PRIVACY POLICY
GENERAL INFORMATION
By this Privacy Policy (hereinafter referred to as the “the Privacy Policy”) „NØRDIS“ (hereinafter referred to as “the Data Controller”) sets out the conditions for the processing of personal data when using the website maintained by the Data Controller https://nordis-ac.com/ (hereinafter referred to as “the Website”). The terms and conditions of this Privacy Policy apply each time you visit the website regardless of the device you use (a computer, mobile phone, tablet, TV, etc.).
It is very important that you carefully read this Privacy Policy because each time you visit the website owned by the Data Controller you agree to the terms and conditions provided for in this Privacy Policy. If you do not agree to these terms and conditions, please do not visit this website and do not use its content and/or services.
When providing his/her personal data (including the data provided directly or indirectly when visiting the Website and using its services), the Data Subject agrees and does not oppose to the processing and use of the data by the Data Controller in accordance with the purposes and procedure set forth in this Privacy Policy, the consent of the Data Subject and the law.
Persons under 16 years cannot provide any personal data through the Data Controller’s Website. If you are a person under 16, you must obtain the consent of your parents or other legal guardians before submitting personal information.
The Representative is a person representing the Data Controller’s partners (service providers), both natural and legal persons.
The Data Subject in this Privacy Policy is the Representative, Requesting Person, Customer, Applicant, Telephone Callers or any other natural person whose personal data is managed by the Data Controller.
The Applicant is a person participating or intending to participate in the recruitment of personnel performed by the Data Controller.
The Customer is a natural person or the Representative purchasing the goods and/or services from the Data Controller or entering into an agreement with the Data Controller regarding the sale of goods or the provision of services.
The Telephone Caller is a person calling on a publicly available contact telephone number regarding the sale of the Data Controller’s goods, provision of services and/or other issues.
The Data Controller shall collect personal data in accordance with the requirements of the valid legal acts of the European Union and the instructions of the controlling authorities. All reasonable technical and administrative measures shall be applied in order to prevent the collected data on the Data Subjects from their loss, unauthorized use and alteration.
This Privacy Policy has been prepared following the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the General Data Protection Regulation), the Law on Data Protection of the Republic of Lithuania, other legal acts of the European Union and the Republic of Lithuania. The definitions used in this Privacy Policy shall be understood as they are defined in the General Data Protection Regulation and the Law on the Legal Protection of Personal Data of the Republic of Lithuania.
WHAT INFORMATION DO WE COLLECT?
Information provided directly by you.
Information on how you use our website.
If you visit our website, we also collect information that reveals the peculiarities of the use of our services, or the visitors’ statistics generated automatically.
Information from third-party sources
We may receive information on you from public and commercial sources (as permitted by applicable laws) and link it with other information we receive from you or about you. We can also receive information on you from third-party social networking services when you sign in, for example through your Facebook accounts.
Other information we collect
We may also collect other information on you, your device or your use of the content of our website with your consent.
You may choose not to provide us with certain information but in such a case, you may be denied the use of our service.
PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF CONSULTATION AND PROCESSING OF ENQUIRIES
The Data Controller shall process the personal data of persons applying to the Data Controller, including the Telephone Callers, for the purpose of selling goods, providing services and/or other issues. The Data Controller shall process the following personal data of the applying persons, including the Telephone Callers:
Name;
Surname;
Telephone number;
E-mail.
The personal data of the applying persons shall not be forwarded to third parties.
Personal data shall be processed for the purpose of consultation or submission of an enquiry on the basis of consent (Article 6(1)(a) of the General Data Protection Regulation).
PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SALE OF GOODS OR PROVISION OF SERVICES
The Data Controller shall process the personal data of customers. The Data Controller shall process the following personal data of Customers or Customers’ representatives:
Name;
Surname;
Power of attorney;
Term of authorization;
Principal (relationship with the principal);
Position;
Employer (unit);
Telephone number;
E-mail;
Address;
Payment amount (in the case of e-commerce, the payment order details);
Other information related to the purchased product or service.
The data are received directly from the Customer or the Customer‘s representatives, from the performance of the contract with the Customer, and/or from other third parties who have contacts with the Data Subject.
