UAB “METALISTAS LT” PRIVACY
Order No. 11 of the
General Director of
UAB “Metalistas LT”of
27 May, 2019
1.1. We respect the privacy of every user of our website and undertake to fairly and lawfully process and protect your personal data.
1.2. The controller of your personal data is metal processing company UAB “Metalistas LT”, legal entity number: 247736790, registered office address: Šermukšnių st. 19 LT-35113 Panevėžys (hereinafter – “Company”), registered according to the procedure established by law, following the provisions of the legal acts of the Republic Lithuania and the European Union regulating the processing of personal data.
1.3. The Company provides metal processing services, including, but not limited to cold stamping, assembly-welding and machining, as well as other current or future services provided by the Company in the area of metal processing (hereinafter – “Services”).
2.1. Personal data – any information about a natural person, who has been or can be identified (data subject); a natural person, who can be identified, is a person, the identity of whom can be directly or indirectly established firstly according to an identifier, such as name and surname, personal identity number, location data and internet identifier, or according to one or several features of the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person.
2.2. Joint controllers of data – UAB “Metalistas LT” and a company from the Metalistas group named UAB “Metalistas Group” use common information systems and exchange personal data. Companies of the Metalistas group process personal data as joint controllers of data, as defined in Art. 26 of the Regulation.
2.3. Data subject – persons using the services of UAB “Metalistas LT”, providing services to it, who/which have agreed to receive marketing material, candidates to job positions at “Metalistas LT” and employees of the Company.
2.4. Data protection officer – internal or external person/entity responsible for compliance with requirements for protection of personal data.
2.5. Application – application of the data subject for implementation of his rights.
2.6. Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
3. Data processing principles
3.1. The Company processes personal data according to the European General Data Protection Regulation, to the Law on Legal Protection of Personal Data of the Republic of Lithuania and to the other legal acts governing the processing of personal data.
3.2. The scope of personal data processed depends on the Services ordered or used and the information provided by a user of the Website when ordering and/or using the Services of the Company, visiting or registering on the Website.
3.3. Among other things, the Company follows the following fundamental data processing principles:
3.3.1. personal data is collected only for clearly defined and legitimate purposes;
3.3.2. personal data is processed only legally and fairly;
3.3.3. personal data is constantly updated;
3.3.4. personal data is stored in a safe manner, no longer than required for the purposes of the controller of data or according to the provisions of legal acts;
3.3.5. personal data is processed only by employees, who have been given the right to do so according to their job functions.
3.4. Data is processed by the Company only if one or several criteria for legal processing exist – (i) to ensure provision of services according to an agreement (i.e. in order to perform an agreement or take action on the request of the data subject before conclusion of an agreement); (ii) if consent of the data subject is received; (iii) if processing of data is necessary in order to fulfil a legal obligation applicable to the Company; (iv) if processing of data is necessary in order to complete a task performed in the public interest or in the exercise of public authority functions assigned to the Company; (v) if processing of personal data is necessary for legitimate interests of the Company or a third party.
3.5. The client or potential client of the Company is responsible for the accuracy, correctness and completeness of the personal data provided. The client must immediately inform the Company in the event of changes of the personal data. The Company shall not be responsible for damages caused to a person/entity and/or third parties because the client or potential client has provided incorrect and/or incomplete data or has not addressed the Company for changing and/or supplementing data after changes thereof.
4. Collected and used personal data, and sources thereof
4.1. Personal data may be received directly from the data subject who provides it when filling in a form on the Website, sending a curriculum vitae (CV) or contacting the Company in another way; from the activity of the client, from the Company’s controllers of personal data, or other external sources. Data can be received from publicly available sources, e.g., the websites of companies.
4.2. Data may be generated during a person’s/entity’s use of Services, for example, calling by telephone, sending SMS, emails, ordering Services, visiting websites, agreeing to receive newsletters and other information, or completing an inquiry form.
4.3. The following categories of personal data can be processed, but it is not limited to them: name, surname, workplace, position, mobile telephone number, email address, signature, IP address, website browsing history and date, as well as other information necessary for the provision of services, maintaining relations, issuing invoices and administration of agreements, fulfilment of legal requirements.
