Valid from 2023 June 1, version 1.0

 

www.graas.lt website is managed by MB "Graas Automation" (depending on the context, referred to as "Data Controller" or "We", "Our", "Us", "Us" etc.), which is your personal data, the manager of the data processed by you using the www.graas.lt website ("Personal data").

Details of the data controller:

MB Graas Automation;

Office address: Miško st. 9, Tauragė, Lithuania;

Phone: +370 600 72 783

email e-mail: info@graas.lt

We respect the right to privacy of our website visitors, business partners and their authorized representatives (hereinafter referred to as "You", "Your" depending on the context in the Privacy Policy) and undertake to ensure the protection of your personal data when you visit our website. In the privacy policy, we provide information related to the main principles of processing your Personal data, as well as information about the processing of your Personal data. We process personal data in compliance with the requirements of the applicable legal acts of the European Union and the Republic of Lithuania and this Privacy Policy. We apply technical and administrative security measures to protect Your Personal Data collected by Us from unauthorized loss, use or alteration.

This Privacy Policy ("Privacy Policy") applies to the processing of all your Personal data when you visit (regardless of what device (computer, tablet, TV, etc.) you use for this) and when using the www.graas.lt website, including cases where You, both as a natural person - consumer or entrepreneur, and as a representative of an entrepreneur - legal entity, choose to provide your Personal Data in the appropriate section of Our website.

By using the website and providing your Personal Data, you confirm that you have read and agree to comply with the Privacy Policy.

If you are under the age of 18, please ensure that you have a parent/legal guardian's permission before providing us with personal information about yourself. You will need to prove that such permission has been given if we ask. Persons under the age of 14 are prohibited from submitting their Personal Data on this website.

The terms used in the privacy policy are understood as they are defined in the General Data Protection Regulation no. 2016/679.

WHAT INFORMATION DO WE COLLECT ABOUT YOU?

We use the collected information, including your Personal Data, for the following purposes:

• Provision of services on our website. You must create an account on Our website in order to create your wish list, to have a shopping cart, to see the details of the orders you have made. Legal basis for the processing of personal data - processing the data is necessary in order to fulfill a contract to which the data subject (You) is a party, or in order to take action at the request of the data subject before concluding the contract;
• Electronic commerce. You can purchase goods (choose, pay, order goods delivery) on our website after creating an account (registering) and without registration. By registering on Our website, you will avoid re-entering your data the next time you shop on Our website. Legal basis for processing Personal data - we process data in order to fulfill a contract to which the data subject (You) is a party, or in order to take action at the request of the data subject before concluding the contract;
• For the accounting of your purchased goods. The legal basis for the processing of personal data is the execution of legal acts;
• Services on our website to ensure security and legal compliance. In exceptional cases, We may need to process Personal data generated by You using Our website to verify a reasonable suspicion indicated by the competent supervisory authorities or in order to fulfill their requirements. The legal basis for the processing of personal data is the legitimate interest in ensuring the security of the services provided by Us;
• Sending news and messages, offering our goods and services (or similar ones) and asking for your opinion about them (direct marketing). So that we can send you newsletters, provide you with customized advertising and send notifications about promotions, evaluate and analyze the market for Our goods, customers, products and services (including collecting your opinion about products and services and organizing customer surveys) when you have not purchased goods from Us or services (you are not a customer), we will ask you to give your consent. The legal basis for processing personal data (if you are Our customer) is Our legitimate interest in informing customers about goods, increasing the awareness of goods and brands, and promoting sales. More information - in the section "Direct Marketing" of the Privacy Policy;
• To protect our rights or legitimate interests. Your Personal Data may need to be used in order to avoid, assert or respond to legal claims or claims made by Us, Our suppliers, used to provide services on this website (or to them for activities related to the operation of the website), or against third parties or in response to a court or competent authority the requirements of the authority. The legal basis for the processing of personal data is the legitimate interest in protecting the rights and legitimate interests of Us, our partners and third parties;
• For the purpose of improving the services on our website. In order to find out how visitors use the services provided on Our website, so that we can improve them and create new content, products and services according to your needs, we will personalize the Personal Data generated by Our Website and continue to process the personalized data. The legal basis for processing personal data is our legitimate interest in ensuring the smooth operation of our website and the provision of appropriate services that meet the needs of visitors and are convenient for visitors.

