Privacy Policy

Privacy Policy (hereafter referred to as the Policy) defines the general principles of personal data processing and protection by UAB KILIMŲ PASAULIS.

Definitions and General Provisions

The parties use the following terms with these meanings:
a) Website – a page on the internet at the address https://wonderrug.com

b) Data Subject – a natural person to whom the personal data belongs.

c) Legislation – laws in force in the Republic of Lithuania.

d) Data – other data about the User that do not fall under the definition of Personal Data.

e) User – a person who has signed a contract with the Operator.

f) Operator – an employee of UAB “Kilimų Pasaulis” who collects and processes Personal Data, also sets the purposes of Personal Data processing, the necessity of the Personal Data, and carries out operations related to Personal Data.

g) Personal Data – any information directly or indirectly related to the User.

h) Automated Data Processing – processing of personal data using information technology tools.

i) Blocking of Personal Data – temporary suspension of personal data processing (except when data needs to be updated).

j) Access to Personal Data – acquainting authorized persons with Personal Data handled by the Operator, provided that confidentiality of these data is ensured.

k) Personal Data Information System – a set of personal data in databases where information technology and technical means of processing are presented.

l) Confidentiality of Personal Data – the obligation of individuals who have access to Personal Data not to disclose it to third parties or disseminate it without the consent of the Personal Data user, except as otherwise provided by the laws of the Republic of Lithuania.

m) Undeclared (unspecified) software features – software functions that are not described or documented, which could compromise the security characteristics of personal information.

n) Processing of Personal Data – any operation or sequence of operations performed on Personal Data with or without the use of automation tools, including collection, recording, organization, storage, adaptation (updating, modification), retrieval, use, disclosure by transmission (distribution, supply, access), loss of personal data, blocking, deletion, or destruction.

o) Special categories of personal data – Personal Data about race, nationality, political views, religious or philosophical beliefs, health status, intimate life.

p) International transfer of personal data – transfer of personal data to a foreign state’s institution, foreign natural person, or foreign legal entity located outside the territory of a foreign state.

1. GENERAL PROVISIONS

1.1. The personal data processing policy is created in accordance with the law “On Personal Data Processing” of the Republic of Lithuania, other laws, and normative legal acts, and sets the order and requirements for processing personal data of users and/or transferring personal data to users, ensuring the security of personal data.
1.2. Actions aimed at ensuring the security of personal data are an integral part of the Operator’s duties.

2. PRINCIPLES OF PERSONAL DATA PROCESSING

2.1. The Operator processes Personal Data adhering to the following principles:
2.1.1. Lawfulness and basis of personal data processing. The Operator takes all necessary measures to meet the requirements of the legislation, does not use Personal Data in cases where it contradicts the law and may harm the individual.

2.1.2 Process only those Personal Data that meet their processing purposes. The content and volume of collected Personal Data match the specified data usage objectives. It is strictly prohibited to process Personal Data not related to the purposes of Personal Data collection, as well as to collect excessive data that are unnecessary considering the specified processing objectives. The Operator processes Personal Data only to fulfill contractual obligations to the User.

2.1.3. Ensuring the accuracy and reliability of Personal Data, considering the purposes of personal data processing. The Operator takes all reasonable measures to ensure the updating of Personal Data, including, but not limited to, the possibility for each subject to access their Personal Data and require the Operator to amend, block, or destroy the data if the Personal Data are incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the agreed data processing.

2.1.4. Personal data are stored in a way that allows the identification of the owner of the Personal Data but no longer than the purpose of the personal data processing requires, except in cases where the personal data storage period is specified by law or by a contract of which the Personal Data owner is a party or beneficiary.

2.1.5. It is prohibited to combine databases created for different purposes into one common Personal Data information system.

3. CONDITIONS FOR PROCESSING PERSONAL DATA

3.1. The Operator may process Personal Data in the following cases:
3.1.1. If the User’s consent to process his personal data has been obtained.

3.1.2. When transferring the Subject’s personal data to third parties, the User ensures that he has the Subject’s consent to transfer the data to the Operator.

3.1.3. Personal data must be disclosed if required by law.

3.2. The Operator cannot disclose personal data to third parties or distribute it without the User’s consent unless the laws provide otherwise.

3.3. The Operator does not have the right to process Personal Data related to the special category of personal data: race or ethnic origin, political opinions, religious or philosophical beliefs, health, sex life, membership in organizations, except in cases provided by law.

3.4. The Operator does not transfer the User’s personal data internationally, except in cases provided by law.

3.5. The Operator does not make decisions that would entail legal consequences for Users or otherwise affect their rights and legitimate interests, based only on automated provision of Personal Data. Data having legal consequences or affecting User rights and interests must be verified by the Operator before use.

4. COLLECTION AND PROCESSING OF PERSONAL AND OTHER DATA

4.1. The Operator collects and stores only those Personal Data needed to sell goods to the User on the website. Personal data are collected and processed both on the website and in the Operator’s stores.
4.2. Personal Data is used for the following purposes:

4.2.1. Selling products to the User.

4.2.2. Identifying the User.

4.2.3. Interaction with the User.

4.2.4. Sending promotional materials, information, and inquiries to the User.

4.2.5. Conducting statistical and other studies.

4.3. The Operator commits to use Personal Data based on laws and internal requirements of the Operator.

4.4. Confidentiality of Personal and other User data is ensured, except in cases where they must be disclosed.

4.5. The Operator has the right to retain an archival copy of Personal Data and other data after the User’s account is deleted.

