1.2. These terms apply to the User every time the User wants to access the Website and/or buy goods or services from the Data Controller.
1.3. The Data Controller ensures the confidentiality of Personal Data and has implemented appropriate technical and organisational measures to safeguard the User’s Personal Data from unauthorized access, disclosure, accidental loss, modification or destruction, or other unlawful Data Processing.
2. USED TERMS
2.1.1. “Consent” means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
2.1.2. “Cookies” are type of small messages with a unique identification number that is transmitted to the User's hard disk drive so that the Data Controller could distinguish the User's computer from the Internet and see it on the Internet.
2.1.3. “Data Controller” is MB "By Karolina Meschino", e-mail address [email protected], VAT payer's code: LT100013363718, address: Pilies g. 3, Vilnius, Lithuania, company number: 305615534, a person who determines the purposes and means of Data Processing of data subjects.
2.1.4. “Data Processing” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.1.5. “Newsletter” means a newsletter sent by the Data Controller to the User about the latest news, special offers and updates on the Data Controller’s sold goods.
2.1.6. “Personal Data” or “Data” means any information relating to an identified or identifiable natural person (“data subject”).
2.1.8. “User” is a natural person (data subject) who has visited the Website and provided his/her Personal Data to the Data Controller.
2.1.9. “Regulation” means 2016/679 Regulation on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC, which entered into force in the European Union on 25 May 2018.
2.1.10. “Website” is the internet website of the Data Controller, the address of which is www.karolinameschino.com.
3. COLLECTED PERSONAL DATA
3.1. To properly provide its services, the Data Controller collects the following Personal Data of the User:
3.1.1. Personal Data submitted by the User: first name, last name, telephone number, email address, delivery address, financial information (such as payment method, credit card number, billing address).
3.1.3. Data from third-party sources: if the User links and logs in to his/her account on the Website with a third-party service provider (e.g. Facebook, LinkedIn, Google), the Data Controller receives certain information, such as the User’s registration and profile information from that service provider.
4. PRINCIPLES OF PROCESSING OF PERSONAL DATA
4.1. The Data Controller undertakes to follow the further indicated principles of Processing of Personal Data:
4.1.1. the Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
4.1.2. the Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”;
4.1.3. the Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
4.1.4. the Data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
4.1.5. the Data shall be kept in a form which permits identification of the User for no longer than is necessary for the purposes for which the Personal Data are processed (“storage limitation”);
4.1.6. the Data shall be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
5. PURPOSES OF PROCESSING PERSONAL DATA
5.1. Personal Data of the User is processed by the Data Controller for the following purposes:
5.1.1. For selling goods and providing services. The Data Controller collects and uses the Personal Data of the User for the purpose of selling goods and providing services on the Website.
5.1.2. For sending the Newsletter. The Data Controller with prior consent of the User sends notifications about the special offers, updates or changes on the Data Controller’s goods services.
5.1.3. For contacting the Data Controller. If the User wants to contact the Data Controller, under the rules specified on the Website, the User has to fill in the contact form with his/her Personal Data.
6. DISCLOSURE OF PERSONAL DATA
6.1. The Data Controller undertakes not to disclose or transfer Personal Data of the User to third parties and not to use for the purposes other than they were collected.
6.2. The Data Controller may transfer the User’s Personal Data to third parties only under the following cases:
6.2.1. when it is necessary to complete the contract with the User and provide services properly – to partners of the Data Controller. For these partners, the Data Controller will provide only as much of Personal Data as will be required to fulfil a specific commitment;
6.2.2. if the individual Consent of the User on such transfer of Data has been received;
6.2.3. data transfer is obligatory upon the demand of law enforcement agencies in accordance with the procedure established by legal acts of the Republic of Lithuania;
6.2.4. in other cases, established in the Regulation and legal acts of the Republic of Lithuania.
7. COOKIES USAGE
7.2. The Data Controller collects the Cookies to:
7.2.1. ensure proper functions of the Website;
7.2.2. analyse the User’s browsing habits;
7.2.3. improve and develop the Website;
7.2.4. see the Website usage statistics;
7.2.5. understand and improve marketing efforts.
7.3.1. by clicking the “Accept” button on the Cookies bar that show up on the Website;
7.3.2. by not deleting them and/or not changing the User’s browser settings so that the Cookies cannot be stored.
7.4. The Data Controller uses the following Cookies on the Website:
7.5. The User may withdraw the Cookies Consent at any time. The User can do this by changing his/her browser settings so that the Cookies cannot be stored. Instructions may vary depending on the User’s operating system and the type of the web browser. Instructions on several web browsers may be found here: Google Chrome, Internet Explorer, Mozilla Firefox, Safari (Desktop), Safari (Mobile), Android Browser, Opera, Opera Mobile. More information about the Cookies, their use and how to refuse them are available at http://AllAboutCookies.org.
8. DATA STORAGE TERMS
8.1. The Data Controller undertakes to store the User's Personal Data for a period specified in the applicable laws of the Republic of Lithuania and/or the Regulation, but not longer than is required to achieve the goals of Data Processing.
8.2. If the User registers on the Website but does not make any purchase of products available on the Website, the Data Controller will store the User’s Personal data for no longer than 5 (five) years from the last User’s login to his/her personal account on the Website. In such a case, 5 (five) calendar days left before the expiry of the term of 5 (five) years, the User will receive an inquiry to the e-mail address as to whether the User agrees to further processing of the Data. If the User expresses an objection or does not respond in 5 (five) calendar days, the Data Controller will delete all the Personal Data related to the User, including his/her account in the system.
