UAB “Nando Europe” Rules for Personal Data Processing and Cookie Usage Information

UAB “Nando Europe” ensures that personal data is processed lawfully, fairly, and transparently, collected only for the purposes specified in this policy and clearly defined, and not further processed in a manner incompatible with those purposes.

UAB “Nando Europe” applies organizational and technical measures to ensure appropriate security of personal data, including protection against unauthorized or unlawful processing of data and accidental loss, destruction, or damage.

  1. KEY TERMS

  1. Privacy Policy – these rules for personal data processing and cookie usage information, posted on the website www.nandoeurope.lt.
  2. Website – the website located at www.nandoeurope.lt, where the visitor of UAB “Nando Europe” website can give consent to the processing of personal data for direct marketing purposes.
  3. Data Controller – a legal or natural person who alone or together with others determines the purposes and means of processing personal data. The Data Controller in this Privacy Policy is UAB “Nando Europe”, legal entity code: 300901535, registered address: H. and O. Minkovskiai St. 152, LT46244 Kaunas, Lithuania, contact details: email info@nando.lt, phone no. +370 37441891.
  4. Data Subject – a customer or a visitor of the website whose personal data is processed by the Data Controller for direct marketing, query administration, loyalty program administration purposes.
  5. Data Processor – a natural or legal person who, based on the authorization provided by the Data Controller, helps to achieve the established objectives.
  6. Personal Data – personal data of a natural person, processed by the Data Controller and by which the customer or website visitor can be identified, including, but not limited to: name, surname, email address, phone number, etc.
  7. Data Processing – any action performed with personal data: collection, recording, storage, alteration (supplement or correction), provision, use, deletion, or any other action or set of actions.
  8. Direct Marketing – activities aimed at offering goods or services to individuals by mail, telephone, or other direct means, offering promotional discounts, and/or requesting their opinion on the proposed goods or services.
  9. Consent – a freely given action of the Data Subject by which they agree to the processing of personal data.
  10. Supervisory Authority – State Data Protection Inspectorate.

2. DATA COLLECTION, STORAGE, AND USAGE PROCEDURE

  1. The Data Subject agrees that for the purpose of direct marketing, information, or sending trial products, the Data Controller will process the following personal data related to them: name, surname, phone number, email address, IP address, delivery address of goods, post office address for delivering goods.
  2. For this purpose, the provided personal data is stored for 5 (five) calendar years.
  3. The Data Subject is informed that the given consent for processing personal data for direct marketing purposes can be revoked at any time by submitting a request to the Data Controller via email address info@nando.lt from the same email address provided when giving consent for the use of data for direct marketing purposes.
  4. The Data Subject is informed that when sending trial products or other information related to direct marketing, data processors are involved, such as courier service providing companies: UAB “Nėgė” reg. no. 149872578, Europos pr. 83, LT-46333 Kaunas; AB Lietuvos paštas reg. no. 121215587, J. Jasinskio g. 16, 03500 Vilnius.
  5. The Data Subject agrees that for query administration purposes, when the query is submitted by email, the Data Controller will process the following personal data related to them: name, surname, email address, comment/inquiry.
  6. The Data Controller confirms that the personal data processed for this purpose is not disclosed.
  7. For this purpose, the personal data is stored for 2 (two) calendar years from the date of data submission.
  8. The Data Subject is informed that the given consent for processing personal data for query administration purposes can be revoked at any time by submitting a request to the Data Controller via email address info@nando.lt from the same email address that was used when submitting the query.
  9. The Data Subject agrees that for direct marketing purposes, the Data Controller will process the following personal data related to them: phone number, email address.
  10. For the purpose of direct marketing, the provided personal data is stored for 2 (two) calendar years from the date of data submission.
  11. The Data Subject is informed that the given consent for processing personal data for direct marketing purposes can be revoked at any time by submitting a request to the Data Controller via email address info@nando.lt from the same email address used when subscribing to the newsletter or receiving an electronic mail.
  12. The Data Subject is informed that for this purpose, data processors are involved: UAB “Kokosas” reg. no. 303559108, registered address Maironio St. 6-1 Kaunas, providing newsletter sending services.
  13. The Data Controller confirms that personal data is collected directly from the Data Subject and is not collected from other sources.
  14. The Data Controller undertakes not to disclose processed personal data to third parties, except in the following cases: with the consent of the Data Subject to disclose personal data, when executing an order or providing other services to Data Processors providing goods delivery or other services ordered by the Buyer, to law enforcement institutions in accordance with the requirements of legal acts, when it is necessary to prevent criminal activities or necessary for their investigation.

