1. General provisions
1.1. This Privacy Policy (hereinafter – Policy) regulates UAB EAST ISLAND registered office: Žalgirio g. 88, Vilnius, legal entity code 300131102 (hereinafter – we), the principles of the processing of personal data when you visit UAB EAST ISLAND centres or UAB EAST ISLAND centres or by purchasing our services at internet website: https://www.eastisland.lt/, hereinafter – Website).
1.2. We want to ensure that users of our services, visitors to the Website and others whose personal data we process have full confidence in our services and are transparent about how we process their data. In this Policy you will find information about how we collect and use (or wish to collect and use) your personal data.
1.3. We are guided by the following data processing principles in the course of our activities:
1.3.1. Personal data must be processed in a lawful, fair and transparent manner in relation to the data subject (principle of lawfulness, fairness and transparency);
1.3.2. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes shall not be considered as incompatible with the original purposes (purpose limitation principle);
1.3.3. Personal data must be adequate, relevant and only necessary for the purposes for which they are processed (principle of data minimisation);
1.3.4. Personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are not accurate in relation to the purposes for which they are processed are erased or rectified without undue delay (principle of accuracy);
1.3.5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be retained for longer periods if the personal data are to be processed solely for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, subject to the implementation of the appropriate technical and organisational measures necessary to safeguard the rights and freedoms of the data subject (the principle of the limitation of the duration of storage);
1.3.6. Personal data must be processed in such a way as to ensure, by means of appropriate technical or organisational measures, adequate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (principle of integrity and confidentiality);
1.3.7. We are responsible for ensuring compliance with the above principles and must be able to demonstrate compliance (accountability principle).
1.4. This Policy has been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as the GDPR), Republic of Lithuania Law on Legal Protection of Personal Data (hereinafter – LLPPD), as well as with the other legislative acts of the European Union and the Republic of Lithuania. Terms used in the Policy shall be understood as they are defined in the GDPR and the DPA.
2. Collection, storage and processing of personal data
2.1. It is very important that you read the Policy carefully, because when you visit the Website and use our services, this Policy will be directly applicable to the collection, processing and, in the cases provided for in the Policy, transfer of your personal data to data recipients.
2.2. If you do not agree with this Policy and the processing of personal data described in it, please do not visit the Website and/or use our services.
2.3. By submitting personal data, you grant us the right to collect, store, systematize, use and process, for the purposes set out in this Policy, all the personal data that you directly or indirectly provide when visiting the Website and using its services.
2.4. You are responsible for ensuring that the information you provide to us is accurate, correct and complete. Knowingly entering incorrect data is considered a breach of the Policy. If the data provided by you changes, you must immediately inform us. Under no circumstances shall we be liable for any damage caused to you and/or third parties as a result of the fact that you have provided incorrect and/or incomplete personal data or that you have not asked for the data to be updated and/or amended as a result of a change in data.
2.5. If you provide the data of another natural person when purchasing an e-gift coupon or service on the Website, you undertake to ensure that the data provided is accurate and non-excessive in relation to the nature of the e-gift coupon or service sale and delivery services.
2.6. Access to the data is provided by IT and server hosting service providers acting as data processors, with whom we, as the data controller, have concluded agreements in the form and content required.
2.7. In some cases we can reveal your information to other subjects:
2.7.1. To comply with the law or in response to a mandatory court order (e.g. following a court order to provide data);
2.7.2. To confirm the legality of our actions;
2.7.3. To protect our rights, property or security;
2.7.4. In other cases, with your consent or at your lawful request.
3. Processing of personal data for the provision of services
3.1. As part of our business activities, we provide the following services to our clients. Accordingly, we process our customers’ data as a data controller where the data is necessary for the performance of the contract.
3.2. For the purpose of providing the Services, we process the following groups of personal data:
3.2.1. Name;
3.2.2. Surname;
3.2.3. Email address;
3.2.4. Phone number.
3.3. Data is collected directly from the customers.
3.4. In the event that our customer purchases a gift voucher, we also process the name of the person to whom the gift voucher will be addressed and the information that the customer chooses to include in the greeting text. This data concerning the recipient of the gift voucher shall be processed solely for the purposes of issuing the gift voucher and in connection with the provision of services.
4. Conducting e-commerce
4.1. In order to enable you to shop in the e-shop on the Website and to reserve a service time, we process the following personal data about you for the purpose of providing this service:
4.1.1. Name;
4.1.2. Surname;
4.1.3. Phone number;
4.1.4. Email address;
4.1.5. Purchase amount;
4.1.6. If you pay by bank transfer, your bank account details.
4.2. The legal basis for the processing of your personal data for the purpose of conducting e-commerce is the need to process the data provided in order to enter into and perform the contract that you enter into when purchasing our goods.