- General provisions
- Data controller – the Company, registered office address [Ozo st. 4-302, LT-08200 Vilnius, Lithuania], email address [[email protected]].
- Purposes of personal data processing, collection of personal data, the term of their storage and basis for processing
- Purposes of data processing:
6.1. Direct marketing (sending newsletters and offers).
6.1.1. Personal data is used and processed by the Company for the purpose of direct marketing only if the Individuals have given their consent. Consent to receive useful direct marketing offers for the Individuals can be confirmed by registering/providing the Individual’s details on the website.
6.1.2. The following Personal Data is processed for direct marketing purposes:
18.104.22.168. email address,
22.214.171.124. telephone number.
6.1.3. The specified personal data is collected and processed based on consent. The Individuals must provide an email address or telephone number to receive newsletters/offers, depending on how they wish to receive newsletters and offers.
6.1.4. The storage period of Personal Data processed for the purpose of direct marketing is 3 years. This term may be extended if the Personal Data is used or may be used as evidence or a source of information in a pre-trial or other investigation, including an investigation conducted by the State Data Inspectorate, in a civil, administrative, or criminal case, or other cases indicated by law. In that case, the personal data may be stored for as long as it is necessary for those purposes of data processing and shall be destroyed immediately when they are no longer needed.
6.1.5. The data subject shall have the right to disagree or at any time withdraw his or her consent to the process his or her personal data for direct marketing purposes, including profiling, in so far as it is related to such direct marketing, without giving reasons:
126.96.36.199. Writing an email [[email protected]] or calling by phone [+370 617 33617];
188.8.131.52. By clicking on the link “unsubscribe the newsletter” at the end of the newsletter;
6.1.6. Withdrawal of consent shall not affect the legality of the data processing carried out before the withdrawal of consent.
6.1.7. The Individuals under the age of 14 cannot provide any personal data for marketing activity through the Company’s website. If you are a person under the age of 14, you must obtain the consent of your parents or other legal guardians before providing personal information for marketing purposes.
6.2. Purpose of the processing data related to online services to conclude and perform agreements.
6.2.1. The following Personal Data is processed for the purpose of concluding and performing the agreement:
184.108.40.206. Name surname;
220.127.116.11. Telephone number;
18.104.22.168. Email address;
22.214.171.124. Price of the order;
126.96.36.199. Form of payment;
188.8.131.52. Other data required for ordering services.
6.2.2. Personal Data related to the conclusion and performance of the agreement will be processed for 10 years. This term may be extended if the Personal Data is used or may be used as evidence or a source of information in a pre-trial or other investigation, including an investigation conducted by the State Data Inspectorate, in a civil, administrative, or criminal case, or other cases indicated by law. In that case, the personal data may be stored for as long as it is necessary for those purposes of data processing and shall be destroyed immediately when they are no longer needed.
6.3. Purpose of providing answers and information to the Individuals.
6.3.1. If the Individuals submit a request/complaint through the Company’s website, via contact email or providing a consultation via telephone to properly respond to the request, the Company collects and processes data: name, surname, telephone, email, the number of the room, booked services. If the Individuals do not provide sufficient data to identify the Individual or the services provided to the Individual, the Individuals will not be able to receive appropriate and comprehensive consultation on the relevant issue.
6.3.2. The following Personal Data shall be processed: 1) based on the consent expressed by the Individuals via conclusive actions; 2) The processing of data is necessary to fulfill the legal obligation applicable to the Data Controller; 3) The processing of data is necessary for the legitimate interests of the Data Controller, i.e. to analyze and manage inquiries, claims, to improve the quality of customer service, to serve clients.
6.3.3. Data storage period: 12 months. This term may be extended if the Personal Data is used or may be used as evidence or a source of information in a pre-trial or other investigation, including an investigation conducted by the State Data Inspectorate, in a civil, administrative, or criminal case, or other cases indicated by law. In that case, the personal data may be stored for as long as it is necessary for those purposes of data processing and shall be destroyed immediately when they are no longer needed.
6.3.4. The Company uses Personal Data only for the purpose of properly and objectively analysing the queries of the Individuals, providing the Individuals with the necessary information, answering the questions of the Individuals, resolving the requests or requirements of the Individuals, and consulting. The Company may also analyze the query data to improve the quality of the Company’s activities and services provided to the Individuals, taking into account the opinion and suggestions of the Individuals.
6.3.5. The Company does not disclose information of correspondence with the Individuals. However, if a query or claim from the Individuals is received in the comments section that is public on websites or in the comments section of social networks, the Company reserves the right to provide a response/comment publicly in the same form as the query was received.
6.3.6. Upon expiration of the term of Personal Data processing and storage outlined in this Policy, the Company will destroy or reliably and irrevocably depersonalize the Personal Data as soon as possible, within a reasonable time that is required to perform such action. The Company will not be able to meet this requirement if the query is made via the Company’s unmanaged Internet websites.
