Rules for the processing of personal data
1. Basic concepts
1.1. The Company means Manrasta UAB, a company established under the laws of the Republic of Lithuania, having its registered office at the Sandraugos g. 22 Kaunas LT-52100 Republic, company code 135774825, the data of which are accumulated and stored in the Register of Legal Persons.
1.2. Data subject - means the natural person whose personal data the Company manages.
1.3. Personal data - means any information relating to a natural person - a data subject known to be or may be directly or indirectly identified using such data as a personal code, one or more physical, physiological, psychological, economic, cultural or social characteristics of a person character of the character.
1.4. Personal data processing - means any act performed by the Personal Data: collecting, recording, storing, storing, classifying, grouping, merging, modifying (adding or editing), providing, publishing, using, logical and / or arithmetic operations, search, dissemination , destruction or other action or set of actions.
1.5. Automatic mode - refers to actions performed in whole or in part by automated means.
1.6. An employee means a person who has entered into an agreement with a company with a work or similar nature and is assigned to manage the Personal Data or the personal data of which is processed on the basis of a decision of the Head of the Company.
1.7. Manager means a legal or natural person who is authorized by the Company to process personal data. The manager (s) must be registered with the Inspectorate.
1.8. "Recipient" means the legal or natural person to whom Personal Data is provided. The data recipient (s) must be registered with the Inspectorate
1.9. Inspectorate - the State Data Protection Inspectorate of the Republic of Lithuania.1.1.
2. General provisions
2.1. This document governs the actions of the Company and its Employees in the management of Personal Data, using the automated Personal Data Processing Means installed in the Company, as well as the rights of Data Subjects, Personal Data Protection Risk Factors, Personal Data Protection Measures, and other matters related to the processing of Personal Data.
2.2. Personal data must be accurate, appropriate and only to the extent that it is necessary for them to collect and keep processing. If personal data is required for personal data processing, personal data is constantly updated.
2.3. The objectives of personal data processing are direct marketing, delivery of goods to the client.
2.4. Company Rules 2.3. For the purpose specified in clause, the following Data Personal Data Personal Data is processed:
(a) the name;
(b) surname;
(c) the email address;
(d) telephone number;
(e) Delivery address;
3. Processing of personal data
3.1. Personal data is processed manually and automatically using personal data processing facilities installed at the Company.
3.2. Only Personnel and Managers are entitled to manage Personal Data. Every Worker / Manager who is assigned to handle Personal Data must protect the confidentiality of Personal Data and comply with the requirements of the legislation on the protection of personal data.
3.3. The Worker / Manager must: (a) protect the confidentiality of Personal Data; (b) manage the Personal Data in accordance with the laws of the Republic of Lithuania, other legal acts and these Rules;
(c) not to disclose, transmit, or permit any means of accessing the Personal Data to any person who is not authorized to process Personal Data;
(d) immediately notify the Head of the Company or the person appointed by him of any suspected situation which may endanger the Safety of Personal Data.
3.4. Employees who automatically process personal data or from which computers can access the areas of the local area network where Personal Data is stored must use passwords. Passwords must be changed periodically, as well as in certain circumstances (for example, when a worker changes in the event of an intrusion threatened, suspicion that the password has become known to third parties, etc.). A worker on a particular computer can only know his password.
3.5. The computer maintenance officer must ensure that personal data files are not "shared" from other computers and that antivirus programs are updated periodically.
3.6. A computer maintenance worker makes copies of data files on computers. Losing or damaging these files, the responsible employee must restore them within two business days at the latest.
3.7. The protection of personal data is organized, guaranteed and carried out by the Head of the Company or the employee appointed by him.
3.8. An employee does not have the right to process personal data when the Contractor's work or a similar contract with the Company expires or the Head of the Company revokes the Employee's appointment to process Personal Data.3.9. The Manager shall not be entitled to manage the Personal Data when the Contractor's agreement with the Company is terminated.
