WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?
The controller of your personal data processed during administration of the Website TAURUS JEWELS / DP Studija”, UAB, Lithuanian company address Etmonų str. 4, LT-01305, Vilnius, Lithuania. Legal entity code 302585819, Corporate VAT Number LT-100005893819.
Contacts details of the Seller: email@example.com ., phone +370 61421433
FROM WHICH SOURCES DO WE COLLECT YOUR PERSONAL DATA?
In most cases, we receive your personal data directly from you. You provide your personal data during registration of your account in the electronic shop, placement of your orders or inquiries, requests, complaints, and by other modes. When a legitimate basis is present, in certain cases we receive your personal data also from payment service providers or competent institutions.
ON WHICH LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
- implementing the obligations stipulated in the agreement.
- fulfilling legal duties and requirements stipulated in legal acts.
- implementing our own or third parties’ legitimate interest.
- on the basis of your consent.
WHICH YOUR PERSONAL DATA IS PROCESSED AND FOR WHICH PURPOSES?
- Administration of an account on the Website implementation and administration of orders, returns
Legal basis: implementation the obligations stipulated in the agreement EU General Data Protection Regulation “Lawfulness of Processing” Art. 6 bases.
Categories of Personal data: forename, surname, phone number, electronic mail address, mode of goods delivery, address of goods delivery, account login data, actions in the account, including the client’s selections, the list of saved purchases and technical browsing data (IP address, technical information of login and browsing), signature (if you accept goods in person), purchase and delivery date and time, names, quantities of goods, prices of goods and discounts granted, mode of payment for purchases and payment information, at the user’s choice – information about the location (e.g., country, GPS coordinates, geographically limited territory, etc.). In case of a request for a gift card, we additionally collect the following data: type and design of the gift card, value of the gift card, mode of receipt of the gift card, and greeting text. If a client requests for a gift card to be sent to the email address specified by him/her, we also process data about the electronic mail address of the person for whom the gift card is intended and date on which the client wishes the gift card to be sent.
- Placement and fulfilment of orders without account registration
Legal basis: implementation the obligations stipulated in the agreement EU General Data Protection Regulation “Lawfulness of Processing” Art. 6 bases.
Categories of Personal data: forename, surname, phone number, electronic mail address, mode of goods delivery, address of goods delivery, mode of payment for purchases, and payment information. In case a gift card is requested, we additionally process the same personal data as specified in the paragraph above.
- Sending reminders about unpaid goods in the basket
Legal basis: our legitimate interest to inform clients in a proper manner about any unpaid goods in the basket and the legitimate interest of our clients to receive information about unpaid goods in the basket (EU General Data Protection Regulation “Lawfulness of Processing” Art. 6 bases).
Categories for personal data: electronic mail address, information about unpaid goods in the basket.
Legal basis: our legitimate interest to satisfy ourselves in a proper manner about the client’s identity to ensure the goods will be handed over to the appropriate person (EU General Data Protection Regulation “Lawfulness of Processing” Art. 6 bases).
Categories of Personal data: forename, surname of the client or other person collecting the goods, client’s phone number, electronic mail address, purchase data.
- Examination of requests, complaints, inquiries, and feedback
Legal basis EU General Data Protection Regulation “Lawfulness of Processing” Art. 6 : implementation of the obligations stipulated in the agreement, fulfilment of legal duties and requirements stipulated in legal acts.
Categories of Personal data: forename, surname, phone number, electronic mail address, residence address, date of birth, other information provided in the request, complaint, inquiry, or feedback: event regarding which we are contacted, and circumstances related to it, enclosed documents and/or data.
When a request for goods return is submitted, information about the forename, surname, phone number of electronic mail address, address, and reason of return are requested.
- Improvement of browsing and experience on the Website, analysis of behaviour and flows off Website users.
Legal basis: consent EU General Data Protection Regulation “Lawfulness of Processing” Art. 6, except for necessary cookies.
