- General provisions
1.2. The Company engages in economic commercial activities, which includes the recycling of polyethylene, plastic waste, plastic goods production, metal product processing, collection and registering data regarding waste and product flows, as well as other services. For the provision of these services, the Company manages personal data according to the legal basis, specified in the Policy and data processing objectives, as well as the legal acts applicable to the Company.
1.3. This Policy is aimed at the persons who use or plan to use the services of the Company or visit the Company’s webpage plasta.eu.
- Personal data processing principles
2.1. The company processes personal data according to the EU general data protection regulation (EU) 2016/679 (hereinafter – Regulation), the Law on the legal protection of personal data of the Republic of Lithuania and other legal acts, regulating the processing of personal data.
2.2. The volume of processed personal data depends on the ordered or used services of the Company and what information is provided by the visitor of the webpage, when ordering and/or using the Company’s services, visiting or registering at the webpage.
2.3. The Company, inter alia, is guided by these main data processing principles:
- Personal data is collected for clearly defined and legitimate purposes only;
- Personal data is only processed lawfully and honestly;
- Personal data is constantly updated;
- Personal data is stored securely and for no longer than required by the data processing objectives or legislation;
- Personal data is processed only by employees of the Company who have been granted such a right in accordance with their work functions.
2.4. The data is collected by the Company only in case one or more lawful processing criteria are present: (i) in order to ensure the provision of the services according to an agreement (i.e. in order to implement the agreement or seeking to take action at the request of the data subject prior to concluding an agreement); (ii) after receiving the consent of the data subject; (iii) processing is necessary for compliance with a legal obligation to which the controller is subject; (iv) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (v) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (see Regulation article 6, part 1, http://www.privacy-regulation.eu/lt/6.htm).
2.5. By processing and safekeeping personal data, the Company executes organizational and technical measures, which ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, as well as from any other unlawful processing. The access to the personal data processed by the Company is granted only to those Company employees and auxiliary service providers, who need it to perform their working functions or provide services to the Company.
2.6. The Company’s client or potential client, employees, as well as other natural persons are responsible for their provided personal data to be specific, correct, and explicit. In case the personal data they provide changes, they are obliged to immediately inform the Company regarding the matter. The Company will not be held liable for the damage caused to the person and/or third parties because the person specified incorrect and/or incomplete personal data or did not address the Company regarding the update and/or changing his personal data correspondingly when it changed.
- Personal data sources
3.1. Personal data is usually received directly from the data subject (Company’s client or potential client, employee or candidates), who provides the data by visiting the webpage, using the Company’s services, providing services to the Company, working or seeking to be employed at the Company.
3.2. In the cases provided for by law, or based on agreement, the personal data can also be received from third parties (i.e. temporary employment companies, employment agencies, state institutions and registers).
3.3. Although the client is not obliged to provide any of his personal data to the Company, it may be so, that some services could not be provided to him or he would not be able to be employed at the Company if the personal data would not be submitted.
- Personal data processing objectives
4.1. The Company manages personal data for the following main objectives:
- For the purpose of administering and executing contractual relations, in order to properly fulfill the contractual obligations, maintain relations with suppliers, partners and clients in the development of business, services and cooperation;
- For providing services, specified on the webpage;
- For internal and employee administration purposes;
- For direct marketing and marketing purposes;
- Compliance with legal requirements in waste management and other areas and providing data to public authorities (data controllers);
- Video surveillance is installed in production and general use premises for assuring the Company’s equipment and property security.
- Personal data provision and data recipients
5.1. The Company has the right to transfer the personal data of its client representatives or employees to third parties, which need to process clients’ personal data for the purposes, specified in this Policy or legal acts.
5.2. The Company undertakes to transfer the clients’ data to third parties only in the volume and only in cases, when it is needed to provide corresponding services and/or to execute obligations (duties), specified in legal acts. In case personal data is not needed for the provision of a specific service, the data will not be transferred. The Company transfers personal data to the above-mentioned third parties according to a data provision agreement or under a specific legal act, strictly abiding the requirements of legal acts.
5.3. The Company undertakes to adhere to the confidentiality obligation concerning the personal data of its clients, employees, potential clients or employees. Personal data can be disclosed to third parties only when it is needed to conclude and implement an agreement in the favor of the data subject or due to other legal reasons.
5.4. The Company can provide its processed personal data to its data processors (sub-contractors), who provide the Company with IT, accountancy, debt collection and other supportive services and manage the personal data on behalf of the Company. Data processors have the right to process personal data only according to the instructions of the company and only in the volume, which is needed in order to properly execute contractual obligations. The Company involves only those data processors, who adequately ensure that the appropriate technical and organizational measures are implemented in such a way, that the data processing would comply with the requirements of the Regulation and the data subject’s rights protection would be ensured.
5.5. The Company can also provide the client’s data by responding to the requests of the court, bailiffs or state institutions in the volume, which is mandatory in order to properly implement the currently effective legal acts and state institution directions.
- Personal data processing for direct marketing purposes
6.1. For direct marketing purposes, the Company may process the contact data of the data subject. The consent to the use of personal data for direct marketing purposes is expressed by e-mail firstname.lastname@example.org, by subscribing to the newsletter sent by the Company, by subscribing to the news on the Company’s social networking accounts, providing the consent on the Company’s webpage (by ticking the box), by signing a form or contract with the Company, as well as informing the Company’s administration by other written means. Granting consent for direct marketing is voluntary and it will not affect the relationship between the data subject and the Company.
6.2. The Company may send informational messages if the person has given consent to the Company to use his data for the purpose of direct marketing, and to the Company’s clients without a separate consent for the marketing of similar services if the Clients are provided with a clear, free and easily implementable possibility to disagree or decline such use of their contact data and if they did not object to such use of their contact data from the start, with such a possibility to disagree or decline provided with every message.
6.3. The Company can send messages for direct marketing purposes via electronic mail.
6.4. A person can revoke his consent regarding the direct marketing at any time, by informing the Company via e-mail: email@example.com or by contacting the Company in any other way.
- Personal data protection term
7.1. The personal data, collected by the Company, is kept safe in printed documents and/or at the Company’s informational systems in an electronic format. Personal data is processed for no longer than needed to achieve the processing objectives or no longer than it is required by the data subjects and/or prescribed by legal acts. Usually, personal data is processed for 10 years after the end of the contractual relations.
7.2. Although the client can terminate the agreement or refuse any services from the Company, the Company is still obliged to keep the client’s representatives’ personal data due to possible demands and/or legal claims arising in the future, until the data safe keeping terms expire.
7.3. The Company seeks not to keep outdated or unneeded information and ensures that the personal data and other information about the clients would be constantly updated, correct and collected in a timely fashion.