Privacy policy

INFORMATION ABOUT PERSONAL DATA PROCESSING UAB DARNU GROUP COMPANY GROUP

Dear customers,

As a long-term and socially responsible Lithuanian business undertaking, UAB DARNU GROUP and its group of companies seek to ensure that we provide you with high quality products and property as well as services. Having taken into account the necessity for you to be aware of your data processing, we developed, approved and publish the present information on personal data processing of UAB DARNU GROUP company group.

We value and cherish our relationships with you and thus seek to provide you with information on the processing of your data that is as complete, consistent and clear as possible.

It is very important that you read the Privacy Policy carefully because, every time you visit the website owned by the Data Controller, you agree to the terms and conditions set forth in this Privacy Policy.

By submitting his/her personal data (including data directly or indirectly made available through the Website and using its services), the Data Subject agrees and does not object to the Data Controller for managing and processing them for the purposes and procedures specified in this Privacy Policy, the Data Subject’s consent and in the legislation.

Persons under the age of 18 cannot provide any personal data through the website of the Data Controller. If you are a person below the age of 18, you must obtain the consent of your parents or other legal guardians before submitting personal information.

Personal data – any information about a natural person who is identified or identifiable (the data subject); a natural person who can be identified, whose identity can be determined directly or indirectly, in particular, by the identifier, such as his name, personal identification number, location data and internet identifier, or according to one or more features of physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Representative means a person representing Customers, Data Controller Partners, Service Providers, Suppliers, both natural and legal persons.

Applicant means a natural person or a Representative interested in the goods and/or services sold by the Data Controller or wishing to contact the Data Controller on other issues.

Data Subject – for the purposes of this Privacy Policy, means representative, applicant, customer, candidate, partner, service provider, supplier, telephone callers or any other natural person whose personal data is processed by the Data Controller.

Consent of data subject means any express, specific and unequivocal expression of the will of the duly notified data subject in a statement or unambiguous manner in which he consents to processing of the personal data relating to him.

Candidate shall mean a person involved or intending to participate in the staff selection of the Controller.

Customer means a natural person or Representative who purchases goods or services from the Data Controller or who has entered into a contract with the Data Controller for the sale of goods or provision of services.

Partner means a natural or legal person who cooperates with the Data Controller, or has entered into a cooperation agreement with the Data Controller (e.g. for the sale of goods).

Service Provider means a natural or legal person who may offer or offers goods, services or works to the Data Controller and who cooperates with the Data Controller or who has entered into a contract with the Data Controller for the sale of goods, services or works.

Telephone Caller means a person who calls a publicly published contact telephone number regarding the sale of the Data Controller’s goods, provision of services and/or other matters.

Supplier means a natural or legal person who supplies goods to the Data Controller.

Direct marketing means the activity of offering goods or services to persons by post, telephone or other direct means and/or seeking their opinion on the goods or services offered.

Personal data processing – any operation or sequence of operations, such as collecting, recording, sorting, organizing, storing, adapting or modifying, extracting, accessing, using, disclosing, transmitting, distributing, or otherwise changing, by automated or non-automated means of personal data or personal data sets and access to them, as well as matching or interconnection with other data, their restriction, erasure or destruction.

The data controller will collect personal data in accordance with the applicable legislation of the European Union and the Republic of Lithuania and the instructions of the controlling authorities. All reasonable technical and administrative measures are in place to protect the collected data about the Data Subjects from loss, unauthorised use and alteration.

This Privacy Policy was drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the Universal Data Protection Regulation), Law on the Legal Protection of Data of the Republic of Lithuania, other legal acts of the European Union and the Republic of Lithuania. The terms used in the Privacy Policy are understood as defined in the General Data Protection Regulation and the Law on the Legal Protection of Personal Data of the Republic of Lithuania.

What information do we collect about you?

Information provided directly by you.

Information on how you use our Website.

If you visit our website, we also collect the information that indicates how you are using our services or automatically generated visit statistics. Read more Cookie policy.

