Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter - the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.
UAB "SKINDEVS" adheres to the following basic data processing principles:
– personal data is collected only for clearly defined and legitimate purposes;
– personal data is processed only legally and fairly;
– personal data are constantly updated;
– personal data is stored safely and for no longer than the established purposes of data processing or legal acts require;
- personal data is processed only by those employees of the Company who have been granted such a right according to their work functions or by duly authorized data processors.
1.1. Data controller – UAB "SKINDEVS" (hereinafter - Company), legal entity code 304750867, registration address Naugarduko st. 41, Vilnius.
1.2. Data subject – any natural person whose data is processed by the Company. The data manager collects only those data of the data subject that are necessary for the Company's activities and/or visiting, using, browsing the Company's websites, Facebook, Instagram pages, etc. (hereinafter referred to as the Website). The company ensures that the collected and processed personal data will be secure and will be used only for a specific purpose.
1.3. Personal data - any information directly or indirectly related to a data subject whose identity is known or can be directly or indirectly determined using the relevant data. Processing of personal data - is any operation performed on personal data (including collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).
1.4. Consent - any freely and knowingly given confirmation by which the data subject agrees to the processing of his personal data for a specific purpose.
1.5. Cookies (English - Cookies) – The company's website uses small pieces of textual information that are automatically created when browsing the website and are stored on the computer or other device used by the data subject (website visitor). Cookies are used with the purpose of improving the browsing experience of website visitors, analyzing website visitor traffic and behavior on the website.
2. SOURCES OF PERSONAL DATA
2.1. Personal data is provided by the data subject himself. The data subject applies to the Company, uses the services provided by the Company, purchases goods and/or services, leaves comments, asks questions, subscribes to newsletters, applies to the Company for information, etc.
2.2. Personal data is obtained when the data subject visits the Company's website. The data subject fills in the forms therein or leaves his contact details etc. for any reason.
2.3. Personal data is obtained from other sources. Data is obtained from other institutions or companies, publicly available registers, etc.
3. PROCESSING OF PERSONAL DATA
3.1. By submitting personal data to the Company, the data subject agrees that the Company will use the collected data to fulfill its obligations to the data subject, providing services that the data subject expects.
3.2. The Company processes personal data for the following purposes:
3.2.1. Ensuring and continuity of the company's activities. For this purpose, the following data is processed:
✓ For the purpose of concluding and executing contracts, personal data of suppliers (natural persons) may be processed: name(s), surname(s), personal identification number or date of birth, place of residence (address), telephone number, e-mail address, workplace, responsibilities, the bank current account and the bank where this account is located, the date, amount, currency and other data provided by the person himself, which the Company receives in accordance with legislation in the course of the Company's activities and/or which the Company is required to process by law and/or other legislation. For example data contained in the business certificate (type of activity, group, code, name, periods of activity performance, date of issue, amount), individual activity certificate number, data or data subject is a VAT payer, etc. data required for the proper performance of the obligations set forth in the contract and/or legal acts.
✓ In order to sell the products sold by the Company personal data of customers (natural persons) may be processed: first name(s), last name(s), date of birth, telephone number, e-mail address, place of residence (address).
3.2.2. Administration of inquiries, comments and complaints. For this purpose, the following data is processed:
✓ Name(s), surname(s) and/or username, e-mail address, phone number, address, subject of message, comment, feedback or complaint, text of message, comment, feedback or complaint.
3.2.3. Sale of gift vouchers. For this purpose, the following data is processed:
✓ First name(s), last name(s), value of the gift certificate, first name(s), surname(s) of the purchaser of the gift certificate, date of sale, number of the gift certificate, email address, phone number, expiration date of the gift certificate , billing details, coupon recipient name.
3.2.4. Execution of games, contests. For this purpose, the following data is processed:
✓ Name(s), last name(s) and/or username, phone number, e-mail address, data on a person's skin condition, type.
3.2.5. Electronic commerce. For this purpose, the following data is processed:
✓ Name(s), last name(s), date of birth, purchase history, delivery address, residential address, phone number, email address, product/service payment details.
