PRIVACY POLICY OF JSC VILNIUS LOCOMOTIVE REPAIR DEPOT WEBSITE WWW.VLRD.LT

I SECTION
GENERAL PROVISIONS

1.The privacy policy (hereinafter – the privacy policy) of the Joint-stock company Vilnius Locomotive Repair Depot website www.vlrd.lt (hereinafter – the website) provides the key principles and procedure of collection, processing, submission of the website users’ personal data.

2. The Joint-stock company Vilnius Locomotive Repair Depot (hereinafter – the company) processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and the Council of 27th of April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data which repeals Directive 95/46/EC (General Data Protection Regulation) (hereinafter –Regulation (EU) 2016/679), and in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter – the Law on Legal Protection of Personal Data).

II SECTION
KEY CONCEPTS

3. Personal data – any information relating to an identified or identifiable natural person (data subject), first of all, according to identifier, for instance, name and surname, personal identification number, location data and online identifier or according to one or more factors specific to the physical, physiological, genetic, psychological, mental, economic, cultural and social identity of that natural person.

4. Recipient – a natural or legal person, public authority, agency or any other body to which the personal data are disclosed, whether it is a third party or not.

5. Data subject – a natural person – a user of the website whose personal data are processed.

6. Data processing – any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, familiarization, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction.

7. Data processor – a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the company.

8. Data controller – the Joint-stock company Vilnius Locomotive Repair Depot, legal entity code 126280418, Švitrigailos St. 39, Vilnius, phone: (8 5) 269 2035, e-mail: [email protected], [email protected]

9. Cookie – a small piece of data which is automatically created by browsing a website and stored on the computer or another terminal equipment.

10. Other concepts used in this privacy policy shall be understood in accordance with the definitions contained in Regulation (EU) 2016/679 and the Law on Legal Protection of Personal Data.

III SECTION
PROCESSED PERSONAL DATA, PURPOSES OF THEIR PROCESSING AND WAYS OF RETRIEVAL

11. The company processes the following personal data of the website users:
11.1. automatically collected from computers and (or) mobile devices of the website users with the help of cookies and other similar technologies:
11.1.1. the time and duration of access to the website;
11.1.2. IP address;
11.1.3. used browser;
11.1.4. the type and parameters of the used device.
11.2. submitted by a user of the website when contacting the company with a request, suggestion or a complaint:
11.2.1. name and surname;
11.2.2. e-mail address;
11.2.3. telephone number.

12. The company processes personal data of the website users provided in Clause 12 of the privacy policy for the following purposes:
12.1. to deal with personal requests, suggestions and complaints;
12.2. to ensure effective and safe functioning of the website, to make it more convenient.

13. The company retrieves personal data of the website users in the following ways:
13.1. automatically by using the website (these personal data are retrieved from cookies and other similar technologies);
13.2. directly from a user of the website, for instance, when contacting the company with a request, review, complaint.

IV SECTION
LEGAL GROUNDS FOR PERSONAL DATA PROCESSING

14. The company shall process personal data of the website users indicated in Clause 11 of the privacy policy on the basis of the following grounds provided in Regulation (EU) 2016/679:
14.1. implementing its legitimate interests (to deal with and respond to the requests, complaints or suggestions, etc. of the website users);
14.2. following the requirements of legal acts.

V SECTION
PROTECTION OF PERSONAL DATA AND TIME LIMITS FOR THE STORAGE

15. The company shall protect personal data from loss, unauthorized access and alterations. The company shall implement physical and technical measures in order to protect all collected information. It is recalled that no website, online operation, computer system or wireless connection is completely safe though we implement proper actions to protect your information.

16. The company shall process personal data of the website users only for the time necessary for the purposes of personal data processing indicated in Clause 12 of the privacy policy.

17. The company shall store your data for the period of 3 years from the last day the data subject used our services or content. At the end of this period the data shall be erased so that they would not be restored.

VI SECTION
SUBMISSION OF PERSONAL DATA

18. When implementing personal data processing purposes indicated in Clause 12 of the privacy policy, the company may provide personal data of the website users to the following third parties:
18.1. data processors (providers of informational technologies services, companies performing the analysis of online browsing and online activities, and similar);
18.2. courts, pre-trial investigation bodies, state or municipal institutions that have the right to receive personal data according to legal acts or when the company provides personal data to these subjects in order to protect its legitimate interests.

