Privacy policy
General provisions
UAB "SANITEX", legal entity code 110443493, registered office address: Raudondvario pl. 131C, Kaunas, Lithuania, tel. No.: +370 37 40 11 11, e-mail p.: [email protected]. (hereinafter - Sanitex, the Company) understands that the protection of personal data is important for our customers, suppliers, partners and other persons whose personal data it processes (hereinafter - data subjects), therefore it protects the privacy of each data subject with utmost responsibility and care.
This privacy notice sets out how Sanitex processes personal data of data subjects, including information, what personal data is processed, how it is collected, how long it is stored, to whom it is provided, what rights data subjects have and where to apply for their implementation or other issues related to personal data processing.
The privacy notice is prepared based on the following legal acts:
- of the European Parliament and the Council 2016 April 27 Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter - GDPR or the Regulation);
- 2018 June 30 Law of the Republic of Lithuania on Legal Protection of Personal Data no. XIII-1426 (hereinafter - ADTAĮ);
- 2004 April 15 Law on Electronic Communications of the Republic of Lithuania No. IX-2135;
The company's websites are intended for persons over the age of 14. Persons under the age of 14 shall not provide any personal data through the Company's websites.
How do we collect your data?
How we collect your data depends on the services we provide to you or the nature of our collaboration.
Sanitex processes data:
- Received directly from the data subject (You), e.g. when you send us inquiries or messages, sign cooperation agreements with us, fill out questionnaires, register on our websites or organized promotion activities;
- which are generated when you use our network and services, i.e. when you make a phone call, send a short message (SMS), browse the Internet, visit our websites, etc.;
- which we receive from other sources, e.g., if there is a legal basis, from other institutions or companies, i.e. banks, publicly available registers, credit bureaus (e.g. UAB "Creditinfo"), insurance companies, etc.
For what purposes and what personal data do we process?
Cash&Carry customer card administration
|
Purpose of data processing |
Legal basis for data processing |
Data categories |
Duration of data storage |
|
Issuance and administration of customer (Promo Cash&Carry) cards |
|
Company name, first name, last name, VAT payer code, business license or individual activity certificate or farmer's certificate number, its validity date, information about the nature of the natural/legal person's activity, address, telephone number, e-mail postal address, unloading addresses, main activity, company manager, number of people working in the company, place of use of the card (store) and time (only store entrance information), card number, names, surnames and e-mails of persons for whom the card is ordered, postal addresses, card pick-up location. |
10 years from the last use of the card |
Administration of social networks and Sanitex web pages
Sanitex in order to spread information about its activities and offer services that meet the needs and expectations of the client, administers websites and social network accounts:
|
Purposes of data processing |
Legal basis for data processing (Article 6 GDPR) |
Data categories |
Duration of data storage |
|
Monitoring account and website traffic statistics |
GDPR Art. 6 (1) (a) and (f) - consent of the data subject and legitimate interest of the data controller.
|
Cookies collect information related to page visitors (more information in the cookies section); Anonymous statistics
|
Referred to in the Cookie policy |
|
In response to your inquiries submitted through social network accounts and the website
|
GDPR Art. 6 (1)(a) and (f) - consent of the data subject and legitimate interest of the data controller.
|
Content posted by page fans on our social accounts; information provided in requests.
|
Requests made through the website are deleted for 1 year after the request is resolved, requests or comments made by users on social networks are processed according to the privacy policy of a specific social network |
|
Administering Submitted Content
|
GDPR Art. 6 (1) (a) and (f) - consent of the data subject and legitimate interest of the data controller.
|
Content posted by page fans on our social media accounts; information provided in requests.