3.2.6. Ensuring the quality of telephone consultations about the services provided by the Company, improving the quality of customer service, controlling that information is provided in a qualified and prompt manner (recording of telephone conversations). For this purpose, the following data is processed:
✓ Recording of the telephone conversation, phone number from which and to which the call is made, date of the telephone conversation, duration of the telephone conversation.
3.2.7. Direct marketing. For this purpose, the following data is processed:
✓ Name(s), surname(s), date of birth, residential address, e-mail address, telephone number.
3.2.8. For the purpose of ensuring the security of the company's employees, other data subjects and property (video surveillance). For this purpose, the following data is processed:
✓ Image image. Video surveillance systems do not use facial recognition and/or analysis technologies, the video data captured by them are not grouped or profiled according to a specific data subject (person). The data subject is informed about the ongoing video surveillance by means of information signs with a video camera symbol and Company details, which are presented before entering the monitored territory and/or room. The premises where the data subject expects absolute protection of personal data are not included in the surveillance field of video cameras.
3.2.9. For other purposes, by which the Company has the right to process the personal data of the data subject, when the data subject has expressed his consent, when the data needs to be processed due to the legitimate interest of the Company or when the Company is obliged to process the data by the relevant legal acts.
4.2. The following types of cookies may be used on the company's website:
4.2.1. Technical (necessary) cookies - helps the website visitor to display the website and its content, helps to ensure the functionality of the website, create an account, log in to the account and manage your orders. Technical cookies are necessary for the proper functionality of the website and their use does not require the consent of the website visitor.
4.2.2. Functional cookies – are used to help the website visitor use the Company's website, to remember the choices and preferences made during browsing. Functional cookies are not necessary for the website to be fully functional, but they add functionality and improve your experience of using the Company's website.
4.2.3. Analytical cookies – are used to obtain information about how website visitors use the Company's website. This is necessary so that we can optimize and improve the Company's website. With the help of analytical cookies, we can collect data about the web pages you have viewed, which pages you came from, which e-mails you sent. the emails you opened and responded to and information about the date and time. This also means that we may use information about you and how you use this website, such as frequency of visits, number of clicks on a particular page, search terms used, etc.
4.2.4. Commercial (targeting or advertising) cookies – are used in order to present personalized advertising to the visitor of the Company's website. This is called "re-marketing" which is based on browsing activities such as the products and/or services you search for, view.
4.3. Company employees who are responsible for analyzing this data and improving the website have access to statistical data about visitors to the Company's website.
4.4. Access to technical records may also be provided by the Company's partners who provide tools for managing the content of the Company's website.
4.5. Data collected by cookies are stored in the Company no longer than is necessary to achieve the purposes of data processing or no longer than is required by the data subjects and/or provided for by legal acts.
4.6. You can find more detailed information about cookies at: AllAboutCookies.org .
• Chrome for the browser: https://support.google.com/chrome/answer/95647?hl=en ;
• Safari for the browser: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac ;
5. USE OF SOCIAL NETWORKS
5.1. All information you submit via social media (including messages, use of the Like and Follow boxes, and other communications) is controlled by the operator of the relevant social network.
5.6. We recommend that you read the privacy notices of third parties and contact the service providers directly if you have any questions about how they use your personal data.
6. SENDING NEWSLETTERS
6.2. You can opt out of the newsletters sent by clicking the "Unsubscribe" button at the bottom of each email you receive, by replying to the received email or directly by e-mail. after contacting the Company by mail and expressing the desire to no longer receive newsletters sent by the Company.
7. ELECTRONIC TRADE
7.2. The Company uses Stripe, Paysera and PayPal platforms to accept payments. The privacy policies of payment acceptance platforms are available at:
7.3. Payments in the electronic store are processed using the makecommerce.lt platform, which is managed by Maksekeskus AS (Niine 11, Tallinn 10414, Estonia, reg. no.: 12268475), therefore your personal information, required for payment execution and confirmation, will be transferred to Maksekeskus AS.
