1. General information
1.1. Personal data is processed in accordance with the General Data Protection Regulation (EU) (2016/679) of the European Union, the Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other legislation regulating the protection of personal data.
1.2. The data controller, UAB Apiproduktai (hereinafter referred to as the Company), acts in accordance with the following key principles of data processing:
1.2.1. It only collects such personal data that are necessary for the Company’s activities and/or for visiting, using, and browsing the websites and the social media sites of the Company.
1.2.2. The company ensures that the collected and processed personal data shall be secure and used for the identified purposes only.
1.2.3. Personal data shall be processed lawfully, fairly and for explicit and legitimate purposes only.
1.2.4. Personal data shall be kept updated, stored securely, and retained for no longer than is necessary for the purposes for which the data are processed and no longer than required by law.
1.2.5. Personal data are processed by authorised employees of the Company that have been given such rights in accordance with their duties only or by duly authorised data processors.
2. Collection of personal data
2.1. The personal data collected by us are necessary to confirm the person’s order, to fulfil it in a timely manner, and to deliver it to the correct address.
2.2. Personal data may be collected in several ways: 2.2.1. The data subject has provided their personal data themselves by contacting the Company, using the services provided by the Company, purchasing goods and/or services, posting comments, submitting enquiries, subscribing to newsletters, requesting information from the Company, etc.
2.2.2. Personal data are collected when the data subject visits the Company’s website. For example, the data subject has completed forms on the website or has given their contact details for any other reason.
2.2.3. Personal data can be collected in other ways from other institutions, companies, public registries, etc.
2.3. The Company shall not compile any lists with personal data and shall not transfer them to third parties that are not pertinent to the person’s order. The collected personal data remain with the Company.
2.4. The company shall not share the personal data of the data subject with other companies or persons, except in the following cases: for the purpose of performing certain necessary actions, e.g., delivering orders and crediting card payments (e.g., via mokejimai.lt). All personal data shall be processed in accordance with applicable laws and regulations. The personal data of the data subject shall not be used for any other purposes that are not listed without the data subject’s consent unless it is required by applicable laws and regulations.
2.5. By providing the Company with their personal data, the data subject expresses their consent to the Company collecting, using, and disclosing such personal data for the purposes listed above.
3. Processing and protection of personal data
3.1. By providing their personal data to the Company, the data subject consents to the Company using the collected data to fulfil its obligations to the data subject in providing the services expected by the data subject.
3.2. The Company undertakes to act in accordance with the duty of confidentiality with regards to the data subjects. Personal data may be disclosed to third parties only in cases that are necessary for the conclusion and performance of the contract that benefits the data subject and for other legitimate reasons.
3.3. The company shall aim to ensure the security of the personal data provided by the data subject and shall always aim to protect such data from any unauthorised access, unauthorised alteration, disclosure, or erasure.
3.4. The company shall never request the data subject to provide their password via email. The data subject is responsible for keeping their account information and their password confidential. All other personal data are stored with the Company taking appropriate physical, electronic, and management measures necessary for the protection of the collected personal data.
3.5. The Company processes personal data for the following purposes:
- For e-commerce purposes on the Company’s online store website;
- For the purpose of organising and holding competitions, promotions, and games;
- For the purpose of providing services;
- For the purpose of direct marketing;
- For the purpose of assessing, improving, and ensuring the quality of professional customer service and for the purpose of resolving potential or existing disputes with Users.
3.6. For any other purposes for which the Company holds the right to process the personal data of the data subject, in cases when the data subject has given their consent to such processing, and in cases when the processing is necessary for the legitimate interest of the Company or when the Company is obliged to process such data by law. The Company may also provide personal data in response to requests from courts or public authorities to the extent that is necessary to properly comply with applicable laws and the provisions of public authorities.
3.7. Persons under the age of 14 cannot submit any personal data through the Company’s website. If a person under 14 years of age wishes to use the Company’s services, their representative (father, mother or guardian) must submit a written consent regarding the processing of personal data before submitting any personal information.
