PRIVACY AND COOKIE POLICY OF JSC ELMO TEECHNOLOGIJOS

  1. General Provisions

1.1.         The Privacy and Cookie Policy (hereinafter referred to as the Policy) of JSC ELMO Technologijos, legal entity code 302430911, registered office at Konstitucijos pr. 12, Vilnius (hereinafter referred to as the Company) specified the grounds for the collection, handling and protection of data which the Company collects on the users of its on-line store, the visitors of its shops, the Company’s customers, and persons interested in the services provided by the Company (hereinafter referred to as the Subjects). The Subjects are hereby encouraged to carefully read the present Policy in order to fully understand the Company’s approach and practices related to the Subjects’ data and the procedures for the handling thereof.

1.2.         The Subject’s data shall be collected and handled only for the purposes specified in the present Policy.

1.3.         The present Policy shall apply to all Subjects, including Subjects not registered at the on-line store.

1.4.         The Company shall be deemed the handler of the Subject’s data.

 

  1. Subjects’ Data Collected by the Company

2.1.         The Company shall have the right to collect and handle the following data on the Subjects:

2.1.1.     data specified by the Subjects in filling out the forms provided by the on-line store at www.elmo.lt (hereinafter referred to as the Website). The aforesaid data shall consist of the relevant Subject’s name, surname, e-mail address, phone number, delivery address, names of the ordered goods, payment details and other information provided in the registration form, at the time of registration at the on-line store, placing orders, delivering messages within the internal messaging system, sending requests for additional services and reporting malfunctions.  The Company shall also have the right to prompt Subjects to complete other forms necessary to provide them with the opportunity to take part in various competitions, games and other events organised by the Company;

2.1.2.     data related to the placement and processing of the Subjects’ orders when Subjects order goods and services from the Company by visiting its shops or by contacting the Company via e-mail or by other means, including the relevant Subjects’ name, surname, e-mail address, phone number, delivery address, name of the purchased goods or services, and data related to the payment for said goods or services;

2.1.3.     all correspondence between the Subjects and the Company (including on the Website, via e-mail or chat window, on the Company’s Facebook account, by text messages and other means of communication);

2.1.4.     data on the Subject’s browsing history in the on-line store, Subjects’ history of the purchased goods and services, and data related thereto;

2.1.5.     the Subjects’ names, surnames, e-mail addresses and phone numbers, provided said data is being handled for marketing purposes and the relevant Subject has given his/her express consent or such handling;

2.1.6.     Subject’s IP addresses;

2.1.7.     audio recordings of conversations with Subjects calling at the number +370 683 28383;

2.1.8.     video recordings of Subjects caught on camera at the Company’s premises.

2.2.         The Subjects shall bear the responsibility for submitting true and correct data.

 

  1. Cookies and their Uses

3.1.         Cookies may be installed on the Subject’s computers (devices) as they browse the Website. The recorded information shall be used by the Company to recognise the relevant Subject, save information on goods in the Subject’s basket, and collect web statistics. The Subjects shall have the right to review the information (cookies) installed/recorded by the Company, and to subsequently delete them all or part thereof. Subjects shall have the opportunity to give consent to the Cookies specified in the present Policy being installed on their computers (devices), while browsing the Website. Subjects shall have the right to retract said consent at any time by altering the settings of their web browser, which may result in some of the functions of the Website becoming inaccessible.

3.2.         The Website shall use the following Cookies:

 

Name of the Cookie

Description

Moment of creation

Period of validity

Data used

PHPSESSID

Standard cookie used for maintaining the user’s session.

Upon entering the web page

Prior to closing the window

Unique identifier

_hjIncludedInSample

Hotjar Cookie The session Cookie is used to inform the Hotjar whether the relevant visitor has been included in the sample used for generating funnels

Upon entering the web page

1 year

Unique identifier

crisp-client

Used for maintaining the user’s session between Crisp Live Chat.

Upon entering the web page

Prior to closing the window

Unique identifier

_gid

Google Cookie used for distinguishing between users

Upon entering the web page

24 hours

Unique identifier

optimizelyPendingLogEvents

Used as cache of the relevant user’s actions in between tracking requests. Ensures that all events are effectively tracked, even in cases where the relevant user performs many actions in quick succession. Cookie deleted after performing a tracking request.

Upon entering the web page

15 seconds

Unique identifier

optimizelyBuckets

Stores experiments and versions the relevant user was included into.

