PRIVACY POLICY 

 

This Privacy Policy (hereinafter – the Policy) regulates the principles of collection, processing, and storage of personal data of visitors and customers of UAB “Klota” (hereinafter – the Company) on the website https://www.mondetex.com/lt/, and sets out the purposes and means of processing personal data. 

This Policy is prepared in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation). 

This Policy informs the Company’s website visitors and buyers about the processing of their personal data. 

 

DEFINITIONS USED 

Personal data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 

Data subject – a visitor to the Company’s website (a natural person), as well as an active natural or legal person who has purchased goods from the Company and whose personal data is collected and processed by the Company. 

Consent of the data subject – any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

Rights of the data subject – the opportunities of the data subject to participate in and control the activities of the data controller and/or processor when their personal data is being processed – to know and be informed about the processing of their personal data by the Company; to access the personal data processed by the Company and how it is being processed; to request the rectification, destruction, or suspension (except for storage) of actions relating to the processing of their personal data if the data is being processed in violation of legal provisions; to object to the processing of their personal data; to request the deletion of their personal data; to receive data relating to them that they have provided to the data controller; to lodge a complaint with a supervisory authority (the State Data Protection Inspectorate). 

Data processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, classification, systematization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, as well as alignment or combination with other data, restriction, erasure, or destruction. 

Automated data processing – data processing operations carried out fully or partially by automated means. These are considered to be any information and communication technologies through which personal data processing operations can be performed, for example: computers, communication networks, etc. 

Data controller – UAB “Klota”, a legal entity established under the laws of the Republic of Lithuania, legal entity code: 305544471, registered office address: Pakalnės g. 7B, Domeikava village, 54355 Kaunas district. 

Data processor – a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. 

Data recipient – a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether a third party or not. However, public authorities that, under European Union or Member State law, may receive personal data in the framework of a particular inquiry shall not be regarded as recipients. 

Cookie – a small text file that a website stores on a computer or mobile device when a person visits the site. 

Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. 

Other terms used in this Policy are to be understood as defined in the Regulation and in other legal acts regulating the processing of personal data. 

 

CHAPTER I 

PRINCIPLES OF PERSONAL DATA PROCESSING 

1.When processing your personal data, the Company adheres to the following principles: 

  1.  The Company processes personal data solely for lawful purposes and for the purposes defined in this Policy, and does not further process the data in a manner incompatible with those purposes (principle of purpose limitation); 
  1. Personal data are processed accurately, fairly, and lawfully, in accordance with the requirements of legal acts (principle of lawfulness, fairness, and transparency); 
  1. The Company processes personal data in such a way as to ensure that the data are accurate and, where necessary, kept up to date in the event of any changes (principle of accuracy); 
  1. The Company processes personal data only to the extent necessary to achieve the purposes of personal data processing (principle of data minimization); 
  1. Personal data are stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data were collected and processed (principle of storage limitation); 
  1. When processing personal data, the Company applies appropriate technical and organizational measures to ensure an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage (principle of integrity and confidentiality); 
  1.  The Company is responsible for ensuring compliance with the principles set out in this Policy and must be able to demonstrate such compliance (principle of accountability). 

CHAPTER II 

PURPOSES OF PERSONAL DATA PROCESSING 

2. The Company processes your personal data: 

 

  1. For the purpose of implementing the Company’s legitimate interests, as well as to properly manage and administer the website, facilitate the search for information, ensure the submission of inquiries by Data Subjects via the internet (the legal basis for processing personal data for this purpose is the data subject’s consent); 
  1. For the purpose of conducting commercial activities, processing orders, concluding wholesale purchase and sale agreements for new and/or second-hand clothing, and for the delivery of goods, accounting and fulfillment of contractual obligations, administration of payments, maintaining appropriate communication with buyers and providing information on the delivery of goods, examining complaints, requests, and statements from data subjects/buyers, and for the purpose of fulfilling legal obligations (the legal basis for processing personal data for this purpose is the goods order / wholesale purchase and sale agreement); 
  1. For the purpose of direct marketing, in order to inform buyers about newly received collections of goods sold by the Company, ongoing promotions, discounts, offers, competitions, news, and similar matters (the legal basis for processing personal data for this purpose is the data subject’s consent). When placing an order, the buyer may express their consent or objection to the processing of their personal data for direct marketing purposes. The buyer may inform the Company of their objection to the processing of their personal data for direct marketing purposes by SMS or by email. The Company may send newsletters to the email address provided by the data subject and ensures the possibility to unsubscribe from the newsletters (at the end of each newsletter there is an option labeled “unsubscribe,” and upon clicking it, the data subject will no longer receive newsletters). 