4.6. The Operator has the right to transfer Personal and other User data without the User’s consent to the following persons:

4.6.1. State institutions, including investigative authorities, local government institutions, upon their justified request.

4.6.2. The Operator’s partners, for them to fulfill contractual obligations to the User.

4.6.3. In other cases explicitly stated in the laws of the Republic of Lithuania.

4.7. The Operator has the right to transfer Personal Data and other data to third parties not mentioned in section 4.6 of these rules in the following cases:

4.7.1. The User has expressed consent for such actions.

4.7.2. Data transfer is necessary when the User uses the website or when contractual obligations are being executed.

4.7.3. Data transfer occurs when selling or transferring the business in other ways (completely or partially), in which case the obligations to comply with this Policy’s conditions are transferred to the person acquiring the business.

4.8. The Operator collects Personal Data and other data in an automated manner.

4.9. Access to information systems containing Personal Data is granted through a password system. Passwords are set by authorized Operator employees and are individually passed on to Operator employees who have access to Personal Data and other data.

5. CHANGING PERSONAL DATA

5.1. The User may at any time change (update, supplement) their Personal Data in their account or contact the Operator in writing.
5.2. The User may at any time delete their Personal Data.

6. CONFIDENTIALITY OF PERSONAL DATA (Privacy Policy)

6.1. The Operator ensures the confidentiality of the Personal Data it processes in accordance with the laws. Confidentiality is not required in the following cases:
6.1.1. When Personal Data are no longer used.

6.1.2. Personal Data, access to which has been granted to the general public by the User or other persons at his request (hereinafter – Personal Data publicly available at the User’s consent).

6.1.3. Personal Data that must be published or disclosed pursuant to laws.

7. USER CONSENT TO PROCESS PERSONAL DATA

7.1. The User agrees to provide the following data:
a) name and surname;

b) phone number;

c) email address;

d) residential address.

7.2. The User decides to provide his Personal Data to the Operator voluntarily, of his own free will. Consent for the processing of Personal Data must be specific, informed, and presented to the User at the time of registration on the Operator’s site in any form that allows confirming consent, unless the law provides otherwise.

7.3. Personal Data about individuals who have entered into contractual obligations with the Operator, and their data are in an open and accessible public unified register of legal entities and individual entrepreneurs, except information about the number, date of issue, and issuing authority, – in this case, the protection of confidentiality and User consent to process data is not required.

7.4. If data is requested by organizations that do not have the mentioned powers, the Operator must obtain the User’s consent to provide his personal data and ensure that these data are used only for the agreed purposes. Also, require that the organization receiving the information confirm that it will comply with this agreement.

8. RIGHTS OF PERSONAL DATA SUBJECTS

8.1. The User has the right to receive information about the processing of his Personal and other Data. The User has the right to require the Operator to amend the User’s Personal Data, block or delete them in cases where the data are incomplete, outdated, incorrect, unlawfully obtained, not necessary for the specified purpose, as well as to take legal actions to ensure protection.
8.2. If the User believes that the Operator, by processing personal data, violates his rights, the User has the right to complain about the Operator’s actions to the authorized Personal Data Protection Authority or to the court.

8.3. The User has the right to defend his rights and legitimate interests in court, including compensation for damages and/or compensation for moral harm suffered.

9. USER-PROVIDED DATA ABOUT THIRD PARTIES

9.1. Using the Operator’s website, the User in his account has the right to enter third-party data for later use (recipients of goods).
9.2. The User undertakes to obtain prior consent from the Data Subject to use their data in his account.

9.3. The Operator undertakes to take necessary measures to ensure the security of personal data of third parties entered by the User.

10. OTHER PROVISIONS

10.1. This Policy and relationships created between the User and the Operator are subject to the law of the Republic of Lithuania.
10.2. All potential disputes are resolved according to the laws stipulated at the place of the Operator’s registration.

Before approaching the court, the User must comply with the mandatory pre-trial procedure and send a written claim to the Operator. The response period is 30 (thirty) working days.

10.3. If for any reason one or more provisions of the Policy are deemed invalid or inappropriate, they do not affect the validity or application of the remaining provisions of the Privacy Policy.

10.4. The Operator has the right to change (completely or partially) this Policy unilaterally without prior consent of the User. All changes take effect the day after they are published on the Operator’s website.

10.5. The User undertakes to independently monitor changes to the privacy Policy by reviewing the latest, currently valid version.

11. OPERATOR’S CONTACTS

UAB KILIMŲ PASAULIS
P.Lukšio g. 32, 08222 Vilnius
Company code: 126320898
VAT payer code: LT263208917
Account: LT227044060007756986
SEB bank; SWIFT: CBVILT2X
Tel.: +370 5 2747011
Email: info@wonderrug.com