By browsing this website, you agree to the provisions of this Policy and confirm that you have read and understood all the terms and conditions provided for therein.
- The Regulation or GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (the General Data Protection Regulation);
- Personal data means any information relating to a data subject (natural person) who has been identified or is directly or indirectly identifiable by reference to an identifier such as his/her name, identification number, location data and an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Data processing means any operation or sequence of operations performed with personal data or sets of personal data by automated or non-automated means, such as collection, recording, sorting, organisation, storage, adaptation or modification, extraction, access, usage, disclosure, transfer, distribution, or otherwise making data available for use, as well as their alignment or combination with other data, restriction, erasure or destruction;
- Controller means Euroopassa, UAB, legal entity registration number 135896640, registered address Molėtų pl. 11, LT-08409 Vilnius, Republic of Lithuania;
- Processor means a natural or legal person, public authority, agency or other body which processes your personal data on our behalf;
- Data recipient means a natural or legal person, authority, agency or other body to whom or which personal data are disclosed, irrespective of whether the latter is a third party or not;
- Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- when you visit our website;
- in social media accounts of Euroopassa;
- when you contact us by e-mail or phone, also in the cases
where Euroopassa receives your personal data when performing contracts with partners or clients (legal persons), if you are their employee or representative.
Euroopassa ensures the processing of your personal data in accordance with the following fundamental data processing protection principles:
- personal data in your respect shall be processed in a lawful, fair and transparent manner (the principle of legality, fairness and transparency);
- personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of personal data for archiving purposes, in the public interest, for scientific or historical research purposes or for statistical purposes shall not be considered incompatible with the original purposes (the principle of purpose limitation);
- Personal data processed by Euroopassa are adequate, appropriate and limited to the data necessary the purpose for which they are processed (data minimisation principle);
- Your personal data are accurate and updated as necessary and whenever possible. We undertake to take all reasonable steps to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
- Personal data are kept in such a form that your identity can be determined for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods if personal data are only processed for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes under Article 89(1) of the Regulation, by implementing the appropriate technical and organisational measures necessary to safeguard the rights and freedoms of the data subject (principle of limitation of retention period);
- Personal data are processed in such a way as to ensure the proper security of personal data, including protection against unauthorised processing or unlawful processing of data, and accidental loss, destruction or damage, by applying appropriate technical or organisational measures (a principle of integrity and confidentiality);
- Euroopassa is responsible for compliance with the above principles and must be able to prove that they are being complied with (accountability principle);
- Data are transferred to data processors and data recipients where the legal acts provide for the right and/or the obligation to do so.
Euroopassa processes the following personal data for the following purposes:
- As you browse this Website and our other social networks, we may collect information about the Browser used by the Data Subject, IP address, links clicked, other websites visited before visiting the Website, name, profile photo, gender, contacts and any other information the customer agrees to share via third-party sites (e. g., when you click “Like” on Facebook);
- In response to your requests, inquiries and comments, we may collect the following information about you: name, signature, address, telephone number, contact details, circumstances indicated your complaint, request or statement, outcome of your complaint, request or statement, other data indicated in the complaint, request or statement (including special personal data);
- As we process personal data for direct marketing purposes, offering products and services, we may collect the following personal data relating to your: name, postal address, e-mail address, telephone number, workplace, position held, purchasing habits and priorities, purchase history, payment information (e.g., bank information), and payment history.
We ensure that your personal data will be processed in accordance with the terms and procedures established by the GDPR and other legal acts:
- Personal data are processed by Euroopassa for no longer than required by the purposes of the processing, depending on the type of document or file containing the data;
- Data subjects’ personal data are stored for the period specified by legal acts, depending on the type of document or file in which such data are indicated;
- Upon the expiry of their processing period (period for the storage of documents containing personal data or their copies), personal data shall be irrecoverably destroyed at your request or on other grounds;
- Permanently stored documents containing personal data shall be transferred for storage to the state archives in accordance with the procedure established by the Law on Documents and Archives of the Republic of Lithuania.
