13.1. The company shall ensure the protection of the rights of data subjects under the Personal Data Protection Act and other normative legislation intended to regulate the processing of personal data. Personal data provided by the Customer for the following purposes shall be managed by the Provider in a conscientious, fair and accurate manner:
13.1.1. Assurance of Customer participation in Customer loyalty (discount) programs and direct marketing insofar as it relates to loyalty (discount) programs.
13.1.2. Electronic commerce (Customer orders and sales support).
13.1.3. Direct marketing.
13.2. The Provider shall receive and manage the Customer’s personal data (name, surname, telephone number, address) for the purposes specified in Paragraph 13.1.2 of the Terms and Conditions of Sale and Purchase. The Customer’s personal data shall be stored for the 2 years from the last login to the account or from the moment of purchase. After the storage period expires, the Customer’s personal data shall be deleted.
13.3. The Provider shall receive the personal data specified in Paragraph 13.2 of the Terms and Conditions of Sale and Purchase directly from the Customer (when the latter registers a Customer account on the website and initiates a sale and purchase agreement). The Provider shall not handle any personal data obtained through other means.
13.4. The Provider serves as a data manager for a leasing company chosen by the Customer and shall manage the personal data of the Customer if the latter concludes a lease agreement. In order to prepare, draw and execute the lease agreement, the Provider, under the leasing company’s instructions, shall transfer the data of a Customer who has chosen the option of hire-purchase (name, surname, address, telephone number, e-mail address, the name and quantity of the product acquired under the leasing contract, the total amount) to the leasing company selected by the Customer.
13.5. The Customer confirms that he has had an opportunity to become acquainted with the terms and conditions of personal data management, and shall have the following rights:
13.5.1. The Customer shall provide the Provider with an identity document or verify his identity as specified in the relevant legislation, using electronic means of communication that enable the proper identification of a person, after which the Customer shall have the right to access his data and check how they are managed, i.e. to receive the information as to which of his personal data were collected and from what source, the purpose they are processed for or whom they are passed on to, and to demand that the personal data be deleted or amended or that the processing of the personal data be suspended if the data are being processed outside the Personal Data Protection Act of the Republic of Lithuania or other legislative provisions.
13.5.2. The Customer’sconsent regarding the processing of personal data, or lack thereof, shall be expressed in writing by e-mail. The e-mail address must be the same as the one used to register with the online store. The Customer’s name and surname must be indicated in the message.
13.5.3. Other rights provided for in the Personal Data Protection Act and other normative legislation.
13.6. The Customer shall be entitled to express the demand to amend or delete his personal data or to suspend the processing of the personal data in question in writing or in person at the site where the Provider’s activities are performed.
13.7. The Provider undertakes to ensure the security of the Customer’s personal data, to implement appropriate technical and organizational measures in order to protect the personal data against unauthorized deletion and/or accidental modification or disclosure and against any other unlawful processing. All of the Provider’s employees and representatives undertake to protect the personal data of the Customer.
13.8. To the extent and under the procedure specified in the Terms and Conditions of Sale and Purchase, the Provider can give out personal data to the data subject and delivery companies or to other data recipients if the law, court judgments or other relevant legislation require the Provider to provide the personal data in question.
13.9. Personal data may be processed for the purpose of direct marketing only if the Customer has consented to the processing of his personal data for direct marketing purposes, or if the criterion of legitimate processing listed in Part 4 of Article 14 of the Personal Data Protection Act is present. The Customer has the right to refuse having his personal data used for direct marketing without indicating the reasons behind the objection.