The purpose of the Privacy policy is to inform how personal data of data subjects are collected and processed, how long they are stored, to whom they are provided, what rights the data subjects have and where to apply for their implementation, or other matters related to the processing of personal data.

Personal data are processed in accordance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.

Private limited liability company “Timbela ir Ko” follows the following basic principles of data processing:

  • personal data must be processed accurately, fairly and transparently (principle of legality, integrity and transparency);
  • personal data are collected only for clearly defined and legitimate purposes (purpose limitation principle);
  • personal data must be adequate, relevant and not excessive in relation to the purposes for which they are processed(principle for reduction of data quantity);
  • personal data are processed accurately and constantly updated (principle of accuracy);
  • personal data are stored safely and for no longer than required by the purposes of the data processing or legal acts (principle of limiting the length of storage);
  • personal data are processed by using appropriate technical or organisational measures to ensure adequate security of personal data (principle of integrity and confidentiality).
    • Data Controller – Private limited liability company “Timbela ir Ko” (hereinafter the Company), legal entity code 135499197, registered address Savanorių pr. 407-3, Kaunas.
    • The data subject is any natural person whose data are processed by the Company. The data controller collects only those data subject which are necessary for the operation of the Company and (or) visiting, using, while browsing the Company’s websites, Facebook etc. (hereinafter the Website). The Company ensures that the personal data collected and processed will be safe and will only be used for a specific purpose.
    • Personal data means any information that directly or indirectly relates to a data subject whose identity is known or who can be directly or indirectly identified using the relevant data. Personal data processing means any activities performed on personal data (including collection, editing, recording, storage, modification, access, sending up queries, transfers, archiving, etc.).
    • Consent – any voluntary and deliberate confirmation by which the data subject agrees that his personal data are processed for a specific purpose.
    • Personal data are provided by the data subject himself. The data subject applies to the Company, uses the services provided by the Company, purchases goods, etc.
    • Personal data are obtained when the data subject visits the Company’s website.The data subject applies to the Company for information, completes the form on the Website or leaves their contact details for other reason, etc.
    • Personal data are obtained from other sources. Data are obtained from other institutions or companies, publicly accessible registers, etc.
    • When submitting the personal data to the Company, the data subject agrees that the Company uses the collected data in fulfilling its obligations to the data subject in providing the services the data subject expects.
    • The personal data are managed by the Company for the following purposes:
      • Concluding and executing services, contracts, data contracts with the data subject; storage of contacts by ensuring the possibility for contact; Tax accounting and payment control. For this purpose, the following data are processed:
        • Full name (s);
        • Contact data (phone number, e-mail address);
        • Workplace and position title (if the information is provided as a legal entity representative);
        • Residence address (VAT invoice);
      • Administering of inquiries, comments and complaints. For this purpose, the following data are processed:
        • Name(s);
        • Contact data (e-mail address);
        • Text of the question, comment, or complaint.
      • For other purposes, in which the Company has the right to process personal data of the data subject when the data subject has expressed his consent, when the data is to be processed for the legitimate interests of the Company, or when the data are processed by the Company according to the requirements of the relevant legislation.
    • The Company undertakes to comply with the confidentiality obligation with respect to data subjects. Personal data may only be disclosed to third parties if it is necessary for the conclusion and drawing up of the contract for the benefit of the data subject or for other legitimate reasons.
    • The Company may submit personal data to its data processors, who provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the instructions of the Company and only to the extent necessary for the proper fulfillment of obligations laid down in the Contract. The Company shall use such processors that provide reasonable assurance that appropriate technical and organizational measures will be implemented in such a way that the processing of data complies with the requirements of the Regulation and will ensure the proper protection of the data subject’s rights.
    • The Company may also provide personal data in response to requests from courts or public authorities to the extent necessary to properly enforce existing legislation and instructions from public authorities.
    • The Company guarantees that personal data will not be sold or leased to third parties.
    • Persons under the age of 14 cannot provide any personal data through the Company’s website. If a person who is under 14 years of age, in order to use the services of the Company, before submitting personal information it is compulsory to provide a written consent of one of the representatives (father, mother, guardian (s)) on the processing of the personal data.
    • The personal data collected by the Company are stored in printed documents and/or in the Company’s information systems. Personal data is processed for no longer than necessary for the purpose of data processing or for no longer than required by data subjects and/or provided by law.
    • Although the data subject may terminate the contract and refuse from the Company’s services, the Company continues to be obliged to keep the date of the data subject for possible future claims or legal claims until the expiration of the data storage periods.
    • The right to receive information on the processing of data.
    • Right to access the data processed.
    • The right to request the correction of data.
    • The rights to request to delete the data (the right to be forgotten). This right does not apply if the personal data requested to be deleted are also processed on other legal grounds, such as the processing necessary for the performance of the contract, or when the obligations according to the applicable law.
    • Right to restrict the data processing.
    • The right to disagree with data processing.
      Right to data portability.
    • The right to data portability may not adversely affect other rights and freedoms. The data subject has no rights to the portability of data in relation to personal data processed in a non-automatic weigh ins systematized files, such as paper files.
    • The right to require that only automated data processing, including profiling, is applied.
    • The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
  8. The Company must ensure the disability for the data subject to exercise the rights of the data subject specified in the Rules, except in cases established by law, when it is necessary to guarantee state security or defense, public order, prevention, investigation, detection or prosecution of criminal offenses, important economic or financial interests of the state, prevention, investigation and detection of breaches of professional ethics, protection of the rights and freedoms of the data subject or other persons.
    • The data subject, in connection with the implementation of his rights, may apply to the Company:
      • when submitting a written request in person, by post, via a representative or by electronic means – by e-mail: info@localhost;
      • orally – by tel. +370 37 338193.
      • in writing – at Savanorių pr. 407-3, Kaunas.
    • In order to protect the data against unauthorized disclosure, the Company must verify the identity of the data subject upon receipt of the data subject’s request for data or implementation of other rights.
    • The Company’s answer to the data subject must be given not later than within one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
    • The data subject must:
      • inform the Company about changes in the submitted information and data. It is important for the Company to have valid and effective information of the data subject;
      • to provide the necessary information so that at the request of the data subject the Company can identify the data subject and a certain that it communicates or co-operates with the specific data subject (to provide a personal identity document, or in accordance with the procedure laid down by legal acts or by electronic means of communication that allows the data subject to be properly identified). It is necessary for the protection of data of the data subject and other persons so that the disclosure of the data subject’s information is restricted to the data subject, without prejudice to the rights of others.
    • By transferring personal data to the Company, the data subject agrees with this Privacy Policy, understands its provisions and agrees to comply with it.
    • In developing and improving the Company’s activities, the Company has the right at any time to unilaterally supplement or make changes to this Privacy Policy.
    • The additions or changes to the Privacy Policy come into force from the day they are published, i.e., from the date they are placed on the Website of the Company.