PRIVACY POLICY


                                                                                                                                      Internet shop

    

                                                                                                                                     www.ambelts.lt  

                                                                                                             



The online store www.ambelts.lt ensures that personal data is processed in a lawful, fair and transparent manner, collected only for the purposes specified and explicitly defined by this policy, and continue to process incompatible methods.

The online store www.ambelts.lt applies organizational and technical measures that ensure adequate personal data security, including protection against data processing, permitting or unauthorized data processing and accidental loss, destruction or damage


1.   BASIC CONCEPTS


1.1. Privacy Policy - This document contains the basic rules for collecting, collecting, processing and storing personal data using ambelts.lt

1.2. The website is a site located at www.ambelts.lt, where the customer can place an order, request a request, consent to the processing of personal data for direct marketing purposes.

1.3. E-commerce - purchasing and selling goods or services online.

1.4. "Data controller" means a legal or natural person who, individually or collectively, establishes the purposes and means of processing personal data. Data controller in this Privacy Policy - Audrius Maciulevicius, Business Reference No. JR312816-1, registered office: Žėručio 8-1, Vilnius, LT-04113, contact info: e-mail. [email protected], tel. No. +370 60749306

1.5. The data subject is a client or website visitor whose personal data handler manages e-commerce, direct marketing, query administration, and loyalty programs for administration purposes.

1.6. "Data controller" means a natural or legal person who assists the controller, in accordance with his mandate, to implement the objectives set.

1.7. Personal data - physical personal data held by the controller and identifying the client or site visitor, including, but not limited to: name, email, telephone number, etc.

1.8. Data management is any action taken by personal data: collecting, recording, storing, storing, modifying (adding or editing), provisioning, use, deletion, or other action or set of actions.

1.9. Direct marketing is an activity aimed at offering goods or services by post, telephone or other direct means of offering persons, offering occasional discounts and / or asking their opinion about the goods or services offered.

1.10. "Consent" means the free expression of the act of the Data Subject to which he agrees on the processing of personal data.

1.11. The Supervisory Authority is the State Inspectorate for Personal Data Protection.


 2. GENERAL PROVISIONS


2.1. The policy provides for basic provisions for the collection, storage and management of personal data.

2.2. The data subject is considered to be familiar with this privacy policy and after reading it when he agrees to process his personal data.

2.3. This Privacy Policy is available at www.ambelts.lt. 


3. PROCEDURE FOR PURCHASE, STORAGE AND USE OF PERSONAL DATA.


3.1. The Data Subject agrees that, for e-commerce purposes, the controller will handle the following personal data:

3.1.1. name, surname

3.1.2. telephone number

3.1.3. email address

3.1.4. IP address

3.1.5. delivery address of the item

3.1.6. e-mail store account user password

3.1.7. payment / payment details of the product / service (bank account number, payment method, etc.),

3.1.8. purchase history (purchased goods and / or services, price, etc.).

3.2. In the case of goods purchased by an unregistered buyer, the controller processes the personal data above, except as specified in clause 3.1.6.

3.3. For this purpose, the personal data of registered users will be stored for 5 (five) calendar years from the last customer's login to their email address. the store's user account date, and non-registered users - for 2 (two) calendar years from the execution of the order.

3.4. The data subject is informed that the processor is used by the data processor to provide the service provider.

3.5. The data subject agrees that the request for administration purposes, when the request is submitted by e-mail. By mail, the data controller will process the following personal data relating to him:

3.5.1. name, surname

3.5.2. email address

3.5.3. comment / request.

3.6. The controller confirms that personal data processed for this purpose is not provided.

3.7. For this purpose, personal data is stored after 2 (two) calendar years from the date of submission of data.

3.8. The data subject agrees that for the purpose of direct marketing, the controller will process personal data relating to him:

3.8.1. email address

3.8.2. Phone number.

3.9. Direct Marketingan enter text or insert images or tables, if necessary.

3.10. The controller confirms that personal data is collected directly from the data subject and is not collected from other sources.

3.11. The data controller undertakes not to disclose personal data processed to third parties except in the following cases:

     3.11.1. if there is a data subject's consent to the disclosure of personal data,

     3.11.2. for the purpose of ordering or providing other services to processors who provide goods delivery or other services ordered by the buyer,

     3.11.3. law enforcement agencies in accordance with the requirements of the law,

     3.11.4. if necessary to prevent or investigate criminal offenses.


