Privacy policy - Carol Home

PURPOSE OF PRIVACY POLICY PROCESSING

1.1. This Privacy Policy sets out the terms and conditions for the processing of Users’ Personal Data when using the Website. By submitting his/her Personal Data, the User also expresses his/her consent to the Data Controller to collect, store, use and disclose Personal Data in accordance with the procedures specified in this Privacy Policy.

1.2. These Rules are applied to the User each time he/she accesses the Website and/or purchases goods or services from the Data Controller.

1.3. The Data Controller ensures the confidentiality of Personal Data and takes appropriate technical and organisational measures to protect Users’ Data against unauthorised access, disclosure, loss, modification or destruction, or other unlawful processing of the Data.

1.4. The provisions contained in this Privacy Policy have been prepared and Personal Data on this Website is processed in accordance with the requirements of the legislation of the Republic of Lithuania and the Regulations.

THE TERMS USED

2.1. For the purposes of this Privacy Policy, the following terms are used:

2.1.1. “Personal Data” or “Data” means any information relating to an identified or identifiable natural person (data subject).

2.1.2. “Data Processing” means any operation or sequence of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction.

2.1.3. “Data Controller” is UAB Carolinos Namai, e-mail address: info@carolhome.lt, company code: 305020344, VAT payer code: LT100012195415, address: Stiklių g. 3, Vilnius, Lithuania, – the person who establishes the purposes and means of the processing of the Data subjects’ Data.

2.1.4. “Website” means the website operated by the Data Controller. The website address is www.carolhome.lt.

2.1.5. “Privacy Policy” means this Privacy Policy, which sets out the Data Controller’s basic rules for the collection, storage, processing and retention of Personal Data applicable to Users’ use of the Website.

2.1.6. “Regulation” means Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which was implemented in the European Union on 25 May 2018 and repeals Directive 95/46/EC.

2.1.7. “Cookies” are small text documents with a unique identification number, that is transmitted from the Website to the hard drive of the User’s computer in order to allow the Data Controller to distinguish the User’s computer and to see the User’s online activity.

2.1.8. “Consent” means any freely given, specific and unambiguous indication of the data subject’s free will, by means of a statement or an unambiguous action, by which he or she consents to the processing of personal data concerning him or her.

2.1.9. “User” means a natural person (data subject) who has visited the Website of the Data Controller and has provided his or her Personal Data on this Website.

2.2. Other terms mentioned in this Privacy Policy have the meaning given to them in the Regulation, which can be found by clicking on this link here.

THE PERSONAL DATA PROCESSED

3.1. In order for the Data Controller to be able to provide its services properly, it collects the following Personal Data from the User:

3.1.1. Personal data provided by the User: name, surname, telephone number, email address, delivery address, other payment information (payment method, payment card number).

3.1.2. Automatically collected Data: the Website uses Cookies to collect Data that reveals the use of the Website or automatically generated visit statistics. For more information about the use of Cookies on this Website, please refer to the Cookie Policy.

3.1.3. Data from third parties: if the User links and logs in to his/her account on the Website using third-party service providers (e.g. Facebook, LinkedIn, Google), the Data Controller receives certain information from this service provider, such as the User’s registration and profile information.

3.1.4. Additional Data: with the User’s separate consent, the Data Controller also collects and processes additional Data about the User that is not specified in this Privacy Policy.

PRINCIPLES FOR PROCESSING PERSONAL DATA

4.1. The Data Controller undertakes to comply with the following principles for the processing of Personal Data:

4.1.1. The Data processing is lawful, fair and transparent (principle of lawfulness, fairness and transparency).

4.1.2. The Data is collected for specified, explicit and legitimate purposes and is not further processed in a way, that is incompatible with those purposes (purpose limitation principle).

4.1.3. The Data is adequate, relevant and only necessary for the purposes for which it is processed (principle of data minimisation).

4.1.4. The Data is accurate and, if necessary, kept up-to-date; all reasonable steps should be taken to ensure that Personal Data which is not accurate, in relation to the purposes for which it is processed, is erased or updated without delay (principle of accuracy).
4.1.5. The Data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data is processed (principle of limitation of storage period).

4.1.6. Data is processed in such a way as to ensure adequate security of Personal Data, including protection against unauthorised or unlawful processing of Data and against accidental loss, destruction or damage (integrity and confidentiality principle).

THE PURPOSES OF PROCESSING PERSONAL DATA

5.1. Personal data provided by users is processed for the following purposes:

5.1.1. For the purpose of selling goods and providing services. The Data Controller collects Users’ personal data and uses it for the provision of the services and sale of goods on the Website.

5.1.2. For the purpose of sending the newsletter. With the prior consent of the User, The Data Controller sends notifications of special offers, updates or changes to the Data Controller’s products or services.

