1. General provisions
1.2. The Company engages in economic commercial activities, which includes the recycling of polyethylene, plastic waste, plastic goods production, metal product processing, collection and registering data regarding waste and product flows, as well as other services. For the provision of these services, the Company manages personal data according to the legal basis, specified in the Policy and data processing objectives, as well as the legal acts applicable to the Company.
1.3. This Policy is aimed at the persons who use or plan to use the services of the Company or visit the Company’s webpage plasta.lt.
2. Personal data processing principles
2.1. The company processes personal data according to the EU general data protection regulation (EU) 2016/679 (hereinafter – Regulation), the Law on the legal protection of personal data of the Republic of Lithuania and other legal acts, regulating the processing of personal data.
2.2. The volume of processed personal data depends on the ordered or used services of the Company and what information is provided by the visitor of the webpage, when ordering and/or using the Company’s services, visiting or registering at the webpage.
2.3. The Company, inter alia, is guided by these main data processing principles:
- Personal data is collected for clearly defined and legitimate purposes only.
- Personal data is only processed lawfully and honestly.
- Personal data is constantly updated.
- Personal data is stored securely and for no longer than required by the data processing objectives or legislation.
- Personal data is processed only by employees of the Company who have been granted such a right in accordance with their work functions.
2.4. The data is collected by the Company only in case one or more lawful processing criteria are present: (i) in order to ensure the provision of the services according to an agreement (i.e. in order to implement the agreement or seeking to take action at the request of the data subject prior to concluding an agreement); (ii) after receiving the consent of the data subject; (iii) processing is necessary for compliance with a legal obligation to which the controller is subject; (iv) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (v) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (see Regulation article 6, part 1, http://www.privacy-regulation.eu/lt/6.htm).
2.5. By processing and safekeeping personal data, the Company executes organizational and technical measures, which ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, as well as from any other unlawful processing. The access to the personal data processed by the Company is granted only to those Company employees and auxiliary service providers, who need it to perform their working functions or provide services to the Company.
2.6. The Company’s client or potential client, employees, as well as other natural persons are responsible for their provided personal data to be specific, correct, and explicit. In case the personal data they provide changes, they are obliged to immediately inform the Company regarding the matter. The Company will not be held liable for the damage caused to the person and/or third parties because the person specified incorrect and/or incomplete personal data or did not address the Company regarding the update and/or changing his personal data correspondingly when it changed.
3. Personal data sources
3.1. Personal data is usually received directly from the data subject (Company’s client or potential client, employee or candidates), who provides the data by visiting the webpage, using the Company’s services, providing services to the Company, working or seeking to be employed at the Company.
3.2. In the cases provided for by law, or based on agreement, the personal data can also be received from third parties (i.e. temporary employment companies, employment agencies, state institutions and registers).
3.3. Although the client is not obliged to provide any of his personal data to the Company, it may be so, that some services could not be provided to him or he would not be able to be employed at the Company if the personal data would not be submitted.
4. Personal data processing objectives
4.1. The Company manages personal data for the following main objectives:
- For the purpose of administering and executing contractual relations, in order to properly fulfill the contractual obligations, maintain relations with suppliers, partners and clients in the development of business, services and cooperation;
- For providing services, specified on the webpage;
- For internal and employee administration purposes;
- For direct marketing and marketing purposes;
- Compliance with legal requirements in waste management and other areas and providing data to public authorities (data controllers);
- Video surveillance is installed in production and general use premises for assuring the Company’s equipment and property security.
5. Personal data provision and data recipients
5.1. The Company has the right to transfer the personal data of its client representatives or employees to third parties, which need to process clients’ personal data for the purposes, specified in this Policy or legal acts.
5.2. The Company undertakes to transfer the clients’ data to third parties only in the volume and only in cases, when it is needed to provide corresponding services and/or to execute obligations (duties), specified in legal acts. In case personal data is not needed for the provision of a specific service, the data will not be transferred. The Company transfers personal data to the above-mentioned third parties according to a data provision agreement or under a specific legal act, strictly abiding the requirements of legal acts.
5.3. The Company undertakes to adhere to the confidentiality obligation concerning the personal data of its clients, employees, potential clients or employees. Personal data can be disclosed to third parties only when it is needed to conclude and implement an agreement in the favor of the data subject or due to other legal reasons.
5.4. The Company can provide its processed personal data to its data processors (sub-contractors), who provide the Company with IT, accountancy, debt collection and other supportive services and manage the personal data on behalf of the Company. Data processors have the right to process personal data only according to the instructions of the company and only in the volume, which is needed in order to properly execute contractual obligations. The Company involves only those data processors, who adequately ensure that the appropriate technical and organizational measures are implemented in such a way, that the data processing would comply with the requirements of the Regulation and the data subject’s rights protection would be ensured.
