UAB „NOVITERA“ Privacy policy

(May 18, 2024. Order No V24-6-1, Kaunas)

1. UAB “Novitera”, legal entity code: 135917853, registered office address: R. Kalantos st. 16, Kaunas (hereinafter – the Company), respects the privacy of each person and the protection of personal data; therefore, the Company has prepared this privacy policy (hereinafter – the Policy), based on which the Company processes your personal data, obtained after you have submitted it to them by directly visiting the Company, using Company’s provided services, having legal relations with the Company, or by visiting the Company’s website (hereinafter – the website), as well as by means of remote communication (e-mail, telephone), social network activities or by entering the field of video surveillance cameras installed on the Company’s territory; privacy policy also includes data obtained from legitimate sources – public registers, state information systems, contracting parties (e.g. data on contract party representatives, employees, etc.), employment service providers, public professional social networks, public databases, third parties, other legal sources. 
2. By using the services of the www.novitera.lt and www.analizatorius.lt websites, the person confirms that he has read and understood this privacy Policy. The Policy contains the main provisions for the processing of Personal Data; additional information on how the Company processes personal data can be provided in the Company’s contracts, consent or non-objection forms, other documents, on the websites www.novitera.lt and www.analizatorius.lt or by means of remote communication. (email, etc.).
3. This privacy policy regulates the processing of personal data performed by the Company as a data controller (including collection, storage and other personal data processing actions). 
4. The company is engaged in economic and commercial activities, including purchase, handling and processing of used catalysts, obsolete electrical and electronic equipment, non-ferrous and precious metals and their alloys and scrap, provision of research, purification and return services for precious metals, sale of analytical and mechanical equipment for companies, institutions and individual customers. For the provision of these services, the Company processes personal data in accordance with the legal bases and purposes of data processing specified in the Policy and the legal acts applicable to the Company.
5. This Policy is intended for persons who use or intend to use the Company’s services, visit the websites www.novitera.lt and www.analizatorius.lt or have agreed or not objected to the processing of their personal data.
6. This Policy may be updated or changed at any time. The Policy, its changes and updates can be found on the websites www.novitera.lt and www.analizatorius.lt.
7. Main concepts used:
   • Personal data – any information about a physical person who is identified or can be directly or indirectly identified, in particular by an identifier such as name, social security number, location data and Internet identifier or by one or more of that physical person’s signs of physical, physiological, genetic, mental, economic, cultural or social identity;
   • Data controller – UAB “Novitera“, legal entity code 135917853, registered office – R. Kalantos st. 16, Kaunas, tel. 8 37 408013; info@novitera.lt;
   • Data subject – any physical person whose data is processed by the Company. The data controller collects only that data of the data subject, which is necessary for the performance of the Company’s activities, when the person visits, uses, browses the Company’s website, social networks, or the processing of which the person has consented or not objected to. The company ensures that the collected and processed personal data will be secure and will be used only for a specific purpose;
   • Website – the Company’s websites that go by the official addresses of www.novitera.lt and www.analizatorius.lt;
   • Social networks – popular social networking platforms and chat (messaging) apps (Facebook, Instagram, Linkedin, Reddit, WhatsApp, Viber, Facebook Messenger, etc.). You can read about the privacy policies, data collection procedures, and the applied personal data protection measures of these service providers in the privacy policies of the aforementioned social networking service providers;
   • Company video surveillance – in order to ensure the protection of the Company’s property, as well as health and life protection of its employees and other persons, the Company carries out video surveillance processes of buildings owned and leased by the Company (and the premises inside of them); the Company also carries out video surveillance in the territory that is owned and used by the Company. Captured data of persons that enter the Company’s video surveillance field (video data) is processed on the basis of the Company’s legal interest (the Company’s video surveillance systems do not use facial recognition and/or analysis technologies, the video data captured by them is not grouped or profiled according to a specific data subject (person); persons are informed about the ongoing video surveillance by information signs portraying a video camera symbol and the details of the data controller, which are provided before entering the monitored area and/or premises. Premises, in which persons expect absolute protection of personal data (e.g. changing rooms, rest rooms, toilet rooms), are not included in the surveillance field of video cameras. Collected video data is stored for up to 30 (thirty) calendar days from the date of capture;
   • Other concepts used in the privacy policy are understood as defined in the legal acts regulating the processing of personal data – 2016 April 27 Regulation (EU) 2016/679 of the European Parliament and of the Council, regarding the protection of physical persons in the processing of personal data and on the free movement of such data and which repeals Directive 95/46/EC (hereinafter – the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts.

