Personal data are processed in accordance with the European Union General Data Protection Regulation (EU) 2016/679 (the “Regulation”), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts governing personal data protection.
Joint-stock company “Rokiškio mašinų gamykla” follows these fundamental data processing principles:
- personal data are collected only for clearly defined and lawful purposes;
- personal data are processed only lawfully and fairly;
- personal data are kept up to date;
- personal data are stored securely and no longer than required by the defined processing purposes or legal acts;
- personal data are processed only by those Company employees who are granted such rights according to their job functions, or by duly authorized data processors.
1. DEFINITIONS
1.1. Data Controller. Joint-stock company “Rokiškio mašinų gamykla” (hereinafter – the Company), legal entity code 173108864, registered office address: Respublikos g. 113C, Rokiškis.
1.2. Data Subject. Any natural person whose data are processed by the Company. The Company collects only the data necessary for carrying out the Company’s activities and/or when visiting, using or browsing the Company’s websites, social networks, etc. (hereinafter – the Website). The Company ensures that collected and processed personal data will be secure and used only for a specific purpose.
1.3. Personal Data. Any information directly or indirectly related to a data subject whose identity is known or can be determined using appropriate data. Personal data processing means any operation performed on personal data (including collection, recording, storage, editing, alteration, granting access, submitting requests, transfer, archiving, etc.).
1.4. Consent. Any freely given and informed confirmation by which the data subject agrees that his/her personal data will be processed for a specific purpose.
2. SOURCES OF PERSONAL DATA
2.1. Personal data are provided by the data subject (contacts the Company, uses services, purchases goods/services, leaves comments, asks questions, etc.).
2.2. Personal data are obtained when the data subject visits the Website (fills in forms or leaves contact details, etc.).
2.3. Personal data are obtained from other sources (other institutions or companies, publicly available registers, etc.).
3. PERSONAL DATA PROCESSING
3.1. By providing personal data to the Company, the data subject agrees that the Company will use the collected data in fulfilling its obligations and providing the services expected by the data subject.
3.2. Personal data in the Company are processed for the following purposes:
3.2.1. Ensuring the Company’s operations and continuity
The following data may be processed: customers’ and suppliers’ (natural persons) name(s), surname(s), personal identification number or date of birth, address, telephone number, email address, employer, position, bank account and bank name, date of monetary operation or transaction, amount, currency, and other data provided by the person or which the Company is obliged to process by law. Where the partner is a legal entity, the following data of its employees or representatives may be processed: name, surname, telephone number, email address, company name, address, position, and authorization data.
When administering inquiries, comments and complaints, the following may be processed: name, email address, telephone number, and the text of the inquiry/comment/complaint.
3.2.2. Ensuring the safety of employees, other persons and property (video surveillance)
The video image is processed. The video surveillance system does not use facial recognition or analysis technologies; data are not grouped or profiled by a specific person. Video surveillance is indicated by signs with a camera symbol and the Company’s details before entering the monitored territory or premises. The camera field does not include premises where an absolute expectation of personal data protection exists.
3.2.3. Other purposes
Personal data may be processed for other purposes where the data subject has given consent, where processing is necessary for the Company’s legitimate interests, or where the Company is obliged to process the data by legal acts.
4. DISCLOSURE OF PERSONAL DATA
4.1. The Company undertakes to maintain confidentiality. Personal data may be disclosed to third parties only to the extent necessary to conclude and perform a contract or for other lawful reasons.
4.2. Personal data may be provided to the Company’s data processors (service providers) who process data on behalf of the Company. Such processors process data only according to the Company’s instructions and only to the extent necessary to fulfill contractual obligations, ensuring appropriate technical and organizational measures.
4.3. Personal data may also be provided to courts or state institutions in the manner and scope established by legal acts.
4.4. The Company guarantees that personal data are not sold or leased to third parties.
5. PROCESSING OF MINORS’ PERSONAL DATA
Persons under the age of 14 may not provide any personal data via the Website. If a person is under 14 years of age and wishes to use the Company’s services, a written consent from one of the representatives (father, mother, guardian) must be provided before submitting personal information.
6. PERSONAL DATA RETENTION PERIOD
Collected data are stored in printed documents and/or in the Company’s information systems. Data are processed no longer than necessary to achieve the purposes or no longer than required by legal acts.
Although the data subject may opt out of the Company’s services, the Company is obliged to retain the data for potential claims or legal demands until the retention periods expire.
7. RIGHTS OF THE DATA SUBJECT
- the right to receive information about data processing;
- the right to access the data being processed;
- the right to request rectification of data;
- the right to request erasure of data (“the right to be forgotten”) – not applicable if data are processed on another legal basis;
- the right to restrict data processing;
- the right to object to data processing;
- the right to data portability (not applicable to non-automated, structured files such as paper files);
- the right to request that no decision based solely on automated processing (including profiling) be applied;
- the right to lodge a complaint with the State Data Protection Inspectorate.
8. EXERCISING RIGHTS
The Company provides conditions to exercise the above rights, except in cases established by law where it is necessary to ensure national security or defense, public order, prevention, investigation, detection or prosecution of criminal offenses, important economic or financial interests of the state, prevention and investigation of service or professional ethics violations, or protection of the rights and freedoms of the data subject or other persons.
9. CONTACT PROCEDURE
The data subject may contact the Company to exercise his/her rights:
- in writing – by email: info@rmg.lt;
- verbally – by phone: +370 458 52 831;
- in writing – by post: Respublikos g. 113C, Rokiškis.
To protect data from unlawful disclosure, upon receiving a request the Company must verify the identity of the person submitting the request.
The Company’s response is provided no later than within one month from the date of receipt of the request; where necessary, this period may be extended by a further two months, taking into account the complexity and number of requests.
10. RESPONSIBILITY OF THE DATA SUBJECT
- to inform the Company about changes to the submitted information and data;
- to provide the information necessary for the Company to properly identify the data subject (e.g., provide an identity document or use means enabling identification).
11. FINAL PROVISIONS
By submitting personal data to the Company, the data subject agrees to this Privacy Policy, understands its provisions, and undertakes to comply with them.
As the Company’s activities develop and improve, the Company has the right to unilaterally amend this Privacy Policy at any time by notifying on the website www.rmg.lt. Amendments or additions to the Privacy Policy take effect from the date of their publication.