In other ways with your consent. You have the right to disagree or withdraw your consent to process your Personal Data at any time in cases where they are processed on the basis of consent. Such withdrawal of consent will not affect the legality of the processing of Personal data carried out before the withdrawal of consent.

DIRECT MARKETING

We will send newsletters, present individually tailored advertisements and, in order to offer the services and products offered by Us (including in cooperation with partners), we will send notifications about promotions, games, contests, ask for your opinion about Our products and services and organize customer surveys (for the purpose of direct marketing). email by mail, SMS messages. With your consent, and in cases permitted by legal acts (when you are already our customer) - and with a legitimate interest to notify you about similar Our goods and services that you have purchased or used.

After checking the box when placing an order, registering an account on Our Website, in the settings section of your account on Our Website, specifying your e-mail address. e-mail in the newsletter order section, you choose to receive Our offers and agree that Graas, as the Data Controller, will contact you by e-mail. by mail, text message and direct message on Our Website (if such technical means are available on the Website).

For the purpose of direct marketing, we will process your personal data received from you (name, surname, e-mail address, address for correspondence by mail, username in social networks and telephone number (in the case of a natural person) or name of a legal entity, name and surname of a representative, position, contact e-mail address, address for correspondence by mail, name of the legal entity's fan page or legal entity's account data in social networks and phone number (in the case of a legal entity).

You can withdraw your consent to receive communications from us at any time without any negative consequences. You can do this in the options of your account settings by deselecting the option (e.g. removing the check mark) to receive Our offers or by contacting Us by e-mail. by mail info@graas.lt . If you no longer wish to receive communications from us, you can unsubscribe at any time by using the unsubscribe link in each newsletter you receive from us.

You have the right to refuse to receive Our messages - in this case, we will not be able to provide you with relevant information.

Upon receiving a request to withdraw your consent to receive Our communications, we will immediately stop processing your Personal Data on the basis of consent, but the withdrawal of consent will not affect the legality of the processing of personal data based on consent until the withdrawal of consent (before the notifications submitted when withdrawing consent).

For the purpose of receiving notifications about Our goods and services, we will process Your Personal Data in digital form using any means that ensure safe processing. We will receive your personal data for sending messages from you. For the processing of your personal data, we use auxiliary data processors (the company providing the newsletter service).

Based on your consent to receive notifications about Our Services, we will send you notifications for 3 years after the end of the calendar year in which you gave your consent or until you withdraw this consent as described in this Privacy Policy section (whichever comes first).

Your rights are described in detail in the "Your rights" section of the Privacy Policy.

WHERE WE OBTAIN YOUR PERSONAL DATA

We receive your personal data directly from you, we generate it ourselves for you using our website and/or we can receive it from third parties such as:

• Partners providing payment services (banks, payment institutions);
• We can receive the data necessary for the authorization of your identity from Google Inc. or Facebook Inc. By you authorizing your account on Our website using your Google or Facebook account;
• Partners providing marketing services may provide Personal Data as well as personalized information so that we can offer you personalized offers (when we make it possible to choose personalized ads on the website);
• Competent state or law enforcement authorities obliging Us to perform certain actions in relation to You or Your Personal Data.

WHO WE DISCLOSE YOUR INFORMATION TO

We undertake not to transfer your Personal Data to any third parties, except in the following cases:

• If you have consented to the disclosure of your Personal Data to third parties;
• When We provide services in cooperation with partners - To Our partners acting as data processors (e.g. data hosting, IT systems support services, accounting service providers, marketing agencies that apply their own cookies and their own privacy policy) or to independent data recipients ( partners providing goods delivery, payment organization or other services related to the goods you ordered). We will provide these service providers with only as much of your Personal Data as is necessary to provide a specific service;
• When Personal Data is provided to competent state or law enforcement authorities or other entities, in accordance with applicable legal acts, including to Our legal representatives;
• When you voluntarily use our website's integrated authentication functions in our website's account (using Google and Facebook accounts for authentication), we will have to transfer Personal Data to the relevant recipient whose account you will use. In this case, the privacy policies of these suppliers apply, at least in relation to their processing of Personal Data.

We may use Personal Data Processors. The activities and obligations of the data processor are regulated by the contract between the controller and the data processor, except in cases where data processing on behalf of the data controller is carried out in accordance with a legal act that is binding on the data processor or when it is not possible to conclude a separate Personal Data Processing Agreement - a Personal Data Processing Agreement will be concluded with by a specific service provider (data processor) in accordance with its publicly published rules (for example, the rules and privacy policies on the website of a specific service provider). The same rules apply to data processing when the data processor uses an auxiliary processor.