3. IMPLEMENTATION OF DATA SUBJECT RIGHTS

  1. The Data Subject grants the right to the Data Controller to collect, manage, process, and store personal data related to them to the extent and for the purposes provided in this Privacy Policy.
  2. The Data Subject can withdraw the consent for collecting, processing, and storing personal data at any time, and consent for processing personal data for direct marketing purposes can be revoked without any additional justification. The Data Controller, upon receiving such request from the Data Subject, immediately suspends the processing of personal data and deletes the related personal data. The Data Controller has the right not to delete personal data from the server if there is a legitimate basis for storing them, especially when it is necessary to ensure national security and defense, public order, prevention, investigation, detection, or prosecution of crimes, protection of important state economic or financial interests, and protection of the rights and freedoms of other persons.
  3. The Data Subject, properly identifying themselves, indicating their name, surname, email address, has the right to familiarize themselves with their personal data by submitting a written request to the Data Controller using one of the following methods: 1) by mail or delivering directly to the address: H. and O. Minkovskiai St. 152, Kaunas, 2) by email address: sandra@nando.lt from the email address that was provided to the Data Controller when registering the e-shop user account, submitting a query, ordering the newsletter.
  4. If another person wishes to familiarize themselves with the Data Subject’s personal data, they must submit a notarized authorization, and lawyers are provided with data only upon submitting a representation agreement and indicating the purpose of data usage.
  5. The Data Controller, upon receiving the Data Subject’s request to familiarize themselves with the processed personal data, provides a response within 30 (thirty) calendar days from the date of receipt of the request. The response indicates whether the Data Subject’s personal data is processed, and if so, what data and to whom have been provided over the last 1 (one) calendar year. The response is provided free of charge.
  6. If, after familiarizing themselves with their personal data, the Data Subject determines that the data has been collected or obtained from illegal sources, or that personal data is processed for purposes other than those for which consent was given, the Data Subject has the right to request the Data Controller to stop such actions related to the processing of such personal data and/or to delete the related personal data by sending an email request to the Data Controller: info@nando.lt from the same email address from which the request was submitted.
  7. In cases where the Data Subject, after familiarizing themselves with their personal data, finds that it is inaccurate or incomplete, properly identifying themselves and submitting a written request, they can ask the Data Controller to correct and/or supplement the related personal data. The Data Controller, after finding that the request is justified, immediately corrects or supplements the processed personal data, but no later than within 5 (five) calendar days, and informs the Data Subject in writing about the actions taken.
  8. The Data Subject has the right to request that the Data Controller “forget” them, i.e., delete all personal data related to them if such data is no longer needed for the purposes for which it was collected and processed, or if the Data Subject withdraws their consent, or if data is processed in violation of legal requirements. The Data Controller fulfills such a request reasonably and without delay, but no later than within 5 (five) calendar days, and informs the Data Subject about the actions taken.
  9. If the Data Subject believes that their legitimate interests were violated during the processing of personal data, they have the right to apply to the Supervisory Authority.

4. RISK FACTORS FOR PERSONAL DATA BREACH AND THEIR RESOLUTION

  1. To ensure appropriate protection of personal data, the Data Controller implements the following organizational and technical personal data protection measures: 1.Organizational: The Data Controller organizes the work in a way to ensure secure management and (if applicable) transfer of computer data and/or documents and their archives. 2. Access to the Data Subject’s personal data is granted only to those employees who need it to perform their job functions and only to those who have signed confidentiality agreements and familiarized themselves with other internal regulations related to personal data processing.
  2. Technical: 1. Data Processors appointed by the Data Controller (service providers) act only on the authorization of the Data Controller. 2. Personal data is protected against loss, unauthorized use, and alterations. Internet communication is encrypted, and the website operates via the https:// protocol. 3. Computer hardware protection against malicious software (e.g., installation and updates of antivirus software), and an internal computer network firewall is provided.

5. USE OF COOKIES

  1. The website www.nandoeurope.lt uses cookies for statistical purposes, evaluating website attendance, and popularity of specific content. Such data processing does not allow identifying the identity of the website visitor directly or indirectly.
  2. The website visitor can delete cookies from their computer or block them in their internet browser, however, in such case, some of the website functionality may not work or may not work correctly.

6. FINAL PROVISIONS

  1. This Privacy Policy is reviewed once every 2 (two) years and updated if necessary.
  2. This Privacy Policy is effective from 1st February 2018.