- Completion of statistics and market research
Legal basis: our legitimate interest to improve and expand provision of services (EU General Data Protection Regulation “Lawfulness of Processing” Art. 6).
Categories of personal data: date of birth, gender, city, information about purchases from the electronic shop.
We use automated data analysis to conduct statistics and market research. We do not process your individualising information for analysis purposes. Data analysis carried out when conducting statistics and market research enables us to make important business decisions. The above-mentioned data analysis does not have any legal or similar significant impact on you.
- Fraud prevention and fulfilment of legal requirements
Legal basis: our legitimate interest is to protect, make and implement legal requirements, prevent and/or stop fraudulent or criminal activity, to collect evidence of detected breaches and to prevent abuse of our services (EU General Data Protection Regulation “Lawfulness of Processing” Art. 6).
TERMS OF PERSONAL DATA PROCESSING AND STORAGE
- Accounting and tax documents will be stored for the terms established in legal acts on the basis of fulfilment of the requirements of legal acts. Other purchase data is stored for 5 years from the day of completion of a purchase operation.
- Placement and fulfilment of orders without account registration: accounting and tax documents will be stored for the terms established in legal acts on the basis of fulfilment of the requirements of legal acts. Other personal data is stored for 2 years from the day of order placement.
- Examination of requests, complaints, inquiries, and feedback: 12 months from the day of submitting a request, complaint, inquiry, or feedback or until the end of the limitation period of a claim established by laws, whichever is longer.
- Improvement of browsing and experience on the Website, analysis of the behaviour and flows of Website users on the Website: data processing terms are provided in the Cookies policy
- Completion of statistics and market research: 3 years.
- Fraud prevention and fulfilment of legal requirements: for the period of claim investigation, examination, and fulfilment. If no breach is established during the investigation, data will be stored for 1 (one) year from the day of adoption of the decision to stop the investigation. If a breach is established, data will be stored for 3 (three) years from the day of the decision to stop the investigation or until final enforcement of the court decision.
– it is necessary for us to be able to defend ourselves against demands, claims, or requests and to exercise our rights;
-there is reasonable suspicion of unlawful act under investigation;
– your data is needed for proper settlement of a dispute, complaint;
– for backup copies and other similar purposes;
– when other grounds stipulated in legal acts are present.
TO WHICH THIRD PARTIES AND IN WHICH CASES DO WE DISCLOSE YOUR PERSONAL DATA?
We disclose your personal data to third parties that help us to provide services and administer provision of services to you:
- Companies providing software maintenance, support services.
- Companies providing delivery services in order to deliver your goods to your specified addresses.
- Payment services providers.
- Companies conducting marketing and providing marketing services.
Your personal data can be disclosed also to the following:
- Law enforcement authorities following the procedure established by the laws of the Republic of Lithuania.
- State institutions and courts when such duty is stipulated by applicable legal acts.
Data collected from you is processed in the territory of the European Union but can be transferred or stored outside the European Union.
WHAT ARE COOKIES AND WHAT ARE THEY USED FOR?
Cookies are small text files which are automatically generated while you browse our Website and stored in your device (computer or mobile phone). Cookie contains anonymous information, and it is sent from your visited website server to your computer or mobile phone. Cookies can be of one session or persistent. Session cookies exist from the moment you open a browser until you close it again. Once you close the browser, the above-mentioned cookies will be automatically erased. Validity term of persistent cookies is established in advance, they are stored in your browser until their validity term expires or you remove them.
By purpose, cookies can be divided into necessary, functional, statistical, marketing, etc. Cookies are saved only when you confirm your consent in the message contained on the homepage of the Website, except for necessary cookies that do not require consent.
The above-mentioned third parties can have access to information collected through their cookies used. Further information about the above-mentioned cookies and third parties that can have access to collected information is available in cookies privacy policies of the third parties concerned.
