Privacy policy

  • PRIVACY POLICY SUMMARY

    UAB "Arnolita" (hereinafter - We or the Company) processes the personal data of its potential, current and former customers. We process personal data for the following main purposes:

    1) Sales of goods and services in the electronic store www.goldenrose.lt;
    2) Analyzes of the Company's activities;
    3) Debt administration;
    4) Direct marketing.

    You have the following rights:

    1) Familiarize yourself with your personal data and know how they are handled;
    2) Demand correction or addition of incomplete personal data;
    3) In certain cases, demand that the Company terminate or limit the processing of your personal data;
    4) In certain cases, the right to data portability;
    5) Submit a complaint to the State Data Protection Inspectorate if you believe that the Company is processing personal data illegally.

    We process personal data in accordance with the requirements of the applicable legal acts of the European Union and the Republic of Lithuania. The company applies reasonable technical and organizational measures to protect the processed personal data from loss, unauthorized use and alteration.

    The company may provide your personal data to other data recipients (e.g. parcel couriers, post office, debt administration companies, courts, bailiffs), when this is necessary for the performance of the contract or is required to do so by applicable legal acts. In other cases, the Company may transfer your personal data to third parties, with your consent or legitimate interest, having previously assessed the basis for providing the data and ensuring the security of the transferred data. Data processors engaged by the Company (e.g. IT companies) process your personal data on behalf of the Company and only according to its instructions.

    Your personal data is processed no longer than it is necessary to achieve the purposes of data processing or as long as your consent is valid and/or provided by legal acts. Generally, personal data is processed for 10 years after the end of the contractual relationship.

    To learn more about the processing of personal data by the Company, please read the detailed Privacy Policy described below.

    PRIVACY POLICY
    in 2019 August 15

    1. UAB "Arnolita", legal entity code: 304511358, registered office address: Veiverių st. 153, LT-46417 Kaunas, Lithuania (hereinafter - the Company), respects the privacy and protection of personal data of each of its potential, current or former clients, therefore has prepared the following privacy policy rules, on the basis of which, among other things, the Company will process the personal data provided to it by clients . By entering into a contract with the Company or assuming contractual obligations, by logging in and using the services of the www.goldenrose.lt website, the customer confirms that he has familiarized himself with this privacy policy, understood it and agreed with it.

    General provisions

    2. This privacy policy (hereinafter - the Policy) regulates the collection, processing and storage of personal data performed by the Company as a data controller.

    3. The company is engaged in economic and commercial activities, which include wholesale and retail trade in decorative cosmetics, perfumery, beauty and hygiene products, household items and costume jewelry. For the provision of these services, the Company processes personal data in accordance with the legal bases and purposes of data processing specified in the Policy and the legal acts applicable to the Company.

    4. This Policy is intended for persons who use or intend to use the Company's services or visit the Company's websites.

    Principles of personal data management

    5. The Company processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter - the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data.

    6. The volume of processed personal data depends on the Company's services ordered or used and what information the website visitor provides when ordering and/or using the Company's services, visiting or registering on the website.

    7. The company, among others, follows the following basic principles of data processing:
    • Personal data is collected only for clearly defined and legitimate purposes.
    • Personal data is processed only legally and fairly.
    • Personal data is constantly updated.
    • Personal data is stored safely and for no longer than the established purposes of data processing or legal acts require.
    • Personal data is processed only by those employees of the Company who have been granted such right according to their work functions.

    8. Data in the Company is processed only in the presence of one or more criteria of legal processing - (i) to ensure the provision of services in accordance with the contract (i.e. to fulfill the contract or to take action at the request of the data subject before concluding the contract); (ii) with the consent of the data subject; (iii) when processing data is necessary to fulfill a legal obligation applicable to the Company; (iv) it is necessary to process data in order to perform a task carried out in the public interest or in the performance of v. assigned to the Company functions of public authorities; (v) when personal data needs to be processed for the legitimate interests of the Company or a third party (see Article 6 d. 1 of the Regulation, http://www.privacy-regulation.eu/lt/6.htm).