7.4. Our website is protected by a security protocol based on the Data Encryption System certificate (TLS version 1.3).
8. PROVISION OF PERSONAL DATA
8.1. The company undertakes to observe the duty of confidentiality towards the data subjects. Personal data may be disclosed to third parties only if it is necessary to conclude and execute a contract for the benefit of the data subject, or for other legitimate reasons.
8.2. The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the Company's instructions and only to the extent that it is necessary in order to properly fulfill the obligations stipulated in the contract. The company uses only those data processors who sufficiently ensure that appropriate technical and organizational measures will be implemented in such a way that the data processing meets the requirements of the Regulation and ensures the protection of the data subject's rights.
8.3. The company may also provide personal data in response to court or state authority requests to the extent necessary to properly comply with applicable legislation and state authority orders.
8.4. The company guarantees that personal data will not be sold or rented to third parties.
9. PROCESSING OF PERSONAL DATA OF MINORS
9.1. Persons under the age of 14 may not provide any personal data through the Company's website. If a person is younger than 14 years old, in order to use the Company's services, before submitting personal information, it is mandatory to submit the written consent of one of the representatives (father, mother, guardian) regarding the processing of personal data.
10. PERSONAL DATA STORAGE PERIOD
10.1. Personal data collected by the Company are stored in printed documents and/or in the Company's information systems. Personal data is processed no longer than is necessary to achieve the purposes of data processing or no longer than is required by the data subjects and/or provided for by legal acts.
10.2. Although the data subject may terminate the contract and refuse the Company's services, the Company must continue to store the data subject's data due to possible future demands or legal claims until the data storage terms expire.
11. RIGHTS OF THE DATA SUBJECT
11.1. The right to receive information about data processing.
11.2. The right to access the processed data.
11.3. The right to demand rectification of data.
11.4. The right to request deletion of data ("Right to be forgotten"). This right does not apply if the personal data that is requested to be deleted is also processed on another legal basis, such as the processing is necessary for the performance of a contract or is the fulfillment of an obligation according to applicable legislation.
11.5. The right to restrict data processing.
11.6. The right to object to data processing.
11.7. Right to data portability. The right to data portability cannot adversely affect the rights and freedoms of others. The data subject does not have the right to data portability in relation to personal data that is processed manually in systematized files, such as paper files.
11.8. The right to request that a decision based solely on automated data processing, including profiling, not be applied.
11.9. The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
12. The company must provide conditions for the data subject to implement the above-mentioned rights of the data subject, except for the cases established by law when it is necessary to ensure the security or defense of the state, public order, prevention, investigation, detection or prosecution of criminal activities, important economic or financial interests of the state, official or professional prevention, investigation and detection of ethical violations, protection of the rights and freedoms of the data subject or other persons.
13. PROCEDURE FOR IMPLEMENTATION OF THE RIGHTS OF THE DATA SUBJECT
13.1. The data subject, in order to exercise his rights, can contact the Company:
13.1.1. by submitting a written request in person, by post, through a representative or by means of electronic communication - e-mail by mail: firstname.lastname@example.org;
13.1.3. in writing - to the address: Naugarduko St. 41, Vilnius.
13.2. In order to protect data from illegal disclosure, the Company, upon receiving a data subject's request to submit data or exercise other rights, must verify the identity of the data subject.
13.3. The company's response to the data subject is given no later than one month from the date of receipt of the data subject's request, taking into account the specific circumstances of personal data processing. This period may be extended by another two months if necessary, depending on the complexity and number of requests.
14. RESPONSIBILITY OF THE DATA SUBJECT
14.1. The data subject has:
14.1.1. inform the Company about changes in the provided information and data. It is important for the company to have correct and valid data subject information;
14.1.2. to provide the necessary information so that, at the request of the data subject, the Company can identify the data subject and make sure that it is really communicating or cooperating with a specific data subject (provide a document confirming the identity of the person or in accordance with the procedure established by legal acts or electronic means of communication that would allow the proper identification of the data subject). This is necessary for data protection of the data subject and other persons, so that the disclosed information about the data subject is provided only to the data subject, without violating the rights of other persons.
15. FINAL PROVISIONS