4. Implementation of the rights of the data subject
4.1. The data subject, when submitting an identity document to the Company, is entitled to receive information from which sources and what personal data he collected, for what purpose they are processed and for whom they are provided. Access to Personal Data is made upon submitting to the Company a written request for access to Personal Data by post or email. by mail
4.2. The Company, upon receipt of a request from the Data Subject regarding the processing of its Personal Data, is responsible for the handling of personal data related to it and shall submit the requested data to the Data Subject no later than within 30 calendar days from the date of the Data Submission's request. At the request of the data subject, such data shall be provided at the written address or e-mail address. email address
4.3. The ability to repair, destroy your Personal Data or suspend your Personal Data Processing activities is made to the Data Subject upon submitting a written request to the Company by post, fax or email. by mail Upon such request, the Company immediately verifies the Personal Data and promptly rectify incorrect, incomplete, inaccurate Personal Data at the request of the Data Subject.
4.4. The Company shall immediately notify the Data Subject about the destruction or deletion of Personal Data, which was carried out at its request.
4.5. In order to destroy the data, we provide the user with the data destruction feature installed on the site to encrypt the available data.
4.6. The Company ensures all other rights, guarantees and interests of the personal data subjects guaranteed by laws and other legal acts of the Republic of Lithuania.
5. Transfer of personal data to third parties
5.1. Personal data may only be provided to recipients with whom the Company has signed respective agreements on the transfer / provision of Personal Data and the Data Protection shall ensure adequate protection of the personal data transmitted. Personal data may also be transferred to third parties in other cases provided for in the laws and other legal acts of the Republic of Lithuania.
6. Risk factors for personal data protection breach
6.1. A breach of personal data protection is an act or omission that may or may result in undesirable effects, as well as in violation of the mandatory rules of the laws regulating the protection of personal data. The degree of impact of the violation of personal data protection, damage and consequences in each particular case shall be established by a commission formed by the head of the company or his authorized person.
6.2. Protection of personal data breach risk factors: (a) unintentional when the protection of personal data vulnerable to accidental causes (processing errors, data storage media, data records deletion, destruction, incorrect routes (address) data transfers determination and so on., Or a system fault on interruption, computer virus, etc., internal rules violation, the lack of care, software tester, inadequate data storage maintenance, inadequate line capacity and protection, integration of the computer into the network, protection of computer programs, the lack of fax materials supply, etc.). ;
(B) deliberate the protection of personal data vulnerable to deliberate (illegal intrusion into the company / hotel facilities, personal data storage repositories, information systems, computer network, a malicious set of rules to the processing of personal data in violation of deliberate dissemination of computer viruses, identity theft, illegal use other Worker's Rights, etc.);
(C) unexpected random events (lightning, fire, flood, flooding, storms, wiring the ignition temperature and / or humidity changes impact, dirt, dust and magnetic fields influence of random hardware crash, other invincible and / or uncontrollable factors, etc. .)
7. Implementing measures for the protection of personal data
7.1. In order to ensure the protection of personal data, the Company implements or intends to implement the following Personal Data Protection Measures:
(a) administrative (the establishment of a secure organization of documents and computer data and their archives, as well as the organization of work in various fields of activity, familiarization of personnel with the protection of personal data in employment and after the termination of employment or similar relations, etc.);
(B) the technical and security software (servers, information systems and database administration, job, company premises, operating systems, security, protection against computer viruses and so on.);
(c) the protection of communications and computer networks (firewalling, sharing data, programs, unwanted data packets, etc.).
7.2. Personal data protection technical and software tools must ensure: (a) the installation of a backup copy of operating systems and databases, the setting up of copy technology and compliance monitoring;
(b) the continuous processing (processing) process technology; (c) the strategy for updating systems in unforeseen cases; (d) the physical (logical) separation of programs from the work mode
7.3. All Employees who have the right to process personal data or to organize and enforce their protection must strictly observe the requirements of the Personal Data Protection Measures and relevant rules, instructions or procedures established by the Company.
8. Processing deadline for personal data
8.1. The Company manages personal data during the client's participation in the loyalty program and 2 years after the client's membership in the loyalty program expires.
8.2. When Personal Data is no longer needed for the purpose of their processing, they are destroyed, except those that, in the cases specified by law, must be transferred to state archives.
9. Responsibility
9.1. Employees who violate the Law on the Legal Protection of Personal Data of the Republic of Lithuania, other legal acts regulating the processing and protection of Personal Data or these Rules apply the liability measures provided for in the laws of the Republic of Lithuania.
10. Final provisions
10.1. Supervision of compliance and, if necessary, review, trusted by the company's manager or his authorized person.
10.2 Responsible Employees with the Rules are introduced by signing.