the information provided in our accounts for the purpose of administering our accounts on the basis of your consent.
We recommend reading third-party privacy notices and contacting service providers directly if you have any questions about how they use your personal data.
15. Receipt and disclosure of data
We receive your data from you, your legal representatives, your devices, our employees, banks, and our contractual contractors.
We may disclose information about you to our employees, service providers such as IT specialists, website administrators, etc., if such data is reasonably necessary to achieve the purposes specified in this Privacy Policy, as well as to banks and other recipients specified in the Policy.
In addition, we may disclose information about you:
- if we are required to do so by law;
- when intending to sell part of the Company business (shares) or assets, disclosing your personal data to a potential buyer of the business (shares) or part thereof;
- after selling the Company business (shares) or a substantial part of its assets to third parties.
Except for the cases provided for in this Privacy Policy, we do not provide your personal data to any third parties.
The list of recipients or categories of recipients specified in the Privacy Policy may change, therefore we recommend regularly checking whether the Privacy Policy has changed.
16. Security of your personal data
Your personal data will be processed in accordance with the General Data Protection Regulation (EU) 2016/679, the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal requirements. When processing your personal data, we implement organisational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as any other unlawful processing.
17. Your rights
In this section, we provide information about your rights related to our processing of your personal data and the cases when you may exercise these rights.
The Company will provide you with information about the actions taken upon receipt of your request regarding the exercise of your rights without undue delay, but no later than within 1 (one) month from receipt of the request. Taking into account the complexity of the request and the number of requests received, this period may be extended by another 2 (two) months. In such a case, within 1 (one) month from receipt of the request, we will inform you of such extension and the reasons for it. The Company will refuse to exercise your rights only in cases provided for by law.
18. Right of access to your personal data
We aim to ensure that you fully understand how we use your personal data and that you do not experience any inconvenience as a result. You may contact us at any time and ask whether we process any of your personal data. If we store or use your personal data in any way, you have the right to access it. To do this, submit a written request to us at the email address specified in this Privacy Policy, confirm your identity, and when submitting such a request, follow the principles of fairness and reasonableness.
18.1. Right to withdraw consent
If you have given us explicit consent to process your data, you may withdraw it at any time. Information about withdrawal of your consent may be provided to the email address specified in this Privacy Policy.
18.2. Additional rights
Below we provide information about additional rights you have, which you may exercise in accordance with the procedure described below.
- You have the right to request that we correct any inaccuracies in the data we hold. In such a case, we may ask you to confirm the corrected information.
- You have the right to request that we delete your personal data. This right is exercised in the cases provided for in Article 17 of the General Data Protection Regulation (EU) 2016/679.
- You have the right to request that we restrict the processing of your personal data or not process it:
- for the period necessary for us to verify the accuracy of your personal data when you submit claims regarding data accuracy;
- when our collection, storage, or use of your personal data is unlawful, but you decide not to request deletion of the data;
- when your personal data is no longer needed by us, but you need it in order to establish, exercise, or defend a legal claim;
- for the period necessary to determine whether we have a stronger legal basis to continue processing your personal data if you have exercised your right to object to the processing of personal data.
- You have the right to portability of data processed by automated means and received from you with your consent or for the purpose of concluding a contract. If you exercise this right, at your request we will transfer a copy of the data you provided.
- You have the right to object to our use of your personal data in accordance with Article 21 GDPR. You have the right to object when your personal data is processed on the basis of legitimate interest, as specified for each processing purpose above, or for direct marketing purposes.
18.3. Right to request more information
We hope you understand that it is very difficult to discuss all possible ways of collecting and using personal data. We strive to provide information as clearly and comprehensively as possible and undertake to update this Privacy Policy if the personal data use process changes.
Nevertheless, if you have any questions about the use of your personal data, we will be happy to answer them or provide any additional information that we can disclose. If you have any specific questions or do not understand the information provided, please contact us.
19. Complaints
If you believe that your rights as a Data Subject have been or may be violated, please contact us immediately at the email address specified in this Privacy Policy. We ensure that only after receiving your complaint we will contact you within a reasonable period and inform you about the progress of the complaint investigation and later about the result.
If you are not satisfied with the results of the investigation, you may submit a complaint to the supervisory authority – the State Data Protection Inspectorate (www.vdai.lrv.lt).
20. Liability
You are responsible for the confidentiality of the data you provide, as well as for ensuring that the data you provide is accurate, correct, and complete. If the data you provided changes, you must immediately inform us by email. Under no circumstances shall we be liable for damage caused to you because you provided incorrect or incomplete personal data or did not inform us about changes to it.
21. Changes to the Privacy Policy
We may update or change this Privacy Policy at any time. The current version of the Privacy Policy can always be found on our website https://preneta.lt.