In processing personal data, we undertake to:
- Ensure the compliance with the Regulation, the Law on Legal Protection of Personal Data and other legal acts governing the processing of personal data;
- Ensure enforcement of data subject’s rights;
- Authorise processors to process your personal data in a due manner;
- Control how personal data processors perform their personal data processing obligations;
- Ensure the security of personal data by implementing technical and organisational personal data security measures;
- Establish internal legal acts governing the protection and processing of personal data, review them at least every two years and, if necessary, initiate their amendments;
- Appoint a personal data protection officer;
- Keep data processing activity records;
- Consult the State Data Protection Inspectorate on personal data processing and protection issues;
- In the event of personal data breach, notify the State Data Protection Inspectorate thereof;
- Provide methodological assistance to controllers and Euroopassa employees for personal data processing purposes;
- Organise training for our employees in the field of legal processing and protection of personal data;
- Perform other functions in order to properly implement our rights and obligations and to ensure the security of processed personal data.
Euroopassa shall ensure the proper implementation of all your rights arising from the GDPR and other legal acts governing the handling of personal documents:
- The data subject who has submitted a personal identification document or has confirmed his/her identity in accordance with the procedure set forth by legal acts or by electronic means (allowing proper personal identification), has the right:
- to get our confirmation, whether personal data relating to him/her are processed, and if such personal data are processed, the data subject has the right to access his/her data processed by Euroopassa free of charge and to obtain information from which sources and what personal data have been collected, for what purpose they are processed and to which recipients the data are and were provided over the period of one year;
- Request us to correct inaccurate personal data relating to you without undue delay;
- Request us to supplement incomplete data subject’s personal data by submitting an additional application;
- Request Euroopassa to delete the personal data relating to him/her without undue delay;
- Request Euroopassa to restrict the processing of data;
- Receive personal data relating to him/her which he/she has provided to Euroopassa in a structured, commonly used and computer-readable format, and has the right to transfer such data to another controller;
- Object to the processing of his/her personal data in Euroopassa company, except in cases where the law obliges us to process your personal data.
- We undertake to enable the data subject to exercise the aforementioned rights, except the cases provided for by laws, where it is necessary to ensure:
- Security or defense of the state;
- Public order, prevention, investigation, detection or prosecution of criminal offenses;
- Important economic or financial interests of the state;
- Prevention, investigation and detection of breaches of professional ethics;
- Protection of your and/or other person’s rights and freedoms.
- The aforementioned data subject’s rights may be limited in cases when Euroopassa has a statutory obligation to process your personal data and the exercise of the established rights is not provided by the legal acts. The aforementioned data subject’s rights may also be limited in cases where Euroopassa is not competent to comply with your request. In such cases, we provide a reasoned refusal to comply with your request and indicate the addressee competent to consider your request;
- The information is provided, all notifications are given and actions are performed free of charge. Where the data subject’s requests are manifestly unfounded or disproportionate, in particular, because of their repetitive content, we may:
- Charge a reasonable fee, taking into account the administrative costs of provision of the requested information or notifications or actions; or
- Euroopassa bears the burden of proving that the request is manifestly unfounded or disproportionate;
- Euroopassa shall examine the data subject’s request to exercise his/her rights and shall submit a response no later than within 30 calendar days from your application. The reply shall be provided in the official language in the manner chosen by the data subject (by post, in person or electronically);
- In case of doubts regarding the correctness or legality of the processing of the processed data subject’s personal data, the Company shall suspend the processing of such data and shall perform the verification of the correctness and legality of the processing of such personal data;
- If it is established that the data subject’s personal data are incorrect, incomplete or inaccurate, we shall correct, correct or supplement them immediately, but no later than within 30 calendar days from the day of becoming aware of this circumstance;
- If it is determined that your personal data are processed unlawfully or fraudulently, we will destroy your unlawfully and fraudulently processed data without delay, but no later than within 5 working days from the date of becoming aware thereof, or suspend the processing of such personal data, except their storage, until the correction of incorrect, inaccurate, incomplete personal data or destruction of personal data;
- The Company shall inform the data recipients about the corrected or destroyed personal data, suspended personal data processing actions at the data subject’s request or at the initiative of the Company, except the cases where provision of such information proves to be impossible or would involve a disproportionate effort (due to a large number of data subjects, data period, unreasonably high costs). In such a case, notice must be given to the State Data Protection Inspectorate without delay;
- We ensure that all necessary information is provided to you in a clear and comprehensible manner.
- You can file a complaint regarding our actions and/or omissions related to the exercise of your rights to the State Personal Data Protection Inspectorate within the time limits set by the LLPPD.