- The Data Controller shall, following the specific purposes of personal data processing, store Personal Data following the above-mentioned terms.
- The Company processes Personal Data responsibly, lawfully, fairly, and transparently. By establishing personal data processing measures, as well as during data processing, the Company implements appropriate data protection technical and organizational measures to protect the processed personal data from any accidental or unlawful destruction, damage, alteration, loss, disclosure, as well as from any other unlawful processing.
- If the Individuals choose passwords that enable the Individuals to use certain features of the Website, the Individuals are responsible for the confidentiality of the passwords. The Company asks the Individuals not to disclose or share passwords with third parties.
- The Individuals must themselves take active measures to ensure the confidentiality of their personal data and must make every effort to protect the password that is used to access the website from the knowledge of third parties and not to disclose it to third parties in any direct (indirect) ways and to ensure that no third parties would not be able to use his/her data using the Website and/or services provided by the Company and/or for other purposes. The Individuals shall be liable for any actions of third parties if they have been committed using Personal Data, and all obligations and responsibilities arising out of or in connection with such actions of third parties shall be borne by the Individuals to the full extent.
- If the Company has doubts about the accuracy of the personal data provided by the Individuals, the Company has the right to suspend the actions of data processing of these Individuals, to check and correct these data.
- Even though the Company makes every reasonable effort to protect Personal Data, the Company notes that data transmitted by electronic means are transmitted via communication networks controlled by electronic communications services providers, therefore, the Company cannot guarantee and is not responsible for data security and protection during such transmission. Any data transfer procedures are carried out at the sole risk of the Individuals. From the moment of receiving the data, the Company applies strict personal data protection procedures and technical and organizational measures to ensure protection against unauthorized access to Personal Data.
III. Provision of data to third parties
- Personal data may be transferred for processing to data processors who assist in the implementing and administration of the provision of the Services. Such individuals may include database software providers, database administration service providers, data center, hosting and cloud service providers, direct marketing service providers, market research or business analytics services, accounting service providers, auditors, legal and financial consultants, etc.; partners invited for the purpose of fulfilling a specific order (courier service, a person providing payment administration services, etc.).
- Personal data may be transferred to a court, law enforcement institutions, or state institutions to the extent that such provision is established by the requirements of legal acts (e.g. bailiffs, courts, etc.).
- Personal data may also be transferred to other persons with the consent of the Data Subject if such consent is obtained due to a specific case.
- In each case, only the amount of data necessary for the implementation of a specific order or the provision of a specific service shall be provided to the data processor.
- Data processors employed by the Company may process personal data only following the Company’s instructions and cannot use them for other purposes or transfer them to other persons without our consent. Also, they must ensure the security of Personal Data following valid legal acts and written agreements with us.
- If the Company uses a website analysis service (e.g. Google Analytics), which is used to determine how the Individuals use the information provided on the website [www.fantasypuzzles.com], we may exchange the Individuals’ depersonalized data with third parties who use this information to evaluate, how the website is used, prepare reports for the website operators on the activities of the Website and provide other services related to the use of the Website, the Internet and the mobile application.
- If the Data Controller will intend to transfer personal data to companies or organizations in third countries, the Data Controller will ensure the procedures established in normative acts to ensure the level of processing and protection of personal data.
- Rights of the data subject
- The data subject whose data is processed in the activity of the Data Controller shall have the following rights:
23.1. To know (be informed) about the processing of his/her data (the right to know);
23.2. To familiarize with his/her data and how it is processed (the right to familiarize);
23.3. To require the correction or, depending on the purposes of personal data processing, the addition of incomplete personal data (the right to correct);
23.4. To destroy his/her data or suspend actions of his/her data processing (excluding storage) (the right to destroy and the right to be “forgotten”);
23.5. Has the right to demand that the Personal Data Controller would restrict the personal data processing if there is one of the legitimate reasons (the right to restrict);
23.6. Has the right to transfer data (right to transfer);
23.7. To disagree with the processing of personal data where such data is processed or is intended to be processed for the purposes of direct marketing, including profiling in so far as it is related to such direct marketing;
23.9. Submit a complaint to the State Data Protection Inspectorate of the Republic of Lithuania.
23.10. Requests for the implementation of the rights must be submitted to the Company in writing (including electronic format) and also it must be possible to identify the applicant’s and the data subject’s identity. The identity of the data subject shall be identified by means of an identity document or electronic communication means which enable the person to be properly identified. If the request is sent by the data subject via post office or courier, the request must be accompanied by a copy of the data subject’s identity document certified following the procedure established by legal acts. When information on a person is requested by his or her representative, he or she must provide a document that proves his/her representation and a document that confirms the identity of the data subject and the representative, unless there are other reasonable ways for identifying the representative and the data subject.
Third-party information on the Company’s website
- Other conditions
- The Company contact details:
Address: [Ozo st. 4-302, LT-08200 Vilnius, Lithuania], tel. [+370 617 33617], email: [[email protected]]