DESCRIPTION OF DATA PROTECTION PROCEDURES
1. GENERAL
1.1.UAB Eudra (hereinafter referred to as the "Company") in the Customer Personal Data Management Procedures (hereinafter referred to as the "Procedures") shall regulate the principles of management of the Company's customers' personal data, shall determine the categories of personal data, the legal basis for the management of the personal data, the purposes and means of the management of the personal data, and the rights of the data protection subject.
1.2 The Company shall ensure the confidentiality of the personal data of its clients in accordance with the requirements of the applicable legislation and the implementation of appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, accidental loss, alteration or destruction or other unlawful processing.
1.3 The Company may use data processors to process personal data. In such cases, the Company shall take the necessary measures to ensure that such processors process personal data in accordance with the Company's instructions and applicable law and shall require the implementation of appropriate personal data security measures.
2. CONNECTIONS
2.1. the Company - UAB Eudra (company code 135530422, Kulautuvos g. 45A, LT-47190 Kaunas).
2.2 Customer means any natural or legal person who uses, has used, has expressed an intention to use, or is otherwise connected with the services provided by the Company.
2.3 Customer Personal Data means any information relating directly or indirectly to a Customer of the Company.
2.4 "Management" means any operation (including collecting, recording, storing, processing, modifying, accessing, querying, transferring, etc.) of Personal Data.
2.5 Other terms used in this Policy shall be understood as defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania, the General Data Protection Regulation and other legal acts regulating personal data processing.
3.CATEGORIES OF PERSONAL DATA OF CUSTOMERS
3.1 Personal data is obtained directly from the Customer, from the Customer's activities in using the Services and by the Customer's free will.
3.2 The main categories of Customer Personal Data collected by the Company include, but are not limited to:
3.2.1. personal identification data, such as the customer's name, surname, year of birth.
3.2.2. contact details, such as the city, town or village of the customer's residence, delivery address, telephone number, email address.
3.2.3. special categories of personal data, such as data on the Client's visual parameters and the parameters of the visual correction devices used by the Client, as well as other data on the Client's health directly related to the prescription of visual correction.
4. PRINCIPLES FOR THE MANAGEMENT OF CUSTOMER PERSONAL DATA
4.1 The Company's management of Customer Personal Data is guided by the following principles:
4.1.1.The Company shall manage the personal data of the Clients only to the extent and for the purposes set out in this Procedure.
4.1.2 Customer personal data is managed accurately, fairly and lawfully in accordance with the requirements of the law.
4.1.3 Customer personal data shall be managed in such a way as to ensure that the personal data is accurate and kept up-to-date as and when it changes.
4.1.4 The personal data of customers shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed.
5. LEGAL BASIS AND PURPOSES FOR PROCESSING CUSTOMER PERSONAL DATA
5.1 The legal basis for the management of the Client's personal data shall be the Client's freely given consent.
5.2 Customer personal data is managed for the following purposes:
5.2.1. for the purpose of providing the Services:
5.2.1.1. for customer identification;
5.2.1.2. to maintain the relationship with the Client and to inform the Client about the status and guarantees of the services and the transmission of service data.
5.2.2. for the purpose of providing information about the Company's loyalty programme.
5.2.3. for the purpose of seeking customer opinion, market research and statistical data collection.
6. RECIPIENTS OF CUSTOMER PERSONAL DATA
6.1 Personal data may be transferred to recipients such as:
6.1.1. companies and natural persons, State bodies and authorities exercising their statutory functions, providers of services and products to the Company related to the provision of the Company's services, such as postal and communication service providers, healthcare institutions, other authorised parties related to leasing and insurance services, and companies administering taxes and fines related to such assets.
6.2 The personal data of customers shall be transferred to data recipients only to the extent necessary for the performance of the Company's services, and the confidentiality of the Company's customer data is set out in the Company's agreements with the recipients of personal data.
6.3 Personal data may also be transferred to State bodies and institutions performing functions assigned to them by law (e.g., law enforcement authorities, bailiffs, notaries, tax administration authorities, authorities performing financial supervision of the Company).
