APPROVED
Order No SM-03/09/2018
of the Director of 4 September 2018
On the Approval of Privacy Policy Rules
PE ACTIVE VILNIUS
PRIVACY POLICY RULES,
adopted based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
I. KEY DEFINITIONS
Public Establishment Active Vilnius, institution code 302682862, registration address Vėtrungių str. 45A, 06305 Vilnius, contacts: e-mail: info@activevilnius.lt, tel. number + 370 5 203 4815. Hereinafter in the Rules for the processing and use of personal data referred to as the Company.
Websites mean websites available at www.lazdynubaseinas.eu, www.activevilnius.lt, www.sportofestivalis.lt.
Visitor means a natural person with legal capacity, i.e. a person who has reached the age of majority, whose capacity is not limited by court procedure and who visits the Websites and/or registers for events organised by the Institution.
Social accounts mean accounts of the Institution on Facebook, Twitter or other social networks that provide information about the services provided on the Websites.
Services mean all event organisation services provided to visitors on the Website.
Browser means a program designed to display Web pages (web pages) on a World Wide Web or a personal computer.
Personal data means any information relating to a natural person, a data subject whose identity is known or can be identified, directly or indirectly, by reference to data such as an identification number, one or more factors specific to the physical, physiological, psychological, economic, cultural or social character of a person.
Privacy Policy means this document that lays down the basic rules for collecting, accumulating, processing and storing Personal Data when using Websites.
IP address means a unique number assigned to each computer connected to the Internet, known as an Internet Protocol (IP) address and by which a person can be identified.
Direct marketing means activities aimed at offering services to visitors of the Websites by e-mail, telephone or other direct means and/or seeking their opinion on the services offered.
II. GENERAL PROVISIONS
The Privacy Policy of the Websites provides the basic rules for the collection, accumulation and processing of Personal Data when visitors use the services offered on the Websites.
The Privacy Policy is designed to protect and defend the Personal Data of visitors to the Website from unauthorised use.
Persons are considered familiar with this Policy when, when filling in the registration form, they tick that they agree to the rules of registration for events organised by the Institution, of which this Policy is an integral part.
The Privacy Policy Rules aim to regulate the processing of personal data on the Institution’s Websites, ensuring compliance and implementation of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other related legal acts.
The Institution collects Personal Data for the proper organisation and execution of events with the prior consent of the Data Subjects for the collection and processing of Personal Data of the Data Subjects.
The Institution collects the Personal Data of the visitor, which he or she voluntarily submits by e-mail, registered post, fax, telephone, directly arriving at the Institution’s place of activity, registering to the Institution’s Websites or using the Institution’s websites without registration.
The Institution collects and manages the Personal Data defined below, which persons wishing to register for events organised by the Institution submit to one of the Websites managed by the Institution as follows:
Data Subject |
Name, surname |
Date of birth | |
Tel. number | |
Sex | |
Address of the place of residence | |
Settlement account No |
The Personal Data of Data Subjects who have completed the registration form for the event may be published on the Websites only with the prior consent of the Data Subject.
Websites of the Institution may contain links to and from the websites of the Institution’s partners, advertising providers and related persons. Please note that the websites of other persons to which visitors enter when choosing links on the Websites have their own privacy policies and the Institution assumes no responsibility for these privacy policies. It is recommended that visitors familiarise themselves with the privacy policies of these other websites before submitting any personal data about them.
III. PROCEDURE FOR THE STORAGE AND USE OF PERSONAL DATA
The Institution confirms that the Personal Data specified by the Visitor will be processed only to properly provide visitors with the services provided on the Website and related to events. The Institution also confirms that the Personal Data specified by the Visitor will be processed for Direct Marketing purposes, if such consent is given and not withdrawn by the Visitor.
By using the services provided by the Institution, the Data Subject may voluntarily consent to the use of the Personal Data provided by the Data Subject for the Institution's marketing purposes, by actively expressing his/her consent in the special section of the relevant form to the processing of Personal Data for the provision of information notifications, by ticking and confirming the final terms and conditions of consent with his/her signature or by agreeing in a special electronic form on the websites managed by the Institution at www.lazdynubaseinas.eu, www.activevilnius.lt, www.sportofestivalis.lt.
The period of storage of Personal Data to be used for Direct Marketing purposes shall be two calendar years from the moment such data is provided.
The Institution shall undertake not to disclose the Visitor’s Personal Data to third parties, except in the following cases:
If there is a Visitor’s consent to the disclosure of Personal Data;
Partners of the Institution providing sports and/or leisure services or other services related to the proper implementation of services ordered by the Visitor;
The Institution may also transfer the Visitor’s Personal Data to third parties who act as Data Processors on behalf of the Institution. Personal Data may be provided only to those Data Processors with whom the Institution has signed relevant contracts or cooperation agreements containing provisions discussing the transfer/provision of personal data, and the Data Processor shall ensure adequate protection of the transferred personal data;
In all other cases, the Personal Data of Visitors may be disclosed to third parties only as per the procedure laid down by the legal acts of the Republic of Lithuania. The Institution may transfer the Personal Data of the Data Subject to governmental or law enforcement authorities upon their request.
