Privacy policy – 12eat – Savitarnos krautuvėlių tinklas

General provisions

UAB „Šviežia stotelė“, legal entity code 303248908, registered office address: Saltoniškių str. 31-302, LT-08105 Vilnius, Lithuania, tel. No .: +370 616 42 399, e-mail p .: info@12eat.lt. (hereinafter referred to as the Šviežia stotelė, the Company) recognizes that the protection of personal data is important for our customers, suppliers, partners and other persons whose personal data is processed (hereinafter – data subjects), therefore protects the privacy of each data subject with great responsibility and care.

This privacy notice sets out how the Šviežia stotelė handles the personal data of data subjects, including information on what personal data is processed, how it is collected and further processed, how long it is stored, to whom it is granted, what rights data subjects have and where to apply for its enforcement or other issues related to the processing of personal data.

The privacy statement is prepared in accordance with the following legislation:

2016 of the European Parliament and of the Council April 27 Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as BDAR or the Regulation);
2018 June 30 Law of the Republic of Lithuania on Legal Protection of Personal Data no. XIII-1426 (hereinafter – ADTAĮ);
2004 April 15 Law on Electronic Communications of the Republic of Lithuania No. IX-2135;

How do we collect your data?

How we collect your data depends on the services we provide to you or the nature of our cooperation.

Šviežia stotelė processes the data:

Received directly from the data subject (you), e.g. when you send us inquiries or notices to the specified contacts, you sign cooperation agreements with us, or you send us your CV when applying for vacancies;
which are generated when you use our services, such as when you use our network and services, i.e. you make phone calls, send short messages (SMS), browse the Internet, visit our websites, etc .;
which we receive from other sources, such as on a case-by-case basis, from other institutions or companies, i.e. banks, publicly available registers, credit bureaus (eg UAB Creditinfo), insurance companies, labor exchanges, etc.

For what purposes and what personal data do we process?

Purpose of data collection	Legal basis	Categories of personal data processed	Data retention period
Recruitment	Consent, legitimate interest, steps to enter into a contract	Name, surname, age, year of birth, contacts, education, qualification, work experience, hobbies.	Until the end of the selection
Workplace creation and administration	Fulfilling a contract	Name, surname, address, personal identification number, contacts, bank account no.	Until the end of the employment contract and in accordance with the laws of the Republic of Lithuania
Customer contract administration	Fulfilling a contract	Name, position, contacts, information contained in orders or communications.	Until the end of the contract and within the terms provided by the laws of the Republic of Lithuania.
Contract administration of suppliers of goods and services	Fulfilling a contract	Position of contact persons, name, surname, contacts, information contained in orders or communication.	Until the end of the contract and within the terms provided by the laws of the Republic of Lithuania.
Direct marketing	Consent	Duties, name, surname, contacts of contact persons.	By giving up direct marketing
Customer Satisfaction Service Survey Data Analysis	Consent	IP address.	12 months after completion of the survey
Instant video filming for property protection purposes	Legitimate interest	The image captured by the video cameras.	Not protected
Social network accounts	Consent	Name, surnames, contacts, photos, videos, information in the communication.	Until the user is a follower of Šviežia stotelė accounts
Competitions	Consent	Name, surname, contacts	Until the prize is awarded to the winner of the competition
Video filming for property protection purposes in a warehouse	Legitimate interest	The image captured by the video cameras.	14 days
Car GPS	Legitimate interest	Car distance traveled, addresses, time, refueling, aggressive driving	12 months

How do we protect your data?

Šviežia stotelė Šviežia stotelė has implemented appropriate technical and organizational measures to ensure a level of security in the processing of the data. When selecting and implementing appropriate technical and organizational measures to ensure the security of data processing, the Company follows the ENISA guidelines, good information security practices, “Guidelines for the implementation of appropriate organizational and technical data security measures for personal data controllers and processors” prepared by VDAI: https://vdai.lrv.lt/uploads/vdai/documents/files/Rekomend_tech_priemones_gaires_2018.pdf

Who do we provide your data to?

For data processing, the Šviežia stotelė uses only those data controllers who ensure compliance with the BDAR and the same level of security of personal data as set out in the Šviežia stotelė Personal Data Policy.

Here is a list of categories of data recipients used by Šviežia stotelė:

UAB Mantinga group of companies.
our professional advisors, auditors;
banks, transport organizations or other legal and / or natural persons, if the transactions between us require the provision of bank financing, cargo transportation and / or other type of service;
notaries, if the contract concluded with you requires a notarial form;
bailiffs, entities providing legal and / or debt collection services, entities taking over the right of claim; joint debtors’ data file managers;
companies providing data centers, hosting, cloud, website administration and related services, software developers, providing, maintaining and developing companies, companies providing information technology infrastructure services, companies providing communication services;
companies providing advertising and marketing services;
companies providing archiving, physical and / or electronic security, asset management and / or other business services;
to other third parties in connection with the sale, merger, acquisition or reorganization of all or part of our business, or in connection with similar changes;
in accordance with the procedure prescribed by law, to state institutions: the State Tax Inspectorate, the Center of Registers, the Social Security, the Labor Exchange, etc .;
law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution authorities; tax administrators.

