PRIVACY POLICY

PRIVACY POLICY

1. UAB Megamas, legal entity code: 168659620, registered office address: Berniūnai, LT-38365, Panevėžys District (hereinafter referred to as the Company), respects every person’s privacy and the protection of their personal data, so it has prepared this Privacy Policy, that, inter alia, will act as a basis for the Company when processing the personal data provided to the Company by customers and employees. By using the services of the megamas.lt website, the individual confirms that he or she has read, understood and accepted this Privacy Policy.

General provisions

1. This Privacy Policy (hereinafter referred to as the Policy) governs, inter alia, the collection, processing and storage of personal data carried out by the Company as the data controller.
2. The company is engaged in the production and sale of Scandinavian- and European-style wooden windows and accessories, wooden external doors, folding and sliding patio door systems, and solid wood and natural wood veneer internal doors. For the provision of these services, the Company processes personal data in accordance with the legal bases and purposes of processing set forth in the Policy, as well as with the legislation that is applicable to the Company.
3. This Policy is intended for individuals who use or intend to use the Company’s services, or who visit the megamas.lt website.

Principles of personal data processing

1. The Company processes personal data in accordance with the European Union General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the Regulation), the Republic of Lithuania Law on Legal Protection of Personal Data, and other legislation regulating the processing of personal data.
2. The scope of personal data processed depends on the Company’s services that are ordered or used, as well as the information provided by the website visitor in ordering and/or using the Company’s services, or visiting or registering on the website.
3. The Company shall adhere, inter alia, to the following core principles of data processing:

• Personal data shall only be collected for explicit and legitimate purposes.
• Personal data shall only be processed lawfully and fairly.
• Personal data shall be kept up to date.
• Personal data shall be stored in a secure manner for no longer than is required by the established purposes of data processing or legislation.
• Personal data shall only be processed by those employees of the Company who are authorised to do so according to their job functions.

1. Data shall only be processed at the Company in the presence of one or more legitimate processing criteria: (i) in order to ensure the provision of services according to a contract (i.e. for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract); (ii) upon obtaining the consent of the data subject; (iii) where processing is necessary for compliance with a legal obligation to which the controller is subject; (iv) where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (v) where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (see Article 6(1) of the Regulation http://www.privacy-regulation.eu/en/article-6-lawfulness-of-processing-GDPR.htm).
2. In processing and storing personal data, the Company implements organisational and technical measures which ensure the protection of the personal data against accidental or unlawful destruction, alteration and disclosure, as well as any other unlawful processing. Access to the personal data being processed by the Company is only given to the Company’s employees and support service providers for whom it is necessary for the performance of job functions or the provision of services to the Company.
3. The Company’s customers or potential customers, employees and other natural persons are responsible for ensuring that the personal data they provide is accurate, correct and complete. If there is a change in the personal data that they submitted, they must inform the Company immediately. The Company will not be liable for any damage caused to an individual and/or third parties due to the fact that the person gave incorrect and/or incomplete personal data, or did not ask for the data to be supplemented and/or modified upon changing.

Sources of personal data

1. Personal data is usually obtained directly from the data subjects (the Company’s existing and potential customers and employees), who provide them when visiting the website, using the services provided by the Company, providing services to the Company, or working for or seeking employment with the Company.
2. Personal data may also be obtained from third parties (e.g. temporary employment agencies, companies providing recruitment services, public authorities and registers), in cases provided for by legislation or on the basis of consent.
3. Although customers are not required to provide any personal data to the Company, it is possible that certain services will not be able to be provided to them, or that they will not be able to be employed by the Company if personal data are not provided.

The purposes of the processing of personal data

1. The Company processes personal data for the following main purposes:

• For the purpose of administering and executing contractual relationships, in order to properly fulfil contractual obligations and maintain relationships with suppliers, partners and customers in developing business, providing services and collaborating;
• For providing the services specified on the website;
• For the purpose of the Company’s internal and employee administration;
• For direct marketing and marketing purposes;
• For complying with legislative requirements in waste management and other areas and providing data to public authorities (data controllers);
• For the purpose of ensuring the security of the Company’s facilities and property, the Company’s production and common areas are equipped with video surveillance.

The provision of personal data and their recipients

1. The Company has the right to transfer the personal data of its customers’ representatives or employees to third parties who need to process customers’ personal data for the purposes set out by this Policy or by legislation.
2. The Company undertakes to transfer customer data to third parties only to the extent and in the cases necessary for the provision of the relevant services and/or the fulfilment of legislative obligations. If personal data are not necessary for the provision of a particular service, they shall not be transferred. The Company shall transfer personal data to the aforementioned third parties on the basis of a data provision agreement or a specific piece of legislation, in strict compliance with legislative requirements.
3. The Company undertakes to respect the duty of confidentiality with respect to the personal data of existing and potential customers and employees. Personal data may only be disclosed to third parties if this is necessary for the conclusion and execution of a contract in the interest of the data subject or for other legitimate reasons.
4. The Company may submit the personal data being processed to data processors (subcontractors) which provide the Company with IT, accounting, debt collection or other ancillary services and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the instructions of the Company and only to the extent necessary for the proper fulfilment of their contractual obligations. The Company shall only use data processors who provide reasonable assurance that appropriate technical and organisational measures will be implemented in such a way that the data processing complies with the requirements of the Regulation and ensures the protection of the rights of the data subject.
5. The Company may also submit customer data in response to requests from courts, judicial officers or public authorities, to the extent necessary for due compliance with applicable legislation and instructions from public authorities.

