1. KEY DEFINITIONS
1.1. Company – Closed Joint-Stock Company “MultiParcels”, whose registered office is at Saulėtekio al. 15, Vilnius, Republic of Lithuania, company code 303049361. Data about the Company is collected and stored in the Register of Legal Entities.
1.2. Data subject – a natural person whose personal data is processed by the Company.
1.3. Personal data – any information relating to a natural person – A data subject whose identity is known or can be directly or indirectly established by means of data such as a personal code, one or more personal, physical, physiological, economic, cultural or social nature of the traits.
1.4. Processing of personal data – any action performed with Personal data.
1.5. Automatic mode means a method of performing an action when the performance of the action is fully or partially automated.
1.6. Employee – a person who has entered into an employment or similar contract with the Company and is appointed to process Personal Data by the decision of the Head of the Company.
1.7. Processor – a legal or natural person authorized by the Company to process personal data. The handler (s) must be registered with the Inspectorate.
1.8. Data recipient – a legal or natural person to whom Personal Data is provided. The recipient (s) of the data must be registered with the Inspectorate
1.9. Inspectorate – the State Data Protection Inspectorate of the Republic of Lithuania.
2. GENERAL PROVISIONS
2.1. These Personal Data Processing Rules (hereinafter referred to as the Rules) regulate the actions of the Company and its Employees in processing Personal Data using automatic personal data processing tools installed in the Company, as well as the rights of Data Subjects, personal data protection risk factors, other issues related to the processing of personal data.
2.2. Personal data must be accurate, relevant and not excessive in relation to the collection and further processing of such data. If necessary for the processing of Personal Data, Personal Data is constantly updated.
2.3. The purposes of personal data processing are the registration of parcel delivery services and / or the execution of orders placed online and other legitimate and pre-defined purposes.
2.4. Company Rules 2.3. process the following Personal Data of the Data Subjects for the purpose specified in point (a): (a) name; (b) surname; (c) e-mail address; (d) telephone number; (e) the address of the person’s place of residence.
2.5. When processing Personal Data, the Law on the Legal Protection of Personal Data of the Republic of Lithuania, other laws and legal acts regulating the processing and protection of data, as well as these Rules shall be followed.
3. PROCESSING OF PERSONAL DATA
3.1. Personal data is processed using personal data processing facilities installed in the Company.
3.2. Only Employees and Managers have the right to process Personal Data. Each Employee / Manager appointed to process Personal Data must maintain the confidentiality of Personal Data and comply with the requirements of personal data protection legislation.
3.3. The Employee / Manager must: (a) maintain the confidentiality of Personal Data; (b) process Personal Data in accordance with the laws of the Republic of Lithuania, other legal acts and these Rules; (c) not disclose, transfer or facilitate access to the Personal Data by any means to any person who is not authorized to process the Personal Data; (d) immediately notify the Company’s manager or his / her designee of any suspicious situation that may pose a threat to the security of Personal Data.
3.4. Employees who automatically process personal data or from whose computers can access areas of the local network where Personal Data is stored must use passwords. Passwords must be changed periodically, but not less than once every 2 months, as well as in case of need – in case of change of employee, threat of burglary, suspicion that the password has become known to third parties, etc. An employee working on a particular computer can only know their password. Passwords must be at least 8 characters long, without the use of personal information. Passwords must be changed during the first login.
3.5. The protection of personal data is organized, ensured and performed by the Company’s manager or an employee appointed by him.
3.6. The Employee loses the right to process Personal Data when the Employee’s employment or similar contract with the Company expires, or when the Company’s manager revokes the Employee’s appointment to process Personal Data.
3.7. The Manager loses the right to process Personal Data when the Manager’s agreement with the Company is terminated.
4. EXERCISE OF DATA SUBJECT’S RIGHTS
4.1. When submitting an identity document to the Company, the data subject has the right to receive information from which sources and what his / her Personal Data has been collected, for what purpose they are processed and to whom they are provided. Access to Personal Data is provided by submitting a written request to the Company for access to Personal Data by e-mail. by mail.
4.2. Upon receipt of a request from the Data Subject regarding the processing of his / her Personal Data, the Company shall respond whether the Personal Data related to him / her is processed and provide the requested data to the Data Subject no later than within 30 calendar days from the date of the Data Subject. The application day is the next business day following the sending of the Data Subject’s request to the Company by e-mail. mail date. At the request of the data subject, such data shall be provided in writing by e-mail specified by him. email address.