Upon entering the web page

1 year

Unique identifier

optimizelySegments

Stores information on the relevant user’s Optimizely Classic segments: browser, campaign, mobile device, source type and all optional dimensions which have been selected. Allows for ensuring the Cookie’s continued dependence on the segment, which improves the accuracy of segmented results.

Upon entering the web page

10 years or chosen by the user

Unique identifier

optimizelyEndUserId

Stores the relevant user’s unique Optimizely identifier, both when using Optimizely Classic and Optimizely X Web. A combination of time stamp and random number. No internal information is stored on you or your visitors.

Upon entering the web page

10 years or chosen by the user

Unique identifier

p_popup_uh

Used for storing information on the pop-up windows seen and hidden by the relevant user.

Upon first entering the web page

1 year

Unique identifier

rated_[whole numbers]

Used for collecting information for the telia.lt website content management system on the survey answer of the relevant user.

Upon first entering the web page

1 year

Unique identifier

C, cid, TPC, GCM, uid

Used for creating a random ID for every user in order to identify repeat visitors. Used for identifying users’ browsing habits on the website.

Upon first entering the web page

Browsing session or up to 60 days

Unique identifier

_utma, _utmb, _utmc

Google Analytics tracking cookies. Information is sent to the server anonymously. Used to identify unique visitors and track users’ sessions. For more information see the Google website.

Upon first entering the web page

30 minutes, 6 months, and 2 years, respectively

Records use IP addresses and unique ID numbers. Record results are statistical. Counter records are obtained via Google Analytics.

_utmz

Google Analytics tracking cookies. Information is sent to the server anonymously.

Upon first entering the web page

Before closing the browser

Records use IP addresses and unique ID numbers. Record results are statistical. Counter records are obtained via Google Analytics.

www_order_omnitel_lt

Used for achieving the functionality of the website.

Upon entering the web page

Prior to closing the window

Unique identifier

atm_adt4, atm_cat, atm_...

AB ADTARGET.ME cookies. Information is sent to the server anonymously. For more information see http://www.adtarget.me/lt/privatumo-politika/.

Upon first entering the web page

14 days or 12 months, respectively.

Unique identifier

gtest, gdyn

Used for storing information on the websites seen by the relevant user, visit duration, and may be used for anonymously describing users’ characteristics based on their browsing habits.

Upon first entering the web page

5 year

Unique identifier

UID

Used for collecting information on active users and in order to identify unique users by assigning them with a unique identifier (ID).

Upon first entering the web page

Up to 60 days

Unique identifier

adnKeyTarget…

Used for collecting information on active users and in order to identify unique users by assigning them with a unique identifier (ID).

Upon first entering the web page

5 years

Unique identifier

ntsprnt

DMP group identifier.

Upon first entering the web page

Up to 30 days

Unique identifier

LimitatorInformer_Engine…

Used for collecting information on active users and in order to identify unique users by assigning them with a unique identifier (ID).

Upon first entering the web page

1 years

Unique identifier

_vwu_uuid

_vis_opt_test_cookie

_vis_opt_exp_71_combi

debug_vis_opt_s

_vis_opt_s

Used for collecting information on users and tracking their browsing habits.

Upon first entering the web page

3 months

Unique identifier

splitVar2

Used for collecting information on users and comparing their browsing habits.

Upon first entering the web page

2 years

Unique identifier

Inspectlet cookies:

_insp_identity

_insp_norec_sess

_insp_nv

_insp_ref

_insp_slim

_insp_targlptx

_insp_targlpu

_insp_uid

_insp_wid

Used for collecting information on users’ actions while browsing the website and using its functionalities (video, forms, buttons, etc). Used for assessing users’ browsing experience and identifying shortcomings in the website’s functionality.

Upon first entering the web page

1 years

Unique identifier

Google Tag Manager and Google Analytics cookies:

_dc_gtm_UA-4238681-1

Used for collecting information on users’ behaviour and optimising suggestions later deployed on other websites.

Upon entering the web page

8 hours

Unique identifier

_dc_gtm_UA-4238681-28

Used for collecting information on users’ behaviour and optimising suggestions later deployed on other websites.

Upon entering the web page

8 hours

Unique identifier

_ga

Used for collecting information on users’ behaviour and storing statistical information.

