PRIVATE LIMITED LIABILITY COMPANY ARMILA
PRIVACY POLICY
CHAPTER 1.
GENERAL PROVISIONS
1.1. The privacy policy of UAB ARMILA (hereinafter the Policy) describes how the private limited liability company ARMILA (hereinafter the Company) – data controller, company code 123813957, registered address: Molėtų pl. 75, Vilnius collects, processes and uses the personal data of its customers, website visitors, other individuals and data subjects.
1.2. By submitting your personal data to the Company, you agree to the terms of this Privacy Policy, understand its terms and conditions, and agree to abide by them.
1.3. The Company asks you to read this privacy policy carefully because, each time you visit the Company’s website http://www.armila.com.lt/ (hereinafter the Website), you agree to the terms and conditions described in this Privacy Policy. If you do not agree to these terms and conditions, please do not visit our Website, do not use its content and/or out services.
1.4. Persons below the age of 16 must obtain the consent of their parents or other legal guardians before submitting personal information.
1.5. The Company respects the rights of its Customers and other data subjects to their private information and processes their personal data in a lawful and fair manner.
1.6. The Company collects only such Customer data as is required for the provision of the Company’s services, sales of products, activities and/or visits, use and browsing the Company’s Website.
1.7. The Company ensures that the collected and processed personal data of Customers will be safe and will only be used for a specific purpose.
1.8. The purpose of the Privacy Policy is to inform about the protection of Customers’ privacy, ensured by the Company, how the Company protects the personal data of Customers and help Customers understand how the personal data of Customers are processed, and their rights.
CHAPTER 2.
DEFINITIONS
2.1. Customer means any natural person, the data subject who orders, purchases, used or has expressed an interest in using the Company's services, visits the Company's website, trading venues, or is otherwise related to the Company's services.
2.2. Personal data means any information that directly or indirectly relates to the data subject whose identity is known or who can be directly or indirectly identified using the relevant data. Personal data processing means any activities performed on personal data (including collection, editing, recording, storage, modification, access, sending up queries, transfers, archiving, etc.).
2.3. Services mean any products, goods and/or services offered by the Company, whether electronically and non-electronically.
CHAPTER 3.
PERSONAL DATA PROCESSING
3.1. Personal data are processed in the Company in accordance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.
3.2. The Company follows the following basic principles in processing the personal data:
3.2.1. Personal data are collected for defined and clearly defined purposes:
3.2.1.1. Maintaining Customer relationships and access to and management of the Company’s products and services.
3.2.1.2. For the purpose of the purchase and sale of goods, concluding and executing service contracts with the Customer, updating Customer’s data to ensure their correctness, using external and internal records when necessary to perform the contract or to act upon Customer’s request before concluding a contract or fulfilling a legal obligation.
3.2.1.3. For the purpose of e-commerce.
3.2.1.4. Warranty service, processing of the orders of goods, problems related with the purpose of selling, delivering or delivering goods and fulfilment of other contractual obligations.
3.2.1.5. For the protection of the interests of the Customer and the Company. In order to protect the interests of the Customer and the Company, to perform quality control of the services provided by the Company, to provide evidence of business communication (recording of telephone calls).
3.2.1.6. For the purpose of executing direct marketing, loyalty programs, promotional promotions (direct marketing games, lotteries, competitions), discounts, administration of loyalty cards, offers, news, information, services, deliveries of products or newsletters that the Customer requests from the Company or which the Company deems may be of interest to the Customer.
3.2.1.7. Purpose of ensuring the security of the Company employees, the Customer and the property (video surveillance).
3.2.1.8. For the purpose of customer solvency assessment and debt management;
3.2.1.9. For the purpose of personnel selection (collection of candidates’ personal data). The company shall process personal data of candidates who have sent their CVs directly to the Company via email info@armila.com through job ad portals, (email address, first name and surname, phone number, all information provided in the CV, cover letter and job position are requested) in order to select candidates for the job position. Personal data of candidates shall be processed on the basis of consent. The personal data of candidates shall be kept by the Company for the duration of the recruitment process. Data is stored longer only with the candidate’s consent. The Company shall not collect or process any sensitive personal data of candidates.
3.2.1.10. For other purposes, in which the Company has the right to process personal data of the Customer when the Customer has expressed his consent, when the data is to be processed for the legitimate interests of the Company, or when the data are processed by the Company according to the requirements of the relevant legislation.
3.2.2. Personal data shall be processed lawfully, i.e. when:
3.2.2.1. the data subject has given his consent;
3.2.2.2. a contract to which the data subject is a party, is concluded or performed;
3.2.2.3. the processing of data is necessary in order to fulfil the legal obligation imposed on the Company;
3.2.2.4. data processing is necessary in order to protect the vital interests of the data subject or other natural person;
3.2.2.5. data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3.2.2.6. processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular, where the data subject is a child.