19. If a need to provide personal data of the website users to third parties or international organizations existing outside EEA territory arose, the company shall take all possible measures to ensure the safety of transferred personal data and shall perform the transfer of data in accordance with:
19.1. The European Commission’s decision on adequacy which indicates that the European Commission has recognized the state, where the third party is established and (or) operates, as ensuring the adequate level of personal data protection; or
19.2. and agreement signed with the third party and based on standard contractual clauses approved by the European Commission; or
19.3. authorization received from the State Data Protection Inspectorate;
19.4. other available personal data protection measures and derogations, when possible.

VII SECTION
RIGHTS OF DATA SUBJECTS

20. The company, in accordance with Regulation (EU) 2016/679, provides the following rights to the website users (data subjects):
20.1. to receive information on personal data that we process, whence and how personal data are collected and the basis on which the company processes them;
20.2. to contact the company with the request to correct their personal data, terminate their processing, withdraw the consent to collect and process their personal data provided to the company (if such consent was given), destroy the data if they were incorrect, incomplete inaccurate, or they are no longer necessary for the purposes of collection. In such case, the data subject shall submit a request upon which the company shall verify the provided information and shall take all necessary actions;
20.3. to contact the company with the request to destroy personal data or terminate the processing of such personal data, disagree with the processing of personal data when these data are processed or intended to be processed for the purposes specified above or on the basis of legitimate interest pursued by the company or a third party to which personal data are provided;
20.4. to request to transfer their personal data;
20.5. the right to submit a complaint to the State Data Protection Inspectorate (e-mail: [email protected]).

21. A user of the website (data subject) may implement the rights specified in Clause 21 of the privacy policy:
21.1. by personally providing a request to implement the rights to the company or an employee responsible for the protection of data in the company at the addresses indicated in Clause 28 of the privacy policy. The user of the website shall submit an identity document (a passport, an identity card or a driving licence) together with the request; or
21.2. by submitting the request to the postal addresses or e-mail addresses indicated in Clauses 28.1 and 28.2 of the privacy policy, addressed to the company or the company’s employee responsible for the protection of data. The user of the website shall submit the copy of an identity document (a passport, an identity card or a driving licence) approved by a notary or under another procedure determined by legal acts together with the request to implement the rights.

VIII SECTION
COOKIES USED AND THEIR REFUSAL

22. In order to ensure effective and safe functioning of the website, make it more convenient, the company uses the following cookies:

Name Period Purpose
PHPSESSID 1 year Protects session data
pll_language 1 year Remembers the user’s language selection
pll_language 1 year Remembers the user’s language selection

23. The user of the website may refuse cookies stored on his/her computer or another device. This can be achieved by changing the settings of the browser (Internet Explorer, Safari, Firefox, etc.)– by deactivating the cookies (one or all of them) or by activating them respectively.

24. The deactivation of cookies may affect the browsing speed or some functionalities of the browser.

25. The user of the website may learn about the management of cookies at http://www.allaboutcookies.org/manage-cookies/.

IX SECTION
CONTACT INFORMATION

26. If the user of the website has questions on personal data processing, provisions of the privacy policy or wish to implement his/her rights as a data subject, he/she may refer to:
26.1. The company’s employee responsible for the protection of data at Puškino St. 1, Radviliškis, phone: 8 614 60987, e-mail: [email protected];
26.2. The company at Švitrigailos St. 39, Vilnius, phone: (8 5) 269 2035, e-mail: [email protected]

X SECTION
SOCIAL NETWORKS

27. All information which is provided by the data subject to the company through social media (including messages, use of Like and Follow fields, and other communication means), is managed by the controller of the social network.

28. The website contains links to the company’s accounts on social networks. Currently, the company maintains the following accounts:
28.1. on Facebook the privacy notice of which is available at https://www.facebook.com/privacy/explanation;
28.2. on LinkedIn the privacy notice of which is available at https://www.linkedin.com/legal/privacy-policy.

29. The company recommends reading privacy notices of third parties and contacting providers of services directly if the data subject has any questions regarding the use of his/her personal data.

XI SECTION
FINAL PROVISIONS

30. The privacy policy is revised at least once within 2 (two) years. After updating its privacy policy, the company shall inform users of the website about substantial changes by posting a notice on the website.

31. The company recommends users of the website to check whether the privacy policy was updated.