Privacy policy

The purpose of the Privacy Policy is to provide information on the methods of collecting and processing of the data, submitted by data subjects, to explain how long it is stored, who receives it, also of the rights of the data subjects and whom they should address regarding their enforcement or in case of other issues, related to data processing.

Personal data processing is subject to the General Data Protection Regulation of the European Union (EU) 2016/679 (hereinafter – the Regulation), the Law on Personal Data Protection of the Republic of Lithuania and other legislation, regulating personal data protection. 

Amber Design adheres to the following main principles of data processing:

- personal data processing is legal, fair and transparent (the principle of lawfulness, fairness and transparency);

- personal data is collected only for clearly defined and legal purposes (the principle of purpose limitation);

- only the personal data that is adequate, suitable and needed for the purposes of their processing can be managed (the principle of data minimisation);

- the personal data processed is accurate and constantly updated (the principle of accuracy);

- personal data is stored safely and not longer than deemed necessary by the purposes of data processing or legislation (the principle of storage limitation);

- personal data is processed using appropriate technical or organisational measures to ensure proper personal data safety (the principle of integrity and confidentiality).

1. DEFINITIONS

1.1. Data controller – Austėja Nekrašienė (hereinafter – the natural person)

1.2. Data subject – any natural person, whose data is processed by the natural person. Data controller collects only the data of the data subject, which is deemed necessary for the implementation of the business and (or) for the visits, use, browsing of the natural person’s websites, etc. (hereinafter – the Website).  The natural person guarantees that the personal data collected will be safe and used only for the specific purpose.

1.3. Personal data refers to any information, directly or indirectly related to the data subject, whose identity is known or could be directly or indirectly established by using appropriate data. Personal data processing refers to any operation, related to personal data (including collecting, recording, storage, editing, changing, giving access to, submitting inquiries in relation with, transfer, archiving, etc.). 

1.4. Agreement refers to any deliberate and voluntary consent, given by a data subject, who agrees with the processing of their personal data or a specific purpose.

2. PERSONAL DATA SOURCES

2.1. Personal data is provided by the personal data subject. The data subject addresses the natural person and uses the services, offered by the natural person, i.e., purchases goods and (or) services, takes part at loyalty programmes, lotteries or competitions, leaves comments, asks questions, subscribes to newsletters, submits inquiries to the natural person, etc. 

2.2. Personal data is received as the data subject visits the website of the natural person. The data subject completes the forms, contained therein, or leaves their contact details for a certain reason, etc.

2.3. Personal data is obtained from other sources. The data is obtained from other institutions or companies, publicly-available registers, etc.

3. PERSONAL DATA PROCESSING

3.1. Upon submitting the data, the data subject agrees with the natural person’s use of the data accumulated to fulfil their obligations to the data subject and provide services that the data subject is expecting. 

3.2. The natural person processes personal data for the following purposes:

3.2.1. Signing and implementation of agreements with the data subject regarding the goods and services the natural person offers or receives; saving contact details to ensure the possibility to contact them; tax accounting and payment control. The following data is processed for the said purpose: 

• Name(s), surname(s);

• Communication details (phone number, e-mail address);

• Work place and position (if the information is provided by a representative of a legal entity);

• Place of residence (for invoicing);

• Banking details (if the Company receives services by a natural person).

3.2.2. For debt processing. The following data is processed for the said purpose:

• Name(s), surname(s);

• Payment history;

• Address;

• Other debt-related information.

3.2.3. Administering of inquiries, comments and complaints. The following data is processed for the said purpose:

• Name(-s); 

• Communication details (phone number, e-mail address);

• Street, house number;

• Text of the inquiry, comment or complaint.

3.2.4. Direct marketing, administering of the loyalty cards. The following data is processed for the said purpose:

• Name(s), surname(s);

• City;

• Communication details (phone number, e-mail address);

3.2.5. Online shopping. The following data is processed for the said purpose:

Client / buyer identification:

• Name(s), surname(s);

Contact details of the client / buyer:

• Communication details (phone number, e-mail address).

Delivery of the order:

• Goods delivery address.

Identification of the country of the client / buyer for VAT application purposes:

• IP address.

For the purchase: 

• Payment details for the goods/services (banking account No., payment method, etc.);

• Purchase history (goods and/or services purchased, price, amount);

• Order date;

• Purchase receipt No.

3.2.8. Other purposes that the natural person has a right to process the personal data of the data subject, when the data subject has expressed their consent, when the data must be processed due to the rightful interest of the Natural person or when the Natural person is obliged to process the data in accordance with appropriate legislation.

4. PROVIDING PERSONAL DATA

4.1. The natural person undertakes to adhere to the duty of confidentiality with regards to the data subjects. Personal data can be disclosed to third persons only in cases, deemed necessary for entering into an agreement for the benefit of the data subject and its implementation, or for other rightful reasons.

4.2. A natural person can submit personal data to their data processors, who provide the Natural person with services or process the personal data on behalf of the Natural person. Data processors have a right to process personal data only to the instructions of the Natural person and only to the extent that makes it necessary for proper fulfilment of the obligations, established in the agreement. The natural person uses only the data processors that can properly ensure the implementation of appropriate technical and organisational measures in a way to ensure the compliance of the data processing with the requirements of the Regulation and the protection of the rights of the data subject. 