 

3. For the purposes indicated in Section 2 of this Policy, the Company collects and processes the following data: 

  1. Personal data: name, surname (if provided by you), as well as bank account details (in the case of payment for goods via bank transfer); 
  1. Contact details: email address, telephone number (if provided by you); 
  1. Other personal data/information you have provided to the Company in your inquiry. 

CHAPTER III 

DATA COLLECTION AND PROCESSING 

4. Personal data are obtained from you when such data are required to be provided under legal acts or when such data are voluntarily provided by you when concluding a goods purchase and sale agreement or placing an order for goods. 

5. The Company also processes your personal data in cases where you contact it via the general email address, submit an inquiry through the Company’s website, ask questions, or send information using the contact details indicated on the Company’s website. In such cases, the Company processes your data for the purpose of administering inquiries, ensuring the quality of services provided, and for the protection and defense of its legitimate interests. 

6. Regardless of the method by which the data are collected, they are stored only to the extent and for the duration necessary to achieve the specified purposes, but no longer than the terms established in the currently valid version of the General Document Retention Period Index approved by the Chief Archivist of Lithuania by Order No. V-100 of 9 March 2011, or in other internal regulatory acts governing the Company’s procedures. Data provided via inquiries submitted through the website are retained until a response to the inquiry is provided and are subsequently destroyed. 

CHAPTER IV 

RIGHTS OF THE DATA SUBJECT 

7.  As a data subject, you have the right to: 

  1. Know / be informed about the processing of your personal data; 
  1. Access your personal data and their processing. You have the right to contact the Company with a request to provide information on what personal data are processed about you and for what purpose; 
  1. Request the rectification of your personal data. If it is established that inaccurate or incomplete personal data are being processed by the Company, you have the right to submit a request for such data to be corrected or supplemented; 
  1. Request the deletion of your personal data (“the right to be forgotten”). You have the right to request the Company to delete your personal data under any of the following grounds: 
  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
  • You have withdrawn your consent on which the processing was based, and there is no other legal basis for the processing of your personal data; 
  • You object to the processing, and there are no overriding legitimate grounds for the processing; 
  • The personal data have been unlawfully processed. 
  1. Request the restriction of the processing of your personal data. You have the right to submit a request to the Company to restrict the processing of your personal data on any of the following grounds: 
  • You contest the accuracy of the data, for a period enabling the Company to verify the accuracy of the personal data; 
  • The processing of personal data is unlawful and you oppose the erasure of the data and request the restriction of their use instead; 
  • The Company no longer needs the personal data for processing purposes, but you require them for the establishment, exercise, or defense of legal claims; 
  • You have objected to the processing of the data pending the verification of whether the Company’s legitimate grounds override those of the data subject. 
  1. Object to the processing of personal data. You have the right to object to the processing of certain non-mandatory personal data. Such an objection may be expressed by not completing certain sections of documents or the order form in the Company’s online store, as well as later by submitting a request to terminate the processing of your non-mandatory personal data. Upon your request, the Company provides you with information on which of your data are processed on a non-mandatory basis. Upon receiving a request to terminate the processing of non-mandatory personal data, the Company shall immediately cease such processing, unless this would contradict legal requirements, and shall inform you accordingly; 
  1. Data portability, that is, you have the right to receive the personal data concerning you, which you have provided to the Company, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another data controller, and the Company must not hinder such transmission.

8.  The data subject rights specified in this Policy are exercised in accordance with the procedures established by the Regulation. 