7. COLLECTION, PROCESSING AND STORAGE OF CUSTOMER PERSONAL DATA
7.1 The Client's personal data is provided by the Client personally and freely.
7.2 The processing of Customer Personal Data shall be limited to those employees of the Company for whom it is necessary for the performance of their functions and only when it is necessary for the purposes set out in Section 5.
7.3 The Company's Employees who are authorised to process the personal data of the Employees shall observe the principle of confidentiality and shall keep secret any information relating to the Client's personal data which has come to their knowledge in the course of the performance of their duties, unless such information would be public information in accordance with the provisions of the applicable laws or other legal acts.
7.4 The personal data of clients shall be stored in accordance with the terms specified in the Index of General Document Retention Periods approved by the Order of the Chief Archivist of the Republic of Lithuania and in the Technical Regulation on Medical Devices. Other personal data of Customers shall be stored for no longer than is necessary to achieve the intended purposes described in Section 5.
7.5 The Company shall implement and ensure appropriate organisational and technical measures to protect the Client's personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing.
8. RIGHTS OF THE DATA SUBJECT
8.1 The rights guaranteed to the Client (data subject) by law in relation to the processing of his/her personal data include the right to:
8.1.1. object to the processing of personal data. The Customer has the right to object to the processing of his/her personal data. Such objection may be expressed by not completing the consent form or other sections of the consent form, as well as by subsequently submitting a request to terminate the management of personal data.
8.1.2. be aware of the collection of your personal data. An employee of the Company collecting the Client's personal data must inform the Client what personal data the Client is required to provide and for what purpose the relevant data is collected.
8.1.3. to receive information on whether the Company processes his/her personal data and, if so, to have access to the personal data held by the Company.
8.1.4. to request the rectification of his/her personal data if it is incorrect, incomplete or inaccurate.
8.1.5. to receive personal data provided by him or her which is processed on the basis of his or her consent. The request for data shall be made in writing at one of the optical salons or by e-mail, as may be indicated by the particular optical salon. Where possible, it shall be possible to transfer the Personal Identity Data or the Communication Data (described in Chapter 3) to another service provider (data portability).
8.1.6. require the deletion of the Client's personal data that is controlled with the Client's consent, if the Client withdraws the relevant consent.
8.1.7. restrict the processing of the Customer's Personal Data in accordance with applicable law, e.g. for a period of time during which the Company will assess whether the Customer has the right to request that his or her Personal Data be erased.
8.1.8. withdraw your consent to the processing of Personal Data.
8.1.9.The Customer's request to object to the processing of his/her personal data, as well as the request to correct, destroy, restrict, retrieve, transfer his/her personal data, to suspend and revoke the processing of personal data, shall be submitted to the Company in writing, by coming to one of the Company's optical salons, or by e-mail, by sending the request to the address provided by the optical salon's consultants, managers or optical goods sellers.
8.1.10. the Client's request for the management of the Client's personal data shall be made in person by the Client whose personal data is being managed. The request shall be valid upon presentation of a valid passport or identity card. When sending a request by e-mail, a copy of the identity document and other necessary data for identification of the person must be provided.
8.1.11. the Company, upon receipt of a request regarding the management of the Client's personal data, shall inform the Client in the manner of the Client's choice (by e-mail or telephone) about the progress of the processing of the Client's personal data no later than within 21 working days from the date of submission of the Client's written request or sending the request to the e-mail address specified in the optical shop.
9. FINAL PROVISIONS
9.1 Consent to the management of personal data of minors shall be the responsibility of the minor's parent or guardian. Their consent to the management of their child's or ward's personal data shall allow the Company to manage the minor's personal data in accordance with the procedures set out in these Procedures.
9.2 The geographic territory of the Customer's personal data is the European Union (EU).
9.3 This Procedure shall be reviewed and updated at least once every two years or in the event of changes in the legislation governing the processing of Clients' personal data.
9.4 Employees of the Company shall be acquainted with this Procedure by signature and shall be obliged to comply with the obligations set out in this Procedure and to follow the principles set out in this Procedure in the performance of their work functions.
9.5 Customers may access this Policy on the UAB Eudra website https://eudra.lt or by coming to the registered office of UAB Eudra and submitting a written request to be informed of this Procedure.
9.6 The Company shall have the right to unilaterally change this Procedure at any time by informing the Client by e-mail and by posting the changes on the Company's website. https://eudra.lt.