1. Purpose of the policy and basic concepts1.1. This Privacy Policy (hereinafter – the Policy) VšĮ ”Diveriks”, company code 302851903 (hereinafter referred to as the Company) recognises the importance of the protection of personal data to the clients of the Company and other data subjects and undertakes to respect and protect the privacy of each data subject. Data subjects entrust the Company with their personal information and the Company is responsible for justifying the trust of data subjects. The policy defines the Company’s commitment and liability to protect and respect the privacy of the person, the actions of the Company and its employees in the processing of personal data, using personal data processing facilities installed at the Company, as well as the rights of the data subjects and their implementation procedures, personal data protection measures and other issues of protection of personal data.1.2. The main concepts used in the policy are the following:1.2.1. “Data subject” means a natural person whose data the Company manages;
1.2.2. Personal data – any information relating to a natural person – a data subject whose identity is known or may be determined, directly or indirectly, using data such as a personal code, one or more persons physically, physiologically, psychologically, economically, culturally or socially attributes;
1.2.3. Processing of personal data is any action performed by a person: collecting, recording, storing, storing, classifying, grouping, merging, modifying (adding or correcting), providing, publishing, using, logical and / or arithmetic operations, searching, dissemination, destruction or other action or set of actions;
1.2.4. “Data subject’s consent” means any express, unequivocal, express and unequivocal expression of the will of the duly notified data subject in a statement or unambiguous way he accepts the processing of personal data relating to it, such as in writing, including by electronic means, or an oral statement. Gaps, pre-marked boxes or omissions are not considered to be consent;
1.2.5. “Controller” means a legal or natural person who, alone or in association with others, establishes the purposes and means of processing personal data. In this Policy the Company is the data controller;
1.2.6. Data processor – a legal or physical person (who is not a controller’s employee) who is authorised by the data controller to process personal data;
1.2.7. Employee – a person who has an agreement of employment or a similar nature with the Company;
1.2.8. The supervisory authority – the State Data Protection Inspectorate;
1.2.9. Direct marketing is an activity aimed at offering goods or services by post, telephone or other direct means and / or inquiring their views on the goods or services offered.
1.2.10. Company’s website –;
1.2.11. General Data Protection Regulation – 27 April 2016 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (the Universal Data Protection Regulation);
1.2.12. The client is a natural person of 16 years of age or older who purchases or intends to purchase the goods sold by the Company and has provided his personal data for this purpose to the Company;
1.2.13. Other terms used in the Rules meet the definitions provided for in the General Data Protection Regulation and the Law on the Legal Protection of Personal Data of the Republic of Lithuania.
1.3. The purpose of this Policy is to facilitate the exercise of data subjects’ rights.
1.4. This Policy applies to the processing of personal data of employees insofar as it is not regulated by the Personal Data Processing Rules approved by the order of the Director of the Company. This Policy also applies to the protection of personal data of other data subjects (i.e. not clients and not employees) whose personal data the Company manages or maintains in the future.
1.5. Personal data processed by the company must be accurate, appropriate and only to the extent that it is necessary for them to collect and further process. Where personal data is processed, personal data is constantly updated.
1.6. To create an account on the Company’s website, persons who are 16 years of age or older are entitled to submit their personal data for processing through the Company’s web site.
1.7. Point 1.6 of this Policy provides for the possibility to provide personal data for processing through the Company’s website only for persons aged 16 years or older, as children need special protection of their personal data, as they may not be fully aware of the risks, consequences or safeguards of their personal data and their rights, create an account on the Company’s website.
1.8. Customer personal data is collected for the purposes of the conclusion and execution of the agreements for the sale and sale of goods sold by the Company online (for the processing and administration of the goods (purchase) of goods), identification of the customer in the Company’s information system, identification of the client by logging onto his account on the Company’s website, issuing invoices and other financial documents, as well as for direct marketing purposes.
1.9. The Company manages the following personal data for the purposes specified in clause 1.8 of the Policy: name, surname, e-mail address, telephone number, postal address, bank account details, customer behaviour and purchases.
1.10. The legal basis for the processing of personal data referred to in clause is the Company’s obligation to execute an agreement concluded with the data subject and / or at the request of the data subject (order) to conclude an agreement.