Information from third-party sources

We may receive information about you from public and commercial sources (as permitted by applicable law) and associate it with other information we receive from you or about you. We can also receive information about you from third-party social networking services when you sign in, for example through your Facebook accounts.

Other information we collect

We may also collect other information about you, your device or the way your use the content of our site, with your consent.

You may choose not to provide us with certain information, but in such case you may not be allowed to use our service.

Processing of personal data for the purposes of providing feedback, consultation, fulfilling a request

Processing of personal data for the purpose of the sale of goods, provision of services, and/or other matters of persons contacting the Data Controller, including telephone callers. The Data Controllerprocesses the following personal data of the Applicants, including the Callers:

First name;

Last name;

Telephone number;

E-mail adress;

Function;

Workplace.

The personal data of applicants are not passed on to third parties.

Personal data for the purposes of consultation, enquiry and request are processed on the basis of the consent expressed by providing your data (Article 6(1)(a) of the General Data Protection Regulation).

Processing of personal data for the purpose of selling goods and providing services

Processing of customer personal data. The Data Controller shall process the following personal data of Customers or Representatives:

For the purposes of providing restaurant services:

Restaurant services are provided to non-identifiable persons, except for the obligation to ensure that the person is of legal age when selling alcohol.
If the customer wishes to be issued with a VAT invoice, the data to be collected are those required by law to be included on the VAT invoice – the name, title (if the VAT invoice is issued to a legal person), telephone number and address of the person who accepted it.

The following data is collected for the purposes of providing hotel/accommodation services:

First name;

Last name;

Date of birth;

Personal code;

Identity document number;

Image;

Nationality;

The country that issued the identity document;

Address of place of residence;

Credit card number;

Payment amount (in the case of e-commerce, the details of the payment order);

Car registration number (if applicable);

Workplace data (if applicable);

Telephone number;

E-mail adress;

Time and date of arrival at the accommodation;

Time and date of departure from the accommodation;

Names, dates of birth, ID numbers of the other guest, spouse and/or minor child(ren) accompanying the Customer;

Health data (to the extent necessary for the proper provision of services)

Other information related to the service being purchased.

We undertake not to transfer your personal data to any unrelated third parties, except in the following cases:

If there is consent from the Customer for the disclosure of personal data;
In the performance of our obligations as a seller of goods or provider of services (e.g., data may be transferred to companies providing delivery (courier), logistics, archiving, auditing, legal, financial services, Partners, Service Providers, Participants and/or parties linked to national, European and international payment systems such as SWIFT);
Pursuing the legitimate interests of the Data Controller (e.g. in the case of debt collection);
Authorised bodies, in accordance with the procedure provided for by the legislation of the Republic of Lithuania.

The Data Controller may provide the personal data of Customers and other Data Subjects to Data Processors not listed in this Policy who provide services (perform work) to the Data Controller and process the personal data of Customers and Data Subjects on behalf of the Data Controller. Data processors have the right to process personal data only in accordance with the instructions of the data controller and only to the extent necessary for the proper fulfilment of obligations laid down in the contract. When using data processors, the Data Controller shall take all necessary measures to ensure that data processorshave implemented appropriate organisational and technical security measures and maintain the secrecy of personal data.

The processing of personal data is based on the Data Subject’s consent and/or the performance of a contract with the Data Subject (Article 6(1)(a) and (b) of the General Data Protection Regulation).

Personal data processing for direct marketing purpose

The Data Controller aims to share only relevant news about services, discounts, offers,

competitions and other useful information with the recipients of the newsletters. It does so in accordance with this Privacy Policy.

The Data Controller shall only process personal data for the purpose of direct marketing with the express consent of the Data Subject. For the purpose of direct marketing, the following personal data of Customers and other Data Subjects are processed:

First name;

Last name;

E-mail address.

By sending a newsletter, the Data Controller may collect statistical data on the Data Subject’s behaviour in relation to the use and content of the newsletter (for example, whether the newsletter has been read, which links have been opened by the Data Subject).