PRINCIPLES OF PERSONAL DATA MANAGEMENT 

8. The Company processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter – the Regulation, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data).
9. The volume of processed personal data depends on the Company’s services ordered or used and the information the data subject provides when ordering and/or using the Company’s services, visiting or registering on the website, and consenting to the processing of his personal data. When processing personal data on the basis of consent or no objection, the specific volume of personal data is indicated in the form of consent or no objection, but for the purpose of direct marketing, the Company usually processes such information, as: name or nickname of the person in the social space, telephone number, e-mail address, fact of consent/no objection to direct marketing, date of consent or no objection, purchased or sold goods or services information, date of purchase, opinion about goods, services and the Company. When the Company communicates with its customers, it processes such personal data as name or nickname of the person in the social space, phone number, e-mail address, communication information (submitted questions, answers, comments, etc.), date and place of communication.
10. The company, among other things, is guided by the following basic data processing principles:
    • The Company processes personal data in a legal, transparent manner to achieve the goals defined in this policy;
    • Personal data is processed accurately, transparently and legally, in accordance with the requirements of legal acts;
    • Personal data is stored in such a form that the identity of data subjects can be established no longer than is necessary for the purposes for which these data were collected and processed;
    • Personal data is processed only by those employees of the Company who have been granted such right according to their work functions.
11. Data in the Company is processed only on one or more of the following grounds of legal processing – (I) to ensure the provision of services in accordance with the contract (i.e. to fulfill the agreement or take action at the request of the data subject before concluding the contract); (II) when consent of the data subject is obtained (for example, when processing personal data for the purpose of direct marketing); (III) when processing is necessary to fulfill a legal obligation applicable to the Company; (IV) when it is necessary to process data in order to perform a task carried out in the public interest or in the performance of public authority functions assigned to the Company; (V) when personal data needs to be processed for the interests of the Company or a third party (e.g., administering the website and ensuring its proper functioning; performing video surveillance, ensuring the safety of property and persons, etc.; performing economic and commercial activities for the Company; communicating with clients; for the purpose of direct trade (in order to offer the purchasing or selling of relevant goods and services), and, if the subject does not object, when offering goods and services similar to those already purchased or sold in the Company, etc. (see Article 6, 1^st part of the Regulation). http://www.privacy-regulation.eu/lt/6.htm.
12. When processing and storing personal data, the Company ensures it’s confidentiality in accordance with the requirements of applicable legislation. The company implements appropriate technical and organizational measures that ensure the protection of personal data against unauthorized access, accidental or illegal destruction, alteration, disclosure, and any other illegal processing actions. Only those employees of the Company and auxiliary service providers who need the data to perform work functions or provide services to the Company, have access to the personal data managed by the Company.
13. The company’s client or potential client, employees and other physical persons are responsible for ensuring that the personal data provided by them is accurate, correct and complete. If the personal data provided by them changes, they must immediately inform the Company about it. The company will not be responsible for damage caused to the person and/or third parties due to the fact that the person provided incorrect and/or incomplete personal data or did not apply for the addition and/or change of the data after it has changed.
    
    

PURPOSES OF PERSONAL DATA PROCESSING 

14. The company processes personal data for the following main purposes:
    • Conclusion and execution of purchase and sale contracts, provided and received by the Company, in order to properly fulfill contractual obligations, maintain relations with suppliers, partners and customers, develop business through cooperation, maintain contacts; implementation and control of environmental requirements; tax accounting and control;
    • Provision of services specified on the website;
    • For internal company and employee administrative purposes;
    • Fulfilling the requirements established by legal acts in waste management and other areas and providing data to state institutions (data controllers);
    • For the purpose of protecting the assets of the company’s employees and customers, preventing violations of the law, identifying offenders, clarifying violations of the law, ensuring the security of other data subjects and property (video surveillance);
      • For the purpose of direct marketing (asking for opinions, making offers);
      • For the purpose of communication with clients;
    • For other purposes for which the Company has the right to process personal data, when the data subject has expressed his consent, when the data needs to be processed due to the legitimate interest of the Company or when the Company is required to process data by relevant legal acts.