 4. IMPLEMENTATION OF DATA SUBJECT RIGHTS


4.1. The data subject grants the data controller the right to collect, manage, manage, and store personal data relating to him to the extent and for the purposes for which this privacy policy is based.

4.2. The consent to collect, manage, store personal data relating to him may be revoked at any time by the data subject, and personal data processed for direct marketing may be canceled without further justification by contacting the controller in writing in one of the following ways: 1) in the case of direct marketing, by clicking on each e-mail a link in a letter (newsletter); 2) by post or by direct delivery to: Žerucio g. 8-1, Vilnius, LT-04113, 3) to the e-mail address: [email protected] from the same e-mail. The email address you provided at the time of registration. Upon receipt of such request from the data subject, the controller shall immediately suspend the processing of personal data and destroy the personal data relating to it. The data controller has the right not to delete personal data from the server if they have a legitimate basis for their protection, especially when it is necessary to ensure state security and defense, public order, crime prevention, investigation, detection or prosecution, to protect important economic or financial interests of the state, rights of other persons and the protection of freedoms.

4.3. When contacting the controller for the item / delivery information, the data subject must provide his / her name, surname, and email address for identification.

4.4. A data subject who has properly identified himself / herself by submitting to the controller an identity document or a notarized copy of the identity which will only be used for identification and not be protected shall have the right to access his or her personal data by submitting to the data controller a written request in one of the following ways: by mail to mica g . 8-1. , Vilnius, LT-04113.

4.5. If another person wants to have access to the data subject's personal data, he must submit a notarised authorization, and the lawyer is provided with the data provided only upon presentation of the agency agreement and the purpose of the use of the data.

4.6. The controller, upon receipt of the data subject's request for access to the processed personal data, shall provide the reply within 30 (thirty) calendar days from the receipt of the request. The answer is whether or not the data subject is processing personal data and, if so, what and for whom it was submitted in the last 1 (one) calendar year. The answer is free of charge.

4.7. If, having become aware of his personal data, the data subject determines that personal data is collected or received from illegal sources, or that the processing of personal data is not for the purposes for which consent was given, the data subject shall have the right to contact the controller by e-mail address requesting the suspension of such person processing actions and / or deleting personal data related to it. the data controller verifies the data subject's request and determines that the request is justified immediately, but not later than within 5 days. d., satisfies the data subject's request and informs about the actions taken in writing.

4.8. In cases where the data subject becomes aware of his personal data that they are inaccurate or incomplete, he / she shall identify himself / herself and request a written request to correct and / or supplement personal data related to him / her. if the controller determines that the request is justified, the corrected or supplemented personal data processed is immediate, but not later than within 5 days. d., and inform about the actions taken in writing.

4.9. The data subject has the right to demand that the data controller "forgets", in particular, to delete all data relating to him, if the data is not necessary for the purpose for which the collection and processing were performed or if the data subject cancels the given consent or if the data are processed in violation of the legal requirements . The data controller satisfies such request without undue delay, but not later than within 5 days. d and inform the data subject about the actions taken.

4.10. The data subject, having considered that his personal data have been violated by his legitimate interests, has the right to apply to the supervisory authority.


5. PERSONAL DATA PROTECTION RISK FACTORS AND THEIR SOLUTION


5.1. In order to ensure the proper protection of personal data, the data controller implements the following organizational and technical measures for the protection of personal data:

     5.1.1. Organizational

          5.1.1.1. The data controller shall organize the work procedures in such a way as to ensure the safe handling and (if) the transmission of computer data and / or documents and their archives.

          5.1.1.2. Access to the data subject's personal data is granted only to those Employees who are required to perform their functions and only to those who have signed confidentiality agreements and are familiar with other internal procedures in the scope of personal data processing.

     5.1.2. Technical

          5.1.2.1. Data controllers assigned by the data controller (service providers) only act on the Data Manager's authorization.

          5.1.2.2. Personal data is protected against loss, unauthorized use and alteration. The Internet connection is encrypted and the web page is executed via the https: // protocol.

          5.1.2.3. Protects computer hardware against malicious software (such as installing and upgrading antivirus software), and the internal computer network is a firewall.


6. FINAL PROVISIONS


6.1. This Privacy Policy is reviewed once in 2 (two) years and updated as needed.

6.2. This Privacy Policy comes into force from 2018. May 25th and is publicly available on the website

0

 .