Laifarma, UAB (hereinafter referred to as the “Company”), Registration number: 302335648, Registered address: Žirnių str. 26F, LT-02120 Vilnius, operates transparently, fairly and responsibly.
We are flexible and dynamic, and we always react promptly to our clients’ needs and observations. We embrace our clients’ opinions about the services we provide and we take them into account. We assess information objectively and provide advice based on specific client needs. The client is the most important part of our company. We find professional solutions for everyone and seek to create a healthier future.
We respect the rights of our Clients and other data subjects to their private information and we process their personal data legitimately and fairly.
We collect only the Clients’ data that are required for providing our services, selling goods, operating and/or visiting, using and browsing the Company’s websites, Facebook, LinkedIn, Instagram, YouTube pages, etc. (hereinafter referred to as the “Website”). We warrant that the Clients’ data collected and processed will be secure and used for a specific purpose only.
Client : any natural person or data subject, who orders, purchases, uses, has used or is willing to use the Company’s services, visits the Company’s website or points of sale, or is otherwise associated with the Company’s services.
Personal data : any information that is directly or indirectly related to the Client, whose identity is known or can be determined, directly or indirectly, though the respective data. Personal data handling is any operation performed using Personal data (including collecting, saving, storing, editing, changing, providing access, submitting queries, transferring, archiving, etc.).
Services: any products, goods and/or services offered by the Company electronically or otherwise.
HANDLING PERSONAL DATA
The Company handles data in accordance with the:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR” or the “Regulation”);
Law on Legal Protection of Personal Data of the Republic of Lithuania of 30 June 2018 No. XIII-1426 (hereinafter referred to as “LLPPD”);
Law on Electronic Communications of the Republic of Lithuania of 15 April 2004 No. IX-2135.
The scope of personal data handled depends on the Company services ordered, purchased or used, and on the information that a person provides as a visitor of the Company’s website upon ordering, purchasing and/or using the Company’s services, visiting or registering at the Company’s website.
PERSONAL DATA SOURCES
Received directly from a data subject (you), for example, upon contacting the Company, registering and using the Company’s services or purchasing goods, participating in loyalty programmes, lotteries and competitions, surveys or studies, leaving comments, posting questions, subscribing to newsletters and/or using Company’s services, requesting advice from the Company or sending us your CV when applying for vacancies.
Obtained and generated while a data subject is using our services, for example, using our network and services, calling, sending SMS, browsing the Internet, visiting our websites, etc.
Personal data is obtained on the basis of the Client’s consent. When the Client has expressed a wish to receive information or to offer an opinion about specific products and/or services, personal data may be handled to ensure that the Client is provided with the necessary information. The Client can cancel the consent given to the Company at any time. The consent is valid until the date of its implementation or cancellation, whichever takes place sooner. Cancelling the consent does not affect the legitimacy of the handling that is based on the respective consent provided before the cancellation.
The data that we obtain from other sources, for example, when there is grounds, from other institutions or companies, i.e. banks, publicly accessible registers, credit bureaus, insurance companies, etc.
HANDLING PERSONAL DATA
By providing personal data, the Client allows the Company to use the data collected for it to implement its obligations to the Client and provide the services that the Client expects. The Company requires Clients’ personal data for the following purposes:
- To maintain a relationship with Clients, to provide and administer the possibilities to use the Company’s products and services.
- To conclude and implement sale and purchase agreements and service contracts with a Client, to update the Client’s data in order to ensure their correctness using external and internal registers as required for implementing the contract or for taking action upon the Client’s request before concluding the contract or for exercising its legal duty.
- To conduct electronic sales.
- To provide warranty service, to process orders of goods and to implement solutions to problems related to the sales, supply and delivery of goods and other contractual obligations.
- To protect the Client’s and the Company’s interests. To perform quality control of the Company’s services, to provide evidence of business communication and to fulfil the legislative requirements (recording of phone conversations) in order to protect the Client’s and the Company’s interests.
- To conduct direct marketing, loyalty programme and advertising campaigns (direct marketing games, campaigns, lotteries and competitions), to administer discount and loyalty cards, to provide offers, news, information and services, to supply products or to send newsletters that the Client requests from the Company or that, in Company’s opinion, may interest the Client, to conduct Client opinion surveys, market research and to collect statistical data, to improve the quality of the Company’s services, experiences of Clients as Service receivers and to develop new products and services.
- To assess Clients’ solvency and to manage debt.
Laifarma, UAB, administers the following websites and social media pages in order to spread information about its operations and to offer services that meet our Clients’ needs and expectations:
When you are visiting our social media accounts, your data may also be handled by social media administrators. We recommend that you get acquainted with the following social media privacy policies:
Information collected by cookies when visiting our website. Cookie: a small text file that the website saves in the browser of your computer or mobile device when you visit the website. Because of it, the website may “remember” your actions and settings (for example, your registration name, language, font size and other display settings) for a while, so that you do not need to re-enter them every time you visit the website or browse its pages.
The information collected by cookies allows us to ensure the ability for you to browse easier as well as to learn more about the behaviour of website users, to analyse trends and to improve the website.
To find out which cookies are used on this website and how to manage them, please visit the cookie control panel of each page:
For other purposes, when the Company has a right to handle the Client’s personal data based on the Client’s consent, when the data must be handled due to a legitimate interest of the Company or when the Company is obliged to handle the data in accordance with the current legislation.
PROVIDING PERSONAL DATA TO RECEIVERS
The Company undertakes to observe the duty of confidentiality with respect to the Client’s personal data. Personal data may be disclosed to third parties only when this is required to conclude and implement a contract for the benefit of the data subject, or for other reasons.
The Company may transfer personal data to its data managers that provide services to the Company and handle personal data on behalf of the Company. Such data managers include: companies that provide advertising or marketing services; companies that perform analyses of online browsing or online activities and provide respective services; companies that create, supply, support and develop software; companies that provide IT infrastructure services; companies that provide communication services; providers of newsletter and SMS sending services; providers of postal and courier services; providers of archiving services; companies that provide payment services; companies that provide services of lawyers and legal services; providers of accounting and auditing services; companies that provide insurance services. Data managers can handle personal data only in accordance with the Company’s instructions, and only in the scope that is required in order to fully perform the contractual obligations. The Company enlists only the data managers that can sufficiently ensure that appropriate technical and organisational measures are implemented in a way so that the data handling meets the requirements of the Regulation and the protection of the data subject is guaranteed.
The Company may also provide Clients’ data in response to requests submitted by courts or national institutions, in the scope required to duly implement the current legislation and instructions of the national institutions.
The Company may be required to exchange personal data internally, in order to meet a specific goal. The Company may need to provide personal data to the following personal data receivers: business partners or data managers (subcontractors).
RETENTION PERIOD FOR PERSONAL DATA
The data collected by the Company is stored in the form of printed documents and/or in an e-format in the information systems of the Company. Personal data is handled only for as long as needed to reach the goals of data handling or required by data subjects and/or specified in the legislation.
Even though the client is entitled to terminate the contract and renounce the Company’s services, the Company must continue to protect the client’s personal data due to potential future requirements or legal claims until the expiry of the retention period.
RIGHTS OF THE CLIENT AS A DATA SUBJECT
The Client is entitled:
According to the GDPR provisions, you as the data subject can exercise the following rights:
- The right to familiarise yourself with personal data, i.e. to submit a request for information as to whether your personal data is handled; if your personal data is handled, you are entitled to familiarise yourself with your personal data that is being handled.
- The right to correct personal data, i.e. to submit a request to correct your personal data if you determine that the personal data that we are handling is incorrect, incomplete or inaccurate.
- The right to delete data (the right “to be forgotten”), i.e. to submit a request to delete your personal data if you believe that your data is being handled illegitimately or unfairly.
- The right to limit data handling, i.e. to submit a request to limit (stop) the handling of your personal data, except its storage, when, for example, you request to correct your personal data (while the accuracy of personal data is being checked and/or while it is being corrected); it is determined that personal data is being handled illegitimately and you disagree that the data shall be deleted; you have expressed your disagreement for your personal data to be handled, etc.
- The right to data transfer, i.e. to submit a request to transfer your personal data that is being handled automatically to you and/or to a different data manager in a systematised common computer-read format.
- The right to disagree with data handling, i.e. to express disagreement for your personal data to be handled when the data is handled on the legal basis of a legitimate or public interest.
- The right to demand that the solution, which is based solely on the automatic data handling, including profiling, should not be applied to you if it causes legal consequences or has a similar great effect on you.
- The right to withdraw, at any time, any consent given to us in relation to personal data handling, for example, for direct marketing.
To exercise his/her rights, the Client may contact the Company:
- by submitting a written request in person, by mail, via a representative or by means of e-communication (email: firstname.lastname@example.org,
- postal address: Žirnių str. 26F, LT-02120 Vilnius).
The request must be signed and accompanied by a copy of your ID. The request must be legible, signed and it should contain the name, surname, phone number, email or other contact details of the data subject, information as to which of the data subject’s rights and in what scope the data subject wishes to exercise those rights.
All Clients’ requests regarding data subject rights are examined by the Company free of charge. If a request is superfluous or not clearly substantiated, as well as in other cases specified in the legislation, the Company may refuse to examine it or a respective fee may be charged.
We will respond to your request within 30 (thirty) calendar days from its receipt. In exceptional cases, when additional time is required, we are entitled, upon notifying you, to extend the period for providing the data requested or analysing other requirements specified in your request to 90 (ninety) calendar days from its submission.
To contact the State Data Protection Inspectorate upon an unsuccessful resolution of the issue with the Company (for more information, please visit http://vdai.lrv.lt ).
RESPONSIBILITY OF THE CLIENT
To notify the Company about any changes in the information and data provided. It is important for the Company to have correct and valid details of the Client.
To provide the necessary information so that, upon the Client’s request, the Company is able to identify the Client and to make sure that it is really communicating or cooperating with that specific Client (to provide your ID or in accordance with the legislation or via means of e-communication that would allow for the proper identification of the Client). This is required in order to protect the data of the Client or other persons so that the information disclosed about the Client is provided to the Client only, without infringing the rights of other persons.
In order to ensure risk-level security during data handling, Laifarma, UAB, has implemented appropriate technical and organisational measures. When selecting and implementing appropriate technical and organisational measures in order to ensure security during data handling, the Company follows:
- ENISA guidelines: https://www.enisa.europa.eu/publications/guidelines-for-smes-on-the-security-of-personal-data-processing
- VDAI guidelines: http://vdai.lrv.lt/uploads/vdai/documents/files/02_%20VDAI_saugumo_priemoniu_gaires-2019-08-09.pdf
- Good information security practices