INFORMATION PREPARED AND PRESENTED BY THE COMMUNITY
DATA PROTECTION REGULATION EU 2016/679
We are writing to inform you that the JSC “Invertus” (Data Controller) code 300117946, home address of the K. Donelaičio g. 62-522, LT-44248 Kaunas is collected, processed and stored by the data subject. These data are collected for the following purposes:
1. for undertaking the functions, services and obligations and contracts, or for acting before the conclusion of the agreement;
2. to comply with the legal obligation imposed on the controller;
3. for the legitimate interest of the controller or third party;
4. to protect the vital interests of the data subject or another natural person;
5. to perform a task performed in the public interest or in the exercise of public authority entrusted to the controller.
All personal data provided by the Customer (including special personal data) are processed and stored in accordance with the provisions of the Law on the Legal Protection of Personal Data of the Republic of Lithuania, EU 2016/679 and the local legal acts of the Service Provider regulating the processing and protection of personal data. The Executor undertakes to ensure the security of the personal data processed through the implementation of appropriate technical and organizational measures to protect personal data against unauthorized destruction, accidental modification, disclosure and any unauthorized handling.
According to the requirements of the EU 2016/679 Regulation, prior to providing you with services, we must obtain your consent for the processing and storage of data. This consent is given in the form of a separate consent form that provides accurate information about the types of data being processed, the purpose of data processing, the periods of data storage and the potential recipients and processors of the data that can handle the data by providing or assisting in the provision of services or in cooperation with our company.
1. RIGHT OF THE DATA SUBJECT TO KNOW DATA AND THAT THERE ARE PROVIDED (ARTICLE 15 OF THE REGULATION)
A data subject who has submitted an identity document to the data controller or processor, or in the manner prescribed by legal acts or electronic means of communication, which allows a person to be properly identified, having confirmed his identity, has the right from the controller to receive confirmation that the personal data relating to him / her are processed, and if such personal data is processed, they have the right to access their personal data, from which sources and what personal data they collect, for what purpose they are processed, to which data recipients have been provided and provided at least during the last 1 year. When the transfer of personal data to a third country is to be performed, the data subject is entitled to be informed of the appropriate security measures relating to the transfer of data. The data controller, upon request, provides a copy of personal data processed free of charge once a calendar year. For any other copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject applies by electronic means and, except where the data subject requests it to be provided otherwise, the information is provided in a standard manner in an electronic form.
2. RIGHT OF THE DATA SUBJECT TO REPLACE ANY DATA (ARTICLE 16 OF THE REGULATION)
The data subject has the right to require the data controller to correct unjustified promptly the inaccurate personal data relating to him. In view of the purposes for which the data were processed, the data subject has the right to request that incomplete personal data be supplemented, including by submitting a supplementary statement.
3. THE RIGHT TO REQUIRE DELETION OF DATA (“RIGHT TO BE MADE”) (ARTICLE 17 OF THE REGULATION)
The data subject has the right to require the controller to erase without undue delay the personal data relating to him / her and the data controller is obliged to erase personal data without undue delay if this can be justified for one of the following reasons:
(a) personal data is no longer needed to achieve the purposes for which they were collected or otherwise processed;
(b) the identity of the data subject withdraws his/ her consent and there is no other legal basis for the processing of the data;
(c) the data subject disagrees with the processing of data in accordance with Article 21;
(d) the processing of personal data was unlawful;
f) Personal data was collected when the data subject was under 16 years of age and the data of the minors were collected without the consent of the parents or guardians.
However, this right does not apply if data processing is necessary:
(a) to exercise the right to freedom of expression and information;
(b) for complying with the law of the Union or a Member State which applies to the controller, the legal obligations imposed on the processing of the data or for the performance of a task performed in the public interest or the exercise of public authority entrusted to the controller;
(c) for reasons of public interest in the field of public health;
(d) for the purposes of archiving in the public interest, scientific or historical research or statistical purposes;
e) for claiming, enforcing or defending legal requirements.
4. THE RIGHT TO LIMIT DATA PROTECTION (ARTICLE 18 OF THE REGULATION)
The data subject has the right to require the data controller to restrict the processing of data when one of the following applies:
(a) the identity of the person objects to the accuracy of the data for a period during which the controller can verify the accuracy of personal data;
b) the processing of personal data is illegal, and the data subject does not agree to delete the data and, instead, requests the restriction of their use;
(c) the data controller is no longer required for the processing of personal data for processing data, but is necessary for the data subject to bring, execute or defend legal requirements; or
(d) the data subject has opposed the processing of the data until it has been verified that the legitimate reasons of the controller override the data subject’s reasons.
5. RIGHT TO DATA TRANSMITTING (ARTICLE 20 OF THE REGULATION)
The data subject has the right to receive personal data relating to him, which he provided to the controller in a format that is commonly used and readable by the computer, and has the right to transfer that data to another data controller, and the controller to whom the personal data has been provided must not create obstacles, when:
(a) processing is based on consent;
(b) the data are processed by automated means.
This right cannot adversely affect other rights and freedoms.
In exercising its right to data portability, the data subject has the right to transfer data directly from one controller to another, whenever technically feasible.
This right does not apply when the processing of data is necessary for the performance of a task performed in the public interest or in the exercise of public authority entrusted to the controller.
6. THE RIGHT TO NOTIFY AND REDUCE YOUR CONDUCT FOR DATA PROCESSING (ARTICLE 21 OF THE REGULATION)
The data subject is entitled to refuse at any time, for reasons relating to his case, to process personal data relating to him when such processing is carried out in accordance with Article 6 (1) (e) or (f), including profiling in accordance with those provisions. The controller no longer manages personal data unless the controller proves that the data is being processed for compelling legitimate reasons beyond the interests, rights and freedoms of the data subject or to bring, enforce or defend legal requirements.
When personal data is processed for direct marketing purposes, the data subject has the right at any time to disagree with the processing of personal data relating to him for such marketing purposes, including profiling, insofar as it relates to such direct marketing.
Where the data subject opposes the processing of data for direct marketing purposes, personal data is not processed for such purposes.
Where personal data is processed for scientific or historical research or statistical purposes in accordance with Article 89 (1), the data subject, on the grounds relating to his case, has the right to object to the processing of personal data relating to him, unless the processing of the data is necessary to carry out task performed for reasons of public interest.
Note: The rights of the data subjects are subject to various restrictions, which you can find out more by contacting the following contacts. Please be informed that your refusal to accept data processing may restrict or completely terminate your access to our services, if without your data we will not be able to execute the service or fulfil our obligations. However, if your data processing is stopped for direct marketing purposes, you will continue to be able to use our services, but you will no longer be able to receive direct marketing related discounts or the like.
7. THE RIGHT TO SUBMIT ANY COMPLAINT TO THE DATA PROTECTION BODY OF THE CONTROLLING AUTHORITY
Data processing and protection in the Republic of Lithuania are supervised and controlled by the State Data Protection Inspectorate (SJA). If you have decided that the company has violated your rights to data processing, you have the right to apply to the VDAI.
8. FINAL PROVISIONS
If you want to exercise your rights, our employee will submit a document form in which you will specify your requests for data processing in the company. We will respond to the decision within 30 calendar days. You can obtain more information about the rights of the data subject:
Company person for processing data Tel. No. +370 650 59071 and e-mail to [email protected].