- General provisions
- UAB Lighting Brothers, legal entity code 305514414, registered office and registration address Savanorių ave. 176F, Vilnius (hereinafter referred to as the “Company”), the Privacy and Cookie Policy (hereinafter referred to as the “Policy”) provides the basis for collecting, processing and storing personal data collected by the Company about e-shop users, Company showroom visitors, customers, other persons interested in the services provided (hereinafter referred to as “Entities”). Entities are requested to read this Policy carefully in order to properly understand the Company’s approach and practices regarding the Entities’ data and the terms of the data processing.
- The personal data of the entities are collected and processed only for the purposes provided for in this Policy.
- This Policy applies to all Entities, including Entities that are not registered in the Online Store.
- The Company is considered to be the controller of the personal data of the entities.
- Entity data collected by the Company
- The Company may collect and process the following Entity data:
- The data provided by the Entities when filling in the forms in the e-shop at www.mun.lt (hereinafter referred to as the “Website”). These data are the name, surname, e-mail address, telephone number, delivery address of the product, name of the ordered product, payment details of the product and other information provided by filling in the registration form, registering in the e-shop, placing an order, sending notifications in the system, requesting additional services e-shop disruption. The Company may also offer to fill in certain forms in order for the Entity to participate in competitions, promotions and games organized by the Company;
- Data related to the submission and execution of the Entities’ orders when the Entities order the Company’s goods and services when visiting the Company’s showrooms, e-mail by post, etc., including the name, surname, e-mail address, telephone number, delivery address of the Goods, the name of the goods or services to be purchased, the payment details of the goods or services;
- All correspondence between the Entities and the Company (on the Website, by e-mail, in the chat window, in the Company’s Facebook account, by text messages by telephone, etc.);
- Data on the browsing history of the Entities in the e-shop, the history of purchased goods and services and related data;
- Names, surnames, e-mails of entities postal address, telephone number when these data are processed for the purpose of direct marketing and the Entity has given its consent for that purpose;
- IP addresses of entities;
- Video surveillance data when the Entities enter the video surveillance field of video cameras installed at the Company’s premises.
- The Entities are responsible for the accuracy and veracity of the data provided to the Company.
- The Company may collect and process the following Entity data:
- Cookies and their purposes
- By browsing the Website, the Entity may consent to the storage of Cookies provided for in this Policy on its computer or other devices. The Entity may revoke this consent at any time by changing the settings of its web browser, in which case certain functions of the Website may not work for it. The Entity has the ability to view what information (cookies) the Company records and may delete some or all of the stored cookies. If the Entity does not want cookies to be stored on its computer or other devices, it may choose to receive a notification before saving any cookie in its browser settings. You can also set your browser to optionally reject all or some cookies at once. The Entity may also delete cookies that have already been stored on its computer or other devices.
- Data storage of entities
- Data collected by the Company from the Entities may be processed by the Company or the Company’s suppliers’ personnel. In cases when the data of the Entities are processed by the Company’s suppliers (ie data processors), the Company has entered into agreements with them that properly regulate the obligations of the data processors. Data processors have the right to process personal data only in accordance with the Company’s instructions and only to the extent necessary to properly fulfil the obligations set forth in the agreement. By providing their personal data, the Entities consent to this transfer and processing. The Company shall take all reasonably practicable steps to ensure that the
- The data provided by the entities are stored on the Company’s servers or in paper copies of documents. In the event that the Entities are provided with passwords (or the Entities choose them) that enable the Entities to use certain functions of the e-shop, the Entities are responsible for the confidentiality of the passwords and their non-disclosure to third parties.
- If the Company has doubts about the accuracy of the data provided by the Entities, the Company has the right to suspend the processing of the data of this Entity, check and correct these data.
- Entity’s consent to the processing of data for direct marketing purposes
- Entities express their consent to receive the Company’s news and promotional information when they tick the appropriate box for the collection of personal data for direct marketing purposes at the time of ordering the goods.
- The Entity may object to the provision of data for the purpose of direct marketing or may at any time apply to the Company and withdraw its consent for the processing of data for the purpose of direct marketing. In order to exercise its right to opt-out of data processing for the purpose of direct marketing, the Entity must uncheck the appropriate boxes on the registration form or select the appropriate link in the direct marketing offers sent. Entities may also contact the Company by e-mail at labas@mun.lt and notify about the revocation of their consent.
- The Company shall retain the data of the Entity to be used for the purposes of direct marketing for 10 years from the receipt of the consent of the Entity unless the Entity previously withdraws its consent.
- Other rights of the Entity in relation to its processed data are set out in Clause 9 of this Policy.
- Data retention periods for entities
- The data of the Entity related to electronic commerce shall be stored for 7 years from the last connection of the Entity to the electronic storage system.
- Data of the entity related to the order of goods or services when visiting the Company’s showrooms, e-mail by post or otherwise, stored for 7 years from the date of execution of the order for goods or services of the Entity.