We normally process and store personal data of data subjects within the European Union or the European Economic Area (EU / EEA), but we may also transfer personal data outside the EU / EEA when this is necessary to achieve the purposes for which the data are collected and managed.

Without the consent of the data subject, we may transfer the data of that person outside the EU / EEA if at least one of the following measures is implemented:

The European Commission has recognized that the state ensures an adequate level of protection of personal data;
The recipient of the data in the United States is certified in accordance with the requirements of an EU-US agreement called the “Privacy Shield”;
The contract is concluded in accordance with the standard conditions approved by the European Commission,
Compliance with codes of conduct or other safeguards under the General Data Protection Regulation.

What rights do you have?

In accordance with the provisions of the BDAR, you, as a data subject, can exercise the following rights:

Right of access to personal data. T.y. make a request for information on whether your personal data is being processed, and if personal data is being processed, you have the right to access your personal data being processed.
The right to rectify personal data. T. y. make a request to correct your personal data if you find that the personal data we process is incorrect, incomplete or inaccurate.
The right to delete data (the right to be “forgotten”). T. y. request the deletion of your personal data if you believe that your data has been processed illegally or fraudulently.
Right to restrict data processing. T. y. Request to restrict (suspend) the processing of your personal data other than storage – in case, for example, you request the rectification of your personal data (while the accuracy of the personal data is checked and / or corrected), it is established that the personal data is processed unlawfully and you do not consent to the deletion of the data, you have expressed your consent to the processing of your personal data, etc.
Right to data transfer. T. y. make a request to transfer your personal data, which is processed by automated means, to you and / or another data controller in a structured, commonly used and computer-readable format.
Right to object to data processing. T. y. to express disagreement with the processing of personal data when the data is processed on a legal basis of Mantinga legitimate interest or public interest.
The right to claim that you are not subject to a decision based solely on automated data processing, including profiling, which has legal consequences for you or which has a significant effect on you in a similar way;
The right to withdraw our consents at any time regarding the processing of personal data, e.g. for direct marketing.
You have the right to refuse to provide your personal data, but the provision of your personal data is necessary and indispensable for the purposes set out in this Privacy Notice, so if you do not provide your personal data, Fresh Stop may fail to achieve the purposes listed.

How can you exercise your rights?

You can exercise your rights:

By sending us a free-form request by e-mail. email address info@12eat.lt. The application must be signed and scanned, as well as a copy of an identity document, so that we can verify your identity.
By sending the application by registered mail to the address Saltoniškių st. 31-302, LT-08105 Vilnius, indicating that the letter is addressed to the Director General. The application must be signed. The application must be accompanied by a copy of your identity document.

The request must be legible, signed, state the name, address and other details of the data subject in the desired form of communication, information on which of the data subject’s rights and to what extent the data subject wishes to exercise.

In exceptional cases, in case of suspicion of the identity of the data subject, we reserve the right to request additional information that would help us to verify the identity of the requesting person, e.g. answer additional questions related to our cooperation, submit notarized documents, etc.

We will provide a response to your request no later than within 30 (thirty) calendar days from the date of receipt of the request. In exceptional cases requiring additional time, we will, after notifying you, have the right to extend the deadline for submission of the requested data or examination of other requirements specified in your request to 60 (sixty) calendar days from the date of your request.

Šviežia stotelė shall have the right to refuse to process a data subject’s request if it finds that the requests are manifestly unfounded or disproportionate, in particular because of their repetitive content.

If the solution cannot be found together, you have the right to apply to the State Data Protection Inspectorate (www.vdai.lrv.lt), which is responsible for the supervision and control of legal acts regulating the protection of personal data.

Where can you go for questions about personal data?

If you have any questions regarding the information contained in this privacy statement or the protection of your personal data and the exercise of your rights at the Fresh Station, including notifications of personal data breaches, please contact the Director General of the Fresh Station by any means convenient to you:

mail: info@12eat.lt;
by phone: +370 616 42 399;
in writing at Saltoniškių st. 31-302, LT-08105 Vilnius

What cookies and how do we use them?

A cookie is a small text file that a website saves in the browser of your computer or mobile device when you visit the website. It allows your website to “remember” your actions and options (such as registration name, language, font size, and other display options) for a period of time so that you don’t have to re-enter them each time you visit the site or browse its various pages.

The information collected by cookies allows us to ensure your ability to browse more conveniently, as well as learn more about the behavior of users of the website, analyze trends and improve the website.

List of cookies used on the website:

Cookie	Domain	Description	Duration	Type
_ga	.12eat.lt	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site”s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.	1 years 20 days 8 hours 56 minutes	Analytics
_gid	.12eat.lt	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.	1 years 19 days 15 hours 27 minutes	Analytics
_gat	.12eat.lt	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites.	1 years 19 days 15 hours 25 minutes	Performance
woosw_key	.12eat.lt	Server cookie used for HTTPS	1 years 19 days 15 hours 35 minutes	Other
__cfduid	.cookieinfoscript.com	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.	1 years 30 days	Necessary
__cf_bm	.cookieinfoscript.com	This cookie is set by CloudFare. The cookie is used to support Cloudfare Bot Management.	1 years 19 days 15 hours 25 minutes	Functional
we-love-cookies	.12eat.lt	Acceptance of the rules	Until deleted	Analytical