|
As long as the data subject deletes the content by himself |
When visiting our social network accounts, your data may also be processed by social network administrators. We recommend that you get acquainted with the privacy policies of social networks:
Meta (includes Facebook, Messenger, Instagram) privacy policy:
https://lt - lt.facebook.com/privacy/explanation ;
Linkedin Privacy Policy:
https://www.linkedin.co m /legal/privacy-policy ;
Youtube Privacy Policy:
https://www.youtube.com/in t l/en-GB/yt/about/policies/#community-guidelines
Maintaining relations with suppliers
|
Purposes of data processing |
Legal basis for data processing (Article 6 GDPR) |
Data categories |
Duration of data storage |
|
Maintaining relations with suppliers |
GDPR Article 6(1)(b) - contract |
Name, surname, contact details (e-mail address, telephone, address), VAT payer code, number of business license or individual activity certificate or farmer's certificate, its validity date, personal identification number, activity according to business license or individual activity certificate or farmer's certificate , bank account number, power of attorney. |
10 years after the end of the contract |
Direct marketing
|
Purposes of data processing |
Legal basis for data processing (Article 6 GDPR) |
Data categories |
Duration of data storage |
|
Sending offers, newsletters and advertisements to customers and other interested parties |
GDPR Article 6 (1)(a) - consent |
Name, surname, e-mail address, telephone number, information about goods and offers of interest. |
At the recipient's choice, 12 months from the last opening of the newsletter or 24 months from the date of subscribing the newsletter* |
|
For statistical and term calculation purposes |
GDPR Article 6 (1) (a) - consent |
Network data collectors (web beacons), unique identifiers and other tracking tools are used, which collect information about newsletter subscription, (non)receipt, opening, clicking on links, opting out, which application/program is used to read the letter, IP address and according to the state assigned to it. |
12 months after opening the last newsletter* |
*With the consent of the data subject, pixel tracking may be used in the newsletter. This is an alternative method of tracking cookies, traditionally implemented as a 1 x 1 pixel image in an email, but not visible to the user. Uploading this image (with the user ID in the title) notifies the hosting server that the user has read the email. If the data subject consents to the use of pixels in the newsletter, it is recorded when the newsletter is opened and the newsletters will be sent for 12 months from the day the last newsletter was opened. If the data subject subscribes to the newsletter but does not consent to the use of pixels, the newsletters will be sent for 24 months from the date of ordering the newsletter.
To manage our newsletter subscriber list and send them emails, we use MailerLite, an automated marketing platform. MailerLite's privacy policy can be found at: https://www.mailerlite.com/privacy-policy.
You can unsubscribe from the newsletter by clicking on the link at the bottom of each newsletter.
Administration of contracts with clients, provision of services and consulting
|
Purposes of data processing |
Legal basis for data processing (Article 6 GDPR) |
Data categories |
Duration of data storage |
|
Administration of contracts |
GDPR Article 6 (1) (b) - contract |
Name, surname, VAT payer code, business license or individual activity certificate or farmer's certificate number, account number, contact details of the legal entity contact person or natural person. |
10 years after the end of the contract |
|
Client's www.epromo.lt account in |
GDPR Article 6 (1)(b) - contract |
Name, surname, contacts, login data, purchase history, delivery addresses, payment history, saved orders of natural persons.
|
10 years after the end of the contract |
|
Invoicing |
GDPR Article 6 (1)(b) - contract |
Name, surname, VAT payer code, number of business license or individual activity certificate or farmer's certificate, shopping cart |
10 years |
|
Debt management and administration |
GDPR Article 6(1)(f) – legitimate interest |
Name, surname, position, information on indebtedness, contact details.
|
10 years |
|
Ensuring the quality of service of the company's customers calling the customer service centre, accepting orders, offering related goods and services |
GDPR Article 6 (1) point (a) - consent, point (b) - performance of the contract, point (f) - legitimate interest |
Name, surname, contact data of the caller (e-mail address, telephone, address), opinion on the quality of the service, feedback, orders, audio recordings of conversations, metadata of the call.
|
Up to 4 years until records are erased by writing new records over the old ones
|
Video surveillance
|
Purposes of data processing |
Legal basis for data processing (Article 6 GDPR) |
Data categories |
Duration of data storage |
|
Protection of company assets and employees |
GDPR Article 6(1)(f) – legitimate interest |
The image captured by the video camera |
Up to 3 months until the records are erased by writing new records over the old ones |
Who do we share your data with?
To process data, Sanitex uses only those data processors who ensure compliance with the GDPR and the required level of personal data security.
Here is a list of categories of data recipients used by Sanitex:
- Companies of the Sanitex group (including, but not limited to UAB "Baltic Logistic Solutions", UAB "Officeday"), companies using the "Officeday" brand and concept on the basis of a franchise agreement.
