Privacy policy

PRIVACY POLICY

The purpose of this Privacy Policy is to inform how the personal data of data subjects is collected and processed, to explain how long it is stored, to whom it is provided, what rights the data subjects have, and where to apply regarding the enforcement of those rights or other matters related to the processing of personal data.

Personal data is processed in accordance with the General Data Protection Regulation of the European Union (EU) 2016/679 (hereinafter – the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating the protection of personal data.

Uždaroji akcinė bendrovė “Bizea” follows these main principles of data processing:

personal data is collected only for clearly defined and legitimate purposes;
personal data is processed lawfully and fairly;
personal data is constantly updated;
personal data is stored securely and no longer than required by the determined data processing purposes or legal acts;
personal data is processed only by the employees of the Company who have the right to do so according to their job functions or by duly authorized data processors.

1. DEFINITIONS

1.1. Data Controller – Uždaroji akcinė bendrovė “Bizea” (hereinafter – the Company), legal entity code 110882526, registered office address: Marių g. 8, Paketurių k., Kupiškio sen., Kupiškio r. sav.

1.2. Data Subject – any natural person whose data is processed by the Company. The Data Controller collects only the data of the data subject that is necessary for the Company’s activities and/or when visiting, using, browsing the Company’s websites (hereinafter – the Website). The Company ensures that the personal data collected and processed will be secure and used only for specific purposes.

1.3. Personal Data – any information directly or indirectly related to the data subject whose identity is known or can be directly or indirectly identified by the relevant data. The processing of personal data involves any operation with personal data (including collection, recording, storage, editing, alteration, access, querying, transmission, archiving, etc.).

1.4. Consent – any freely given, specific, informed, and unambiguous confirmation by which the data subject agrees to the processing of their personal data for a specific purpose.

2. SOURCES OF PERSONAL DATA

2.1. The data subject provides personal data themselves. The data subject contacts the Company, uses the Company’s services, purchases goods and/or services, leaves comments, asks questions, subscribes to newsletters, requests information from the Company, and so on.

2.2. Personal data is obtained when the data subject visits the Company’s website. The data subject fills out forms or for some reason leaves their contact information and so on.

2.3. Personal data is obtained from other sources. Data is obtained from other institutions or companies, publicly accessible registers, and so on.

3. PROCESSING OF PERSONAL DATA

3.1. By providing personal data to the Company, the data subject agrees that the Company will use the collected data to fulfill its obligations to the data subject and to provide the services the data subject expects.

3.2. The Company processes personal data for the following purposes:

3.2.1. Sale of the Company’s goods (tools, etc.), provision of equipment repair services, administration of the Company’s debtors. For these purposes, the following data is processed:

1. - When selling the Company’s goods (tools, etc.), the personal data of customers (natural persons) may be processed: name(s), surname(s), phone number, email address, home address, bank account details, bank, and other data related to the sale of goods.
  - When providing equipment repair services, the personal data of customers (natural persons) may be processed: name(s), surname(s), phone number, email address, home address, bank account details, bank, and other data related to the provision of services.
  - In the administration of the Company’s debtors, when debts are handed over for recovery, the personal data of customers (debtors, natural persons) may be processed: name(s), surname(s), home address, email address, debt amount, information about provided services and/or sold goods, and other data related to the debt.
  - Contracts, VAT invoices, and other related documents are stored according to the terms set in the General Document Retention Index approved by the Chief Archivist of Lithuania.
  - Data related to the administration of the Company’s debtors is stored no longer than necessary for the purposes for which the personal data is processed.
  - The legal basis for data processing is the necessity to fulfill a contract to which the customer as a data subject is a party, or to take steps at the request of the customer prior to entering into a contract (Article 6(1)(b) of the GDPR), where certain personal data is required by law (Article 6(1)(c) of the GDPR) and the necessity to pursue the legitimate interests of the Company to improve its business operations and success (Article 6(1)(f) of the GDPR).