SOURCES OF PERSONAL DATA 

15. Personal data is usually obtained directly from the data subject (the Company’s client or potential client, employees or candidates), who provides them when visiting the website, using the services provided by the Company, providing services to the Company, working or seeking employment at the Company, visiting its websites and social networks or having any other relationship with the Company.
16. In cases provided for by legislation or on the basis of consent, personal data may also be received from third parties (e.g. temporary employment companies, companies providing employee search services, state institutions and registries).
17. Although the client is not obliged to provide any personal data to the Company, it is possible that certain services will not be provided to him or he will not be able to get a job in the Company if personal data is not provided.
    
    

PERSONAL DATA PROVISION AND ITS RECIPIENTS

18. Companies have the right to transfer the personal data of their customers, their representatives, or employees to third parties, which must process the personal data of customers for the purposes specified in this Policy or legal acts.
19. The Company commits to transfer customer data to third parties only to such an extent and only in cases where it is necessary to fulfill the obligations provided for the services and (or) established in legal acts. If personal data is not necessary for the provision of specific services, it is not transferred. The Company transfers personal data to the aforementioned third parties on the basis of a data provision agreement or a specific legal act, in strict compliance with the requirements set by the legal acts.
20. The Company is obliged to maintain confidentiality in relation to customers, employees, potential customer duties or employees’ personal data. Personal data may be disclosed to third parties only if necessary for the conclusion and performance of contracts with the data subject or for other legitimate reasons.
21. The Company may provide personal data under processing to its data processors, who provide IT, accounting, debt collection or other support services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the Company’s instructions and only to the extent that it is necessary in order to properly fulfill the obligation stipulated in the contract. The company only participates in data processing that sufficiently ensures that there are appropriate technical and organizational measures that will be implemented in such a way that the data processing meets the requirements of the Regulation and ensures the protection of the data subject’s rights.
22. The Company may also provide data of its clients in response to requests from courts, bailiffs or state institutions to the extent necessary for the proper execution of valid legal acts and instructions of state institutions.

PERSONAL DATA STORAGE PERIOD

23. Personal data collected by the Company is stored in printed documents and/or in electronic format in the Company’s information systems. Personal data is processed no longer than is necessary to achieve the purposes of data processing or no longer than is required by data subjects and/or provided for by legal acts. Generally, personal data is processed for 10 years after the end of the contractual relationship. When processing personal data for the purpose of direct marketing, personal data is stored for 2 years from the expiration of consent/no objection. For the purpose of communication with clients storing period lasts for 1 year from the end of the communication.
24. Although the client may terminate the contract or refuse the Company’s services, the Company must continue to store the personal data of the client’s representatives due to possible demands or legal claims that may arise in the future until the data storage terms expire.
25. The company strives not to store outdated or unnecessary information and to ensure that personal data and other information about customers is constantly updated, correct and destroyed in a timely manner.
    
    

