Privacy Policy

The Privacy Policy (hereinafter referred to as the Policy) regulates the principles of collecting, processing and storing personal data of the visitors of the website www.artforus.lt and social networking accounts of Artforus UAB (hereinafter referred to as the Company) and the recipients of the newsletters, as well as determines the purposes and means of processing their personal data.

This Policy has been drawn up in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation”) (“the Regulation”).

This Policy informs visitors to the Company’s website and social media accounts and recipients of newsletters about the processing of their personal data.

TERMS USED

Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, by reference to a name, a personal identification number, location data and an online identifier, or to one or more factors specific to the natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.

Data Subject – a natural person – a visitor to the Company’s website and social networking accounts and/or a recipient of the Company’s newsletters, whose personal data are collected and processed by the Company.

Consent of the data subject means any freely given, specific and unambiguous indication of the data subject’s wishes, by means of a statement or an unambiguous action, by which he or she freely consents to the processing of personal data concerning him or her.

Data subject rights – the data subject’s ability to participate in and control the controller’s and/or processor’s activities when processing his/her personal data – to know, to be informed about the processing of his/her personal data; to have access to his/her personal data and how they are processed; to request the rectification or destruction of his/her personal data or the suspension, with the exception of storage, of the processing of his/her personal data where the processing is not carried out in accordance with the provisions of the legislation; to object to the processing of his/her personal data; to request the erasure of his/her personal data; to obtain the data concerning him/her which he/she has provided to the controller; and to lodge a complaint with a supervisory authority (the State Data Protection Inspectorate).

“Processing” means any operation or sequence of operations which is performed upon personal data or sets of personal data, whether or not by automated means: collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction.

Automatic processing – processing operations carried out wholly or partly by automatic means. These include any information and communication technology capable of carrying out processing operations on personal data, such as: computers, communication networks, etc.

Data controller – UAB “Artforus”, legal entity code: 306168794, registered office address: 2, Lūjos St., Vilnius, phone number +370 641 50614, e-mail address: info@artforus.lt.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether or not to a third party. However, public authorities which, under European Union or Member State law, may obtain personal data in the course of a specific investigation shall not be considered as recipients.

A cookie is a small text file that a website stores on your computer or mobile device when you visit it.

“Personal data breach” means a breach of security resulting in the unintentional or unauthorised destruction, loss, alteration, unauthorised disclosure, unauthorised access to, or unauthorised transmission, unauthorised storage or unauthorised processing of personal data.

Other terms used in this Policy shall have the meaning given to them in the Regulation and in other legal acts regulating the processing of personal data.

CHAPTER I

PRINCIPLES FOR PROCESSING PERSONAL DATA

  1. The Company’s processing of your personal data is guided by the following principles:
    1.1.The Company processes personal data only for the legitimate purposes defined in this Policy and does not further process it in a manner incompatible with those purposes (purpose limitation principle);
    1.2.Personal data are processed accurately, fairly and lawfully, in accordance with the requirements of the legislation (legality, fairness and transparency principle);
    1.3. the Company processes personal data in such a way that the personal data is accurate and is kept up to date in the event of changes (principle of accuracy);
    1.4. the Company processes personal data only to the extent necessary to achieve the purposes of the processing of the personal data (principle of data minimisation);
    1.5. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data were collected and processed (principle of limitation of storage period); 1
    .6. The Company shall, when processing personal data, apply appropriate technical and organisational measures to ensure adequate security of personal data, including protection against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage (principle of integrity and confidentiality);
    1.7 The Company is responsible for compliance with the principles set out in this Policy and must be able to demonstrate compliance (principle of accountability).

CHAPTER II

PURPOSES OF PROCESSING PERSONAL DATA

  1. The Company processes your personal data for
    the following purposes:
    2.1. for the purpose of pursuing legitimate interests, including the proper management and administration of the website, monitoring its traffic, ensuring its security, improving its performance, facilitating the search for information, and ensuring the provision of requests from Data Subjects, as well as for the purpose of marketing and marketing purposes (by means of sending newsletters with the Data Subject’s consent).
  1. For the purpose set out in point 2 of this Policy, the Company collects and processes the following data:
    3.1. Personal data: name or first and last name (if provided by you);
    3.2. Contact data: e-mail address, telephone number, address (if provided by you);
    3.3. Other personal data/information provided to the Company by you in the enquiry/order; 3
    .4. Other personal data of newsletter recipients (if provided by you).