3.8. Personal data shall be processed for no longer than is necessary for the purposes of such processing or no longer than required by the data subjects and/or by law.
3.9. Even when the data subject terminates the contract and opts out of the Company’s services, the Company must retain the data subject’s data until the end of the data retention period due to possible future claims or legal claims.
4.1. The Company’s online store is developed using WordPress content management system and WooCommerce e-commerce plugin.
4.2. The option to unsubscribe from the newsletters is enabled by clicking the ‘Unsubscribe’ button located at the bottom of each email, by replying to such emails, or by contacting the Company directly via email, expressing the wish to stop receiving newsletters from the Company.
4.3. The Company’s website is protected by a security protocol that relies on a data encryption system certificate (SSL). The web address of such online stores has the letter ‘s’, i.e., ‘https://’.
5.1. Cookies may be stored on the data subject’s device that is used to connect to the online store with the data subject’s consent in order for the data subject to receive the Company’s online store services in full.
5.1.2. If the data subject consents to cookies being stored on their device, the data subject must click ‘Allow All Cookies’; if the data subject does not consent to cookies being stored on their device, the data subject must click ‘Reject’.
5.1.3. The data subject can choose which cookies they wish to allow at any time by going to their browser settings.
5.5. The data subject can always delete the stored cookies in their browser settings but certain features of the online store may become unavailable.
Please find some helpful links below to opt out of cookies:
5.5.1. If you use Chrome:
5.5.2. If you use Firefox:
5.5.3. If you use Safari:
5.5.4. If you use Edge:
6. Rights and obligations of the data subject
6.1. The data subject has the right to access information about the processing of their personal data. They hold the right to access the processed data and the right to request the rectification of incorrect data.
6.2. The data subject has the right to request the erasure of their data (‘The right to be forgotten’). This right to erasure with regards to personal data shall not apply to the extent that processing is necessary for another legal basis, such as processing that is necessary for the performance of the contract or the fulfilment of an obligation under applicable laws.
6.3. The data subject has the right to restrict the processing of their personal data or to object to the processing of such data.
6.4. The data subject has the right to data portability, i.e., the data subject has the right to access their personal data which they have provided to the Company where the processing of personal data is based on consent and/or a contract, and such data of the data subject are processed using automated means of personal data processing. The Company hereby states that in exercising the data subject’s right to data portability, they shall have the right to have the personal data transmitted directly from one controller to another, i.e., to a natural or legal person who determines the purposes and means of data processing, where technically feasible.
6.5. The data subject has the right to lodge a complaint regarding the processing of their personal data to the State Data Protection Authority.
6.6. The Company must enable the data subject to exercise the above rights of data subjects, except in cases provided by law, including cases where the Company is obliged by law and other regulations to disclose information about the data subject to the competent authorities.
6.7. The data subject may contact the Company regarding the exercise of their rights by submitting a written request in person, by post, by telephone, through a representative or via electronic means, including e-mail at firstname.lastname@example.org, phone +370–5–2338332 or +370–685–55648, and at Zietelos St. 4, LT–03160, Vilnius, Lithuania.
6.8. In order to protect the personal data from unauthorised disclosure, the Company must verify the identity of the data subject if it has received a request from the data subject to be provided with data or to exercise any other rights.
6.9. The Company must provide the data subject with a reply no later than within one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. If necessary, this deadline may be extended by a further two months, depending on the complexity and number of applications.
6.10. The data subject must advise the Company of any changes to the submitted information and data. It is vital that the Company holds the correct and up-to-date information about the data subject in order to identify the data subject at their request and verify that the Company is communicating or collaborating with the actual data subject (e.g., to be presented with an identity document or to verify the person’s identity using electronic means that allow proper identification of the data subject in accordance with the procedure established by law). This is necessary for the protection of the data subject and other persons so that the information about the data subject is disclosed to the data subject only, without prejudice to the rights of other persons.
7. Final provisions