By the Order of Director of
DENNYPAY, UAB, legal entity code 304887823, address Ulonų str. 5, Vilnius, Lithuania, telephone number +37062033323, e-mail address info firstname.lastname@example.org, website www.dennypay.com.
1. DEFINITIONS USED
1.1. Personal data – any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
1.2. The Company - DENNYPAY, UAB, legal entity code 304887823, address Ulonų str. 5, Vilnius, Lithuania.
1.3. Data subject – a natural person or a representative of a legal entity who uses the Company’s services or a person who browses the Website.
1.4. IP address – a unique number that identifies a computer, phone, tablet, or another device that connects to the Internet. An IP address can be used to identify the country where your computer connects to the Internet.
1.5. Customer – a natural or legal person registered on the Website who, in accordance with the Rules for the Use of the Website, intends to and/or uses the advance and final payment collection services published on the Website.
1.7. Cookies – small data files that are recorded to a computer, phone, tablet or another device in use by anyone visiting the dennypay.com platform, that allows the Website to identify the device. This concept includes not only cookies but also the use of tools of a similar nature.
1.8. Website – Website operated by the company - www.dennypay.com.
1.9. Direct marketing – is the activity of offering goods and services to individuals and/or asking their opinion on the goods or services by post, telephone or another direct method.
1.10. Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2. GENERAL PROVISIONS
2.3. The processing of personal data in the Company is regulated by the Regulation, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts, as well as internal legal acts of the Company.
3. PRINCIPLES OF PERSONAL DATA PROCESSING
3.1. The scope of Personal Data processed depends on the data specified in the registration form provided by the Data Manager and submitted by the Data Subject.
3.2. Data shall be processed only in accordance with the criterion of lawful processing - in order to ensure the provision of services published on the Company’s websites; with the consent of the person; when the Company is obliged to process personal data by the relevant legal acts; when personal data need to be processed for the legitimate interest of the Company or a third party.
3.3. We seek to ensure that Personal Data shall be processed in an accurate, fair and lawful manner, solely for the purposes for which they have been collected, and in accordance with the clear and transparent principles, as well as requirements, for the processing of Personal Data set out in legislation.
3.4. You are not obliged to provide any Personal Data; however, certain services may not be provided in such a case.
4. SCOPE, PURPOSES, AND BASIS FOR PERSONAL DATA PROCESSING
4.1. The Personal Data which is in connection with the services provided on the Website and which is collected when the Customers visit the Company’s Website shall be processed by the Company for the purposes and on the grounds specified in this Chapter.
4.2. The Personal data provided by the Customer, the processing of which is based on advance and final payment collection and transfer services, and the purpose of which is to verify the identity of the Data Subject, as well as to provide the Customer with the services offered by the Company, shall be the following:
184.108.40.206. Name, surname, personal code, date of birth, telephone number, e-mail address, IP address of the Data Subject who is a natural person, as well as the full address of the accommodation services provided by the Customer;
220.127.116.11. Position, name, surname, e-mail address, the basis of representation of the Data Subject who is the representative of the legal person. The full address of the services provided by the Customer as long as these services are used.
4.3. The Personal Data mentioned above shall be processed as long as the services are provided; thereafter, the data shall be stored for 10 (ten) years in order to express, enforce or defend the legal requirements of the Company and in the performance of the Company’s obligation to archive documents as provided for in legal acts.
4.4. The Website also collects the name, telephone number, and e-mail address, when a potential customer of the Company applies to the Company by filling in the registration form on the website, the goals are to provide preliminary consultation according to the submitted request and to offer services provided by the Company. Personal Data shall be processed as long as the services advertised on the Website are provided; thereafter, the data shall be stored for 10 (ten) years in order to express, enforce or defend the legal requirements of the Company and in the performance of the Company’s obligation to archive documents as provided for in legal acts.
4.5. The Website also collects the following data of the Website visitors: IP address, time of login to visitor accounts, Website browsing history and date. Data are collected for statistical purposes. Website visitor statistics are analysed using Google Analytics. The information about your Website browsing history collected by cookies of Google Analytics will be transmitted and stored on Google.org servers. The information collected by cookies allows us to ensure more convenient navigation on the Website, provide suggestions and learn more about the behaviour of our Website visitors, as well as to analyse trends and improve both the Website and the services provided. If you do not consent to the storage of cookies on your computer or another terminal device, you may change your Internet browser settings and disable all cookies or enable/disable them one by one. However, please note that in some cases, this may slow down the speed of your internet browsing, restrict the operation of certain features of the Website or block access to the Website. More information is available at AllAboutCookies.org or www.google.com/privacy_ads.html.
4.7. For the purposes of direct marketing, we shall process Personal Data on the basis of your consent. The Company handles the following data for the purposes of direct marketing: Name, surname, address, e-mail address, telephone number. The Data shall be processed for 5 (five) years from the receipt of the Data Subject’s consent or until you revoke the given consent regarding the data processing. If you revoke the consent for data processing for the purpose (s) discussed in this clause only the fact of giving the consent of the Data Subject shall be stored for 10 (ten) years from the expiry of the consent period or revocation of the consent in order to express, enforce or defend the legal requirements of the Company. You shall have the right to withdraw the consent for newsletters sent by the Company at any time; moreover, you shall have the right to object to the processing of Personal Data for direct marketing purposes without giving reasons. You may revoke the consent already given regarding the processing of Personal Data for the purpose of direct marketing by clearly and unambiguously expressing your will in writing to an employee of the Company. You may exercise your right to object to the processing of personal data for the purpose of direct marketing by contacting the Company via the e-mail address provided on the Website.