3.2.3. Personal data are constantly updated.
3.2.4. Personal data are processed in a precise, transparent and integral manner.
3.2.5. Personal data shall not be stored longer than it is necessary for data processing purposes.
3.2.6. Personal data shall only be processed by authorised personnel.
3.2.7. All information on personal data processed shall be confidential.
3.3. The Company shall implement appropriate technical and organisational means to ensure the proper safety of the personal data collected, including protection against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
3.4. The volume of personal data processed depends on the Company’s services ordered, purchased or used and the information provided by the individual as a visitor to the Company’s website when ordering, purchasing and/or using the Company’s services, visiting or signing up on the Company’s website.
CHAPTER 4.
PERSONAL DATA SOURCES
4.1. The Customer shall provide personal data by contacting the Company, registering for the services, using the Company’s services, purchasing goods, participating in a loyalty program, lotteries or contests, surveys or questionnaires, when making comments, asking questions, subscribing to newsletters and/or using the Company’s services, by contacting the company asking for advice.
4.2. Personal data is obtained from the Customer visiting the Company’s Website on: http://www.armila.com/. The Company uses cookies on the Website. The Company uses cookies to ensure the most convenient Website viewing experience of the Customer. Cookies can always be refused, deleted and disabled by changing the settings of the browser. More information about cookies and how to manage them can be found on: http://www.allaboutcookies.org.
4.3. Personal data is obtained on the basis of the Customer’s consent. In cases where the Customer has expressed a wish to receive information or to express an opinion on specific products and/or services, personal data may be processed to ensure the provision of the information required by the Customer. For the purposes of Customer opinion surveys, market research and collection of statistics, gaming and promotions for Customers, with the Customer’s consent or in pursuit of the legitimate interest of improving the Company’s quality of service, experience of Customers as users of services, and developing new products and services. The Customer shall have the right to withdraw the consent given to the Company at any time. The consent shall be valid until it is fulfilled or, as the case may be, withdrawal, whichever is the sooner. Withdrawal of consent shall not affect the lawfulness of the processing, which is based on the relevant consent given before the withdrawal.
4.4. Personal data of applicants for the company’s employees (full name, personal identification number, nationality, address, telephone number, e-mail address, position title requested, curriculum vitae and activity, education details and qualifications, data on foreign language skills, date and number of registration of documents and any other personal data provided by the person concerned and/or the processing whereof is imposed by laws, regulations or administrative provisions) shall be processed for the purposes internal administration (human resource management, document management). These personal data shall be processed for as long as the selection of employees is over. Upon completion of the selection process, these personal data will be destroyed unless the applicant expresses consent for further data storage for future selection of candidates to the Company’s employees. In this case, the candidate to the Company’s employees should express his consent by sending his details in the e-mail. If the applicant expresses his consent to the Company’s employees in the e-mail or otherwise, his personal data shall be stored for 5 years. The data of the candidate of the Company employees will be processed on the basis of their consent to participate in the selection, and later store them on the same basis, also on the basis of the statutory obligations and rights.
4.5. Personal details of present and former employees (full name, personal number, personal social insurance number, nationality, address, telephone number; e-mail address, CV, marital status, position title, later on admission to position and transfer to other position, dismissal from work, date of work experience in the company and in the Athenaeum state, data on education and qualifications, training details, information about leave, salary information, data on foreign language skills, data of severance payments, compensations, benefits, information on working hours, information on permits of other employment, information on incentives, awards and penalties, Information about completed tasks and work, number of personal identity card or passport of the Republic of Lithuania, date of issue, validity date, issuing body, document registration data and number and other personal data submitted by individuals themselves and/or where the Company has an obligation to process them in implementing the laws and other the legislation (human resource management, document management, use of material and financial resources). These personal data shall be processed on the basis of an employment contract between the employer and the employee and the fulfilment of statutory obligations, and are stored only to the extent and for the time necessary to achieve the stated purposes.
4.6. When a complaint, request or notification is filed to the Company, the following data shall be processed: Personal data of persons filing a complaint, request or notification to the Company (full name, address, telephone and/or fax number, e-mail address, signature, date and number of complaint, request or notification, information indicated in the complaint, request or notification (including the personal data of special categories), result of investigation of the complaint, request or notification, date and number of the Company's answer, information received during the investigation of the complaint, request or notification) are processed for the purpose of investigation of complaint, request or notification, internal administration (document management). These personal data shall be retained for as long as their retention is no longer needed or stored to the extent that the law imposes an obligation to store them, restricting their processing.
4.7. Video data (video surveillance) is processed for the purpose of ensuring the security of the Company’s employees, its customers and other persons visiting the Company’s pharmacy and the protection of property of the Company’s pharmacy. Image data is captured by a camera that records the area in the Company’s pharmacy office. Facial recognition and/or analysis technologies are not used, captured image data are not grouped or profiled according to any specific data subject (person). Video surveillance is performed and data (video data) of visitors entering the video surveillance area is processed on the basis of the Company’s legitimate interest. This data is stored for up to 60 calendar days from the date of recording.