    9. When processing and storing personal data, the Company implements organizational and technical measures that ensure the protection of personal data against accidental or illegal destruction, alteration, disclosure, as well as against any other illegal processing. Only those employees of the Company and auxiliary service providers who need it to perform work functions or provide services to the Company have access to the personal data managed by the Company.

    10. The company's customer or potential customer is responsible for ensuring that the personal data provided by him is accurate, correct and complete. If the personal data provided by him changes, he must immediately inform the Company about it. The company will not be responsible for damage caused to the person and/or third parties due to the fact that the customer or potential customer provided incorrect and/or incomplete personal data or did not apply for the addition and/or change of the data after they have changed.

    11. By providing his personal data, the customer or potential customer simultaneously grants the Company the right to collect, accumulate, systematize, use and process for the purposes provided for in this Policy all and any personal data that he directly or indirectly provides when visiting the website and using the services provided by the Company .

    Sources of personal data

    12. Personal data is usually obtained directly from the data subject (the Company's client or potential client), who provides it when visiting the website and/or using the services provided by the Company.

    13. Data may be automatically generated when the customer browses the Company's website.

    14. Although the customer is not obliged to provide any personal data to the Company, it is possible that certain services cannot be provided to him if personal data is not provided.

    Purposes of processing personal data

    15. The company processes personal data for the following main purposes:
    • For the processing and administration of the purchase (order) of goods and/or services, in order to properly fulfill contractual obligations, to maintain relations with suppliers, partners and customers in the course of business development, service provision and cooperation;
    • For the purposes of registration on the website www.goldenrose.lt;
    • For the purpose of selling goods and services in the electronic store www.goldenrose.lt;
    • Contacting the Company's clients regarding the fulfillment of contractual obligations;
    • For the purposes of providing answers to questions asked by customers;
    • For the purposes of analysis of the Company's activities and internal administration;
    • For direct marketing purposes.

    Processing of personal data for the purpose of providing services

    16. When a natural person (data subject) uses the services provided by the Company, the Company processes personal data when the data subject submits them directly to the Company and collects them when using the services provided by the Company.

    17. The Company has the right to transfer the personal data of its customers to third parties that need to process the personal data of customers for the purposes specified in this Policy or legal acts.

    18. The company undertakes to transfer customer data to third parties only to such an extent and only in cases where it is necessary to provide the relevant services and/or to fulfill the obligations set forth in legal acts. If personal data are not necessary for the provision of a specific service, they are not transferred. The Company transfers personal data to the aforementioned third parties on the basis of a data provision agreement or a specific legal act, in strict compliance with the requirements set by the legal acts.

    Processing of personal data for the purpose of direct marketing

    19. For direct marketing purposes, the Company may process the following data: data subject name, surname, e-mail address. postal address. Consent for personal data to be used for direct marketing purposes is expressed on the website www.goldenrose.lt, during registration in the electronic store at www.goldenrose.lt, by checking the appropriate box and thereby expressing consent to receive the Company's newsletter and/or offers from the Company's partners, or simply in the newsletter registration form on the front page, by checking the appropriate box. Giving consent for direct marketing is voluntary, it is not a condition of contractual relations with the Company and does not affect the relationship between the data subject and the Company.

    20. The Company may send informative messages if the person has given consent to the Company using their data for the purpose of direct marketing, and to existing customers of the Company without separate consent for the marketing of similar services, if they are given a clear, free and easily implemented option to disagree or refuse such contact data of use and if they have not initially objected to such data use when sending each message.

    21. Direct marketing for these purposes, the Company may send messages by e-mail or phone number.

    22. In cases where the information sent by the Company is no longer relevant, the person may withdraw consent for direct marketing at any time by informing about this by e-mail. to the email address: info@goldenrose.lt.

    Provision of personal data

    23. The company undertakes to observe the duty of confidentiality in relation to the personal data of customers or potential customers. Personal data may be disclosed to third parties only if it is necessary to conclude and execute a contract for the benefit of the data subject, or for other legitimate reasons. The Company undertakes to transfer the data received from customers to third parties only to the extent and only in cases where it is necessary to provide the Company's relevant services and/or to fulfill the obligations set forth in legal acts. If personal data are not necessary for the provision of a specific service, they are not transferred. The Company transfers personal data to the aforementioned third parties on the basis of a data provision agreement or a specific legal act, in strict compliance with the requirements set by the legal acts.