3.2.2. The Company’s business continuity and operational assurance. For this purpose, the following data is processed:

For the purpose of contract conclusion and execution, the personal data of suppliers (natural persons) may be processed: name(s), surname(s), personal code or date of birth, home address, phone number, email address, workplace, position, signature, business license data (activity type, group, code, name, activity periods, issue date, amount), individual activity certificate number, data on whether the data subject is a VAT payer, bank account, and bank, amount and currency of goods/services, and other data provided by the person, which the Company receives in accordance with legal acts or is required to process by law.
For the purpose of contract conclusion and execution, the personal data of supplier representatives may be processed: name(s), surname(s), phone number, email address, company name, address, position, power of attorney data (number, date, authorized person’s date of birth, signature).
Contracts, VAT invoices, and other related documents are stored according to the terms set in the General Document Retention Index approved by the Chief Archivist of Lithuania.
The legal basis for data processing is the necessity to fulfill a contract to which the customer as a data subject is a party, or to take steps at the request of the customer prior to entering into a contract (Article 6(1)(b) of the GDPR), where certain personal data is required by law (Article 6(1)(c) of the GDPR).

3.2.3. Inquiries, comments, and complaints. For this purpose, the following data is processed:

Name(s), surname(s), and/or username, email address, phone number, address, inquiry, comment, or complaint subject, text of the inquiry, comment, or complaint.
Inquiry, comment, and complaint data is stored for 1 year from the date of submission.
The legal basis for data processing is the necessity to pursue the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, especially when the data subject is a child (Article 6(1)(f) of the GDPR) and the data subject’s consent (Article 6(1)(a) of the GDPR).

3.2.4. Direct marketing. For this purpose, the following data is processed:

Name(s), surname(s), home address, email address, phone number.
Data is stored for 5 years from the date of consent. This period may be extended if personal data is used or may be used as evidence or an information source in pre-trial or other investigations, including investigations conducted by the State Data Protection Inspectorate, civil, administrative, or criminal cases, or in other cases established by law. In such cases, personal data may be stored for as long as necessary for these data processing purposes and destroyed immediately when no longer needed.
The legal basis for data processing is the data subject’s consent (Article 6(1)(a) of the GDPR) and the necessity to pursue the legitimate interests of the Company to improve its business operations and success (Article 6(1)(f) of the GDPR).

3.2.5. To ensure the safety of the Company’s employees, other data subjects, and property (video surveillance). For this purpose, the following data is processed:

Video footage. Video surveillance systems do not use facial recognition and/or analysis technologies, and video data captured by them is not grouped or profiled based on a specific data subject (person). The data subject is informed of video surveillance by information signs with a camera symbol and the Company’s details, provided before entering the monitored area and/or premises. The video cameras do not monitor premises where the data subject expects absolute privacy protection.
Video surveillance data (video data) is stored for up to 14 (fourteen) days from the moment of recording, after which it is automatically destroyed, except in cases where there is reason to believe that an offense, criminal act, or other illegal activity has been recorded (until the corresponding investigation and/or case is completed).
The legal basis for data processing is the necessity to pursue the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, especially when the data subject is a child (Article 6(1)(f) of the GDPR).

3.2.6. For other purposes, the Company has the right to process the data subject’s personal data when the data subject has expressed their consent, when it is necessary for the Company’s legitimate interest, or when the processing is required by law.

4. DISCLOSURE OF PERSONAL DATA

4.1. The Company undertakes to maintain confidentiality with respect to the data subjects. Personal data may be disclosed to third parties only when necessary for the conclusion and performance of a contract in the data subject’s favor or for other legitimate reasons.

4.2. The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only according to the Company’s instructions and only to the extent necessary to fulfill the obligations specified in the contract. The Company uses only those data processors who ensure adequate implementation of technical and organizational measures to ensure that the processing complies with the Regulation and guarantees the protection of the data subject’s rights.

4.3. The Company may also provide personal data in response to court or government requests to the extent necessary to comply with applicable laws and governmental instructions.

