Privacy Policy

The purpose of the Privacy Policy is to provide information on how personal data of data subjects is collected and processed, how long they it is stored, to whom it is made available, what rights data subjects have and whom they can contact for the implementation of these rights or for other issues related to the processing of personal data.

Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the ‘Regulation’), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.

UAB Eika Group adheres to the following basic principles when processing personal data:

  • Collecting personal data only for clearly defined and legitimate purposes.
  • Processing personal data only in a lawful and fair manner.
  • Keeping personal data up to date.
  • Keeping personal data secure and for no longer than is necessary for the purposes of the data processing or as required by law.
  • Processing personal data only by employees of the Company who have been authorised to do so in accordance with their job functions or by duly authorised data processors.

1 DEFINITIONS

  • ‘Data controller’ means UAB Eika Group (hereinafter referred to as the ‘Company’), legal entity code 121191079, registration address A. Goštauto g. 40B, Vilnius.

‘Data subject’ means any natural person whose data is processed by the Company. The data controller collects only the data of the data subject that is necessary for the performance of the Company’s activities and/or when visiting, using, browsing the Company’s websites, Facebook social network account, etc. (hereinafter referred to as the ‘Website’). The Company guarantees that the personal data collected and processed will be secure and will only be used for a specific purpose.

  • ‘Personal data’ means any information relating directly or indirectly to an individual whose identity is known or can be determined directly or indirectly by reference to the data concerned. Processing of personal data means any operation performed on personal data (including collection, recording, storage, editing, modification, provision of access, retrieval, transmission, archiving, etc.).

‘Consent’ means any freely given and informed indication by which the data subject agrees to the processing of his or her personal data for a particular purpose.

2 SOURCES OF PERSONAL DATA

  • The personal data is provided by the data subject. The data subject contacts the Company, uses the services provided by the Company, purchases goods and/or services, leaves comments, asks questions, subscribes to newsletters, contacts the Company for information, etc.
  • Personal data is collected when the data subject visits the Company’s website. The data subject fills in the forms on the website or, for whatever reason, leaves his/her contact details, etc.
  • Personal data is collected from other sources. Data is obtained from other bodies or companies, public registers, etc.

3 PROCESSING OF PERSONAL DATA

  • By providing personal data to the Company, the data subject consents to the Company’s use of the collected data for the purpose of fulfilling its obligations to the data subject by providing the services that the data subject expects.
  • The Company processes personal data for the following purposes:

3.2.1 Provision of after-sales service for homes purchased by customers and managing the Company’s debtors. For this purpose, the following data will be processed:

  • For the provision of after-sales service for homes purchased by customers, the following personal data of customers (natural persons) may be processed: name(s), surname(s), telephone number, e-mail address, other data related to the sale of goods and/or provision of services.
  • When managing the Company’s debtors, transferring debts for collection, the following personal data of customers (debtors, natural persons) may be processed: name(s), surname(s), telephone number, e-mail address, amount of the debt, information on services provided and/or goods sold, other data related to the debt.
  • Contracts, VAT invoices and other related documents are stored in accordance with the terms specified in the General Records Retention Schedule approved by the order of the Chief Archivist of Lithuania.
  • Data related to the Company’s debtor management are stored for no longer than necessary for the purposes for which the personal data is processed.
  • The legal basis for data processing is the necessity to perform a contract to which the customer, as the data subject, is a party or to take actions at the customer’s request prior to entering into a contract with the customer (Article 6(1)(b) of the GDPR), where certain personal data is required to be processed by law (Article 6(1)(c) of the GDPR), and the need to pursue the Company’s legitimate interests in improving its activities and business performance (Article 6(1)(f) of the GDPR).

3.2.2 Ensuring and carrying out the continuity of the Company’s activities. For this purpose, the following data will be processed:

  • For the purpose of concluding and executing contracts, the following personal data of suppliers (natural persons) may be processed: name(s), surname(s), personal identification number or date of birth, home (address), telephone number, e-mail address, place of work, position, signature, data contained in the business licence (type of activity, group, code, name, periods of activity, date of issue, amount), individual activity certificate number, data on whether the data subject is a VAT payer, bank current account and bank, amount of the services/goods, currency and other data provided by the data subject, which the Company receives in the course of its business activities in accordance with legal acts and/or which the Company is obliged to process in accordance with the law and/or other legal regulations.
  • For the purpose of concluding and executing contracts, the following data of the supplier’s representatives may be processed: name(s), surname(s), telephone number, e-mail address, company name, address, position, data of the power of attorney (number, date, date of birth of the authorised person, signature).
  • Contracts, VAT invoices and other related documents are stored in accordance with the terms specified in the General Records Retention Schedule approved by the order of the Chief Archivist of Lithuania.
  • The legal basis for data processing is the necessity to perform a contract to which the customer, as the data subject, is a party or to take actions at the customer’s request prior to entering into a contract with the customer (Article 6(1)(b) of the GDPR), where the processing of certain personal data is required by legal acts (Article 6(1)(c) of the GDPR).