We undertake not to transfer your personal data to any unrelated third parties except in the following cases:
There is the Customer’s consent to the disclosure of personal data;
When fulfilling the company’s obligations as those of a seller of goods or provider of services (for example, data may be transferred to courier companies delivering the goods);
When implementing the legitimate interests of the Data Controller (for example, in the case of recovery of debts);
To the authorized institutions, according to the procedure provided for by the legal acts of the Republic of Lithuania.
The Data Controller may provide personal data of Customers and other Data Subjects to Data Managers not specified in this Policy who provide services (performs works) to the Data Controller and process the personal data of Customers and Data Subjects on behalf of the Data Controller. Data Managers have the right to process personal data only in accordance with the instructions of the Data Controller and only to the extent necessary for the proper fulfilment of the obligations laid down in a contract. With the help of Data Managers, the Data Controller shall take all necessary measures to ensure that Data Managers have implemented the appropriate organizational and technical measures guaranteeing the safety and maintaining the confidentiality of personal data.
Personal data shall be processed on the basis of the Data Subject’s consent and/or a contract entered into with the Data Subject (Article 6(1)(a) and (b) of the General Data Protection Regulation).
PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF EXECUTION OF CONTRACTS ENTERED INTO WITH PARTNERS / SERVICE PROVIDERS
In cooperation with partners (service providers) the Data Controller shall process the following personal data of natural persons or Representatives:
Name;
Surname;
Personal identification number;
Address (if applicable);
Individual activity certificate number and date of issue (if applicable);
Current account number (if applicable);
Power of attorney;
Term of authorization;
Principal (relationship with the principal);
Position;
Employer;
Telephone number;
E-mail.
Data shall be obtained directly from natural persons, Representatives, and/or principals.
We undertake not to transfer your personal data to any unrelated third parties except in the following cases:
There is the Data Subject’s consent to the disclosure of personal data;
When implementing the legitimate interests of the Data Controller (for example, in the case of recovery of debts);
To the authorized institutions, according to the procedure provided for by the legal acts of the Republic of Lithuania.
The Data Controller may provide personal data of natural persons or Representatives to Data Manager not specified in this Privacy Policy who provide services (performs works) to the Data Controller and process the personal data of natural persons or Representatives on behalf of the Data Controller.
For the purpose of execution of contracts made with partners (service providers) shall be processed on the basis of the contract and/or the legitimate interest of the Data Controller (Article 6(1)(b) and (f) of the General Data Protection Regulation).
PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING
The Data Controller shall seek to share only relevant news and other useful information with newsletter recipients. This shall be implemented in accordance with this Privacy Policy.
The Data Controller shall process personal data for the purposes of direct marketing only with the explicit consent of the Data Subject. For the purpose of direct marketing, the following personal data of Customers and other Data subjects shall be processed:
Name;
Surname;
Telephone number;
E-mail.
When sending a newsletter, the Data Controller can collect statistics on the behaviour of the Data Subject related to the use and content of the newsletter (for example, if the newsletter has been read, which links have been opened by the Data Subject).
The e-mail address of the Data Subject can be used to deliver advertisements through Facebook, Google, and other advertising platforms adapting the advertisements to the target audience.
According to the personal data you submit, for the purpose of personalized marketing, your personal data may be profiled in order to offer individually customised solutions and suggestions. You can cancel your consent to process your personal data in an automated way, including profiling, or contradict to such processing (if such a way is applicable) at any time.
Personal data is received directly from Data Subjects. Personal data may only be transferred by the Data Controller to third parties providing specialized services in order to send emails and customize the nature of advertisements ordered through advertising platforms.
The personal data of Customers and other Data Subjects shall be processed on the basis of the consent expressed when providing the personal data and consenting to the processing of personal data for the purpose of direct marketing (Article 6(1)(a) of the General Data Protection Regulation).
We hereby inform you that the Data Subject has the right to refuse or at any time cancel his/her consent to processing of his/her personal data for the purpose of direct marketing without specifying the reasons for refusal:
- Clicking on the “unsubscribe” link at the end of the newsletter; or
- By writing an e-mail to info@nordis-ac.com or by calling + 370 37 373248.
Cancellation of the consent shall not affect the legality of the consent-based data processed prior to the withdrawal of the consent.
PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF PROTECTION OF PERSONNEL, CUSTOMERS AND PROPERTY (FOR THE PURPOSE OF VIDEO SURVEILLANCE)
The Data Controller shall process the image data of his personnel, the Customers and other persons who have entered the video surveillance field for the purpose of protection of the personnel, the Customer and other persons who have entered the video surveillance field and their property (video surveillance).
Please be advised that your image data is captured by the Data Controller’s video surveillance equipment when you visit the Data Manager‘s car lot. The image data may only be transferred to law enforcement authorities in accordance with the procedure provided for in the legal acts of the Republic of Lithuania.
The Data Controller can provide the image data of his personnel, the Customers and other persons who have entered the video surveillance field to the Data Managers not specified in this Policy who provide services (performs works) to the Data Manager and manages the image data of personnel, the Customers and other persons who have entered the video surveillance field on behalf of the Data Controller.
Personal data for the purpose of video surveillance shall be processed on the basis of the Data Controller’s legitimate interest (Article 6(1)(f) of the General Data Protection Regulation).
PROCESSING OF THE PERSONAL DATA OF APPLICANTS FOR THE PURPOSE OF RECRUITMENT
The Data Controller shall process the personal data submitted by the Applicant voluntarily for the purpose of recruitment to the extent that the personal data has been provided.
The data shall be obtained directly from the Applicants and/or from third parties providing recruitment mediation services. This data shall not be forwarded to third parties.
The Applicants’ data shall be processed on the basis of the consent given when submitting the data and/or the Applicant’s application before entering into a contract (Article 6(1)(a) and (b) of the General Data Protection Regulation).
WHAT DO WE DO TO PROTECT YOUR INFORMATION?
Personal data shall be protected against loss, unauthorized use and alteration. We have implemented organizational and technical measures to protect all information we collect for the purpose of provision of our services. Please be advised that while we are taking appropriate actions to protect your information, no website, online transaction, computer system or wireless connection is completely safe.
The Data Controller applies different terms for the storage of personal data, in accordance with the requirements of the legislation and taking into account the purposes for the processing of personal data.
Terms of personal data storage:
Purpose of personal data processing | Term of storage |
Processing of Data Subjects‘ personal data for the purpose of consultation and enquiry processing | 1 year from the date of the consultation or enquiry processing unless the Data Subject applies for the provision of the Data Controller‘s services. In this case, the general 10-year term is applied. |
Processing of Customers‘ personal data for the purpose of sale of goods and provision of services | 10 years from the last contact |
Processing of natural persons or the Representatives‘ personal data for the purpose of execution of contracts with partners | During the term of a contract and 10 years after the termination of the transaction |
Processing of Data Subjects‘ personal data for the purpose of direct marketing | 5 years from the date of receipt of the consent, unless the Data Subject wishes to extend this term |
Processing of personal data for the purpose of personnel, customer and property security (video surveillance) | 30 calendar days. If video record data is used as evidence in a civil, administrative or criminal case or in other statutory situation, video data may be stored to the period necessary for these purpose of data processing and will be destroyed immediately when it becomes unnecessary |
Processing of personal data of Applicants for the purpose of recruitment | 4 months after the applicant is recruited. The applicant‘s consent is required for a longer period of storage of the curriculum vitae of the applicants and other data |
Exceptions to the terms of storage may be determined to the extent that they do not violate the rights of the Data Subjects and comply with legal requirements.
After the expire of the established terms, if they were not extended, the data will be destroyed in such a way that they cannot be reproduced.
YOUR RIGHTS
The Data Subject, whose data is processed by the Data Controller, has the following rights:
- The right to know (to be informed) about the processing of his/her data;
- The right to familiarise with his/her data and how it is processed;
- The right to correct or to supplement incomplete personal data, taking into account the purposes for processing of personal data;
- The right to destroy personal data and the right to be forgotten, i.e. to stop the data processing operations (except the storage);
- The right to restrict the processing of personal data in presence of a legitimate reason;
- The right to data transfer, when the Data Subject submits personal data to the Data Controller in a structured, commonly used and computer-readable format;
- The right not to consent to the processing of personal data when the data is processed or intended to be processed for the purposes of direct marketing, including profiling, insofar as it relates to such direct marketing;
- The right to file a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.