9. The Company is obliged to examine a data subject’s request for the exercise of their rights under the Regulation and to provide a response in the manner specified in the request no later than within 1 (one) month from the date of receipt of the request. The response to the data subject shall be provided in the official language by the means chosen by the data subject: by registered mail, by hand delivery to the data subject or their representative, or by email. If the Company is unable, for objective reasons, to provide a response to the data subject in the requested manner, it shall respond via email, or, if the email address is unknown, by registered mail. This period may be extended by an additional two months, taking into account the complexity of the request and the number of requests under consideration. The Company must inform the data subject about the extension of the examination period and state the reasons for the extension within 1 (one) month from the date of receipt of the request. 

CHAPTER V 

DATA SECURITY MEASURES 

10. In safeguarding personal data, the Company implements and ensures appropriate organizational and technical measures designed to protect personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing. 

11. Only those individuals who have the right of access to such data and only insofar as it is necessary to achieve the purposes set out in this Policy shall have the right to access the personal data collected and processed by the Company. 

12. The Company ensures proper network management, maintenance of information systems, and the implementation of other technical measures necessary to guarantee the protection of your personal data. 

CHAPTER VI 

DISCLOSURE TO THIRD PARTIES 

13. In safeguarding personal data, the Company implements and ensures appropriate organizational and technical measures designed to protect personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing. 

14. Only those individuals who have the right of access to such data and only insofar as it is necessary to achieve the purposes set out in this Policy shall have the right to access the personal data collected and processed by the Company. 

15. The Company ensures proper network management, maintenance of information systems, and the implementation of other technical measures necessary to guarantee the protection of your personal data. 

CHAPTER VII 

USE OF COOKIES 

16. The information collected through cookies enables the Company to improve the functionality of the website, ensuring a convenient and efficient seach experience for you. 

17.The purposes of using cookies are: to respond to buyer inquiries and to calculate statistical data of website visitors. 

18. The primary cookies used on the Company’s website are as follows: 

Cookie Name 

Duration 

Purpose of Data Processing 

JSESSION32344 

6 months 

User actions on the website (Google Analytics) 

19. Consent to the placement of cookies is expressed by clicking “AGREE” or “OK” button when message appears on the website with the text: “We use cookies to ensure that the website is convenient for your use. If you continue browsing our website, it will be considered as your consent to the use of cookies.” 

20.The given consent may be withdrawn at any time by changing the settings of your internet browser and deleting the stored cookies. The method for doing so depends on the operating system and internet browser you are using. 

21.If stored cookies are deleted, some functions of the Company’s website may not operate as intended. 

22. No personal data of the data subject are collected through the use of cookies. 

23.During the placement of strictly necessary cookies, no information is provided to any third parties. 

CHAPTER VIII 

OTHER PROVISIONS 

24. The data of data subjects who have consented to the use of their data for direct marketing purposes are stored in active database and used for the period of 2 (two) years for direct marketing purposes. After this period (unless withdrawn earlier), the data subject’s data are immediately destroyed. The destruction of personal data is overseen by the responsible person appointed by the Company. 

25. Data subjects may at any time object to the use of their data for direct marketing purposes by clicking the active “Unsubsribe” link included in the sent offer or by informing the Company via SMS or email. 

CHAPTER IX 

POLICY CHANGES 

26. This Policy is regularly reviewed and updated, and its amendments are published on the website: https://www.mondetex.com/lt/. The Company undertakes to provide the technical means for the data subject / buyer to renew their consent to the updated Privacy Policy. 

27. Supplements or amendments to this Policy shall enter into force as of the date of their publication, i.e., from the day they appear on the website https://www.mondetex.com/lt/ . 

CHAPTER X 

CONTACT INFORMATION 

 

28. If you have any questions, comments, or complaints related to the personal data collected, used, and stored by the Company, you are kindly requested to contact us via email at info@mondetex.com or by registered mail to the Company’s headquarters at Pakalnės st. 7B, Domeikavos k., 54355 Kaunas District, or by telephone at +370 699 88501.