- according to the procedure provided by law, state institutions: State Tax Inspectorate, Lithuania's State Social Insurance Fund Board, Employment Service, etc.;
- companies providing data centres, hosting, cloud, website administration and related services, creating, providing, supporting and developing software, companies providing information technology infrastructure services, companies providing communication services;
- companies providing advertising and marketing services;
- companies providing accounting, archiving, physical and/or electronic security, asset management and/or other business services;
- Cargo carriers and/or couriers;
- Bailiffs, entities providing legal and/or debt collection services, entities taking over the claim right to debt; joint debtor data file managers;
- law enforcement authorities at their request or at our initiative if there are suspicions that a criminal act has been committed, as well as courts and other dispute resolution bodies; tax administrators.
Data provision conditions
Data subjects ensure that the personal data they provide is correct and up-to-date, i.e. if personal data changes, data subjects must update it by providing new, correct data. Data subjects understand that otherwise Sanitex may not ensure the provision of quality services, and will have the right to refuse to provide services to the data subject.
You also have the right to refuse to provide your personal data, but the provision of your personal data is necessary to fulfill the purposes specified in this privacy notice, therefore, if you do not provide your personal data Sanitex may not be able to fulfill the listed purposes.
What rights do you have and how can you exercise them?
In accordance with the provisions of the GDPR, you as a data subject can exercise the following rights:
1. The right to access personal data. I.e. submit a request for information on whether your personal data is being processed, and if personal data is being processed, you have the right to access your personal data.
2. The right to correct personal data. I.e. submit a request to correct your personal data if you determine that the personal data we process is incorrect, incomplete or inaccurate.
3. Right to erasure (right to be forgotten). I.e. submit a request to delete your personal data if your data is processed illegally or dishonestly.
4. The right to restrict data processing. I.e. Submit a request to limit (stop) the processing of your personal data, except for storage - in the event that, e.g. you request the correction of your personal data (while the accuracy of the personal data is checked and/or they are corrected); it is determined that the personal data is being processed illegally and you do not agree to the data being deleted; you have expressed your objection to the processing of your personal data, etc.
5. Right to data portability. I.e. submit a request to transfer your personal data that is processed by automated means to you and/or another data controller in a structured, commonly used and computer-readable format.
6. The right to object to data processing. I.e. to express objection to the processing of personal data, when the data is processed on the legal basis of legitimate interest or public interest.
7. The right to request that you are not subject to a decision based solely on automated data processing, including profiling, which has legal consequences for you or which similarly significantly affects you;
8. to withdraw the consent given to us at any time, regarding the processing of personal data, e.g. for direct marketing.
You can exercise your rights:
- By sending us a free-form request by e-mail to [email protected]. The application must be signed and scanned, and a copy of the identity document must be attached to the application, so that we can verify your identity. The application can also be signed with a qualified electronic signature.
- When sending a request by post to Raudondvario pl. 131C, Kaunas, the request must be signed. A copy of your identity document must be attached to the request you send. When applying in person, data subject must show proof of identity to the person accepting the request.
The request must be readable, signed, it must contain the data subject's name, surname, place of residence or other data to maintain the desired form of communication, information about which data subject's right and to what extent data subject wishes to exercise.
We will provide an answer to your request no later than within 30 (thirty) calendar days from the date of receipt of the request. In exceptional cases that require additional time, after notifying you we will have the right to extend the deadline for submitting the requested data or examining other requirements specified in your request up to 60 (sixty) calendar days from the date of your application.
Where can you apply for questions related to personal data?
If you have any questions regarding the information provided in this privacy notice or the protection of your personal data and the exercise of your rights, please contact Sanitex in the way convenient for you:
- by e-mail: [email protected];
- in writing to Raudondvario pl. 131C, Kaunas, Lithuania
If it is not possible to find a solution suitable for both parties, you have the right to contact the State Data Protection Inspectorate at the address: L. Sapiegos g. 17, Vilnius, e-mail e -mail: [email protected].
Final Provisions
We have the right to partially or fully change the provisions of this privacy notice by notifying you about it on the website and/or by the e-mail you provided. If you continue to use the website after changes have been made, it means that you accept them.
These terms are governed by the law of the Republic of Lithuania. All disputed issues are resolved by mutual agreement. If an agreement is not reached – by the procedure of the laws of the Republic of Lithuania in the court of the Republic of Lithuania.