RULES OF PERSONAL DATA PROCESSING AND USE

ARTICLE I

ASSUMPTIONS

1.1. These Rules of Personal Data Processing and Use (hereinafter referred to as the Rules) have been prepared in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, EU General Data Protection Regulation 2016/679, provisions of the Labour Code of the Republic of Lithuania and other legal acts that regulate personal data protection, legitimate processing and use.

1.2. The purpose of the Rules is to regulate the main principles of personal data collection, processing and storage of the data subjects that have submitted their data to the Company and the procedure thereof, as well as to determine the rights of the data subjects, the measures of implementation of personal data protection and other issues related to personal data processing.

1.3. Provisions of these Rules are implemented by this Company:

Baltijos monitoringo centras, UAB
Company code: 126402313
Address: Vilnius, Savanorių pr. 174R
Phone: 8 5 262 44 89
E-mail address: info@sherlog.lt
Website: www.sherlog.lt

 

ARTICLE II

PRINCIPLES AND AIMS OF PERSONAL DATA PROCESSING

2.1. For personal data processing the following personal data processing requirements must be followed:

2.1.1. Personal data must be collected for determined and legitimate purposes and must not be processed for purposes that are not compliant with those agreed on to before collection of personal data;

2.1.2. Personal data are processed accurately, in good faith and legitimately;

2.1.3. Personal data must be accurate and constantly renewed, if necessary for personal data protection; inaccurate or incomplete data must be corrected, amended, deleted or their processing must be suspended;

2.1.4. Personal data must be of such scope that is necessary for their collection an further processing only;

2.1.5. Personal data shall be stored in such form that the identity of data subjects could be established no longer than it is necessary for the purposes of data collection and processing and no longer than determined under legal acts that regulate storage terms of such data or files where the mentioned personal data are stored;

2.1.6. Personal data must be processed in such manner that proper safety of personal data is ensured by applying relevant technical or organizational measures.

2.2. The purposes of personal data processing are the following: conclusion of agreements on provision of products and services of the Company, administration, performance and securing, as well as other legitimate purposes that have been determined before the data collection.

 

ARTICLE III

RIGHTS OF THE DATA SUBJECTS AND THEIR IMPLEMENTATION MEASURES

3.1. Data subjects have the right:

3.1.1. Know about processing of his/her data;

3.1.2. Get familiarized with own personal data by submitting the request to the Company directly, by post or e-mail (for proper identification of the person who has submitted the request), as well as to get familiarized with processing of own personal data; to obtain the copies of documents containing his/her personal data; the Company is entitled to request the data subject to show a personal identification document if such request is related to provision of such data that may essentially have influence to provision of services of the Company (for example, given parking place of the vehicle, production of the Company installed in the vehicle and so on);

3.1.3. To request to correct, delete his/her personal data or suspend their processing and/or storage, except for cases when it is contrary to the legal acts of the Republic of Lithuania, when validity of the relevant agreement with the mentioned data subject is not terminated or such agreement is not performed in full and, therefore, the data cannot be deleted or their processing cannot be suspended.

3.2. By exercising the rights of the data subjects, as determined under paragraph 3.1 of the Rules, the Company must create proper technical-organizational possibilities for realization of such rights, except for cases determined by laws, when it is necessary to ensure safety or protection of the state, public order, crime prevention, investigation or prosecution, protection of rights or freedoms of the data subject or other persons.

3.3. By collecting personal data the Company must give the following information to the data subject whose data is being collected (except for cases when the data subject already has such information):

3.3.1. Name, registration number and address of the company

3.3.2. The purposes of collection of personal data

3.3.3. Other additional information (whom and in which cases the data of the data subject can be transferred, what data the data subject must provide exactly and what are the consequences of non-provision thereof (in such case the information of the mentioned character may be included to the agreement concluded with the data subject).

3.4. After receipt of the inquiry of the data subject, as determined under paragraph 3.1.2 of these Rules, the Company undertakes to reply by post or e-mail within 30 calendar days after receipt thereof and give the requested data and other requested information. However, if the given request contradicts with the legal acts of the Republic of Lithuania or public order, may violate privacy and/or personal data of other persons, the Company is entitled to refuse to provide the requested data and inform the data subject about such decision.

 

ARTICLE IV

RIGHTS AND OBLIGATIONS OF THE COMPANY TO PROCESS PERSONAL DATA

4.1. Only employees of the Company or its authorized persons are entitled to process personal data, if they are familiarized with the obligation to protect personal data and comply with confidentiality measures against signature.