Personal data is obtained directly from Data Subjects. The Data Controller may only transfer personal data to third parties providing specialised services for the purpose of sending emails, tailoring the type of advertising ordered through advertising platforms.

The personal data of customers and other Data Subjects shall be processed on the basis of the consent expressed by providing their data and agreeing to the processing of personal data for the purpose of direct marketing (Article 6(1)(a) of the General Data Protection Regulation).

We inform that the Data subject has the right not to give or to withdraw his consent to the processing of his Personal Data for direct marketing purposes at any time, including profiling, insofar as it relates to such direct marketing, without giving reasons for non-consent:

By clicking on the “unsubscribe” link at the end of the newsletter or on the website;
By email duomenuapsauga@darnugroup.lt

Withdrawal of consent shall not affect the lawfulness of processing based on consent carried out before the withdrawal of consent.

Processing of personal data for the purposes of ensuring the safety of employees, customers and the protection of property (video surveillance)

The Data Controller shall process the video data of its employees, its customers and other persons entering the video surveillance area for the purposes of ensuring the security of its staff, its Customers and other persons entering the video surveillance area, as well as for the purpose of ensuring the security of its property (video surveillance).

Please be informed that your video data is captured by the Data Controller’s video surveillance equipment when you visit the Data Controller’s territory around the buildings, premises located in Pilies g. 34, Vilnius, Ąžuolyno g. 7, Vilnius and Aukštaičių g. 7, Vilnius. Image data may only be transmitted to law enforcement authorities in accordance with the procedure provided for by the legislation of the Republic of Lithuania and to insurance companies in the event of an incident that may be recognised as an insured event. Video data shall only be transmitted to the extent that it is relevant to the incident under investigation.

The Data Controller may provide the image data of employees and customers, as well as other persons entering the video surveillance field to Data Processors not specified in this Policy, who provide services (perform work) to the Data Controller and process the image data of staff and Customers and other persons entering the video surveillance field on behalf of the Data Controller.

Personal data for the purpose of video surveillance are processed on the basis of the legitimate interest of the Data Controller (Article 6(1)(f) of the General Data Protection Regulation).

What do we do to protect your information?

Personal data are protected against loss, unauthorized use and alteration. We have implemented physical and technical measures to protect all information we collect for the purposes of our service provision. Bear in mind that, although we take appropriate action to protect your information, no website, online transaction, computer system or wireless connection is completely safe.

The Data Controller applies different retention periods for personal data in accordance with the requirements of the legislation and the purposes of the processing of personal data.

Terms of storage of personal data:

Purpose for personal data processing	Term of storage
Processing of Personal Data of Data Subjects for the purposes of the consultation, the execution of a request.	1 year from the date of the consultation, or the date of the request. Except where the Data Subject requests the sale of the Data Controller’s goods or services. The general term of 10 years is then applied.
Processing of customers’ personal data for the purpose of selling goods and providing services.	10 years after the last contact or 10 years after the end of the contract.
Processing of personal data of natural persons, Representatives for the purpose of performance of contracts with Partners, Service Providers, Suppliers.	During the term of the contract and for 10 years after the end of the contract.
Processing of personal data for the purposes of ensuring the safety of staff, customers and the protection of property (video surveillance).	14 calendar days. If the video data is used as evidence in a civil, administrative, criminal, or other statutory situation, the video data may be stored to the extent necessary for such data processing purposes and destroyed immediately when it becomes no longer necessary.
Processing of personal data of data subjects for direct marketing purposes.	5 years from the date of consent, unless the Data Subject wishes to extend this period.

Exceptions to retention periods may be made to the extent that they do not prejudice the rights of Data Subjects and comply with legal requirements.

At the end of the time limits, if they have not been extended, the data will be destroyed in such a way that they cannot be reproduced.