The processing of personal data for direct marketing purposes

1. For direct marketing purposes, the Company may process the data subject’s contact details. Consent for personal data to be used for direct marketing purposes is given by e-mail to info@megamas.lt, by subscribing to the Company’s newsletter, by subscribing to news on the Company’s social media accounts, by leaving consent on the Company’s website (by ticking the box), by signing a questionnaire or contract with the Company, or by informing the Company’s administration in other written form. Giving consent to direct marketing is voluntary; it is not a condition of contractual relations with the Company and does not affect the relationship between the data subject and the Company.
2. The Company may send informational messages if the individual has consented to the Company using his or her data for direct marketing purposes, and to the Company’s customers without separate consent for the marketing of similar services, provided that they are given a clear, free and easy way to object to or refuse such use of contact details, and that they did not initially object to such use of the data, when sending each message.
3. For direct marketing purposes, the Company may send messages via e-mail.
4. An individual may cancel consent to direct marketing at any time by informing the Company thereof by e-mail (info@megamas.lt) or by contacting the Company in another way.

Personal data retention period

1. Personal data collected by the Company are stored in printed documents and/or in the Company’s information systems in electronic format. Personal data shall be processed for no longer than is necessary for the purpose of processing, or no longer than is required by the data subjects and/or is provided for by legislation. Usually, personal data is processed for 10 years after the termination of the contractual relationship.
2. Even if a customer terminates a contract or cancels the Company’s services, the Company must continue to store the personal data of the customer’s representatives until the data retention periods have expired, for the sake of claims or legal actions that may come about in the future.
3. The Company makes an effort not to store outdated or redundant information, and to ensure that personal data and other information about customers is constantly updated, correct and destroyed in a timely manner.

The rights of data subjects

1. The data subject has, inter alia, the following rights:

• To receive information about the personal data being processed by the Company, from where and in what way personal data are collected, and on what basis they are processed;
• To contact the Company with a request to correct his or her personal data, to suspend their processing or to destroy them if the data are incorrect, incomplete or inaccurate, or if they are no longer necessary for the purposes for which they were collected. In this case, the data subject must submit a request, upon receipt of which the Company will verify the information provided and take appropriate action. It is very important for the Company that the personal data it holds is accurate and correct;
• To contact the Company with a request to destroy the personal data or to suspend the processing of such personal data, other than storage, in the case where the individual, having become acquainted with the personal data, determines that the personal data are being processed unlawfully or unfairly;
• To object to personal data being processed when said data are being or are planned to be processed for direct marketing purposes or for a legitimate interest pursued by the Company or a third party to whom the personal data are being provided;
• To withdraw, at any time, his or her consent to the processing of personal data for direct marketing purposes;
• If the data subject is concerned about the Company’s actions (omissions) that may not comply with the requirements of this Policy or legislation, he or she may contact the Company to receive free assistance.

1. An individual may exercise all of his or her rights as a data subject by applying to the Company by e-mail at info@megamas.lt.
2. If the customer is unable to resolve the matter with the Company, he or she has the right to apply to the State Data Protection Inspectorate (ada.lt), which is responsible for the supervision and control of personal data protection legislation.

Cookies

1. In order to improve the website experience, the Company may use cookies – small text data files that are automatically created when the visitor browses the website and are stored on the visitor’s computer or other device.
2. The information collected by cookies makes it possible to ensure more convenient browsing on the Company’s website, as well as to learn more about the behaviour of visitors to the Company’s websites, analyse trends, and improve both the website and the services or information provided by the Company. The Company processes depersonalised personal data with the help of cookies.
3. Website visitors who do not agree to cookies being stored on their computer or other device can change their browser settings and either disable all cookies, or disable or enable them one by one. However, the Company would like to note that in some cases this may reduce website browsing speed, restrict the operation of certain features of the website, or block access to some pages of the website. More detailed information about the cookies that are used on the Company’s website is available at org or www.google.com/privacy_ads.html.

Cookies used on the website

 Final provisions

1. This Policy is governed by the laws of the Republic of Lithuania and the European Union.
2. The Company reserves the right to change this Policy, so we kindly ask website visitors to periodically check for changes to the Policy and to review its amended or new provisions.

Wishing you a pleasant browsing experience!

UAB Megamas