RIGHTS OF DATA SUBJECTS

26. The data subject has, among others, the following rights:
    • Receive information about his personal data processed by the Company;
    • Contact the Company with a request to change his personal data, stop its processing, or delete it if the data is incorrect, incomplete or inaccurate, or if it is no longer necessary for the purposes for which it was collected. In such case, the data subject must submit a request, upon receipt of which the Company will check the provided information and take the necessary actions. It is very important for the company that the personal data it has is correct;
    • Apply to the Company with a request to destroy personal data or to stop personal data processing actions, except for storage – in the event that, after getting acquainted with his personal data, the person determines that the personal data is being processed illegally or dishonestly;
    • Not to consent to the processing of personal data when such data is processed or intended to be processed for the purpose of direct trade or for a legitimate interest pursued by the Company or a third party to whom personal data is provided;
      • When data is processed by automated means on the basis of consent, the conclusion of a contract, or the performance of a contract, the data subject has the right to apply to the Company to be provided with personal data related to him, which he provided to the Company in a systematized, commonly used and computer-readable format. After receiving the personal data, the data subject has the right to forward it to another data controller. Using his right, the data subject also has the right to request that, when technically possible, the Company directly forwards personal data to another data controller;
      • Revoke your given consent to process personal data;
    • If the data subject is concerned about the Company’s actions (inaction), which may not comply with the requirements of this Policy or legal acts, he may contact the Company. 
27. A person can exercise all his rights as a data subject by contacting the Company by e-mail.: info@novitera.lt.
28. If it is not possible to resolve the issue with the Company, the client has the right to apply to the State Data Protection Inspectorate (www.ada.lt), which is responsible for the supervision and control of legal acts regulating the protection of personal data.
    

COOKIES

29. In order to improve visiting of the Company’s website, the Company may use cookies – small pieces of textual information that are automatically created when browsing the website. Cookies are stored on the website visitor’s computer or other backend device.
30. Information collected by cookies allows ensuring of more convenient browsing on the Company’s website and helps to learn more about the behavior of visitors to the Company’s websites as well as to analyze trends, and improve both the website and the services provided by the Company or the information provided on the website.
31. Cookies are divided into essential and non-essential. Essential cookies are those without which the website would not be able to function. The Company processes personal data obtained by essential cookies on the basis of legitimate interest (to ensure the proper functioning of the website). The Company processes personal data obtained by non-necessary cookies on the basis of the consent of the data subject. The company provides the data subject with the opportunity to withdraw the given consent for the use of non-essential cookies at any time.
32. The Company depersonalizes personal data collected with the help of cookies and continues to process it after depersonalization.
33. The consent of the data subject regarding the use of the cookie is stored on the server for 2 years after the end of the data processing carried out with the help of the cookie.
34. When processing personal data collected with the help of cookies, the Company may use persons providing IT services and disclose to them the personal data necessary for the provision of those services.
35. Please note that website visitors have all the above-mentioned rights granted to data subjects.
36. The company manages the following cookies:

On the website: www.novitera.lt

Cookie type	Name of the cookie	Cookie‘s expiration time	Cookie‘s purpose	Processed personal data
Functional (essential)	Cookieyes-consent	1 year	Remembers users’ consent preferences and ensures that these preferences are respected during subsequent visits to this website. It does not collect or store any personal information about website visitors.	IP address, consent fact, date, cookie name.
Analytical (non-essential)	_ga	1 year, 1 month, 4 days	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	IP address, unique ID, information on how the visitor uses the website.
Functional (non-essential)	wp-wpml_current_language	Session	Saves language settings.	IP address, country code, language.
Functional (essential)	_GRECAPTCHA	6 months	Recognizes robots and protects the website from malware attacks.	IP address, Google account information, browser history, browser plugins, information on how the user uses the website.

On the website: www.analizatorius.lt 

Cookie type	Name of the cookie	Cookie‘s expiration time	Cookie‘s purpose	Processed personal data
Functional (essential)	Cookieyes-consent	1 year	ĮRemembers users’ consent preferences and ensures that these preferences are respected during subsequent visits to this website. It does not collect or store any personal information about website visitors.	IP address, consent fact, date, cookie name.
Functional (essential)	_GRECAPTCHA	6 months	Recognizes robots and protects the website from malware attacks.	IP address, Google account information, browser history, browser plugins, information on how the user uses the website.
Functional (non-essential)	wp-wpml_current_language	Session	Saves language settings.	IP address, country code, language.
Analytical (non-essential)	_ga	1 year, 1 month, 4 days	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	IP address, unique ID, information on how the visitor uses the website.
Analytical (non-essential)	_vuid	1 year, 1 month, 4 days	Uses “Vimeo” to collect statistical data on video views.	IP address, unique ID, information on how the visitor uses the website.