4.2. Employees of the company/authorized persons must:

4.2.1. Protect personal data from the access by third, unrelated persons;

4.2.2. Process personal data by legitimate means and in compliance with the procedures established under legal acts of the Republic of Lithuania and these Rules;

4.2.3. Not reveal, not transfer and not make conditions for getting familiarized with personal data by any means for any person who is not authorized by the Company to process personal data, except for cases determined under these Rules and the legal acts of the Republic of Lithuania;

4.2.4. Immediately inform the head of the Company or his/her authorized person about any suspicious situation that may pose threats to personal data safety.

4.3. Employees of the Company/authorized persons must have passwords, if their computers may be used for access to local network areas where personal data are stored. The passwords must be changed periodically and under certain circumstances (if the employee/authorized person is changed, there is a threat of hacking, it is suspected that the password became known to third persons and so on).

4.4. The employee of the Company who is responsible for computer maintenance must ensure that personal data files are not accessible from other computers and that anti-virus software is renewed periodically.

 

ARTICLE V

FEATURES OF PERSONAL DATA PROCESSING IN CONCLUSION, PERFORMING AND TERMINATING AGREEMENTS ON PROVISION OF PRODUCTS AND/OR SERVICES OF THE COMPANY

5.1. Data subject who intends to make the agreement with the Company on purchase of products and/or services of the Company, provides the Company with the following data to process:

5.1.1. Name, surname or name of the legal entity and the representing person;

5.1.2. Personal number or code of the legal entity;

5.1.3. Post/correspondence address;

5.1.4. Phone number;

5.1.5. E-mail address;

5.1.6. Mark, model, year of production, colour, identification number, type of fuel and additional protection of the vehicle where the Company’s product is intended to be installed to and the services are intended to be provided for;

5.1.7. The main parking places of the vehicle where the Company’s product is intended to be installed to and the services are intended to be provided for;

5.1.8. Data of the insurance company and the owner of the vehicle where the Company’s product is intended to be installed to and the services are intended to be provided for;

5.1.9. Other data that are necessary for provision of services offered by the Company whose provision is predetermined and carried out with the approval of the data subject;

5.1.10. Phone number of the persons authorized by the data subject whom the mentioned data subject gives the right to use the vehicle and enjoy the services provided by the Company under the agreement concluded.

5.2. The Company is entitled to process personal data specified under this paragraph for purposes and scope of conclusion of agreements on provision of products and/or services.

5.3. In accordance with the agreement on provision of services concluded with the data subject, storage term of the annex to the mentioned Contract where the data subject provides the data under Paragraphs 5.1.6 — 5.1.10 is 14 calendar days. After the end of this term the annex is shredded and the data provided by the data subject are stored in a computer file for as long as it is necessary for performance of the relevant services agreement and only before the moment of termination thereof. If the relevant service agreement is suspended, such data are deleted three months after suspension of the agreement, if such agreement is not renewed.

5.4. Data provided by the data subject, as determined under paragraphs 5.1.6 — 5.1.10, are used by the Company for performance of the relevant service agreement and for the interests of the data subject or authorized persons whom such agreement is concluded with. Such data may be used to determine the location of the mobile object, under terms and conditions of the services agreement. The Company does not process the mentioned data, does not collect and/or does not reveal it to third persons if it is not related to the relevant services agreement and/or it is not necessary for public order, crime prevention, investigation or prosecution, crime and/or offence prevention, or if it is not necessary to ensure protection of rights or freedoms of the data subject or other persons.

5.5. Data determined under Paragraph 5.1.6 of these Rules, as well as data on what kind of the Company’s production is installed in the vehicle of the data subject may be sent by the Company in writing to the e-mail address given by the data subject, and/or the insurance company specified by the data subject, and/or the insurance broker specified by the data subject only.

5.6. The Company does not provide any data about location of the vehicle, including provision of such data to the data subject who has concluded the services agreement regarding such vehicle, if it is not necessary for public order, crime prevention, investigation or prosecution, crime and/or offence prevention, or if it is not necessary to ensure protection of rights or freedoms of the data subject or other persons. Data subject who has concluded the services agreement on the relevant vehicle is provided with the information about the location of such vehicle only if he/she has officially applied to the police or any other competent institution regarding theft/disappearance of the vehicle.