Upon first entering the web page

2 years

Unique identifier

_gat_UA-4238681-28

Used for collecting information on user’s behaviour and in order to identify unique users by assigning them with a unique identifier (ID).

Upon entering the web page

8 hours

Unique identifier

viewedOuibounceModal

Used for presenting users with surveys and to ensure that they see them only once.

Upon entering the web page

Prior to closing the window

Unique identifier

 

  1. Protection of the Subjects’ Data

4.1.         Data collected from Subjects by the Company may be handled by the employees of the Company or its suppliers. In cases where the Subjects’ data is handled by the Company’s suppliers (i.e., data handlers), the Company has entered into appropriate contracts with said handlers which regulate their duties. Data handlers shall have the right to handle personal data only in accordance with instructions issued by the Company, and only to the extent that such handling is necessary to properly discharge the obligations specified in the contract.The transfer of Subjects’ data to suppliers (data handlers) may be related to the processing of Subjects’ orders and the handling of their payment data. By submitting their personal data, Subjects agree to such transfers and handling thereof. The Company shall take all reasonable measures to ensure the secure handling of Subjects’ data which does not violate the provisions of the present Policy.

4.2.         Data submitted by the Subjects shall be stored in the Company’s servers or as paper copies of the relevant documents. In cases where Subjects are provided with (or freely choose their own) passwords which grant them access to certain functions of the on-line store, responsibility for the confidentiality and non-disclosure of said passwords to third parties shall be assumed by the Subjects themselves.

4.3.         In the event the Company has any doubts about the soundness of the data submitted by the Subjects, the Company shall have the right to terminate the handling of (and inspect and verify) the relevant data.

 

  1. Subjects’ Consent Regarding the Handling of Data for the Purposes of Direct Marketing

5.1.         By placing an appropriate mark regarding the collection of personal data for direct marketing purposes during the placement of orders, Subjects thereby express their consent to receive news and advertising information from the Company.

5.2.         Subjects shall have the right to refuse the submission of personal data for direct marketing purposes, or contact the Company at any time, retracting their consent regarding the handling of data for the purposes of direct marketing. In order to exercise their right to reject the handling of data for direct marketing purposes, Subjects shall unmark the appropriate box in the registration form or click on the relevant link provided in direct marketing offers.  Subjects may also notify the Company of their retraction of consent by sending an appropriate letter at the following address: info@elmo.lt.

5.3.         The Company shall store the Subjects’ data used for direct marketing purposes for 10 years following the relevant Subject’s consent, unless the Subject retracts his/her consent at an earlier date.

5.4.         Other rights of the Subjects related to the handling of their data are specified in Clause 9 of the present Policy.

 

  1. Time Limits for the Retention of Subjects’ Data

6.1.         Subjects’ data related to electronic commerce shall be retained for 7 years following the relevant Subject’s latest log-in at the on-line store.

6.2.         Subjects’ data related to the ordering of goods or services during a visit to a Company shop, via e-mail or by other means shall be retained for 7 years following the processing of the relevant Subject’s order.

6.3.         Subject’s data used for direct marketing purposes shall be retained by the Company for a period specified in Clause 5.3 of the present Policy.

6.4.         Subjects’ data submitted by placing an order for goods or services via the chat window of the Website, via the Company’s Facebook account, e-mail or by other means shall be retained for 2 years following the relevant Subject’s last interaction with the Company 

6.5.         Audio recordings of conversations held with Subjects calling at the number +370 683 28383 shall be retained for 30 business days, unless the assurance of the quality of customer service requires said recordings to be retained for longer.

6.6.         Video recordings of Subjects caught on cameras installed on the Company premises shall be retained for 30 business days, unless the assurance of personal safety or the protection of property requires a specific recording to be retained for longer.

6.7.         In cases where the retention of paper or electronic documents is required by legislation (e.g., legislation approved by orders of the Chief Archivist of the Republic of Lithuania), such documents shall be retained for a period which does not exceed the specific requirements.