Despite the fact the Institution makes all reasonable efforts to protect personal data, the Institution cannot guarantee the secure transmission of data on the Websites. Any data transfer procedures shall be carried out exclusively at the risk of visitors. From the moment of receipt of the data, the Institution shall apply particularly strict procedures for the protection of the Personal Data of visitors, as well as technical and organisational measures to ensure protection against unauthorised access to Personal Data.
The Institution shall use visitors’ Personal Data to:
- Ensure that the content of the Websites is presented in the most efficient and appropriate way for visitors;
- Provide visitors with information, and services that visitors wish or which might be of interest to visitors if visitors have given their consents to be informed for this purpose;
- Visitors would be informed about changes in the services provided by the Institution.
The institution also uses the contact details of visitors who have acquired services for market research purposes to assess the satisfaction of the Institution’s clients with the activities of the Institution and, in this context, to improve the quality of the Institution’s activities. Responses submitted to messages and/or calls sent for this purpose are anonymous. If the Visitor does not wish to receive such notifications and/or calls, he/she may inform the Institution about the refusal of such notifications by e-mail info@activevilnius.lt.
The Websites of the Institution may collect certain information about visits of visitors, such as: (i) Internet Protocol (IP) address through which the Visitor accesses the Internet; (ii) The date and time of the visit by the Visitor to the websites of the Institution; (iii) Other web pages that the Visitor visits while on the Websites of the Institution; (iv) The browser used; (v) Information about the operating system of the Visitor’s computer; (vi) Mobile app versions; (vii) Language settings. If the Visitor uses a mobile device, data may also be collected to detect the type of mobile device, device settings, as well as geographical (longitude and latitude) coordinates. This information shall be used to improve the Institution’s Websites, analyse trends, improve products and services and administer the Institution’s Websites. The Visitor shall voluntarily provide this data by using the services provided by the Institution, having become a registered visitor of the Websites of the Institution or visiting the Websites of the Institution.
IV. RIGHTS OF WEBSITE VISITORS
Website visitors shall have the following fundamental rights:
- Be aware of the processing of their personal data;
- Familiarise themselves with their personal data and how they are processed;
- Request the rectification or destruction of the visitor’s personal data held by the Institution;
- Object to the processing of the visitor’s personal data.
The Visitor, having submitted a written request (together with a document confirming personal identity), shall have the right to familiarise himself/herself with the Personal Data of the visitor stored and processed in the Institution and to receive information from which sources and what Personal Data of the visitor have been collected, for what purpose they are processed and to whom they are provided. Upon receipt of the Visitor’s request, the Institution shall, at least within 30 calendar days from the date of receipt of the Visitor’s request, provide the requested data or indicate the reasons for refusing to satisfy such request in the same form as the Visitor has applied or the Visitor has agreed to receive information about the data in another manner proposed by the Institution.
A Visitor may submit a request for access, correction or cancellation of Personal Data collected by the Institution in his/her respect by e-mail info@activevilnius.lt or by registered post to the Institution’s address Vėtrungių str. 45A, 06305 Vilnius.
The Visitor, among other things, shall have the right to refuse to provide Personal Data and object to the Privacy Policy. In this case, the Visitor will not be able to purchase services on the Websites, as the requested data may be necessary to properly provide the services requested by the Visitor.
At the moment of transfer and acceptance of services, the staff of the Institution may ask the Visitor to provide a personal identity document, which shall be used only for the proper identification of the person. In this case, no copies of the identity document shall be made.
The Institution shall ensure, with internal organisational and technical measures, that the Personal Data provided by the Visitor on the Websites shall be protected against the following any unlawful actions: (i) Unlawful modification of Personal Data; (ii) Disclosure; (iii) Destruction; (iv) Identity theft; (v) Fraud.
Any request or instruction related to the processing of Personal Data must be submitted by the Visitor to the Institution in writing in one of the following ways: (i) By sending such request or instruction to the Institution by registered post to Vėtrungių str. 45A, 06305 Vilnius; or (ii) By sending such a request or instruction to the following e-mail address: info@activevilnius.lt.
Complaints of persons regarding incorrect or unlawful processing of Personal Data shall be examined by the State Data Protection Inspectorate, registered office address Vėtrungių str. 45A, 06305 Vilnius, www.ada.lt.
V. FINAL PROVISIONS
The Privacy Policy can be accessed and printed on the Websites at any time. Visitors will always be informed about any future amendments and/or supplements to the Privacy Policy upon publication of the new version of the Privacy Policy on the Websites and by providing a technical opportunity for Visitors to access the Websites for the first time in the event of a new version of the Privacy Policy to read and confirm it.
The Institution shall not be responsible for any communication failures that prevent Visitors of the Websites and other persons from accessing the Websites or using the services.
The Institution cannot fully guarantee that the functioning of the Websites of the Institution will be uninterrupted and free from any faults and errors and that the Institution’s Websites will be fully protected against viruses or other harmful components. The Data Subject is informed that any material that the Data Subject reads, downloads or otherwise receives by using the Institution’s Websites is exclusively obtained at the Data Subject’s discretion and risk, and the Data Subject is solely responsible for the damage caused to the Data Subject and the Data Subject’s computer system.
Visitors’ questions, comments and requests related to the Privacy Policy can be submitted at info@activevilnius.lt