1. BASIC CONCEPTS

1.1. Personal data – any information about an identified or identifiable natural person (data subject) directly or indirectly, in particular by means of an identifier or by one or more of that natural person’s physical, physiological, genetic, mental, economic, cultural or signs of social identity;

1.2. Data controller – Korifejus UAB / Korifejus.lt;

1.3. Data subject – a customer or website visitor whose personal data is processed by a data controller or data processor for the purposes of e-commerce, inquiry administration, direct marketing or loyalty program administration;

1.4. Website – the company’s website, accessible at the address/at www.korifejus.lt, which contains the services provided.

1.5. Direct marketing is the act of offering goods or services to individuals by mail, telephone or other direct means and/or soliciting their opinions about the goods or services offered.

1.6. A cookie is a small file consisting of letters and numbers, which is sent to the device of each person visiting korifejos.lt. The cookie helps distinguish you from other website users.

1.7. Account – the result of the customer’s registration at korifejos.lt, which creates an account that stores his personal data and order history.

2. GENERAL PROVISIONS

2.1. The policy contains the main provisions for the collection, storage and processing of personal data.

2.2. This privacy policy can be found on the www.korifejus.lt website.

3. PRINCIPLES OF PERSONAL DATA PROTECTION

3.1. Your personal data is processed legally, fairly and transparently (principle of legality, fairness and transparency);

3.2. Your personal data is collected for established, clearly defined and legitimate purposes and not further processed for purposes incompatible with those established before the collection of personal data (principle of purpose limitation);

3.3. The processed personal data of you are adequate, appropriate and only necessary to achieve the purposes for which they are processed (principle of reducing the amount of data);

3.4. Your personal data processed are accurate and updated when necessary (principle of accuracy);

3.5. Your personal data is kept in such a form that the identity of the data subjects can be determined no longer than is necessary for the purposes for which the personal data is processed (principle of limitation of storage duration);

3.6. Your personal data is processed in such a way that adequate security of personal data is ensured by applying appropriate technical or organizational measures, including protection against unauthorized or unlawful data processing and against accidental loss, destruction or damage (principle of integrity and confidentiality).

4. RIGHTS OF THE DATA SUBJECT

4.1. Get to know your personal data and how it is handled:

4.1.1. the data subject has the right to familiarize himself with the data processed by him, the purposes of processing, the storage period, his rights, information or the use of automated decision-making, including profiling and its logical justification;

4.1.2. all data recipients or their categories to whom data has already been or will be disclosed must be disclosed to the data subject;

4.1.3. provide the processed data to the data subject in writing and free of charge. In certain cases (when the data subject clearly abuses his rights, unreasonably or disproportionately, repeatedly submits requests for information, extracts, documents due to their repeated content), such provision of information and data to the data subject may be charged, i.e. i.e. the data controller may charge a reasonable fee based on the administrative costs of providing the information or notifications or actions requested; or may refuse to act on the request. The data controller bears the burden of proving that the request is manifestly unfounded or disproportionate;

4.1.4. provide information in a commonly used electronic form, unless otherwise requested.

4.2. Request correction of your personal data:

4.2.1. the data subject has the right to demand that the data controller correct inaccurate personal data related to him without undue delay. Considering the purposes for which the data were processed, the data subject has the right to demand that incomplete personal data be supplemented by submitting an additional request;

4.2.2. the data controller shall notify each recipient to whom personal data has been disclosed of any rectification, deletion or restriction of processing of personal data, unless it is impossible to do so or it would require disproportionate effort. Upon the data subject’s request, the data controller informs the data subject about those data recipients;

4.3. Do not consent to the processing of his personal data:

4.3.1. the data subject has the right, for reasons related to his specific case, at any time to object to the processing of personal data related to him, including profiling. The data controller no longer processes personal data, except in cases where the data controller proves that the data is processed for legitimate reasons that override the interests, rights and freedoms of the data subject, or for the purpose of asserting, enforcing or defending legal claims;

4.3.2. when personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to personal data relating to him being processed for the purposes of such marketing, including profiling, insofar as he is related to such direct marketing;

4.3.3. the data subject is clearly informed about the right to object no later than the first contact with the data subject, and this information is provided clearly and separately from all other information.

4.4. Request deletion of data (“Right to be forgotten”):

4.4.1. the data subject has the right to demand that the data controller delete personal data related to him without undue delay, and the data controller is obliged to delete personal data without undue delay if this can be justified by one of the following reasons:

4.4.2. when personal data are no longer necessary to achieve the purposes for which they were collected or otherwise processed;

4.4.3. when the subject of personal data withdraws consent and there is no other legal basis for data processing;

4.4.4. when the subject of personal data does not agree with data processing and there are no overriding legal reasons for processing data;

4.4.5. when personal data was processed illegally;

4.4.6. when personal data must be deleted due to a legal obligation imposed on the data controller;

4.4.7. when personal data was collected in the context of offering information society services;

4.4.8. when the data controller has made personal data public and must delete the personal data, the data controller, taking into account available technologies and implementation costs, takes reasonable steps, including technical means, to inform the data controllers processing the data that the data subject has requested that such data controllers delete all references to that personal data or copies or duplicates thereof;

4.4.9. when personal data are no longer necessary to achieve the purposes for which they were collected or otherwise processed and when the subject of personal data withdraws consent and there is no other legal basis for data processing, it does not apply if data processing is necessary to exercise the right to freedom of expression and information; in order to comply with an established legal obligation that requires the processing of data, or in order to perform a task carried out in the public interest, or in the performance of public authority functions assigned to the data controller; for reasons of public interest in the field of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; in order to assert, exercise or defend legal claims.

4.5. Right to data portability:

4.5.1. the data subject has the right to receive the personal data related to him that he has provided to the data controller in a structured, commonly used and computer-readable format, and has the right to forward that data to another data controller, and the data controller to whom the personal data has been provided must not prevent this, when:

4.5.2. data processing is based on consent or contract;

4.5.3. data is processed by automated means.

4.5.4. exercising his right to data portability, the data subject has the right to have personal data directly transferred by one data controller to another, where technically possible.

4.5.5. this right is exercised without prejudice to the right to demand erasure (“right to be forgotten”).

4.5.6. the right to data portability cannot have a negative impact on the rights and freedoms of others.

4.6. The right to restrict the processing of personal data:

4.6.1. the data subject has the right to demand that the data controller limit data processing when one of the following cases applies:

4.6.2. the personal data subject disputes the accuracy of the data for such a period during which the data controller can check the accuracy of the personal data;

4.6.3. the processing of the personal data is unlawful and the data subject does not consent to the deletion of the data and instead requests the restriction of its use;

4.6.4. the data controller no longer needs the personal data for processing purposes, but the data subject needs them in order to assert, fulfill or defend legal claims; or

4.6.5. the data subject has objected to the data processing until it is verified whether the legitimate reasons of the data controller prevail over those of the data subject.

4.6.6. when data processing is restricted in accordance with the points listed above, such personal data may be processed, except for storage, only with the consent of the data subject or in order to assert, execute or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of public interest of a member state ;

4.6.7. the data subject, who has achieved the limitation of data processing according to the above-mentioned points, is informed by the data controller before the restriction to data processing is lifted.