If you wish, you can change your browser settings to be informed about cookie activation or update and to be able to select allowed or prohibited cookies, to block them. To learn more about cookies, e.g., how to manage or delete them, you can visit: www.allaboutcookies.org. Once browser software settings are changed, cookies will not be saved, however, please note that in such event you may not be able to use all Website functions available.
WHAT ARE THE RIGHTS OF DATA SUBJECTS AND HOW CAN YOU EXERCISE THEM?
- The right to access your personal data processed by us
You have the right to receive our confirmation if we process your personal data, and the right to access your personal data processed by us and information about the purposes of data processing, categories of processed data, categories of data recipients, period of data processing, data receipt sources, automated decision-making, including profiling, and its meaning and consequences to you.
- The right to personal data correction
If the data provided in your registration questionnaire changed or you believe that the information about you processed by us is inaccurate or false, you have the right to request amending such information by sending us an email to firstname.lastname@example.org
- The right to revoke the consent
When we process your data on the basis of your consent, you have the right to revoke your consent at any time and data processing on the basis of your consent will be terminated. In certain cases, it may mean that we will no longer be able to provide you with a possibility to continue using our services.
- The right to make a complaint
If you believe that we process your data in breach of the requirements established by data protection legislation, you are kindly requested to apply directly to us, first. We believe that we will manage to dispel all your doubts with our well-intentioned efforts, to satisfy your requests and to correct our mistakes, if any. If you are not satisfied with the problem solution offered by us, or you believe we will not carry out necessary actions according to your request, you have the right to submit a complaint to a supervising institution (in Lithuania – State Data Protection Inspectorate L. Sapiegos g. 17, Vilnius, Lithuania; email address: email@example.com .
- The right to disagree to data processing when processing is based on legitimate interests
You have the right to disagree to personal data processing when personal data is processed on the basis of our legitimate interests. Nevertheless, considering the purposes of service provision and the balance of legitimate interests of both parties (yours, as the data subject, and ours, as the data controller), your objection can mean that upon cancellation of your data processing based on our legitimate interest, we will not be able to provide you with a possibility to continue using our services.
- The right to request for deletion of data (‘the right to be forgotten’)
Under certain circumstances named in the data processing legislation (when personal data is processed unlawfully, basis for data processing ceased to exist, etc.), you have the right to request for erasure of your personal data.
- The right to restrict data processing
Under certain circumstances named in the data processing legislation (when personal data is processed unlawfully, you contest accuracy of data, you submit an objection to data processing on the basis of our legitimate interest, etc.), you also have the right to restrict your personal data processing. Nevertheless, it must be noted, that because of data processing restriction and during such restriction, we will not be able to ensure provision of services to you.
- The right to data portability
You have the right to receive or transfer your personal data to the other data controller (the right to data portability). This right includes only those data that were provided to you under your consent or the agreement, and if the data are processed by automated means.
REQUEST EXAMINATION PROCEDURE
To exercise the above-mentioned data subjects’ rights, submit a written request by email: firstname.lastname@example.org
To protect all our buyers’ data from unlawful disclosure, upon your request to provide data or exercise your other rights, we will have to identify you. For this purpose, we can request you to specify relevant questionnaire data provided in your registration questionnaire/purchase order questionnaire (e.g., forename, surname, email address, or phone number) and we will compare if your specified data is equivalent to the appropriate questionnaire data.
Upon receipt of your request to exercise any of your rights and having passed the above-mentioned verification procedure, we assume an obligation, without any unreasonably delay, but in no event later than within one month from the day of receipt of your request and completion of verification procedure, to provide you with information about actions taken by us under your request. Depending on complexity and number of requests, we have the right to prolong one month’s period for two additional months, giving you a notice before the end of the first month and specifying the reasons for such prolongation.
If your request is submitted via electronic means, our reply will be sent also by electronic means, unless it is impossible (e.g., because of too big volume of information) or if you request for reply by any other means.
We will reject your request with a reasoned reply once the circumstances set forth in legal acts are established, by informing you in writing.