4.4. The Company guarantees that personal data will not be sold or rented to third parties.

5. PROCESSING OF MINORS’ PERSONAL DATA

5.1. Persons under the age of 14 cannot provide any personal data via the Company’s website. If a person is under the age of 14 and wishes to use the Company’s services, written consent from one of the representatives (parent or guardian) is required for the processing of personal data before submitting any personal information.

6. PERSONAL DATA RETENTION PERIOD

6.1. The personal data collected by the Company is stored in printed documents and/or in the Company’s information systems. Personal data is processed no longer than necessary for the purposes for which the data is processed or as required by the data subjects and/or legal acts.

6.2. Although the data subject may terminate the contract and refuse the Company’s services, the Company must continue to store the data subject’s data for potential future claims or legal proceedings until the data retention periods expire.

7. RIGHTS OF THE DATA SUBJECT

7.1. The right to receive information about data processing.

7.2. The right to access processed data.

7.3. The right to request rectification of data.

7.4. The right to request deletion of data (“The right to be forgotten”). This right does not apply if the personal data requested to be deleted is processed on another legal basis, such as processing necessary for the performance of a contract or fulfilling obligations under applicable laws.

7.5. The right to restrict data processing.

7.6. The right to object to data processing.

7.7. The right to data portability. The right to data portability must not negatively affect the rights and freedoms of others. The data subject does not have the right to data portability for personal data processed in non-automated, structured records, such as paper files.

7.8. The right to request that no decision be made solely based on automated processing, including profiling.

7.9. The right to file a complaint about data processing with the State Data Protection Inspectorate.

8. The Company must provide the data subject with the means to exercise the aforementioned rights, except in cases stipulated by law where national security or defense, public order, crime prevention, investigation, detection, or prosecution, important state economic or financial interests, the prevention of misconduct or violations of professional ethics, the rights and freedoms of the data subject or other persons must be ensured.

9. PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT

9.1. The data subject may contact the Company regarding the exercise of their rights:

9.1.1. by submitting a written request in person, by post, through a representative, or by electronic means of communication – by email: info@bizea.lt;

9.1.2. verbally – by phone: +370 459 35 224;

9.1.3. in writing – at the address: Marių g. 8, Paketurių k., Kupiškio sen., Kupiškio r. sav.

9.2. The data subject may also contact the Company’s data protection officer by email: armanda@bizea.lt.

9.3. To protect data from unauthorized disclosure, the Company, upon receiving a request from the data subject to provide data or exercise other rights, must verify the identity of the data subject.

9.4. The Company’s response to the data subject must be provided no later than one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the personal data processing. This period may be extended for another two months if necessary, considering the complexity and number of requests.

10. RESPONSIBILITIES OF THE DATA SUBJECT

10.1. The data subject must:

10.1.1. inform the Company about changes in the information and data provided. The Company must have accurate and valid information about the data subject;

10.1.2. provide the necessary information so that, upon receiving a request from the data subject, the Company can identify the data subject and ensure that it is communicating or collaborating with the correct data subject (provide a valid identity document or follow the procedure established by legal acts or electronic means of communication that allow proper identification of the data subject). This is necessary to protect the data of the data subject and other persons so that the information disclosed about the data subject is provided only to the data subject without infringing on the rights of others.

11. FINAL PROVISIONS

11.1. By providing personal data to the Company, the data subject agrees with this Privacy Policy, understands its provisions, and agrees to comply with it.

11.2. In the course of the Company’s development and improvement, the Company reserves the right to unilaterally amend this Privacy Policy at any time. The Company has the right to unilaterally amend the Privacy Policy in whole or in part by announcing it on the website https://bizea.lt/.

11.3. Amendments or changes to the Privacy Policy take effect from the day they are published, i.e., from the day they are posted on the website https://bizea.lt/.

NECESSARY CONSULTATION?

Privacy policy

UAB Bizea

Sales Manager for the Northwestern Region of Lithuania:

Sales Manager for Latvia and the Northeastern Region of Lithuania: