1.1. The private limited liability company “Atvila” (hereinafter referred to as the Company), implementing the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the General Data Protection Regulation or GDPR), and the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as the PDPL), ensures the protection of personal data and the exercise of the rights of personal data subjects. This document sets out the main principles of personal data management and processing in the Company’s activities and defines what information about individuals the Company collects, how and from what sources such information is obtained, what actions are taken with the collected information, and how this information is processed (hereinafter referred to as the Privacy Policy).
1.2. Terms used in this Privacy Policy:
Personal Data means any information relating to an identified or identifiable natural person, as well as any other information that can be used to identify such a natural person (hereinafter PD).
Data Controller means UAB “Atvila”, legal entity code 124134674, registered address: Granito g. 3, Vilnius (also referred to as the Company).
Data Processor means the Company or its partners who process certain personal data controlled by the Company on behalf of and under the instruction of the Data Controller.
Company’s website means the website managed by UAB “Atvila” at the address www.vennersafety.com
Data Subject means a natural person whose personal data is controlled or processed by the Company (hereinafter the Data Subject).
Other terms and definitions used in this Privacy Policy correspond to the terms and definitions used in the GDPR and the PDPL.
1.3. The Company’s Privacy Policy is prepared based on the following principles:
Lawfulness, fairness, and transparency;
Purpose limitation, where personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
Data minimization, where adequate, relevant, and limited personal data are collected only as necessary for the purposes for which they are processed;
Accuracy, where only accurate personal data is processed, and inaccurate data is corrected or erased without delay;
Storage limitation, where personal data is kept in a form that permits identification of data subjects no longer than necessary for the purposes for which the personal data are processed, unless a longer retention period is required by law to protect the rights and freedoms of the data subjects;
Integrity and confidentiality, where technical and organizational measures are applied to ensure appropriate security of personal data.
2. PROCESSING OF PERSONAL DATA ON THE COMPANY’S WEBSITE
2.1. Processing of visitors’ personal data on the Company’s website
2.1.1. During a Data Subject’s visit to the Company’s website (www.vennersafety.com), automatic records are made on the Company’s server in a system file to ensure smooth connection (online communication), convenient interaction with the website and application, and the stability of communication and website functioning.
2.1.2. During the Data Subject’s visit to the Company’s website, the following data identifying the Data Subject is collected and processed:
| Personal Data Category | Purpose of Collection | Legal Basis for Processing | Source of Data | Data Retention Period |
|---|---|---|---|---|
| IP address of the Data Subject’s device making the request; Date and time of access; Name and URL of the opened file; Data about the website or application from which access was provided (referrer URL); Browser used and, if applicable, the operating system of the device and name of the access service provider | Optimization and stability of the Company’s website operation, communication optimization, and protection of the information system | Processing is necessary for the legitimate interests of the data controller or a third party (GDPR Article 6(1)(f)) | Automatically collected during the visit to the Company’s website | Data identifying the Data Subject is kept only for the duration of the visit and is deleted automatically after the visit ends |
2.2. Processing of visitors’ personal data on the Company’s website for business improvement and marketing purposes
2.2.1. The Company monitors Data Subjects’ behavior on the Company’s website (www.vennersafety.com) to collect and analyze statistical data about market trends and consumer behavior to make important business decisions to meet customer needs and improve activities. For these purposes, the Company uses automated data collection and analysis tools (cookies), which do not use personal data (IP addresses are masked).
2.2.2. The Company uses only third-party cookies for statistical data collection and analysis, as described in the Cookie Policy (Section 3).
2.2.3. The Company uses the “Google Analytics” service provided by Google Inc. (USA), which records and analyzes statistical data on website usage. Information on the ability of Google Analytics tools to collect Data Subject identifying data is available in Google Inc.’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.
If a visitor wishes that Google Analytics tools do not track information about their website browsing, they may use the Google Analytics opt-out browser add-on.
2.2.4. In any case, the Company ensures that Data Subjects visiting the Company’s website have the opportunity to disable cookies before starting to browse the Company’s website.
2.3. Processing of visitors’ personal data on the Company’s website for direct marketing purposes
2.3.1. The Company processes personal data for direct marketing purposes only with the Data Subject’s prior clear and active consent.
2.3.2. The Company may carry out direct marketing by:
Sending general direct marketing offers such as newsletters with the Company’s offers, promotions, and news;
Sending invitations to participate in events, surveys, loyalty programs, or lotteries;
Providing tailored direct marketing offers corresponding to the Data Subject’s needs.
| Personal Data Category | Purpose of Collection | Legal Basis for Processing | Source of Data | Data Retention Period |
|---|---|---|---|---|
| Name and/or surname; Email address; Phone number | Execution of the Company’s direct marketing | Processing is necessary for the legitimate interests of the data controller or a third party (GDPR Article 6(1)(f)) | Provided by the Data Subject during registration (submission of notification) and later automatically collected during visits to the Company’s website | Data identifying the Data Subject is stored for 12 months after the relevant event, after which it is anonymized into statistical data stored for 24 months |
2.3.3. For direct marketing purposes, the Company uses automated personal data collection and analysis technologies described in Section 3.1 of this Privacy Policy (“Processing of Visitors’ Personal Data on the Company’s Website”), which facilitate profiling of Data Subjects based on their browsing behavior and characteristic interests.
2.3.4. Based on the content of the Company’s website, the Company presumes that personal data of Data Subjects aged over 16 years is collected and processed for marketing purposes. If it is found that data of Data Subjects under 16 years of age is being processed, the Company will immediately stop such processing and inform the Data Subject about the need to provide parental or legal guardian consent for processing such data.
2.3.5. For direct marketing purposes, the Company uses services of social networks (e.g., Facebook), internet service providers (e.g., Google), and other online advertising providers. The Data Subject will be informed about the privacy policies, data collected, and personal data protection measures of these service providers via links posted on the Company’s website.
2.3.6. The Company ensures the Data Subject’s right to withdraw consent for the processing of their personal data for direct marketing purposes at any time.
3. COOKIE USAGE RULES
3.1. To improve visitors' experience when visiting ATVILA websites, we use cookies — small pieces of textual information automatically created when browsing the site and stored on the visitor’s computer or other end device. Information collected via cookies allows the Company to ensure visitors can browse more conveniently, offer attractive proposals to visitors, learn more about the behavior of the Company’s website users, analyze trends, and improve the website, customer service, and the services provided by ATVILA.
3.2. Visitors have the option to choose whether to accept cookies used on the website. If a visitor does not agree to cookies being saved on their computer or other end device, they can change their internet browser settings to disable all cookies or enable/disable them individually. However, please note that in some cases this may slow down internet browsing speed, limit certain website functionalities, or block access to the website. More detailed information is available at AllAboutCookies.org or www.google.com/privacy_ads.html.
3.3. Information collected using cookies is typically used for the following purposes:
Service development. By monitoring cookie use, we can improve the operation of our website and electronic services. In this case, the Company receives information, for example, about which parts of the Company’s website are most popular, which websites users connect to from our site, from which websites they come to our site, and how long users spend on the Company’s website.
Usage analysis. The Company uses cookies to collect statistical data about the number of users visiting the Company’s websites and usage of electronic services, as well as to evaluate advertising effectiveness. For example, the Company may collect information from marketing emails and newsletters to find out whether emails were opened and whether they encouraged users to take any actions, such as clicking links to the Company’s website.
Targeted marketing. Using cookies, the Company can also collect information to provide advertising or content targeted at specific browsers by creating different target groups. All information about cookies used on the site, their purpose, duration, and data collected is provided in the table below.
3.4. Data on cookies used:
| Cookie Name | Description | Creation Time | Duration | Data Used |
|---|---|---|---|---|
| _ga, _gid | Tracking cookies from Google Analytics. Collect info on user behavior on the site to keep stats. | On first page visit | 2 years, 24 hours | Unique identifier |
| _utmb, _utmc, _utma | Google Analytics tracking cookies. Info sent anonymously. Identify unique visitors & track sessions. More info on Google site. | On page visit | 30 mins, 6 months, 2 years | IP addresses and unique IDs for statistical accounting via Google Analytics |
| _utmz | Google Analytics tracking cookie. Info sent anonymously. | On page visit | Until browser window closes | IP addresses and unique IDs for statistical accounting via Google Analytics |
| _hjClosedSurveyInvites | Set when visitor interacts with a pop-up survey modal. Used to ensure already shown invites don’t repeat. | On page visit | 1 year |
|
| _gat_myTracker, _gat_UA-10979213-12 | Google Analytics and VWO cookie for testing purposes. | On page visit | Until browser window closes |
|
| __hstc | Collects info on user behavior on the site to keep stats. | On page visit | 2 years | Unique identifier |
| __hssrc | Used to check whether the user's browser was reloaded during the session. | On page visit | Session | Verification value |
3.5. The Company’s website may contain links to third-party websites, products, and services, as well as social media plugins (e.g., Facebook social network plugins). Third-party services or applications provided on the Company’s website are subject to the respective third party’s privacy policy. The Company encourages visitors to familiarize themselves with the privacy protection provisions applied by such third parties.
4. RIGHTS OF DATA SUBJECTS
4.1. The Company ensures the following rights of the Data Subject (DS):
4.1.1. Right to access personal data: The DS has the right to obtain confirmation from the Company as to whether their personal data is being processed, as well as the right to access the personal data processed by the Company and receive information about the purposes of data processing, categories of data processed, categories of data recipients, the period of data processing, and sources of data collection.
4.1.2. Right to rectify personal data: If the data provided by the DS has changed, or the DS believes that the information processed by the Company about them is inaccurate or incorrect, the DS has the right to request that such information be modified, clarified, or corrected.
4.1.3. Right to lodge a complaint: If the DS believes that the Company processes their personal data in violation of data protection legislation, they have the right to contact the Company directly to address the possible violation. If the DS is dissatisfied with the Company's proposed solution or believes that the Company has not taken the necessary actions upon their request, the DS has the right to file a complaint with the supervisory authority, which in the Republic of Lithuania is the State Data Protection Inspectorate (A. Juozapavičiaus st. 6, 09310 Vilnius; phone: (8 5) 271 2804, 279 1445; email: ada@ada.lt).
4.1.4. Right to erasure ("right to be forgotten"): Under certain circumstances specified in data protection legislation (for example, when personal data is processed unlawfully, the legal basis for data processing has expired, etc.), the DS has the right to request that the Company erase their personal data if it was collected based on the DS’s consent.
4.1.5. Right to restrict processing: Under certain circumstances specified in data protection legislation (for example, when personal data is processed unlawfully, the DS has contested the accuracy of the data, or objected to processing based on legitimate interests, etc.), the DS also has the right to restrict the processing of their personal data.
4.1.6. Right to data portability: The Data Subject (DS), whose personal data is processed by the Company based on the DS’s consent and where the processing is carried out using automated means, has the right to transfer the data to another data controller, provided that the data was obtained based on the DS’s consent. The Company will provide the data requested for transfer in a commonly used, machine-readable format, and at the DS’s request and where technically feasible, will transmit the data directly to another data controller.
4.1.7. Right to object to data processing: The DS has the right at any time, for reasons related to their particular situation, to object to the processing of their personal data based on legitimate interests. In such a case, the Company will no longer provide direct marketing services to the DS. Objections to other purposes of data processing will be considered taking into account the importance of the Company’s legitimate interests.
4.1.8. Right to withdraw consent: If personal data is processed based on consent, the DS has the right to withdraw their consent at any time, without waiting for the consent’s validity period to expire. Data processing based on consent will be terminated after the consent withdrawal.
5. HANDLING OF REQUESTS AND COMPLAINTS
5.1. To protect the Data Subject’s (DS) personal data from unauthorized disclosure, upon receiving a DS’s request to provide data or to exercise other rights, the Company has the right to verify the identity of the DS. For this purpose, the Company may (i) request the DS to provide relevant data from the registration form to compare and confirm if the data matches, or (ii) send a verification message to the contact provided in the registration form (via SMS or email), requesting authorization. If the verification procedure is unsuccessful, the Company has the right to conclude that the requester is not the data subject in question and reject the submitted request.
5.2. The Company commits to respond without undue delay, but in any case no later than one month from the receipt of the DS’s request and completion of the verification procedure, providing information about the actions taken based on the submitted request. Considering the complexity and number of requests received, the Company has the right to extend the one-month period by an additional two months, informing the DS of such an extension before the end of the initial month and stating the reasons for the extension.
5.3. If the request was submitted by electronic means, the Company will also respond electronically, except in cases where this is impossible (e.g., due to the large volume of information) or if the DS requested a response by another means.
6. SECURITY MEASURES AND DATA TRANSFER
6.1. The Company ensures that, when processing personal data, it uses various security technologies and procedures that protect the processed personal data from unauthorized access, use, or disclosure.
6.2. The Company undertakes to immediately take all possible measures once any cases of unauthorized access to personal data, or their unauthorized use or disclosure, are detected, informing the Data Subject and the data protection supervisory authority about the incident accordingly.
6.3. The Company does not transfer personal data to any third parties without the prior consent of the Data Subject, except that personal data may be transferred to third parties who assist the Company in conducting its operations and administering the provision of Services. Such parties may include companies providing data center, hosting, and related services; advertising and marketing service providers; software development, provision, support, and maintenance companies; IT infrastructure service providers; communication service providers; companies performing web browsing or online activity analysis and related services; and security service providers. In each case, the Company provides the data processor with only as much data as is necessary to perform a specific task or provide a specific service.
6.4. The Company has the right to provide personal data to competent governmental or law enforcement authorities upon their request, as well as to assert legal claims or defend legitimate interests of the Company and third parties.
6.5. The Company ensures that personal data is processed within the territory of the European Union.
6.6. The Company does not intend to transfer and does not transfer personal data to third countries; however, it informs that certain technical data related to the Data Subject’s visit to the Company’s website (IP address, cookies, technical information about the browser used, other information related to browser activity and website navigation) may be transferred or made available for website statistics, analysis, and related purposes to entities operating both within the European Economic Area and outside it (e.g., when using the Google Analytics service, whose provider is Google Inc., a company operating in the United States).
7. FINAL PROVISIONS
7.1. This Privacy Policy comes into effect on May 25, 2018.
7.2. The Company may from time to time amend the provisions of this Privacy Policy. The Company will inform Visitors about any changes by providing a new version of the Privacy Policy on the Website, indicating the dates of the implemented amendments.
7.3. Visitors understand and acknowledge that by continuing to use the Website, they agree to any changes and updates to the Privacy Policy.
7.4. If Data Subjects have any questions regarding the Company’s processing of personal data under this Privacy Policy or wish to exercise their rights related to the processing of the visitor’s personal data, they may submit an inquiry to the Company by:
Sending a letter to the address: Granito g. 3, Vilnius, UAB “Atvila” with the reference on the envelope “Regarding personal data processing”;
Sending an inquiry by email to: info@atvila.lt;
Contacting by phone at 8 (5) 240 28 90 (UAB “Atvila” administration).