Your rights

The data subject whose data is processed in the activities of the Data Controller has the following rights:

The right to know (be informed) about the processing of your personal data;
The right of access to your personal data and to be informed of how they are processed;
The right to rectify or, depending on the purposes of the processing of personal data, to supplement incomplete personal data;
The right to erasure and the right to be forgotten, i.e. to suspend the processing of the data (except for storage);
The right to restrict the processing of personal data on one of the following legitimate grounds;
The right to data portability where the Data Subject has provided his or her personal data to the Data Controller in a structured, commonly used and computer readable format;
The right to oppose to the processing of Personal data when this data is processed or intended to be processed for direct marketing purposes, including profiling, insofar as it relates to such direct marketing;
The right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.

The Data Subject has the right to submit any request or instruction relating to the processing of Personal data, to the Data Controller in writing in one of the following ways: delivery in person or by post to: UAB DARNU GROUP, legal entity code 123010339, home address Aukštaičių g. 7, Vilnius; by e-mail: duomenuapsauga@darnugroup.lt.

Upon receipt of such request or instruction, the Data Controller shall, within one month from the date of the request, provide an answer and perform or refuse to perform the actions specified in the request. If necessary, the specified period may be extended by another two months depending on the complexity and number of requests. In this case, the Data Controller shall inform the Data Subject about such extension within one month from the receipt of the request, and indicate the reasons for the delay.

The Data Controller may not enable the conditions for Data Subjects to exercise the above rights, except to refuse to process Personal data for direct marketing, in cases provided for by law, if it is necessary to ensure the prevention, investigation and detection of violations of offenses, professional or service ethics, as well as the rights of the Data Subject or others, and the protection of liberties.

Third party websites, services and products on our website

The Data Controller’s website may contain third-party advertising boards, links to their websites and services that are not controlled by the Data Controller, for example a link to the Facebook profile of the Data Controller. The Data Controller is not responsible for the safety and privacy of information collected by third parties. You must read the privacy notices applicable to third-party websites and services that you use.

If you provided your data on Facebook, we assume that you agree that we may contact you and provide you with service offerings through your contact phone and email.

Final provisions

Amendments or changes to the Privacy Policy shall take effect from the date of their publication on the Website.

When the Data Subject uses the Website and/or the services provided by the Data

Controller after supplementing or amending the Privacy Policy, the Data Subject shall be deemed not to object to such amendments and/or changes.

Contact us

If you have any questions about this Privacy Policy, feel free to contact us in any way convenient for you:

By e-mail: duomenuapsauga@darnugroup.lt

By email: UAB Darnu Group, Aukštaičių g. 7, Vilnius

COOKIES POLICY

Cookies are information elements which are transferred from a website to the hard drive of your computer. These are small information files which enable websites save and access information on the user‘s browsing habits.

Cookies are used by most websites since they are one of numerous ways to help adapt the content of the internet to the user’s needs. Cookies enable websites to provide services customised to the user’s needs (for instance, by remembering access details, retaining purchases in the basket or showing only specific content which is of interest to the user).

Most browsers are set so that they accept cookies automatically. Cookies do not allow access to or do not provide the opportunity to copy the device storing terminal data, such as a hard drive. Users can block cookies by changing their browser settings, however, this might reduce the functionalities of the website and is not recommended. Users can also delete cookies in their internet browsers any time.

Cookies used in this website do not infringe the privacy of the user of services. For instance, cookies used for the purposes of assessment and surveys aimed at identifying the type of use and the scope of use of the website. In addition, cookies may be used in marketing based on user lists and repetitive marketing. The purpose of such marketing is to provide users, who have visited the website before, with information on relevant services.

The Company collects and processes personal data for the following purposes: contacting clients, marketing of products and services (including planned marketing by email, online advertising and personal sales calls), collecting and handling feedback, providing the requested information and products or services requested or ordered from the Company.

Moreover, the Company can share your contact details and internet functions, such as visits to the website and email transitions, with its partners for the purposes of sales of services and products and for marketing purposes.