4.8. The personal data (full name, e-mail address) of business partners and suppliers are processed for the purpose of establishing, maintaining and developing business relations with the Company, for the purpose of entering into, concluding, executing, administering contracts and obligations and obligations under applicable laws. These data shall be kept to the extent necessary to achieve the purposes for which they are processed, as well as in accordance with the data retention requirements of this kind of data laid down in the legislation.
4.9. The Company will only process the personal data (full name, date of birth, residential address or medical history number, telephone number, e-mail address) for the Company pharmacy Customers buying prescription medicines or ordering medicines or other products, which the Company is obliged to process by virtue of the laws or which are provided by the Customer, and which are necessary to fulfil the order in order to implement their obligations of the Company, related to the servicing of prescriptions, including electronic prescriptions, storage, accounting, issue of medicines and implementing the Customer’s order.
CHAPTER 5.
FORMS OF DISCLOSURE OF PERSONAL DATA
5.1. The Company undertakes to comply with the confidentiality obligation with respect to the personal data of Customers. Personal data may only be disclosed to third parties if it is necessary for the conclusion and drawing up of the contract for the benefit of the data subject or for other legitimate reasons.
5.2. The Company may submit personal data to its data processors, who provide services to the Company and process personal data on behalf of the Company. Such data processors include: advertising, marketing companies; companies providing analysis and services related to online browsing or internet activities; companies developing, providing, maintaining and developing software; providers of information technology infrastructure services; providers of communication services; providers of newsletter and SMS messaging services; postal and courier service providers; archiving service providers; payment service companies; lawyers and firms providing legal services; providers of accounting and auditing services; providers of insurance services. Data processors have the right to process personal data only in accordance with the instructions of the Company and only to the extent necessary for the proper fulfilment of obligations laid down in the Contract. The Company shall use such processors that provide reasonable assurance that appropriate technical and organizational measures will be implemented in such a way that the processing of data complies with the requirements of the Regulation and will ensure the proper protection of the data subject's rights.
5.3. The Company may also provide personal data of Customers in response to requests from courts or public authorities to the extent necessary to properly enforce existing legislation and instructions from public authorities.
5.4. The exchange of personal data within the Company may be necessary where there is a specific purpose for this. The Company may need to provide personal data to the following recipients of personal data: Corporate group companies, business partners, data processors (subcontractors).
CHAPTER 6.
PERSONAL DATA STORAGE TERM
6.1. Personal data collected by the Company shall be stored in printed documents and/or in the Company’s information systems in the e-mail format. Personal data is processed for no longer than necessary for the purpose of data processing or for no longer than required by data subjects and/or provided by law.
6.2. Although the Customer may terminate the contract and refuse from the Company's services, the Company continues to be obliged to keep the date of the Customer for possible future claims or legal claims until the expiration of the data storage periods.
CHAPTER 7.
RIGHTS OF THE CUSTOMER AS A DATA SUBJECT
7.1. The Customer is entitled to:
7.1.1. To have an access to own personal data and to be informed of how they are processed in the Company.
7.1.2. Require the correction of inaccurate or incomplete personal data.
7.1.3. Require the deletion of their personal data.
7.1.4. Require the restriction of processing of their personal data in accordance with Article 8 of the Regulation.
7.1.5. To obtain the personal data provided to the Company in a convenient format and to require, where possible, the transfer of such data to another provider (data portability).
7.1.6. To oppose to the processing of Personal data when this data is processed or intended to be processed for direct marketing purposes, including profiling, insofar as it relates to such direct marketing.
7.1.7. Withdraw the consent to the processing of your personal data at any time if the personal data are processed on the basis of individual consent.
7.1.8. To object to the application of a completely automated solution, including profiling, in respect of the Customer, if the adoption of such solution has legal effects or a similar significant effect to the Customer. This right shall not apply if such decision making is necessary for the purpose of concluding or executing a contract with the Customer, is permitted by law or the Customer has expressly consented to this.
7.1.9. If the Customer, the website visitor, or another personal data subject considers that his personal data are being processed unlawfully or his rights related to the processing are violated, the listed persons shall have the right to apply to the State Personal Data Protection Inspectorate (hereinafter the PDPI) and to file a complaint. In order to find and offer a suitable solution to a problem for the Customer, a visitor of the Website or another data subject, the Company asks to contact it before contacting the PDPI.
7.2. The Customer, in connection with the implementation of his rights, may apply to the Company:
7.2.1. when submitting a written request in person, by post, via a representative or by electronic means – by e-mail: info@armila.com;
7.2.2. orally – by tel. (+370) 52777596;
7.2.3. in writing at the address: Molėtų pl.75, Vilnius;
7.2.4. upon arrival at any pharmacy of ARMILA UAB.
7.3. Customer requests for data subjects’ rights are processed free of charge by the Company. The examination of the application may be refused or may be subject to payment of an appropriate fee, if the application is manifestly unfounded or excessive, as well as in other cases provided for by regulatory enactments.
CHAPTER 8.
FINAL PROVISIONS
8.1. This Privacy Policy is an integral part of the Services provided by the Company. In developing and improving the Company's activities, the Company shall the right at any time to unilaterally make changes to this Privacy Policy.