CHAPTER III

COLLECTION AND PROCESSING OF PERSONAL DATA

  1. Personal data is obtained from you when you are required to provide such data by law or when you voluntarily provide such data.
  2. The Company also processes your personal data when you contact the Company by e-mail, by submitting a request on the Company’s website, by subscribing to the Company’s newsletter, by sending information to the Company’s contacts on the Company’s website, or on the Company’s social media accounts. In such cases, the Company processes your data in order to administer requests and/or send newsletters, to ensure the quality of the services provided, and to defend and protect its legitimate interests.
  3. Irrespective of the manner in which the data are collected, they shall be kept only to the extent and for the period of time necessary to achieve the objectives set out, but not longer than the periods set out in the Index of General Document Retention Periods in the current version approved by Order of the Chief Archivist of Lithuania No. V-100 dated 9 March 2011 or in any other legal acts. Data submitted in response to requests on the website shall be stored for a maximum period of three years after the response to the request has been submitted and shall be destroyed thereafter.

CHAPTER IV

RIGHTS OF THE DATA SUBJECT

  1. 7.1. to know/be informed about the processing of your personal data; 7
    .2. to have access to your personal data and its processing. You have the right to request information from the Company about what and for what purpose your personal data is processed; 7
    .3. If you discover that the Company is processing inaccurate or incomplete personal data about you, you have the right to request the rectification or completion of such personal data; 7
    .4. Request the erasure of your personal data (“right to be forgotten”). You have the right to request the Company to erase your personal data on one of the following grounds:
    7.4.1. the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    7.4.2. you have withdrawn the consent on which the processing was based and there is no other legal basis for the processing of your personal data; 7
    .4.3. you object to the processing of the personal data and there are no overriding legitimate grounds for processing; 7
    .4.4. the personal data has been processed unlawfully.
    7.5 Request restriction of the processing of your personal data. you have the right to request the Company to restrict the processing of your personal data on one of the following grounds:
    7.5.1. you contest the accuracy of the data for a period of time within which the Company can verify the accuracy of the personal data;
    7.5.2. the processing of the personal data is unlawful and you do not consent to the erasure of the data and instead request the restriction of its use; 7
    .5.3. the Company no longer needs the personal data for the purposes of the processing, but needs them for the establishment, exercise or defence of legal claims; 7
    .5.4. you have objected to the processing, pending verification that the Company’s legitimate reasons override those of the data subject.
    7.6. to object to the processing of personal data. You have the right to object to the processing of certain optional personal data about you. Such objection may be expressed by not completing certain sections of the documentation, as well as by subsequently submitting a request to stop the processing of your optional personal data. The company will provide you with information at your request as to which of your personal data is processed on an optional basis. Upon receipt of a request to cease processing personal data that is not subject to optional processing, the Company shall immediately cease such processing, unless this is contrary to legal requirements, and shall inform you thereof;
    7.7. Transfer of data, i.e., you have the right to receive personal data relating to you that you have provided to the Company in a structured, commonly used and computer-readable format, and you have the right to have that data transferred to another controller, which the Company must not impede.

CHAPTER V

MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA

  1. When storing personal data, the Company shall implement and ensure appropriate organisational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure or any other unauthorised processing.
  2. Only those persons who have a right of access to such data have access to your personal data collected and processed by the Company and only when it is necessary for the purposes set out in this Policy.
  3. The company ensures proper network management, maintenance of information systems and implementation of other technical measures necessary to protect your personal data.

CHAPTER VI

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

  1. Your personal data may be disclosed to third parties who provide services to the Company to ensure the operation and maintenance of the information systems used by the Company. In such cases, your personal data is only disclosed to third parties to the extent necessary for the proper provision of their services.
  2. Your personal data may be disclosed to law enforcement authorities in accordance with the procedure provided for by the legislation of the Republic of Lithuania.
  3. In all other cases, your personal data may only be disclosed to third parties with your consent.