- The Company shall store the data of the Entity to be used for the purposes of direct marketing for the period provided for in Clause 5.3 of the Policy.
- Entities who make inquiries about the Company’s goods or services in the chat window on the Website, the Company’s Facebook account, e-mail. by post or other means of communication, the data shall be stored for 2 years after the last application of the Entity.
- The video data of the entities entering the video surveillance field of the video cameras installed on the Company’s premises shall be stored for 30 working days, unless a specific video has to be stored for a longer period of time in order to ensure the protection of persons or property.
- When paper or electronic documents are required to be kept by legal acts (for example, legal acts approved by orders of the Chief Archivist of the Republic of Lithuania) for a certain period of time, such documents shall be kept for no longer than required.
- Purposes of data processing by entities
- The Company processes the personal data of the Entities for the following purposes:
- For the purpose of providing services to Entities (customers);
- For the purpose of concluding and executing purchase and sale agreements with the Entities (customers);
- For the purpose of debt collection;
- In order to ensure that the content of the e-shop is presented in the most efficient and appropriate way for the Entities;
- For the purposes of service development, statistical analysis and targeted marketing guidance;
- In order to provide the Entities with information about the goods or services requested by the Entities;
- Entities’ requests for information for response and administration purposes;
- For the provision of promotional information where the Entities have given their consent to the processing of personal data for the purpose of direct marketing;
- In order for the Entities to be informed about the changes in the services provided by the Company;
- For the purpose of customer service quality;
- For the purpose of ensuring the protection of the subjects and other persons entering the field of video surveillance, as well as their and the Company’s property.
- The Company processes the personal data of the Entities for the following purposes:
- Disclosure of data
- The Company has the right to disclose the data of the Entities to any company of the Group, including but not limited to the Company’s subsidiaries, the ultimate controlling company and its subsidiaries as defined in Article 5 of the Law on Companies of the Republic of Lithuania.
- Entities’ data may be disclosed to third parties only in the following cases:
- Intending to sell a part of the Company’s activities or its assets, disclosing the data of the Entities to a potential buyer of the activities or its part;
- If such transfer or sharing of the Data of the Entities is necessary for accordance with the requirements of legal acts (eg courts, Lithuanian Police, Prosecutor’s Office of the Republic of Lithuania, other state institutions, etc.) or necessary for applying or fulfilling warranty or return conditions and all other agreements with the Entities as well as ensuring the rights, property and security of the Company, its customers and other persons.
- Rights of subjects
- Entities have the following rights:
- Be informed about the processing of their data;
- Upon request to the Company, to receive information from which sources and what personal data have been collected, for what purpose they are processed, to which data recipients they have been provided and have been provided during the last 1 year. The information shall be provided to the Entities at the e-mail addresses specified by them no later than within 30 days from the date of the Entity’s request to provide such data. The Company shall provide such data to the Entity free of charge once a calendar year;
- Upon request, request the correction of incorrect, incomplete, inaccurate data of the Entities and/or suspend the processing of such personal data, except for storage, if the Entity determines that it’s personal data is incorrect, incomplete or inaccurate or is processed unlawfully and unfairly. The Company shall immediately notify the Entity of the rectification, destruction or suspension of personal data processing operations performed or not performed at the request of the Entity.
- Upon request, the Entity has the right to receive personal data related to it, which it has provided to the Company, in a structured, commonly used and computer-readable format, so that such data can be transferred to another data controller (data portability);
- Disagree with the provision of data for direct marketing purposes as provided in Section 5.2 of the Policy;
- Upon request, the Entity has the right to request the Company to delete personal data related to it when the person does not consent or revokes the consent to data processing (Right to be forgotten) unless the Company cannot delete the Entity’s data due to their necessity ;
- The entity has the right to receive information about breaches of its data security. The Company undertakes to send a notice to the Entity by e-mail. by mail (if such is known to the Company) within 72 hours from becoming aware that the data of the Subject has been compromised (eg has been hacked into the Company’s server, etc.);
- An entity that does not agree with the actions or omissions of the Company has the right to file a complaint with the State Data Protection Inspectorate.
- All inquiries and requests related to the data of the Entities must be sent to the Company by e-mail labas@mun.lt. The Entity may also submit an application upon arrival at the Company’s office. In all cases (ie both by sending an application by e-mail and submitting an original application), the representative of the Company accepting the application has the right to request the submission of an identity document or a copy thereof certified in accordance with legal acts.
- The Company shall respond to the requests and inquiries of the Entities no later than within 30 days of their receipt.
- Entities have the following rights:
- Entry into force and changes to the policy
- The policy is effective from August 25, 2020.
- Any changes to this Policy will be posted on this Site and, where applicable, Entities will be notified of the policy changes by email.
- Contact information
- Subjects’ questions, comments and wishes related to the Policy may be submitted to the e-mail address hello@mun.lighting.