MB “Gravada”, taking care of the protection of your personal data and valuing your privacy, seeks to inform you transparently about the processing of personal data.
MB “Gravada” (hereinafter referred to as “Data Controller”, “we”, “us”) hereby informs you about the processing of personal data when you use the website www.pinandtravel.lt, as well as about your rights and how you can exercise them.
Data controller details:
Company code: 305558503
Registered office address Vaikystės g. 2A, Avižienių km., LT-14184 Vilniaus r.
Tel: +370 627 51627
Data Protection Officer’s email. firstname.lastname@example.org
Supervisory authorities: the Committee for the Development of the Information Society under the Ministry of Transport and Communications and the State Data Protection Inspectorate. Data on the data controller shall be collected and stored in the State Enterprise “Centre of Registers”.
Your personal data will be processed in accordance with the requirements of the applicable legislation of the European Union and the Republic of Lithuania, as well as the instructions of the controlling authorities. Technical and administrative measures are in place to protect the data collected by us against loss, unauthorised use and alteration. The Data Controller’s employees are under a written obligation not to disclose or distribute information obtained in the workplace to third parties.
For the purposes of this document, the terms used herein shall be understood as they are defined in the General Data Protection Regulation 2016/679 (EU) (“GDPR”).
What information do we collect about you and how do we process your data?
|Purpose of processing personal data||Group of data subjects||List of personal data processed||Duration of storage of personal data||Basis for lawful processing|
|Order processing and fulfilment||Customers who have placed an order in the e-shop||Name, surname, address, email address, phone number, payment information, other free form information||2 years from the date of placing the order||Consent|
|Publicising visitor feedback||Visitors who have left a review||Name, testimonial, type of service (visit, engraving, etc.)||3 years from the date of the reply||Consent|
|Responding to enquiries||Enquirers||Name, depending on the method of enquiry and the preferred method of contact: email address and/or telephone number, other free form information||1 year||Legitimate interest* to respond to requests|
|Analysing and improving website performance, making suggestions||Website visitors||See list of cookies||See list of cookies||Consent**|
* – where we process data on the basis of legitimate interest, you have the right to object to such processing, in which case we will examine whose interests prevail in the particular situation;
** – please note that you can withdraw your consent at any time by contacting us via email. email@example.com, and you can revoke your consent to cookies by clicking on “Clear cookies” in your browser settings.
You must provide personal data if you wish to make a request, otherwise we will not be able to respond to your request.
Who do we disclose your information to?
We will disclose your information to the following entities:
- Companies that provide services at our request, such as IT service providers, delivery services, and other persons providing services we need: consultants, auditors, lawyers, etc. These companies are limited in their ability to use your information; they cannot use this information for purposes other than to provide services to us;
- To other parties where required to do so by law or as necessary to protect our interests.
When we may disclose your information to other parties:
- To comply with the law or in response to a mandatory requirement of a court proceeding (e.g. a lawful search warrant or order or other court decision);
- To confirm the legality of your actions;
- To protect the Data Controller or the rights, property or security of the Data Controller;
- We may disclose/transfer your information to a third party in the event of a reorganisation of the company, a spin-off, a sale, transfer, lease or lease of the business or part of the business or the contribution of the business as an asset to another legal entity or in the event of bankruptcy;
- In other cases, where there are legitimate grounds (e.g. Your consent or request, legitimate interest of a third party, etc.).
What do we do to protect your information?
We have put in place physical and technical measures to protect the information we collect for the purposes of providing content/services. However, please keep in mind that while we take reasonable steps to protect your information, no website, online transaction, computer system or wireless connection is completely secure.
Your rights and how to exercise them
The data subject whose data are processed in the course of the Data Controller’s activities has the following rights:
- Know (be informed) about the processing of your data (right to know);
We provide information about the processing of your personal data before or at the time of data collection by making this PP available.
- To know your data and how it is processed (right of access);
You have the right to obtain confirmation as to whether we are processing personal data relating to you. If we process your personal data, you have the right to have access to the personal data we process and to information about the purposes of processing, categories of personal data, recipients of the data, retention periods etc.
- Request rectification or, depending on the purposes of the processing of the personal data, completion of incomplete personal data (right to rectification);
You have the right to request that we rectify inaccurate personal data concerning you and, taking into account the purposes of the processing, supplement incomplete personal data concerning you.
- Request the erasure of your data (‘right to be forgotten’);
You have the right to request the erasure of the personal data processed for the reasons set out in Article 17 GDPR.
- Have the right to require the Data Controller to restrict the processing of personal data on one of the legitimate grounds (right to restrict);
In the cases referred to in Article 18(1) of the GDPR, you have the right to request the restriction of the processing of your personal data.
- You have the right to data portability (right to port);
Where personal data are processed by automated means and this is technically feasible, you may request the transfer of your personal data to another controller in a commonly used and computer-readable format.
- Right to object to the processing of personal data;
You have the right to object to the processing of personal data in accordance with Article 6(1)(e) or (f) of the GDPR, including profiling on the basis of those provisions. You also have the right to object at any time to processing for direct marketing purposes, including profiling insofar as it relates to direct marketing.
- Right to lodge a complaint with the State Data Protection Inspectorate.
If you believe that we are in breach of the GDPR or other data processing legislation when processing your personal data, you have the right to lodge a complaint with the State Data Protection Inspectorate (the registered office address is L. Sapiegos g. 17, LT-10312 Vilnius, https://vdai.lrv.lt/. However, we recommend that you contact us first before filing a complaint with the State Data Protection Inspectorate – we will try to resolve the situation.
To exercise your rights, please contact firstname.lastname@example.org. We will identify you and process your request. Please be informed that we will reply to you within one month at the latest with the action we have taken on your request.
The Data Controller may exclude data subjects from the exercise of the rights listed above where, in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of crimes, breaches of official or professional ethics, as well as the protection of the data subject’s or other persons’ rights and freedoms.
Third party websites, services and products on our website
The Data Controller’s website may contain third-party banners, links to their websites and services, which are not under the Data Controller’s control. The Data Controller is not responsible for the security and privacy of information collected by third parties. You should be careful to read the privacy statements applicable to the third-party websites and services that you use.
If you notice an error, a security vulnerability on our website or have any other questions, please contact us in any way that is convenient for you:
By post: MB “Gravada” Vaikystės g. 2A, Avižienių km., LT-14184 Vilniaus r.
Data Protection Officer’s email: email@example.com
Published on the website on 13 January 2022