CHAPTER VII

USE OF COOKIES

  1. The information collected by cookies allows the Company to improve the performance of the website, ensuring that you can find information easily and efficiently.
  2. The main cookies used on the Company’s website are:
Cookie name Purpose of processing Cookie type Period of validity
_ga This cookie is set by Google Analytics. The cookie is used to distinguish users, calculate visitor, session and campaign data and to monitor statistical analysis of website usage. Cookies store information anonymously and assign a randomly generated number to identify unique visitors. Statistics cookie 1 year 1 month 4 days
_GA_* “Google Analytics uses this cookie to store and count page views. Statistics cookie 1 year 1 month 4 days
_gcl_au Google Tag Manager is used to test the effectiveness of ads on websites that use their services. Statistics cookie 3 months
cmplz_banner-status A cookie used to remember whether the user has closed the cookie notification bar. Functionality cookie 1 year
cmplz_consent_mode Used to set the consent mode (e.g. functionality, storage, etc.) Functionality cookie 1 year
cmplz_consented_services Records the services for which the user has agreed to use cookies. Functionality cookie 1 year
cmplz_functional This cookie protects the consent of functionality cookies. Functionality cookie 1 year
cmplz_marketing This cookie protects the consent for marketing cookies. Marketing cookie 1 year
cmplz_policy_id Used to record the current version of the privacy policy. Functionality cookie 1 year
cmplz_preferences Protects choices related to cookie preferences. Functionality cookie 1 year
cmplz_statistics This cookie protects the consent of statistical cookies. Statistics cookie 1 year
pll_language The cookie is used to remember the language chosen by the user on the website. Functionality cookie 1 year
  1. Consent to the use of cookies is given by clicking on the “I AGREE” button on the website, when a message appears saying “To improve the quality of your browsing experience, this website uses cookies for statistical and marketing purposes, which you can cancel at any time by changing your browser settings and deleting the cookies you have saved.”
  2. You can withdraw your consent at any time by changing your browser settings and deleting the cookies you have saved. How you do this depends on the operating system and web browser you are using.
  3. If you delete the cookies you have saved, some of the features of the Company’s website may not work as intended.

CHAPTER VIII

SENDING NEWSLETTERS

  1. With the Data Subject’s consent, the Company may send newsletters to the Data Subject for marketing and marketing purposes, containing information about goods for sale, services provided, training or seminars and other direct marketing content.
  2. The Company sends newsletters to the Data Subject no more than once a week and only with the prior consent of the Data Subject, expressed in electronic form and by an active action, i.e. by filling in the appropriate form on the Company’s website and indicating the email address where the Data Subject wishes to receive the newsletters.
  3. The Company shall send newsletters to the Data Subject until the Data Subject’s consent is withdrawn.
  4. The data subject shall be given the opportunity to easily opt-out of receiving newsletters and to object to further such direct marketing content. This option is made available to the Data Subject by clicking on a link in the email itself.
  5. If the Data Subject opts out of receiving further Company newsletters containing direct marketing content, the newsletters shall no longer be sent to the Data Subject.

CHAPTER IX

CHANGES TO THE PRIVACY POLICY

  1. This Policy is regularly reviewed and updated, and changes are published on the website: www.artforus.lt.

CHAPTER X

CONTACT INFORMATION

  1. If you have any questions, comments or complaints regarding the Company’s collection, use and storage of your personal data, please contact us at info@artforus.lt.
  2. You can submit a request/complaint regarding a product or service purchased from the company to the State Office for the Protection of Consumer Rights (A. Goštauto str. 12, 01108 Vilnius, e-mail: tarnyba@vvtat.lt, tel. (8 5) 2626760, on the website www.vvtat.lt (also for territorial units of the State Consumer Rights Protection Service in the regions) – whether to fill out the application form on the EGS platform http://ec.europa.eu/odr/ or in the Consumer Rights Information System (VTIS)