1.11. The legal basis for processing the data referred to in point 1.10 is the provision of the data subject’s consent.
1.12. The company manages these personal data for customers for direct marketing purposes: name, surname, e-mail address, telephone number.
1.13. The legal basis for processing the data referred to in point 1.12 is the provision of the consent of the data subject.
1.14. When personal data is processed for the purposes of the implementation and direct marketing of the loyalty program referred to in 1.09 and / or 1.12, the data subject has the right at any time to agree to the processing of such personal data without charge, to the extent that the processing involves those purposes, with the withdrawal of his consent.
1.15. The processing of personal data is governed by the General Data Protection Regulation, the Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating the processing of personal data.2. Processing of personal data2.1.  The company has the right to share personal data of customers with third parties such as processors, accountants, transport and courier companies, companies providing transfer services. The company is in charge of the processing of personal data. The company transmits the personal data necessary for making payments to the processor, (Maksekeskus AS, Niine 11, Tallinn 10414, Estonia, reg. no.:12268475).
2.2. Employees shall observe the confidentiality and timeliness of any personal data related information they have acquired during their duties, unless such information is made public in accordance with the provisions of applicable laws and regulations. The obligation to protect the confidentiality of personal data also applies to the transition from employment to other positions after termination of employment or contractual relations. In performing the duties provided for in this item, employees must:
2.2.1. Do not divulge, transmit, and do not create conditions for access to customer data by any means to any person who is not authorized to process personal data;
2.2.2. to immediately notify the Director of the Company of any situation that threatens the security of personal data.2.3. Deadline for processing personal data: personal data is processed until it becomes redundant for processing it:
2.3.1. The customer personal data collected and processed for the purposes of the conclusion and execution of contracts for the sale of goods by the Company online (clause 1.8) shall be kept for no longer than 5 (five) years from the last order placed on the Company’s Internet site;
2.3.2. Customer personal data is processed for the purposes of direct marketing referred to in paragraph 1.12. processed no more than until cancellation (withdrawal) of the consent to receive advertising.
2.3.3. When personal data is no longer needed for the purposes of their processing, they are destroyed, except those that, in cases prescribed by law, must be transferred to state archives.
2.3.4. The personal data protection is organized, provided and maintained by the Company’s manager.3. Rights of the data subject and the procedure for their implementation
3.1. Rights of the data subject:
3.1.1. know (be informed) about the processing of your personal data in the Company;
3.1.2. get acquainted with the Company’s processed personal data and how they are processed;
3.1.3. to refuse to process his personal data;
3.1.4. request correcting, refinement or addition of incorrect or incomplete personal data, destroying personal data or stopping processing of your personal data, save for storage;
3.1.5. require the deletion of data (“the right to be forgotten”). This right is valid on one of the following grounds: personal data are no longer needed to achieve the purposes for which the data were collected or otherwise processed; the data subject cancels the consent on which the processing was based and there is no other legal basis for processing the data; personal data was processed illegally; personal data must be erased in accordance with a legal obligation imposed by European Union or national law;
3.1.6. the right to data portability: the data subject has the right to receive personal data relating to him that he provided to the controller in a systematic, commonly used and computer-readable format and has the right to transfer that data to another controller and the controller to whom the personal data has been submitted, should not create obstacles when: data processing is based on consent or contract; data are processed by automated means.
3.2. The data subject has the right to submit a complaint to the supervisory authority regarding the allegedly unlawful processing of his or her personal data.
3.3. The data subject has the right to authorize a non-profit institution, organization or association which is properly established in accordance with the law of the Republic of Lithuania and the objectives established by its statutes correspond to the public interest which is in the domain of the protection of the rights and freedoms of the data subject as regards the protection of their personal data on his behalf to file a complaint and to exercise on his behalf certain rights under the General Data Protection Regulation
3.4. Procedure for the implementation of data subject rights:
3.4.1. a person must submit a written request to the Company (in person, by post, through a representative, or by electronic means) to fulfil the rights specified in clause 3.1. The application must be legible and signed by the person, the application must contain: name, surname, place of residence, data for maintaining contact and information on which of the above rights and to what extent he wishes to be implemented;
3.4.2. When applying, the person must confirm his identity: if the application is submitted upon arrival directly to the Company – to provide a personal identification document or a copy certified by the legal acts of the Republic of Lithuania; if the application is submitted by post – to provide a copy of a person’s identity document approved in accordance with the procedure established by the Republic of Lithuania; if the application is filed through a representative – submit a document confirming the representation; if the application is submitted by electronic means – to sign by electronic signature;
3.4.3. the right of the data subject to refuse to process his personal data for direct marketing purposes is implemented by informing the data subject about his or her disagreement with the Company by e-mail or telephone and providing information about all accounts created on the Company’s Internet site;
3.4.4. if the data subject has his or her account on the Company’s website, to view and edit the personal information provided on the Company’s website and may visit its account in the contact details. Through its own account on the Company’s website, the data subject may exercise his right to object to the processing of his personal data for direct marketing purposes.