 

  1. Purposes of the Handling of Subjects’ Data

7.1.         The Company shall handle Subjects’ data for the following purposes:

7.1.1.      the provision of services to Subjects (clients);

7.1.2.      the drawing up of sales and purchase agreements with Subjects (clients) and the performance of such agreements;

7.1.3.     debt recovery;

7.1.4.     the assurance that contents of the on-line store are presented in a way that’s most effective and appropriate for Subjects;

7.1.5.     the development of services, the analysis of statistical data, and the orientation of direct marketing;

7.1.6.      the assurance that Subjects receive information on goods and services they desire;

7.1.7.     the processing and administration of the Subjects’ requests regarding the submission of information;

7.1.8.      the provision of advertising information in cases where Subjects have granted their consent regarding the handling of personal data for direct marketing purposes;

7.1.9.     the notification of Subjects regarding changes to the services rendered by the Company;

7.1.10.  the assurance of the quality of customer service;

7.1.11.  the assurance of the safety of Subjects caught on camera, and the protection of the property of said Subjects and the Company.

 

  1. Disclosure of Data

8.1.         The Company shall have the right to disclose the Subjects’ data to any company belonging to the Company group, including, but not limited to, the Company’s subsidiaries and the final holding company and its subsidiaries, as defined in Article 5 of the Law on Companies of the Republic of Lithuania.

8.2.         Subjects’ data may be disclosed to third parties only in the following cases:

8.2.1.     in case of plans to sell a part of the Company’s business or property which require the disclosure of the Subjects’ data to potential buyers;

8.2.2.     in case such transfer or sharing of the Subjects’ data is required pursuant to legislation (e.g., to courts, Lithuanian police forces, the Prosecutor’s Office of the Republic of Lithuania, other public authorities, etc.) or necessary for the application or performance of guarantees, return policies extended to goods, and all other contracts entered into with Subjects, as well as the protection of the rights of clients and other persons, the assurance of safety, and the protection of property.

 

  1. The Rights of Subjects

9.1.         The Subjects shall have the following rights:

9.1.1.     to be notified of the handling of their data;

9.1.2.     to be notified, upon placing an order with the Company, of the types of data collected and the sources thereof, the purposes of the handling of such data, and the entities which receive their data (or have received it during the past year).  Information shall be provided to Subjects at their specified e-mail addresses no later than within 30 days following the request for the provision of such data. The Company shall provide such data to Subjects once per calendar year free of charge;

9.1.3.     to demand, upon submitting a request, the correction of unsound, incomplete, or inaccurate data and/or the submission of the handling, but not the retention, of such data, provided the relevant Subject has determined that his/her personal data is unsound, incomplete, or inaccurate, or handled unlawfully or unfairly. The Company shall immediately notify the relevant Subject of the Company’s compliance or non-compliance with the Subject’s request to correct, erase or terminate the handling of his/her personal data.

9.1.4.     upon submitting a request, Subjects shall have the right to receive the personal data they had submitted to the Company in a systematised, common computer format in order to allow for the possibility of transferring said data to another data handler (the right to data portability);

9.1.5.     to refuse the submission of data for direct marketing purposes, as specified in Clause 5.2 of the Policy;

9.1.6.     upon submitting a request, Subjects shall have the right to demand the Company to erase his/her personal data, provided the relevant person had refused to grant (or had retracted) his/her consent to data handling (the right to be forgotten), except in cases where the Company is unable to erase the relevant Subject’s data because said data is necessary for the performance of the contract or mandatory legislation; 

9.1.7.     Subjects shall have the right to receive information on violations of the security of their data. The Company shall undertake to notify Subjects of any dangers to their data (e.g., in case the Company server has become compromised, etc.) via the Subject’s e-mail (if such is known to the Company) within 72 hours upon learning of such dangers;

9.1.8.     Subjects shall have the right to lodge complaints to the State Data Protection Inspectorate regarding any disagreements with the Company’s acts or omissions thereof.

9.2.         All inquiries and requests related to Subjects’ data shall be sent at the Company’s e-mail: info@elmo.lt. Subjects may also submit their requests by arriving at the Company’s office. In all cases (i.e., regardless of whether a request has been sent via e-mail or delivered in a physical format), the representative of the Company responsible for receiving the request shall have the right to demand a personal identity document or an appropriately authorised copy thereof.

9.3.         The Company shall reply to Subjects’ inquiries and requests no later than within 30 thereafter.

 

  1. Entry into Force of and Amendments to the Policy

10.1.      The Policy shall enter into force on 25 May 2018.

10.2.      Any amendments to the present Policy shall be published on the Website. In certain cases, Subjects shall be notified of such amendments via e-mail.

 

  1. Contact Details

11.1.      Subjects’ questions, comments and requests related to the Policy may be submitted at the e-mail: info@elmo.lt