5.1.3. For the purpose of contacting. To enable the Data Controller to contact and respond to any questions or requests the User may have.

DISCLOSURE OF PERSONAL DATA

6.1. The Data Controller ensures that Users’ Personal Data will not be sold, provided or otherwise transferred to third parties without lawful basis or used for purposes other than those for which it was collected.

6.2. The Data Controller may transfer the User’s Personal Data to third parties only:

6.2.1. when it is necessary for the Data Controller to fulfil the contract concluded with the User and to provide the services properly;

6.2.2. if the User’s separate consent has been obtained for this data transfer;

6.2.3. The transfer of data is mandatory if requested by law enforcement authorities, in accordance with the procedure established by the legislation of the Republic of Lithuania;

6.2.4. in other cases provided for in the Regulation and the legislation of the Republic of Lithuania.

DATA RETENTION PERIODS

7.1. The Data Controller stores the Users’ Personal Data for the period of time specified in the applicable laws and regulations of the Republic of Lithuania and in this Privacy Policy, but no longer than it is necessary to achieve the purposes of Data processing of this Privacy Policy.

7.2. If the User registers on the Website, but does not make a payment and does not purchase the goods offered on the Website, the Data Controller will store the User’s Personal Data for a maximum of 5 (five) years from the date on which the User last logged into his/her personal account. In this case, 5 (five) calendar days before the end of the 5 (five) year period, an enquiry will be sent to the email address provided by the User as to whether the User agrees to the continued processing of the Data. If the User expresses his/her disagreement or fails to respond within the aforementioned 5 (five) calendar days, the Data Controller will delete all Data relating to the User, including the account in the system.

7.3. After the User has made a payment for the purchase of the goods offered on the Website, from the date of the last order, the Personal Data provided by the User will be stored by the Data Controller for 10 (ten) years, as stipulated in Clause 10.15 of the Ordinance of the Chief Archivist of the Government of the Republic of Lithuania “On the Approval of the Index of Time Limits for Storage of General Documents” of 9 March 2011. In this case, 5 (five) calendar days before the end of the 10 (ten) year period, the Data Controller will send an enquiry to the email address provided by the User as to whether the User agrees to the continued processing of the Data. If the User expresses his/her disagreement or fails to respond within the aforementioned 5 (five) calendar days, the Data Controller will delete all Data relating to the User, including the account in the system.

7.4. If the User contacts the Data Controller and submits his/her Personal Data by e-mail or by making a reservation on the Website for the goods to be purchased, the Data Controller keeps the Data for a maximum period of 6 (six) months from the date of submission. Thereafter, all Data will be permanently deleted automatically.

USER RIGHTS

8.1. On the Website, the User has the following rights:

8.1.1. to know what Personal Data is processed and for what purpose;

8.1.2. to access their Personal Data and download it in an easy-to-read format to their computer;

8.1.3. to request the correction or update of Personal Data if it is inaccurate or no longer relevant;

8.1.4. to request the erasure of Personal Data under one of the conditions set out in section 9.5 of the Privacy Policy (right to be forgotten);

8.1.5. to require the Data Controller to restrict the processing of the User’s Personal Data in the event of one of the conditions set out in Section 8.7 of the Privacy Policy;

8.1.6. to file a complaint with the State Data Protection Inspectorate regarding the unlawful processing of Personal Data or a breach of Data Processing;

8.1.7. to object to the processing of Personal Data where it is processed or intended to be processed for direct marketing purposes.

8.2. The User has the right to submit any requests or instructions related to the processing of the User’s Personal Data to the Data Controller in writing, using the contact details specified in this Privacy Policy (e-mail or postal address). The User must provide proof of his/her identity or to identify himself/herself by authorised means of electronic communication, except in the case when a written request is handed in directly, where it is possible to identify the User at the time of the request.

8.3. Upon receiving such a request or instruction, the Data Controller has to provide a reply within 30 (thirty) days from the date of the request at the latest, and has to carry out the actions referred to in the request or refuse to carry them out, stating the grounds for refusal. If necessary, depending on the complexity and number of requests, this period may be extended by a further 2 (two) months. In this case, within 30 (thirty) days from the date of receiving of the request, the Data Controller has to inform the User of such extension, together with the reasons for the delay.

8.4. The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data, relating to him/her, is being processed and, if it is being processed, has the right to have access to his/her personal data and to the following information:

8.4.1. Purposes of data processing;

8.4.2. categories of relevant Personal Data;

8.4.3. Recipients of data or categories of recipients of data, which were given or will be given access to personal data, in particular recipients from third world countries or international organisations;

8.4.4. if possible, providing a retention period for personal data or, if not possible, providing criteria used to determine that period;

8.4.5. the right to request the Data Controller to correct or erase personal data or to restrict or object to the processing of personal data concerning the data subject;

8.4.6. the right to file a complaint with a supervisory authority;

8.4.7. when the Personal Data is not collected from the data subject, all available information about its sources.