5. Purposes of data processing
5.1. The Company processes personal data for the following purposes:
5.1.1. high quality of Services and personal service;
5.1.2. identification of clients and contacting them;
5.1.3. maintaining relations with clients and partners;
5.1.4. issuing invoices;
5.1.5. administration and performance of agreements;
5.1.6. administration of inquiries;
5.1.7. solving any problems that require your data;
5.1.8. directing advertising and content or other marketing purposes;
5.1.9. marketing purposes;
5.1.10. improvement of the functionality of the Website;
5.1.11. conducting job selections on the basis of your consent which you give us or the company providing employment services by sending your curriculum vitae;
5.1.12. raising, enforcing and defending legal claims.
6.1. Cookies are small text files containing letters or numbers which we save to your browser or hard drive with your consent. We seek to customize website functions and information for you when you visit the http://metalistas.lt/ website. Cookies help us recognize you as a previous user of the Website, to save the history of your visit to the website and customize content according to this. Cookies also help to ensure smooth operation of the website, to monitor the duration, frequency of visits to the Website, and to collect statistical information about the number of users.
6.3. We usually use the information gathered using cookies for the following purposes:
6.3.1. Use of functional cookies and provision of Services. Cookies are very important for our Website and the functioning of electronic Services, they help to ensure a smooth user experience. For example, if a user wishes, he/she does not need to enter his/her name, surname, password or other data each time logging in on the Website.
6.3.4. Directing targeted marketing. By using cookies we can also gather information in order to provide advertising or content intended for a specific browser, thus creating different target groups.
6.4. Cookies used:
cookie_notice_accepted – saves the cookie notification settings of a user. It is saved only if you click “Continue”, “Yes”, “Agree”, etc., in certain cases it can also be saved by continuing browsing; expiry period – 30 days.
_icl_current_language – cookie used by the WPML plugin in order to maintain the Website browsing language selected by the client; expiry period – 24 hours.
wordpress_test_cookie – checks and enables saving of cookies, expires after a browsing session.
7. Personal data security measures and storage duration
7.1. Personal data is protected from loss, illegal use and damage. Physical and technical measures are used for ensuring the protection of your personal data we collect. We would like to remind you that the security of data transferred over the Internet cannot be guaranteed. The Company cannot guarantee complete security of data, it only undertakes to use all necessary measures for protection thereof.
7.2. We shall store your data for 10 years from the date of your last use of our Services or content. Personal data gathered on the basis of the consent of the data subject is stored from receiving consent until withdrawal thereof. After the period or withdrawal of consent data shall be destroyed in a way to prevent reproduction thereof.
8. Transfer of personal data
8.1. The Company shall not transfer processed personal data to third parties without consent of the person (data subject), except cases established in legal acts. If you wish to receive data from a third party or wish to be contacted by such party, we shall transfer your personal data to such party with your consent.
8.3. The Company may transfer the access analysis of our server, information about data traffic or information associated with perspective clients, including data about the use of our Websites and general information about our users to current or future advertisers or business partners. Such information is not personalized, therefore it cannot identify a person.
8.4. The Company may provide client data:
8.4.1. If requested by court or state institutions to the extent necessary for the proper implementation of applicable legal acts and regulations of state institutions;
8.4.2. If we must disclose personal data due to legal procedures or in order to receive legal consultations, or disclosure thereof is necessary for determining, implementing or protection of our rights;
8.4.3. If disclosure of information is necessary for protection of our or other persons’ interests (for example, to prevent fraud);
8.4.4. If disclosure of information is necessary for protection of your vital interests (for example, if you become ill in our premises and we must request medical assistance).
9. Selection of employees and trainees
9.1. We collect and process your curriculum vitae and/or cover letter and/or other information you have provided during selection for the purpose of employment or traineeship on basis of your consent that you have expressed to us or to the company providing employment services by sending your curriculum vitae. We would not able to assess your suitability for a position if you do not present a curriculum vitae and/or cover letter.