3.5. The requests referred to in Clause 3.4.1 of this Policy are dealt with by the Director of the Company. The application is examined and the response to the person is submitted not later than within 30 days from the date of receipt of the request.
3.6. When submitting applications in accordance with Clause 3.4.1. the data subject should not manifestly abuse his rights. If the data subject abuses his right (for example, he applies to the Company for information about the processing of his personal data more than once every six months), the Company has the right to require the data subject to recover the administrative costs associated with the execution of such requests.
3.7. The data subject’s refusal to process his personal data for direct marketing purposes shall respond promptly, within the shortest possible time. For personal data not to be further processed for direct marketing purposes, employees of the company must be responsible for the computer maintenance.4. Cookies and their use4.1 Part of the information is collected automatically when the data subject visits the Company’s website, as the Internet Protocol address of the data subject must be identified by the Company’s server.
4.2. The company’s web site also uses data analysis tools – Cookies.
4.3. By using the Company’s Internet site, the data subject agrees to record cookies used on this site on the data subject’s computer (device). Each time you visit the Company’s website, by changing the settings of your Internet browser accordingly, the data subject can accept or refuse to use cookies, but in such a case the Company cannot guarantee the quality of browsing the web page.5. Personal data protection5.1. The Company implements organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, and any other unlawful management.
5.2. When personal data security breaches are detected, the Company will immediately remove them.
5.3. Company employees respect the principle of confidentiality, as provided for in Section 2.4 of the Policy.
5.4. Antivirus software should be constantly updated on the computers of the company.
5.5. In case of breach of personal data security, the Company informs the supervisor without undue delay and, if possible, within 72 hours after becoming aware of a breach of personal data security, unless personal data breach should jeopardize the rights and freedoms of natural persons. If the personal data breach is not communicated to the supervisory authority within 72 hours, the reasons for the delay shall be attached to the notification.
5.6. In the event of a breach of personal data security that could seriously jeopardise the data and rights of natural persons, the Company unjustifiably informs the data subject about the breach of personal data security. 6. Liability 6.1. The data subject must provide the Company with complete and correct personal data of the data subject and inform about the relevant changes in personal data.
6.2. The company is not able to fully guarantee that the Company’s website will function without any interruption and that it will be completely protected against viruses. Under no circumstances shall the Company be liable for direct or indirect damages related to the use of the materials available on the Company’s website. The data subject is informed that any material that the data subject downloads, downloads or otherwise receives using the Company’s website is obtained solely at the discretion and risk of the data subject, and therefore the data subject is responsible for the damage done to the data subject himself or his computer system.
6.3. The data subject who has his or her account on the Company’s website must ensure the security of its login data. The Company is not liable for damage sustained by the data subject due to improper implementation of the obligation provided for in this clause.
6.4. Unless otherwise specified, the intellectual property rights (including copyrights) on the content and information of the Company’s web site are owned by the Company. Without the prior written consent of the Company, it is prohibited to reproduce, translate, adapt or otherwise use any part of the Company’s web site. It is prohibited to perform any other actions that violate or may violate the Company’s intellectual property rights on the website and contravene fair competition. 7. Final provisions 7.1. This Policy shall be updated at least once every two years or after amendments to the legislation regulating the protection of personal data.
7.2. The policy is publicly available on the Company’s website. Corporate customers are provided with this Policy by electronic means.
7.3. Employees with Policy are introduced by signing.
7.4. The Company has the right to modify this Policy in whole or in part. The data subjects are introduced with the amendments in accordance with the procedure set out in Sections 7.2-7.3 of the Policy.
7.5. Data subjects can contact the employees of the Company, on the contacts indicated on the Company’s website, in any matter related to this Policy.

Type to search..