3.2.3 Execution of internship contracts. For this purpose, the following data will be is processed:

  • Name(s), surname(s), personal identification number (if not available – date of birth), signature, telephone number, e-mail address, address, educational institution, criminal records, internship period and activity.
  • Personal data of trainees contained in the texts of relevant documents (contracts, orders, applications, etc.) – whether in electronic form, paper documents or other types of media) – is stored in accordance with the provisions of the General Records Retention Schedule approved by the order of the Chief Archivist of Lithuania.
  • The legal basis for data processing is the necessity to perform a contract to which the trainee, as the data subject, is a party or to take actions at the request of the trainee prior to entering into a contract with the trainee (Article 6(1)(b) of the GDPR), and where certain personal data is required to be processed by law (Article 6(1)(c) of the GDPR).

3.2.4 Management of requests, comments and complaints. The following data will be processed for this purpose:

  • Name(s), surname(s) and/or user name(s), e-mail address, telephone number, address, subject of the request, comment or complaint, text of the request, comment or complaint.
  • Data relating to requests, comments and complaints will be stored for 1 year from the date of receipt. 
  • The legal basis for data processing is that the processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests or the fundamental rights and freedoms of the data subject which require the protection of personal data are overridden, in particular where the data subject is a child (Article 6(1)(f) of the GDPR) and the consent of the data subject is required (Article 6(1)(a) of the GDPR).

3.2.5 Sale of gift vouchers. The following data will be processed for this purpose:

  • Name(s), surname(s), value of the gift voucher, name(s) and surname(s) of the purchaser of the gift voucher, date of sale, number of the gift voucher, email address, telephone number, expiry date of the gift voucher, payment details, name of the recipient of the gift voucher.
  • Personal data is not available.
  • The legal basis for the data processing is the necessity to fulfil a contract to which the customer, as the data subject, is a party or to take action at the customer’s request prior to entering into a contract with the customer (Article 6(1)(b) GDPR).

3.2.6   Conducting games and competitions. The following data will be processed for this purpose:

  • Name(s), surname(s), telephone number, e-mail address.
  • The personal data of winning participants will be stored for six months after the game or competition.
  • Personal data of unsuccessful participants is not available.
  • The legal basis for the data processing is the consent of the data subject (Article 6(1)(b) GDPR).

3.2.7 Direct marketing. The following data will be processed for this purpose:

  • Name(s), surname(s), email address, telephone number.
  • The data will be kept for three years from the date of consent. This period may be extended if the personal data is or may be used as evidence or as a source of information in a pre-trial or other investigation, including an investigation conducted by the State Data Protection Inspectorate, in civil, administrative or criminal proceedings, or in any other cases established by law. In such a case, personal data may be kept for as long as necessary for such data processing purposes and will be destroyed as soon as it is no longer necessary.
  • The legal basis for the data processing is the consent of the data subject (Article 6(1)(a) of the GDPR) and the necessity to pursue the Company’s legitimate interests in improving its activities and business success indicators (Article 6(1)(f) of the GDPR).

3.2.8 Management of whistleblowers in the Company:

  • Personal data of whistleblowers: name(s), surname(s), personal identification number, place of work (including current or former service, employment, or contractual relationship with the Company), position, telephone number, personal e-mail address or home address.
  • Violation data: the violation, the place and time of violation, other information collected about the violation.
  • Person(s) who may have committed the violation: name(s), surname(s), place of work.
  • Witness(es) of the violation: name(s), surname(s), position, place of work, telephone number, e-mail address.
  • The documents and data are stored in accordance with the terms and conditions specified in the General Records Retention Schedule approved by the order of the Chief Archivist of Lithuania.
  • The legal basis for the data processing is where the processing of certain personal data is required by law (Article 6(1)(c) of the GDPR).
  • Other purposes for which the Company has the right to process the personal data of the data subject: where the data subject has given his/her consent, where the data processing necessary for the legitimate interest of the Company, or where the Company is obliged to process the data by relevant legal acts.

4 USE OF SOCIAL NETWORKS

  • Any information provided through social networking sites (including messages, use of the ‘Like’ and ‘Follow’ buttons, and other communications) is controlled by the operator of that social network.
  • Our Company currently has an account on the social networking site Facebook, whose privacy policy is available at https://www.facebook.com/privacy/explanation.
  • Our Company currently has an account on the social networking site Instagram, whose privacy policy is available at https://help.instagram.com/519522125107875.
  • Our Company currently has an account on the social networking site LinkedIn, whose privacy policy is available at https://www.linkedin.com/legal/privacy-policy.
  • Our Company currently has an account on the social networking site YouTube, whose privacy policy is available at https://policies.google.com/privacy?hl=en-US.
  • Please read the privacy policies of these third parties and contact them directly if you have any questions about their use of your personal data.