Personal data may be transferred to other persons only in compliance with the procedure established in the General Data Protection Regulation, other valid legal acts and to the extent specified in the Privacy Policy. Personal data is transferred only to the extent necessary for that purpose. We currently do not transfer Personal Data outside the European Economic Area (EEA). We operate on a regional scale and may therefore decide to extend our Personal Data processing activities to non-EEA countries (e.g. process Your Personal Data outside the EEA), which may apply different data protection standards. If we transfer and/or store Personal Data in non-EEA countries, we will apply appropriate safeguards to ensure an adequate level of personal data protection in the EEA (e.g. verify that the recipient of Personal Data has an EU-US Privacy Shield Certificate or sign EU Standard Contractual Terms). We will inform you about the processing of your Personal Data outside the EEA in accordance with the procedure specified in this Privacy Policy.

WHAT DO WE DO TO PROTECT YOUR INFORMATION?

Personal data is protected against loss, unauthorized use and changes. We have implemented physical and technical safeguards to protect all information we collect and process in accordance with this Privacy Policy.

COOKIES

The cookie description was last updated on 16/02/2024. You can find a complete list of cookies here .

HOW LONG DO WE PROCESS YOUR PERSONAL DATA?

The wish list and shopping cart created for the purpose of providing services on our website are stored for 30 calendar days after their creation.

For the purpose of electronic trading, Personal data, including order information, is stored for 3 (three) years after the end of the calendar year in which the purchase was made;

For the accounting of your purchased goods, Personal data is stored for the period prescribed by law, which is usually 10 years after the current financial year in which the purchase was made. in the store;

For the security of the services on our website and for the purpose of ensuring compliance with legal acts, Personal data is stored during the investigation and for 3 years after it, unless the applicable law requires longer storage;

For the purpose of sending newsletters and messages (direct marketing), Personal Data is stored for 3 years after the end of the calendar year in which you gave consent or until you withdraw this consent in the manner specified in this Privacy Policy section (whichever occurs first);

For the protection of our rights or legitimate interests, Personal Data is stored during the dispute and for 10 years after the final court decision becomes effective.

After the specified period, the data will be securely deleted in such a way that it cannot be reproduced.

YOUR RIGHTS

The data subject (You), whose data is processed by the Data Controller, has the following rights:

• To know (to be informed) about the processing of your data (right to know);
• Familiarize yourself with your data and how it is processed (right to access);
• Demand correction or, taking into account the purposes of personal data processing, to supplement incomplete personal data (right to correction);
• Delete your data or stop the processing of your data (other than storage) (right to erasure and right to be forgotten);
• The right to demand that the Personal Data Controller restricts the processing of personal data for one of the legitimate reasons (right to restriction);
• You have the right to receive the personal data that you have provided to the Data Controller in a structured, commonly used and computer-readable format, and to forward that data to another data controller under certain conditions (right to portability);
• Object to the processing of personal data when these data are processed or intended to be processed on the basis of consent or legitimate interest (except for exceptional cases), including the right to object to the processing of personal data for the purpose of direct marketing;
• If you believe that we are violating your personal rights, you can submit a complaint to the State Data Protection Inspectorate in accordance with the procedure established by legal acts.

If you no longer want your personal data to be processed for the purpose of direct marketing, contact us by e-mail. email info@graas.lt and indicate that you do not agree with the processing of your personal data for a specific purpose.

In order to exercise your rights as a data subject, you must complete a Request for the Exercise of Data Subject Rights. Only requests submitted in this way are considered submitted, we evaluate and implement them. This is how we verify your identity and can avoid unauthorized processing of your Personal Data. We start counting the term provided by the legislation for the implementation of the data subject's rights from the submission of the request in one of the above-mentioned ways.

Upon receiving such a request, we will provide a response no later than one month from the date of the request. If necessary, the specified period can be extended by another two months, depending on the complexity and number of requests. In this case, we will inform you of such extension within one month from the date of receipt of the request, together with the reasons for the delay.

THIRD PARTY SITES, SERVICES AND PRODUCTS ON OUR WEBSITE

Our website may contain third-party banners, links to their websites and services over which we have no control. We are not responsible for the security or privacy of information collected by third parties. In this case, if you are directed to a third-party website after clicking on a link or panel, we recommend that you read the rules and privacy provisions of such website before using it.