5.5. The Company can also provide the client’s data by responding to the requests of the court, bailiffs or state institutions in the volume, which is mandatory in order to properly implement the currently effective legal acts and state institution directions.
6. Personal data processing for direct marketing purposes
6.1. For direct marketing purposes, the Company may process the contact data of the data subject. The consent to the use of personal data for direct marketing purposes is expressed by e-mail firstname.lastname@example.org, by subscribing to the newsletter sent by the Company, by subscribing to the news on the Company’s social networking accounts, providing the consent on the Company’s webpage (by ticking the box), by signing a form or contract with the Company, as well as informing the Company’s administration by other written means. Granting consent for direct marketing is voluntary and it will not affect the relationship between the data subject and the Company.
6.2. The Company may send informational messages if the person has given consent to the Company to use his data for the purpose of direct marketing, and to the Company’s clients without a separate consent for the marketing of similar services if the Clients are provided with a clear, free and easily implementable possibility to disagree or decline such use of their contact data and if they did not object to such use of their contact data from the start, with such a possibility to disagree or decline provided with every message.
6.3. The Company can send messages for direct marketing purposes via electronic mail.
6.4. A person can revoke his consent regarding the direct marketing at any time, by informing the Company via e-mail: email@example.com or by contacting the Company in any other way.
7. Personal data protection term
7.1. The personal data, collected by the Company, is kept safe in printed documents and/or at the Company’s informational systems in an electronic format. Personal data is processed for no longer than needed to achieve the processing objectives or no longer than it is required by the data subjects and/or prescribed by legal acts. Usually, personal data is processed for 10 years after the end of the contractual relations.
7.2. Although the client can terminate the agreement or refuse any services from the Company, the Company is still obliged to keep the client’s representatives’ personal data due to possible demands and/or legal claims arising in the future, until the data safe keeping terms expire.
7.3. The Company seeks not to keep outdated or unneeded information and ensures that the personal data and other information about the clients would be constantly updated, correct and collected in a timely fashion.
8. Data subjects’ rights
8.1. A data subject, inter alia, has the following rights:
- To receive information regarding his personal data processed by the Company and to know from where and in what way was the personal data collected and on what basis is the data processed;
- To address the Company with a request to correct his personal data, terminate its processing, delete the data, if the data is incorrect, incomplete or inaccurate, or in case it is not needed for the objectives the data was collected for. In such a case, the data subject has to file a request, and the Company will check the provided information and take needed actions upon the receipt of such request. The Company finds it very important to have the personal data, which is accurate and true.
- To address the Company with a request to terminate the personal data or to stop such data processing activities, except for storing – in cases, when the person determines that the personal data is processed unlawfully or dishonestly, after familiarizing himself with the data.
- To refuse to have his data processed, whenever such data is processed or is intended to be processed for the purposes of direct marketing or due to a legitimate interest, pursued by the Company or a third person, to whom the personal data is provided;
- To revoke given consent regarding the processing of personal rights for the purposes of direct marketing at any given time;
- In case the data subject is worried by the Company’s actions (inactions), which might violate this Policy or the provisions of legal acts, he can address the Company and receive free help.
8.2. A person can implement all of his rights as a data subject by addressing the Company via e-mail: firstname.lastname@example.org.
8.3. In case the issue could not be settled with the Company, the client has the right to address the State data protection inspectorate (ada.lt), which is responsible for the supervision and control of personal data protection regulating legislation.
9.2. The information collected by the cookies allows to ensure more convenient browsing on the Company’s webpage and know more about the behavior of the Company webpage’s visitors, analyze tendencies and improve both the webpage and the Company’s provided services or the information, provided on the webpage. The company processes anonymous personal data with the help of cookies.
9.3. In case the webpage visitor does not agree for cookies to be recorded at his computer or any other end device, he can change his web-browser’s settings and turn off all cookies or turn on/off them separately. However, the Company brings attention to the fact that in some cases that may result in slowing down of the webpage browsing, limit some of the webpage functions or block access to the webpage from some websites. You can find explicit information regarding the cookies used at the Company’s webpage here: AllAboutCookies.org or here google.com/privacy_ads.html.
10. Final provisions
10.1. This Policy is subject to the legislation of the Republic of Lithuania and European Union.
10.2. Company has the right to change this Policy at any time, therefore, we kindly ask of the webpage visitors to periodically check if the Policy has changed and familiarize yourself with the new and/or changed provisions of the Policy.