• I. GENERAL PROVISIONS

    1. AB “Vilkma” (hereinafter referred to as the Company) Privacy Policy (hereinafter – Privacy Policy) applies to personal data of natural persons (hereinafter referred to as “Data Subjects”), which are managed by the Company.

    2. The purpose of the Privacy Policy is to ensure the implementation of the legal protection of personal data in force in the Republic of Lithuania.

    3. Privacy policy provides with the purposes and principals of processing of personal data by Data Subjects, the rights of the Data Subjects and, the fundamental technical and organisational measures to ensure data protection and data security.

    4. The Company appreciates the Data Subject’s trust and undertakes to protect the Data Subject’s privacy and information provided for use solely for the purposes specified in the Privacy Policy.

    5. Personal data is processed and used in accordance with the purposes for which the Data Subject has submitted them to the Company, or other purposes approved by the Data Subject.

    6. The Data Subject, submitting to the Company his personal data, confirms and voluntarily agrees that the Company manages and processes the personal data of the Data Subject, in compliance with this Privacy Policy and the current legal regulation of personal data protection.

    7. All employees of the Company, as well as data managers or third parties, who manage personal data managed by the Company, are acquainted with the Company‘s Privacy Policy and must keep to it.

    II. PERSONAL DATA COLLECTED BY THE COMPANY

    8. The Company collects the Data Subject‘s data that he/she voluntarily provides: while concluding a contract with the Company on the provision of services (shirt sewing in accordance with individual order), as well as while purchasing goods from the Company’s online store, filling in the fields necessary for the execution of the order; when subscribing to the Company‘s Newsletter or by participating in the Company’s competitions.

    9. The information collected by the Company may include: Data Subject‘s name and surname, address, e-mail address, telephone number, date of birth, gender,  body dimensions (as far as it is necessary for performance of the contract between the Company and the Data Subject), data of credit/debit cards and other payment details, information on the goods purchased by the Data Subject (their quantities, purchase dates, prices of purchased items, purchase history, Data Subject’s login name and password-encoded form on the Company’s website (if the Company gives such a possibility).

    10. The Company’s website may collect certain information about the Data Subject’s visit, for example: address of Internet Protocol (IP), which is used by the Data Subject while accessing the Internet; date and time of the Data Subject‘s visit to the Company‘s website; other websites, that the Data Subject visits on the Company’s website; used browser; information about the computer’s operating system of the Data Subject; mobile gadget versions; language settings and etc. If the Data Subject uses a mobile device, data can also be collected to determine the type of mobile device, device settings, as well as geographic (longitude and latitude) coordinates. This information is used to improve the Company’s website, to analyze tendencies, improve the products and services, and administer the Company’s website.

    III. DATA PROCESSING PURPOSES OF DATA SUBJECTS‘ PERSONAL DATA

    11. The Company manages personal data for the following purposes:
    11.1. For proper execution of the contract between the Company and Data Subject (for order process (services or purchase of goods), administration or delivery);
    11.2. Identification of the Data Subject in the Company’s information systems;
    11.3. Identification of the Data Subject while logging in to his/her account on the Company’s website (when such a possibility is provided by the Company);
    11.4. For confirmation and issuance of invoices or other financial documents, related to purchased (ordered) items (services);
    11.5. Upon receipt of a separate Data Subject‘s consent – for direct marketing purposes;
    11.6. For the fulfillment of the obligations imposed on the Company by the legislation;
    11.7. For audit.