    24. In addition, the Company may provide personal data to its data processors (subcontractors), who provide the Company with IT, accounting, debt collection or other services and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the Company's instructions and only to the extent that it is necessary in order to properly fulfill the obligations stipulated in the contract. The company uses only those data processors who sufficiently ensure that appropriate technical and organizational measures will be implemented in such a way that the data processing meets the requirements of the Regulation and ensures the protection of the data subject's rights.

    25. The company may also provide customer data in response to requests from the court or state authorities to the extent that it is necessary in order to properly comply with applicable legislation and instructions of state authorities.

    Term of personal data storage

    26. Personal data collected by the Company are stored in printed documents and/or in the Company's electronic information systems. format. Personal data is processed no longer than is necessary to achieve the purposes of data processing or no longer than is required by the data subjects and/or provided for by legal acts. Generally, personal data is processed for 10 years after the end of the contractual relationship.

    27. Although the client may terminate the contract and refuse the Company's services, the Company must continue to store the client's personal data due to possible demands or legal claims that may arise in the future until the data storage terms expire.

    28. The company strives not to store outdated or unnecessary information and to ensure that personal data and other information about customers is constantly updated, correct and destroyed in a timely manner.

    Rights of data subjects

    29. The data subject (a customer or potential customer of the Company) has, among others, the following rights:
    • Receive information about his personal data processed by the Company, from where and in what manner personal data is collected and on what basis it is processed;
    • Contact the Company with a request to correct his personal data, stop their processing, destroy them if the data is incorrect, incomplete or inaccurate, or if it is no longer necessary for the purposes for which it was collected. In this case, the data subject must submit a request, upon receipt of which the Company will check the provided information and take the necessary actions. It is very important for the company that the personal data it has is accurate and correct;
    • Apply to the Company with a request to destroy personal data or to stop the processing of such personal data, with the exception of storage - in the event that, after learning about his personal data, the person determines that the personal data is being processed illegally or dishonestly;
    • Do not consent to the processing of personal data, when these data are processed or intended to be processed for the purpose of direct marketing or for a legitimate interest pursued by the Company or a third party to whom personal data is provided;
    • At any time, withdraw your consent to the processing of personal data for the purpose of direct marketing;
    • If the data subject is concerned about the Company's actions (inaction), which may not comply with the requirements of this Policy or legal acts, he can contact the Company and receive free assistance.

    30. A person can exercise all his rights as a data subject by contacting the Company by e-mail. by mail info@goldenrose.lt

    31. If it is not possible to resolve the issue with the Company, the customer has the right to apply to the State Data Protection Inspectorate (www.ada.lt), which is responsible for the supervision and control of legal acts regulating the protection of personal data.

    Cookies

    32. In order to improve visits to the Company's website, the Company may use cookies - small pieces of textual information that are automatically created when browsing the website and are stored when visiting the website on your computer or other end device.

    33. Information collected by cookies allows for more convenient browsing on the Company's website and to learn more about the behavior of visitors to the Company's websites, analyze trends and improve both the website and the services provided by the Company or the information provided on the website.

    34. If the website visitor does not agree to cookies being saved on his computer or other terminal device, he can change the settings of his internet browser and disable all cookies or enable/disable them one by one. However, the Company points out that in some cases this may slow down the speed of browsing the website, limit the operation of certain functions of the website or block access to some pages of the website. More detailed information about the cookies used on the Company's website is available at AllAboutCookies.org or www.google.com/privacy_ads.html.

    Final Provisions

    35. This Policy is subject to the law of the Republic of Lithuania and the European Union.

    36. The company reserves the right to change this Policy, so we kindly ask website visitors to periodically check whether the Policy has changed and familiarize themselves with its changed or new provisions.

     

    We wish you a pleasant browsing on our website!