5 SENDING NEWSLETTERS

  • The Company uses the services of third parties such as Omnisend and MailerLite to send newsletters. The third parties Omnisend and MailerLite only use the email address of the recipient of the newsletter for the successful sending of the newsletter. The privacy policies of Omnisend and MailerLite are available at:
  • Omnisend privacy policy: https://www.omnisend.com/privacy/;
  • MailerLite privacy policy: https://www.mailerlite.com/legal/privacy-policy.
  • You may unsubscribe from newsletters by clicking on the ‘unsubscribe’ button at the bottom of any email you receive, by replying to the email you receive, or by contacting the Company directly by email and expressing your desire to stop receiving newsletters from the Company.

6 PROVISION OF PERSONAL DATA

  • The Company undertakes to respect the confidentiality of the data subject. Personal data may only be disclosed to third parties if this is necessary for the conclusion and performance of a contract for the benefit of the data subject or for other legitimate reasons.
  • The Company may disclose personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. Data processors will only be entitled to process personal data in accordance with the Company’s instructions and only to the extent necessary for the proper performance of their contractual obligations. The Company will only use those data processors who provide sufficient guarantees that appropriate technical and organisational measures will be implemented in such a way that the data processing complies with the requirements of the Regulation and that the rights of the data subject are protected.
  • The Company may also provide personal data in response to requests from courts or public authorities to the extent necessary for the proper performance of applicable legal acts and instructions of public authorities.
  • The Company guarantees that personal data will not be sold or rented to third parties.

7 PROCESSING OF PERSONAL DATA OF MINORS

  • Persons under the age of 14 cannot provide any personal data through the Company’s website. If a person is under the age of 14, in order to use the Company’s services, the written consent of a representatives (father, mother or guardian) for the processing of personal data is required prior to providing personal data.

8 PERSONAL DATA RETENTION PERIOD

  • The personal data collected by the Company will be stored in printed documents and/or in the Company’s information systems. Personal data will be processed for no longer than is necessary to achieve the purposes of the data processing or for no longer than is requested by the data subjects and/or provided for by law.
  • Although the data subject may terminate the contract and opt out of the Company’s services, the Company is still obliged to retain the data subject’s personal data for possible future claims or legal actions until the data retention period expires.

9 RIGHTS OF THE DATA SUBJECT

  • The right to obtain information about the processing of personal data.
  • The right of access to the data processed.
  • The right to request the rectification of data.
  • The right to request erasure of data (‘right to be forgotten’). This right does not apply if the personal data for which erasure is requested is also processed on another legal basis, such as when processing is necessary for the performance of a contract or the fulfilment of an obligation under applicable law.

9.5 The right to restrict data processing

  • The right to object to data processing.
  • The right to data portability. The right to data portability shall not prejudice the rights and freedoms of others. The data subject does not have the right to data portability with respect to personal data processed in non-automatically structured files, such as paper files.

9.8 The right to request that a decision based solely on automated data processing, including profiling, not be applied.

  • The right to lodge a complaint regarding the processing of personal data with the State Data Protection Inspectorate.
  • The Company must allow the data subject to exercise the above rights, except in cases established by law, when it is necessary to safeguard national security or defence, public order, the prevention, investigation, detection or prosecution of criminal offences, the protection of important economic or financial interests of the State, the prevention, investigation and detection of breaches of official or professional ethics, or the protection of the rights and freedoms of the data subject or of other persons.

11 PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT

  • The data subject may contact the Company to exercise their rights:
    • by submitting a written request in person, by post, through a representative or by electronic means via e-mail: ad@eikagroup.lt;
    • orally by telephone: +370 5 251 4255;
    • in writing to the address: A. Goštauto g. 40B.
  • The data subject may also contact the Company’s Data Protection Officer by e-mail: asmensduomenys@sdg.lt or by phone: +370 37 409982.
  • In order to protect data from unlawful disclosure, the Company must verify the identity of the data subject upon receipt of a request from the data subject to provide data or exercise other rights.
  • The Company’s response to the data subject shall be provided no later than within one month of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests.

12 RESPONSIBILITY OF THE DATA SUBJECT

  • The data subject shall:
    • Inform the Company of any changes to the information and data provided. It is important for the Company to have accurate and valid information about the data subject.
  • Provide the necessary information to enable the Company to identify the data subject upon request and to verify that the Company is actually communicating or cooperating with a particular data subject (either by means of a personal identification document or, in accordance with the procedure established by law or by electronic means of communication, allowing the proper identification of the data subject). This is necessary for the protection of the data subject and the data of other persons, so that the information disclosed about the data subject is provided only to the data subject, without prejudice to the rights of other persons.

13 FINAL PROVISIONS

  • By providing personal data to the Company, the data subject agrees to this Privacy Policy, understands its provisions and undertakes to comply with them.
  • The Company has the right to unilaterally amend this Privacy Policy at any time as part of the development and improvement of the Company’s activities. The Company has the right to unilaterally change the Privacy Policy, in part or in full, by notifying on the eikagroup.lt website.
  • Additions or amendments to the Privacy Policy shall be effective from the date of their publication, i.e. from the date of their publication on the eikagroup.lt website.

 

Scroll to top