8.5. In the event of a request by a User to erase his/her Data, the Data Controller undertakes to erase the Personal Data without undue delay if this can be justified on one of the following grounds:

8.5.1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

8.5.2. The User withdraws the Consent on which the processing of Personal Data is based and there is no other legal basis for processing the Personal Data;

8.5.3. The User does not consent to the processing of the Data on the basis of a legitimate ground of interest of the Data Controller and the Data Controller does not establish overriding legitimate grounds for the continued processing of the Data;

8.5.4. The processing of personal data was unlawful;

8.5.5. Personal data must be erased in compliance with a legal obligation under the law of the European Union or the Republic of Lithuania.

8.6. In response to a User’s request to exercise the right to be forgotten, the Data Controller undertakes to respond in detail, providing a justification and/or explanation as to why it is not possible to exercise such right when there is an overriding legitimate interest, or, when possible, how to exercise this right.

8.7. The User has the right to require the Data Controller to restrict the processing of his Personal Data under one of the following conditions:

8.7.1. The User can challenge the accuracy of the Personal Data for a period of time within which the Data Controller may verify the accuracy of the Personal Data;

8.7.2. The processing of the Personal Data is unlawful and the User does not consent to the erasure of the Personal Data and instead requests the restriction of its use;

8.7.3. The Data Controller no longer needs the Personal Data for the purposes set out in this Privacy Policy, but the User needs the Personal Data in order to assert, exercise or defend legal claims;

8.7.4. The User has objected to the processing of Personal Data on the basis of the legitimate interest of the Data Controller, pending verification that the Data Controller’s legitimate reasons override those of the User.

8.8. The Data Controller reserves the right not to comply with the User’s requests, with the exception of requests to opt-out of receiving direct marketing offers, and to refer to a non-judicial dispute resolution body, when it is necessary to ensure:

8.8.1. the fulfilment of legal obligations imposed on the Data Controller;

8.8.2. public order or the prevention of crime;

8.8.3. protecting the rights and freedoms of users or other persons; or

8.8.4. in other cases specified by the laws of the Republic of Lithuania or the Regulation.

8.9. All answers shall be provided to the User in a concise, transparent, comprehensible and easily accessible form, in clear and plain language. The Data Controller shall provide a copy of the processed Personal Data free of charge, in electronic or paper format, at the User’s choice, and at the User’s repeated request, the Data Controller may charge a reasonable fee, determined in accordance with the administrative costs of making such copy, not exceeding 50 (fifty) euros.

8.10. If the User notices unlawful processing of his/her Data or in the event of a dispute with the Data Controller, he/she has the right to apply at any time to the out-of-court dispute resolution authority in Lithuania, the State Data Protection Inspectorate, in accordance with the procedure set out on its website, which is available here.

CHANGES TO THE PRIVACY POLICY

9.1. The Data Controller may change this Privacy Policy at their discretion. The Data Controller recommends that Users regularly visit the Website to find the latest version of the Privacy Policy.

9.2. The Data Controller may notify the User of essential changes to the Privacy Policy in accordance with the contact information provided by the User. The Data Controller may also take additional steps to the extent required by applicable law, including the right to obtain the User’s Consent for substantial changes. The Data Controller is the sole judge of whether the changes are considered substantial. Changes to this Privacy Policy are effective as of the “last updated” date indicated. Continued use of the Website after the changes have been made means that the User accepts such changes.

CONTACT INFORMATION

All documents and questions relating to this Privacy Policy may be sent to the contacts listed below:

By post – Parodos str., 8-2, Kaunas, Lithuania.

By e-mail – info@carolhome.lt

Last updated: 2021-05-22

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
crl_cerber_*	1 day	Set by rhe site security solution. Designed to protect the website by detecting and mitigating malicious activity. Composed of randomly generated alphanumeric values. No personal data is used.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp_woocommerce_session_*	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
last_pys_landing_page	7 days	PixelYourSite plugin sets this cookie to manages the analytical services.
last_pysTrafficSource	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
pbid	6 months	Allows PixelYourSite plugin to assign external_id to users, improving API events performance.
pys_first_visit	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
pys_landing_page	7 days	PixelYourSite plugin sets this cookie to manages the analytical services.
pys_session_limit	1 hour	PixelYourSite plugin sets this cookie to manage the analytical services.
pys_start_session	session	PixelYourSite plugin sets this cookie to manage the analytical services.
pysTrafficSource	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
_fbp	3 months	Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.