5.7. Personal data specified under paragraph 5.1.10 of these Rules are used by the Company for the purposes of the relevant services agreement, in reaction to the signals sent by the product of the Company installed in the vehicle and/or to carry out the actions of determination of location of the vehicle. The Company does not provide personal data listed in this paragraph to the third persons if the data subject does not give consent to.

5.8. Data subject, by providing the data specified in this paragraph for the purposes of this paragraph, is responsible for accuracy of such data and confirms that the personal data given are accurate. The Company will not be liable for any damages incurred by the data subject and/or third parties due to improper and/or incomplete personal data given by the data subject or due to the failure of the data subject to change and amend such data.

5.9. By issuing and submitting an invoice to the data subject for the product of the Company and/or the services of installing to the relevant vehicle and/or maintenance thereof, in such invoice the Company gives the data about the mark, model of the vehicle and/or state numbers, and/or the number of body with the consent of the data subject.

5.10. Any time during processing of his personal data the data subject is entitled to contact the Company with the purpose to get familiarized with the data processed and to request the Company to specify which personal data are being processed and for which aims and whom such data are being provided for. In this case the Company should comply with such request of the data subject within the reasonable term if it does not breach the rights and freedoms of the data subject or other persons.

5.11. Any time during processing of his personal data the data subject is entitled to contact the Company with the request to correct inaccurate or improper personal data, as determined under this paragraph, and/or to change such data (if such personal data are changed).

5.12. If the data specified under paragraphs 5.1.6, 5.1.7 and/or 5.1.10 of these Rules changes, the Company must make the relevant amendments to the agreements concluded with the data subject by preparing and submitting the data subject a separate annex to the agreement and/or the new wording of the agreement.

5.13. Personal data, as specified under paragraph 5.1.9 of these Rules should be changed and/or amended in the methods agreed upon with the data subject in the annex (Service Book, Terms of Use).

5.14. Personal data specified in paragraph 5.1 of these Rules (except for the case under paragraph 5.3) are processed during the term of validity of the relevant agreement with the data subject and must be deleted after expiration or termination of such agreement, except for the cases when the relevant data must be stored and archived under the legal acts of the Republic of Lithuania.

5.15. Data specified in paragraphs 5.1.1 — 5.1.6  of these Rules are processed also for the purposes of accounting of the Company, with the aim to perform and account the agreements concluded with the data subjects.  After expiration of the relevant agreement with the data subject, such data are recorded in the accounting software of the Company for as long as it is necessary to manage bookkeeping of the Company.

 

ARTICLE VI

FEATURES OF PERSONAL DATA PROCESSING FOR THE PURPOSES OF DEBT ADMINISTRATION

6.1. By administering the debts of the data subject or fulfilment of other unfulfilled obligations of the data subject, the Company process only these data of the data subject that are specified under paragraphs 5.1.1 — 5.1.5 of these Rules.

6.2. By administering the debts of the data subject or fulfilment of other unfulfilled obligations of the data subject, the Company transfers the data specified in paragraphs 5.1.1 — 5.1.5 of these Rules to the third persons only after notifying the data subject who has such debts and/or unfulfilled obligations about the planned data processing and giving the data subject a reasonable additional term to eliminate such breaches.

 

ARTICLE VII

PERSONAL DATA PROCESSING FOR OTHER LEGITIMATE PURPOSES

7.1. Personal data listed in paragraph 5.1 of these Rules are processed for the purposes established under these Rules only.

7.2. Intending to process the data specified in paragraph 5.1 of these Rules for such purposes, the Company must obtain the consent of the data subject before such processing of data and inform him/her about the right not to agree with processing of the data for such purposes, except for the cases when such data processing is foreseen by the legal acts of the Republic of Lithuania.

 

ARTICLE VIII

COOKIES POLICY

8.1. Cookie is a small textual element (made of letters and numerals) that is saved by the website in the computer or mobile device of the visitor.

8.2. In this website cookies are used for technical purposes only, i. e. with the purpose to ensure smooth activities of the website and proper imaging of its structure and contents.

8.3. The information described in this paragraph is not collected or transferred to the third persons and is used during the single visiting session to the website.

8.4. In accordance with the provisions of the General Data Protection Regulation 2016/679, such use of cookies does not require prior consent of the data subject.

 

ARTICLE IX

Final provisions

9.1. The amended Rules shall be republished on the Website.

9.2. If you have any inquiries regarding implementation or explanation of provisions of these Rules, please contact us:

E-mail address: renata@sherlog.lt
Phone No. +370 5 262 44 89; +370 659 15230