4.3. The natural person can also provide personal data in response to the inquiries of the court or state institutions to the extent that is necessary for proper implementation of the applicable legislation and instructions of state institutions.

4.4. The natural person guarantees that the personal data will not be sold or rented to third persons. 

5. PERSONAL DATA PROCESSING OF MINORS

5.1. Persons that are younger than 14 years old, cannot provide any personal data via the website of the Natural person. If a person is younger than 14 years old, in order to use the services, offered by the Natural person and before providing any personal data, such person is required to submit a written permission regarding personal data processing from one of their representatives (father, mother, carer, etc.).

6. PERSONAL DATA STORAGE TERM

6.1. Personal data, collected by the Natural person are stored in printed documents and (or) information systems of the Natural person. Personal data processing must not take longer than needed for the purposes of data processing or not longer than required by data subjects and (or) is established in the legislation. 

6.2. Although the data subject can terminate the agreement and refuse the services of the Natural person, the natural person must continue to store the data of the data subject to fulfil possible requirements or legal claims in the future until the end of the data storage term.

7. RIGHTS OF THE DATA SUBJECT 

7.1. The right to receive information on data processing.

7.2. The right to get acquainted with the data processed. 

7.3. The right to demand to correct the data.

7.4. The right to demand to have the data erased (‘The right to be forgotten’). This right does not apply if the personal data that is asked to be erased is processed on other legal grounds, such as the processing that is necessary for the implementation of an agreement or for the implementation of duties, related to applicable legislation.

7.5. The right to limit data processing.

7.6. The right to disagree with data processing.

7.7. The right to data portability. The right to data portability cannot make a negative impact on the rights and freedoms of the others. The data subject is not entitled to data portability with regards to the personal data that is processed in manually systematised files, such as paper files.

7.8. The right to be against an application of a decision, made solely by automated means, including profiling.

7.9. The right to submit a claim regarding personal data processing to the State Data Protection Inspectorate.

8. The natural person must create the conditions for the data subject to implement the above-mentioned rights of the data subject, except for cases, established by the law, when it is necessary to ensure state safety or defence, public order, crime prevention, investigation or prosecution, important economic or financial interests of the state, prevention, investigation, identification of violations of professional ethics, protection of the rights and freedoms of the data subject and other persons.

9. THE PROCEDURE OF IMPLEMENTING THE RIGHTS OF DATA SUBJECTS

9.1. The data subject may address the Natural person regarding the implementation of their rights as follows:

9.1.1. By submitting a free-form written application in person, by mail, via a representative or using electronic means of communication – e-mail: support@amberdesign.com; The application must be eligible and signed by the data subject.

9.2. Seeking to protect the data from illegal disclosure, upon receiving the application of the data subject for data or the implementation of other rights, the natural person must check the identity of the data subject.

9.3. The response of the natural person to the data subject must be provided no later than in one month since the date, when the application was received, considering specific circumstances of the personal data processing. In case of a need, this period may be extended for two more months, considering the complexity and number of the requests.

10. RESPONSIBILITY OF THE DATA SUBJECT 

10.1. The data subject must:

10.1.1. Inform the Natural person about any changes of the information or data provided. It is important for the natural person to have the correct and valid information of the data subject;

10.1.2. Submit the necessary information, so that the natural person would be able to identify the data subject requesting for information and make sure that they are communicating with precisely the specific data subject (by submitting a personal identification document in accordance with the procedure, established by the law, or by means of electronic communication, which would enable proper identification of the data subject). This is necessary for the protection of the personal data of the data subject or other persons and to ensure that the disclosed information on the data subject is provided only to the data subject without violating the rights of other persons.

11. FINAL PROVISIONS 

11.1. Upon transferring personal data to the Natural person, the data subject confirms that they agree with this Privacy Policy, understand its provisions and agree to adhere to them. 

11.2. The natural person is entitled to make amendments to this Privacy Policy at their own discretion with regards to the development and improvement of the business of the Natural person. The natural person is entitled to make partial or fundamental changes to this Privacy Policy at their own discretion by announcing this on their website.

11.3. Supplementations or changes to the Privacy Policy come into force since the day of their introduction, i.e. the day they were published on the website.

 12.  COOKIES

12.1. Seeking to improve the Website to make it easier for the data subjects (visitors) to find what they are looking for, the natural person is using the following cookies:

• Session cookies to improve performance. Their purpose is to improve the performance of the Website and collect general (anonymous) information on the use of the Website;

• Analytical cookies. These cookies enable the Natural person to recognise and count the visitors of the Website, also monitor their navigation on the Website as they use it. This helps the Natural person to improve the performance of the Website, for example, to ensure that the data subjects could easily find what they are looking for. The collection of the data is based on the consent of the data subjects;

• Marketing cookies. These cookies enable the Website to remember the items, picked by the data subject (such as access credentials) and offer improved functions that are personally tailored to the data subject.