    IV. PERSONAL DATA PROCESSING PRINCIPLES OF DATA SUBJECTS

    12. The data controller shall process the personal data of the Data Subjects in accordance with the following principles:
    12.1. Personal data shall be processed in a lawful, fair and transparent manner (the principle of legality, integrity and transparency);
    12.2. Personal data shall be collected for specified, clearly defined and legitimate purposes and shall not be further managed in a way incompatible with those purposes (purpose limitation principle);
    12.3. Personal data are only necessary for the purposes for which they are processed (the principle of reducing the amount of data);
    12.4. Personal data is accurate and updated as necessary (accuracy principle);
    12.5. Personal data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed (principle of limitation of retention period);
    12.6. Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (a principle of integrity and confidentiality)

    V. DATA SUBJECTS‘ RIGHTS AND IMPLEMENTATION PROCEDURE

    13. The Company has the following rights for the processing of personal data of Data Subjects:
    13.1. To obtain information on which personal data of the Data Subject is managed by the Company, from where and in what way personal data is collected and on what basis they are processed;
    13.2. To contact the Company (its authorized person) with a request to rectify personal data if the data are incorrect, incomplete or inaccurate;
    13.3. To require the Company to erasure personal data of the Data Subject which is processed by the Company (“the right to be forgotten” except insofar as the data is necessary for processing by the Company in the course of performance of legal duties, as well as in cases stipulated by other legal acts);
    13.4. To require that the processing of Data Subject‘s personal data be restricted;
    13.5. To disagree with the processing of the Data Subject’s personal data (except insofar as the data is necessary for processing by the Data controller in the performance of legal duties, as well as in other cases specified in legal acts);
    13.6. To request that the Data Subject’s personal data be transferred to another data controller (right to data portability);
    13.7. To cancel the given consent (if personal data is processed on the basis of consent);
    13.8. To submit a complaint to the supervisory authority.
    14. Data Subjects may apply to the Company with their applications (hereinafter “the Application”) in writing, regarding implementation of their rights, set forth in this Privacy Policy paragraphs 13.1 – 13.7, duly confirming their identity (by submitting a copy of the identity document or by confirming his/her identity in another sufficient manner).
    15. The Company shall submit the reply to the Data Subject in the shortest possible terms, but not later than within 30 (thirty) calendar days from the receipt of the Application. In exceptional cases, requiring additional time, the Company, having notified the Data Subject in writing, has the right to extend the deadline for submission of the requested data up to 60 (sixty) calendar days from the date of submission of the Application. If the Application relates to the Data Subject’s request for correction, destruction, erasure, limitation of processing of his/her personal data, the reply shall be submitted to him and the appropriate measures shall be taken in the shortest possible terms, but not later than within 10 (ten) working days from the receipt of such Application. The Company may refuse, on the basis of the above-mentioned time-limits, to comply with the request, indicating in writing the legal bases for such refusal, which are established in the BDAR and in other legal acts.

    VI. SECURITY ASSURANCE OF PERSONAL DATA

    16. The Company processes the Data Subjects’ data solely for the purposes specified in this policy and only to the extent necessary to attain these objectives. The Company shall keep personal data of Data Subjects insofar as such storage is compulsory by law, as well as to the extent necessary to ensure the legitimate interests of the Company (for example, until the statutory limitation period for the claim is set forth in the legal acts). When time limits for the storage of personal data are terminated, these data will be destroyed.
    17. Only authorized persons may process personal data in the Company. Each employee of the Company handling personal data must process personal data strictly in accordance with the BDAR, the Law, other legal acts and this Privacy Policy, to keep confidential any information related to personal data with which he became acquainted in the course of performing his duties, unless such information is publicly available in accordance with the provisions of the laws, regulations or administrative provisions in force. This obligation continues after termination of the employment relationship.
    18. The Company uses organizational (legal, procedural) and technical (security systems and other physical means restricting access to personal data, information systems and/or information systems) measures for protection of personal data from unauthorized alteration, disclosure or destruction of personal data, personal identity theft or other unlawful manipulations of personal data.
    19. The Company’s data controllers or third parties which the Company has used to provide the ordered services, must guarantee the necessary technical and organizational personal data protection measures and ensure that such measures should be followed.