8.3. If the User makes a payment for purchasing the goods the Data Controller offers, the Data Controller will store the Personal Data for 10 (ten) years from the day of the last payment on the Website, as foreseen in the Clause 10.15 of the Order of the archivist of the Government of the Republic of Lithuania "On Approval of the Register of Terms for the Storage of General Documents”. In such case, 5 (five) calendar days left before the expiry of the term of 10 (ten) years, the Data Controller will send an inquiry to the User’s e-mail address as to whether the User agrees to further processing of the Data. If the User expresses an objection or does not respond in 5 (five) calendar days, the Data Controller will delete all the Personal Data related to the User, including his/her account in the system.
8.4. If the User contacts the Data Controller and provides his/her Personal Data via e-mail or reserves goods on the Website, the Data Controller will store the Personal Data for no longer than 6 (six) months from its submission. After this term, the Data is automatically and irreversibly erased.
8.5. If the User subscribes to the Newsletter, the Data Controller will store the Personal Data and send the Newsletter for no longer than 5 (five) years. 5 (five) calendar days left before the expiry of the term of 5 (five) years, the User will receive an inquiry to the e-mail address as to whether the User agrees to further processing of the Data. If the User expresses an objection or does not respond in 5 (five) calendar days, the Data Controller will delete all the Personal Data related to the User and will stop sending the Newsletter.
9. RIGHTS OF THE USERS
9.1. The User on the Website has the following rights:
9.1.1. know what and for what purpose the Personal Data is processed;
9.1.2. receive the Personal Data concerning him/her and transmit this Data in a commonly readable format to his/her computer;
9.1.3. request the correction or supplementation of Personal Data if they are inaccurate or no longer relevant;
9.1.6. submit a claim to the State Data Protection Inspectorate regarding illegal processing of Personal Data or violation of Data processing;
9.1.7. disagree with the processing of Personal Data when such Data is processed or intended to be processed for direct marketing purposes.
9.3. The Data Controller after receipt of such User’s request or order shall respond and perform the steps in the request or refuse to perform stating the reasons for refusal no later than within 30 (thirty) days from the date of receipt. If necessary, the specified period may be extended by another 2 (two) months depending on the complexity and number of requests. In this case, within 30 (thirty) days from receipt of the application, the Data Controller informs the User of any such extension, together with a reason for the delay.
9.4. The User has a right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him/her is being processed, and, where that is the case, access to the Personal Data and the following information:
9.4.1. the purposes of the Processing;
9.4.2. the categories of Personal Data concerned;
9.4.3. the recipients or categories of recipient to whom the Personal Data have been or will be disclosed;
9.4.4. where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
9.4.5. the existence of the right to request from the Data Controller rectification or erasure of Personal Data or restriction of Processing of Personal Data concerning the User or to object to such Processing;
9.4.6. the right to lodge a complaint with a supervisory authority;
9.4.7. where the Personal Data is not collected from the User, any available information as to their source.
9.5. When the User submits the request to erase his/her Data, the Data Controller undertakes to erase all Personal Data, where one of the following grounds applies:
9.5.1. the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
9.5.2. the User withdraws consent on which the Processing is based, and where there is no other legal ground for the Processing;
9.5.3. the User objects to the Processing of his/her Data and Data Controller does not determine overriding legitimate grounds for the further Processing;
9.5.4. the Personal Data have been unlawfully processed;
9.5.5. the Personal Data have to be erased for compliance with a legal obligation in European Union or laws of the Republic of Lithuania.
9.6. In the answer to request of the Users regarding the exercise of the right to be forgotten, the Data Controller undertakes to answer in detail providing the grounds and (or) explanation on why there is no possibility to exercise such right when there is an overriding ground of legitimate interest or, when it is possible – how to exercise such right.
9.7. The User has a right to request that the Data Controller would restrict Processing of the User’s Data in one of the following cases:
9.7.1. the accuracy of the Personal Data is contested by the User for a period enabling the Data Controller to verify accuracy of the Personal Data;
9.7.2. the Data Processing is unlawful and the User opposes the erasure of the Data and requests the restriction of its use instead;
9.7.4. when the User has objected to Processing until the verification whether the legitimate grounds of the Data Controller override those of the User.
9.8. The Data Controller might not satisfy the User’s requests, except for requests to refuse direct marketing offers and to apply to an out-of-court dispute resolution body, in cases it is necessary to ensure:
9.8.1. execution of established legal obligations of the Data Controller;
9.8.2. public order and prevention of crimes;
9.8.3. rights and freedoms of other Users or other third parties; or
9.8.4. in other cases, specified by the applicable laws of the Republic of Lithuania and the Regulation.
9.9. All the answers to the User are provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The Data Controller shall provide a copy of the processed Personal Data in electronic or paper format free of charge at the User's choice, and upon repeated request of the User, the Data Controller may charge a reasonable fee based on the administrative costs of making such a copy, not exceeding 50 (fifty) euros.
9.10. If the User has discovered the unlawfulness of its Data Processing or in the event of a dispute with the Data Processor, he/she has a right, at any time, to apply to the out-of-court dispute resolution authority in the Republic of Lithuania – the State Data Protection Inspectorate, under the rules specified on its website, which can be found here.
10.2. The User may at any time refuse to receive the Newsletter by sending an email to the Data Controller or by selecting the "Unsubscribe" button at the bottom of every Newsletter sent to the User.
12. CONTACT INFORMATION
Sending mail – Pilies str. 3, Vilnius, Lithuania.
Sending e-mail – [email protected]
Last updated on 09-09-2020