4.3. The possibility to correct, destroy your Personal Data or suspend the processing of your Personal Data is provided to the Data Subject upon submitting a written request to the Company by e-mail. by mail. Upon receipt of such a request, the Company shall immediately, but not later than within 7 working days from the receipt of the request, check the Personal Data and correct incorrect, incomplete, inaccurate Personal Data.
4.4. The Company shall immediately notify the Data Subject of the rectification or destruction of the Personal Data performed or not performed at its request.
4.5. The Company ensures the rights, guarantees and interests of personal data subjects guaranteed by the laws and other legal acts of the Republic of Lithuania.
5. TRANSMISSION OF PERSONAL DATA
5.1. Personal data may be provided only to those Data Recipients with whom the Company has signed relevant agreements on the transfer / provision of Personal Data and the Data Recipient ensures adequate protection of the transferred Personal Data. Personal data may also be transferred to third parties in other cases and in accordance with the procedure provided for in the laws and other legal acts of the Republic of Lithuania.
5.2. The Company will not use or disclose sensitive personal information, such as information about health, racial origin, religious beliefs or political views, without the express written consent of the Data Subject, except as required and / or permitted by law.
5.3. Personal data may also be transferred to third parties in other cases and in accordance with the procedure provided for in the laws and other legal acts of the Republic of Lithuania.
6. RISK FACTORS FOR BREACHING PERSONAL DATA PROTECTION
6.1. A personal data breach is an act or omission that may or may not have undesirable consequences, as well as contrary to the mandatory requirements of laws and other legal acts regulating the protection of personal data. The degree of impact, damage and consequences of the personal data protection violation shall be determined in each specific case by a commission formed by the head of the Company or his authorized person.
6.2. Risk factors for personal data breach:
(a) unintentional breaches of personal data protection due to accidental data processing errors, data storage, deletion of data records, destruction, incorrect routing (addresses) during data transmission, etc., system failures due to power outages, computer viruses, etc. ., breach of internal rules, lack of system maintenance, software tests, inadequate maintenance of data media, inadequate line capacity and protection, integration of computers into the network, protection of computer programs, etc.)
(b) intentional, when the protection of personal data is intentionally violated (illegal intrusion into the Company’s / office, virtual and / or mobile workplace premises, personal data storage media, information systems, computer network, intentional violation of established rules for processing personal data, spread of computer virus, Theft of personal data, illegal exercise of the rights of another Employee, etc.).
(c) unexpected incidents (lightning, fire, flood, flooding, storms, burning of electrical installations, exposure to temperature and / or humidity changes, exposure to dirt, dust and magnetic fields, accidental technical accidents, other irresistible and / or uncontrollable factors, etc.).).
7. MEASURES FOR IMPLEMENTATION OF PERSONAL DATA PROTECTION
7.1. In order to ensure the protection of Personal Data, the Company implements or plans to implement the following Personal Data Protection Measures:
(a) administrative (establishing procedures for the secure management of documents and computer data and their archives, as well as for the organization of work in the various areas of activity, familiarization of staff with the protection of personal data during and after employment, etc.).
(b) hardware and software protection (administration of servers, information systems and databases, workplace, maintenance of the Company’s premises, protection of operating systems, protection against computer viruses, etc.).
(c) protection of communications and computer networks (firewalling of shared data, applications, unwanted data packets, etc.).
(d) physical security measures (protection of the Company’s premises against intrusion by outsiders).
7.2. Personal data protection hardware and software shall ensure: (a) the installation of a copy repository of operating systems and databases, the establishment of copying techniques and compliance monitoring; (b) technology for a continuous data processing (c) process, (c) contingency strategy for systems (contingency management), (d) physical (logical) separation of the application testing environment from operating processes, (e) authorized use of data, their inviolability.
7.3. All Employees who have the right to process Personal Data or to organize and enforce their protection must strictly comply with the Personal Data Protection Measures and the requirements of the relevant rules, instructions or procedures established by the Company.
8. TERM OF PROCESSING PERSONAL DATA
8.1. The Company processes Personal Data for a maximum of 12 months. from their receipt.
8.2. At 12 months personal data are destroyed or archived.
9.1. Employees who violate the requirements of the Law on Legal Protection of Personal Data of the Republic of Lithuania, other legal acts regulating the processing and protection of Personal Data, or the requirements of these Rules shall be subject to the liability provided for in the laws and other legal acts of the Republic of Lithuania.
10. FINAL PROVISIONS
10.1. Supervision of compliance with the rules and, if necessary, review, is entrusted to the head of the Company or his authorized person.
10.2. The Responsible Employees are acquainted with the Rules by signing.