9.2. If you do not provide a separate consent to processing of your personal data after the end of a selection process, we undertake to delete and/or destroy your personal data within 10 working days after the date on which an employment agreement is signed with the selected candidate or after the decision to not offer a position is made.
10. Data processing for the purpose of direct marketing
10.1. By providing his/her name, surname, email address or telephone number to the Company, the data subject may agree or disagree to the use of such information for purposes of direct marketing. If the data subject does not object to processing of personal data for purpose of direct marketing, the Company can process his/her personal data in order to provide offers of products and/or Services.
10.2. Such data shall be processed for the purpose of direct marketing for no longer than 5 years from beginning of such processing or until the data subject withdraws consent to processing of data. If the data subject withdraws the consent to data processing for the purpose indicated in this chapter, only the fact of receiving consent from the data subject is stored for 10 (ten) years after the end of the consent period or withdrawal of the consent in order to enforce and defend legal claims.
10.3. A person may withdraw consent to processing of data for the purpose of direct marketing at any time, by informing the Company via email email@example.com or by clicking the subscription cancelling link at the bottom of the newsletter received from the Company.
11. Joint controllers of data
11.1. Joint controllers of data enter an agreement, according to which the Joint controllers of data establish their appropriate responsibility for fulfilment of their obligations established in the Regulation in a clear way, and indicate the actual functions of Joint controllers and their relations with respect to data subjects. The data subject must be provided the opportunity to familiarize with the essential provisions of such an agreement on written request of the data subject. The data subject may exercise his/her rights established in the Regulation in respect to each of the Joint controllers of data.
12. Controllers of data
12.1. Personal data is processed in the client management system and accounting programs, accessed by current and future companies from the Metalistas group, operating in the territory of the Republic of Lithuania.
12.2. Data may be processed by controllers of data providing accounting, website hosting, data centre and/or server rental, IT maintenance, external audit and other services to the Company.
12.3. Controllers of data have the right to process personal data only according to the directions of the Company and only to the extent necessary for proper fulfilment of obligations established in an agreement. When using controllers of data, the Company shall seek to ensure that the controllers of data have necessary organizational and technical security means and will maintain the confidentiality of personal data.
13. Rights of the data subject
13.1. Every data subject has the following rights:
13.1.1. the right to know (be informed) about processing of his/her personal data;
13.1.2. the right to familiarize with personal data being processed and the manner of processing thereof, i.e. to receive information about the storage period of personal data, applicable technical and organisational means for ensuring security of the data, to receive information on what sources the data was gathered from and what data collected, the purpose for processing of the data and who it is provided to;
13.1.3. the right to demand correction or destruction of personal data or stopping the actions of processing of personal data, except storage, when data is processed in breach of legal provisions;
13.1.4. the right to object to processing of personal data, except cases when such data is processed for legitimate interests, sought by the controller of data or third party, to whom the personal data is provided to, and only if the interests of the data subject are not considered more important;
13.1.5. the right to demand limitation of the actions of processing of personal data;
13.1.6. the right to demand that personally provided personal data, if it is processed on the basis of his consent or agreement, and if it is processed by automated means, be sent by the controller of data to another controller of data, if it is technically possible (transferability of data);
13.1.7. the right to submit a complaint to the State Data Protection Inspectorate regarding processing of personal data;
13.1.8. the right to withdraw the consent at any time without affecting the legality of the processing of data until withdrawal of consent;
13.1.9. the right to withdraw the consent regarding processing of personal data for the purpose of direct marketing at any time.
13.2. A data subject has to submit a written request for implementation of his/her rights personally after presenting a document certifying identity or by post or email using electronic means, enabling identification of a person according to the procedure established by law. The Company shall provide a reply within 30 calendar days from the date of receiving the request of the data subject.
13.3. If the issue with the Company cannot be resolved, the client has the right to apply to the State Data Protection Inspectorate, which is responsible for supervision and control of legal acts regulating protection of personal data.
13.4. Requests may be submitted as follows: by telephone: +370 614 99167, via email: firstname.lastname@example.org, or by coming to the Company’s office at Šermukšnių st. 19, LT-35113 Panevėžys.
14. Changes of the policy
15. Contacting us