The Data Subject has the right to submit any request or instruction relating to the processing of personal data to the Data Controller in writing in one of the following ways: by e-mail: info@nordis-ac.com.
Upon receipt of such request or instruction, the Data Controller shall provide an answer and perform or refuse the actions specified in the request no later than within one month from the date of the request. If necessary, the specified period may be extended by another two months depending on the complexity and number of requests. In this case, the Data Controller shall inform the Data Subject about such extension within one month from the receipt of the request, together with the specification of the reasons for the delay.
The Data Controller may not to create the conditions for the data subjects to exercise the above mentioned rights, except a refusal to process personal data by direct marketing, when in cases provided for by law it is necessary to ensure the prevention, investigation and detection of crimes, violations of professional or professional ethics, as well as the rights and freedoms of the data subject or other persons.
THIRD PARTY WEBSITES, SERVICES AND PRODUCTS ON OUR WEBSITE
The website of the Data Controller may contain third-party advertisements and links to their websites and services that are not controlled by the Data Controller, such as a link to the Data Controller‘s Facebook profile. The Data Controller shall not be liable for the safety and privacy of information collected by third parties. You must read the privacy policies applicable to third-party websites and services that you use.
If you submit your personal information via Facebook, we understand that you agree that we contact you by phone and e- mail and provide our service offers.
COOKIES
When you visit the Data Controller‘s website, we want to provide you with the content and features that are customized to your needs. This requires cookies. Cookies are small elements of information that are automatically generated when you browse the website and are stored on your computer or other terminal device. They help the Data Controller recognize you as a previous visitor of a certain website, save the history of your visit to the website and adapt the website‘s content accordingly. Cookies also help ensure the smooth running of websites, allow monitoring the duration and frequency of visits to websites, and collecting statistical information about the number of visitors.
Description of cookies used on our website
Name of cookie | Description/Purpose of use | Moment of generation | Period of validity
|
Used data |
PHPSESSID |
Cookie type – sessional. This cookie is necessary. Records the visitor’s session. | At the moment of entering a page | Valid until the Internet browser is enabled. | Unique identifier |
cookie_agreebr2018 | Maintains user consent with Privacy Policy / Cookies. | At the moment of entering a page | One month. | Unique identifier |
Google cookies and other third-party cookies
|
||||
_utma, _utmb, _utmc
|
Analytical cookie. Google Analytics cookies that track user sessions and identify unique visitors. | At the moment of first entering a page | Correspondingly, 2 years, 30 minutes, until the browser is closed | The account uses unique ID numbers and IP addresses. The accounting result is statistical. Meter accounting is performed through Google Analytics. |
_utmt
|
Analytical cookie. A Google Analytics cookies designed to identify which online source the user came from, which link was clicked, which search engine he used, what keyword was used, as well as the user‘s location during the visit. | At the moment of entering a page | 6 months | The account uses unique ID numbers and IP addresses. The accounting result is statistical. Meter accounting is performed through Google Analytics. |
_utmz
|
Analytical cookie protecting variable data of the visitor | At the moment of entering a page | 6 months | The account uses unique ID numbers and IP addresses. The accounting result is statistical. Meter accounting is performed through Google Analytics. |
How to manage and delete cookies
When you use a browser to access the content we provide, you can configure your browser to accept all cookies, reject all cookies or notify when a cookie is downloaded. Each browser is different, so if you do not know how to change the cookie preferences, see the help menu. Your device’s operating system may contain additional cookie controls. If you do not want information to be collected via cookies, use the simple procedure contained in most browsers which allows you to opt out the use of cookies. If you wish to learn more about the control of cookies, visit: http://www.allaboutcookies.org/manage-cookies/.
However, please note that in some cases, deleting cookies may slow down the speed of browsing, restrict the functionality of certain website features, or block the access to the website.
FINAL PROVISIONS
Supplements or changes to the Privacy Policy shall come into force on the day they are published on the website.
If the Data Subject uses the Website and/or the services provided by the Data Controller after the supplement and/or alteration of the Privacy Policy, it shall be deemed that the Data Subject does not object to such supplements and/or alterations.
CONTACT US
If you have any questions about this Privacy Policy, please do not hesitate to contact us in any way convenient to you:
Phone: + 370 37 373248
E-mail: info@nordis-ac.com
District