    VII. MARKETING AND CORRESPONDENCE

    21. 20. By accessing the Company’s e-store and/or Company’s Store, the Data Subject can freely accept that the personal data provided by him/her is used for the direct marketing of the Company, by ticking in the appropriate box on the e-shop of the Company, or giving a written consent regarding such use of persoanl data.
    21. The consent given to the Company to use personal data for marketing purposes may also be revoked by the Data Subject at any time, in the same manner as it was given or in any other way convenient to the Data Subject.

    VIII. COOKIES, INDICATORS AND THEIR USE

    22. The Company automatically may collect a part of information about the Data Subject at that time, when Data Subject visists the Company‘s online store. When visiting the company’s online store, the Data Subject is informed about the use of cookies.
    23. “Cookies” are data tools for data analysis and management that allow a web page to be recognized by the Data Subject’s browser. The main purpose of cookies is to remember the Data Subject’s options, for example, the preferred webpage language. Cookies also help identify a Data Subject when he/she returns to the same website and customizes the web page for personal use. Data Subject‘s data, collected by cookies, may only be a web server for the domain that sent the cookie to the Data Subject. One of the main purposes of cookies is to provide a convenient function to save the Data Subject‘s time. For example, if Data Subject applies the website for personal use, he or she purchases goods online, then cookies will help the website (shop) to remember specific information during the next Data Subject‘s visit. This makes to present relevant content easier, to browse the website (in the store) easier, and etc. Returning to a website (store) a data subject can find his/her previously provided information, such as delivery information, which makes it easier to use the features of an online store that has already been customized. The data collected by the cookie does not allow the direct identification of the Data Subject.
    The following types of cookies can be used by the company’s online store:
    23.1. Technical cookies: In order to provide an advanced and easy to use online store that automatically adapts to the needs of the Data Subjects, the company uses technical cookies that allow the online store to be seen and enable its correct functioning. The Company‘s online store properly operates due to technical cookies.
    23.2. Functional cookies: allow you to remember the choices of the Data Subject as well as effectively use the online store. For example, thanks to the cookies, the website remembers the searches or views made by the Data Subject. This type of cookies is not essential for the functioning of online store, however, they give more opportunities and make the browsing of the Data User more enjoyable;
    23.3. Analytical cookies: help to understand how the Company’s visitors use the Company’s online store, also optimize the work of the online store, and install advanced solutions. The data collected includes user-viewed pages, type of platform used, information on date and time, number of clicks, mouse movements and browsing activity, also keywords and other text that the user collects when browsing an online store. Information gathered by analytical cookies may be used while analysing consumers‘ behaviour after they display a Company‘s online advertisement. Information collected from this type of cookies will not allow the Company to identify the particular Data Subject;
    23.4. Commercial cookies: this type of cookies is used while hosting the Company’s advertisement on other web pages. “Targeting” is displayed on the basis of information on user-searched goods.
    24. Each time, when visiting the Company’s online store, the Data Subject can accept or refuse to use cookies, however, in such a case the Company can not guarantee the quality of browsing of the online store. The Data Subject can modify his/her browser in such a way that it does not accept cookies (delete part or all cookies from your computer or block them using a web browser on your computer). After blocking cookies, due to technical reasons, some parts of the Company’s online store may not work or operate properly to the Data Subject.
    25. Information is not provided to any third parties when the required cookies are recorded.
    26. The Company can use the website indicators on its website (e-shop). It’s a tiny image of just one pixel that appears in the computer of a Data Subject as a part of a webpage or as an HTML e-mail. Directly or through other service providers, these images are used by the Company as an online advertisement or on third-party websites in order to determine whether the consumer whom the advertisement is being displayed, carries out an order, analyzing the movement of consumers and optimizing the offered services and goods.

    IX. FINAL PROVISIONS

    27. Data Subject may get acquainted with a Company‘s Privacy Policy online, visiting an online store or upon arrival at the Company.
    28. The Company has the right to amend or change its Privacy Policy in full or just part of it, by notifying about this on its web pages.
    29. Any amendments or changes made in the Privacy Policy come into effect from the day of their publication, that is, from the day they are placed on the Company’s web pages.