4.9. Other purposes. The Company may process the Personal Data of the Data Subject for other purposes in compliance with the requirements and procedure of the Regulation and the Law on the Legal Protection of Personal Data of the Republic of Lithuania.
5. PROVISION OF PROCESSED DATA TO OTHER ENTITIES. DATA CONTROLLERS AND PROCESSORS
5.1. The Company does not provide the processed Personal Data to third parties without the prior consent of the person (Data Subject), except in cases established by legal acts.
5.2. Data recipients and groups of recipients: state institutions and bodies, law enforcement institutions; auditors, legal and financial advisers; third parties maintaining registers.
5.3. Your Personal Data may be processed by Data Processors providing accounting, Website hosting, data centre and/or server rental, IT maintenance, external audit and other services to the Company
5.4. Data Processors shall have the right to process Personal Data only in accordance with the Company’s instructions and only to the extent necessary to properly perform the obligations set forth in the Agreement. By using Data Processors, we seek to ensure that Data Processors have implemented appropriate organizational and technical security measures and maintain the confidentiality of Personal Data.
5.5. Your Personal Data may be provided to third parties in the following ways: in writing, by electronic means, by connecting to databases or information systems storing individual data or by any other means agreed with the Data Controllers.
6. SECURITY OF PERSONAL DATA
6.1. The Company, through its internal organizational and technical measures, makes all reasonable efforts to ensure that Personal Data shall be protected from any unlawful acts. All Personal Data and other information provided by the Data Subject shall be treated as confidential. Only those Employees of the Company and the Processors of the Company’s data who have it necessary for the performance of work functions or the provision of services shall have access to the Personal Data.
6.2. To register on the Website, you must provide your e-mail address, telephone number, and your own password. An account is created for you during registration. In the account you shall enter your data - name, surname/name of the legal entity, date of birth/personal code/legal entity code, telephone number, e-mail address; therefore, you are solely responsible for the accuracy of this Personal Data. You may adjust or supplement the Personal Data at any time. You can contact the Company at email@example.com to cancel your account.
7. RIGHTS OF DATA SUBJECTS
7.1. Each Data Subject shall have the following rights:
7.1.1. to have access at any time to the Personal Data provided by him/her to the Company;
7.1.2. upon the provision of the request in writing, to receive information from which sources and what Personal Data have been collected, for what purpose they are processed, to whom they are provided;
7.1.3. upon the provision of the request in writing, require via e-mail the correction of incorrect, incomplete, inaccurate Personal Data and/or suspend the processing of such Personal Data;
7.1.4. to not give consent to the processing of his or her Personal Data, unless such Personal Data are processed in the legitimate interest of the Data Controller or a third party to whom the Personal Data are provided, and unless the interests of the Data Subject are overriding;
7.1.5. to require that the Personal Data provided shall be destroyed;
7.1.6. to require that the processing of Personal Data shall be restricted;
7.1.7. to require that Personal Data provided by him/her, if they are processed on the basis of his/her consent or contract, and if they are processed by automated means, shall be transferred by the Data Controller to another Data Controller, if technically possible (data portability);
7.1.8. the right to object to the use of automated data processing only;
7.1.9. the right to object to the processing of Personal Data for direct marketing purposes;
7.1.10. the right to withdraw consents given for the processing of data;
7.1.11. the right to submit a complaint to the State Data Protection Inspectorate regarding the processing of Personal Data.
7.2. The Data Subject has the right to apply for the exercise of the Data Subject’s Rights orally or in writing by submitting the request in person, by post or by electronic means. If the exercise of the Data Subject’s rights is requested in writing by submitting a request by post, then a copy of the identity document certified by a notary or in accordance with the other procedure established by legal acts must be submitted together with the request. If the personal data of the Data Subject, such as name or surname, have changed, copies of the documents confirming the change of aforementioned data shall be submitted therewith; if they are sent by post, then they must be certified by a notary or in accordance with the other procedure established by legal acts. When submitting an application by electronic means, the application must be signed by a qualified electronic signature or be made by electronic means which ensure the integrity and irreversibility of the text.
7.3. The request for the exercise of the Data Subject’s rights must be legible, signed by the person, and must indicate the name, surname, address and/or other contact details of the Data Subject for contacting or requesting a response on the exercise of the Data Subject’s rights.
7.4. The Data Subject may exercise his/her rights himself/herself or through a representative. The personal representative must indicate in the request his/her name, address and/or other contact details with which the personal representative wishes to receive a reply, as well as the name, surname and other data of the represented person which are necessary for the proper identification of the Data Subject; moreover, the personal representative shall provide a document confirming the representation or a copy thereof. In case of doubt as to the identity of the Data Subject, the Company shall request additional information necessary to verify it.
7.5. Upon receipt of the request, we shall provide a response no later than within 30 calendar days from the date of receipt of the request.
7.6. The Company, acting as the Data Controller, shall have the right to reasonably refuse to exercise the rights of the Data Subject on the grounds set out in the Regulation.
7.7. Information on the processing of Personal Data is provided, the legality and integrity of the Data Processing is checked, the Data Processing operations are terminated, the data is destroyed free of charge.
7.8. You may submit a request by e-mail firstname.lastname@example.org .
8. DATA PROTECTION OFFICER
8.1. The company has a designated Data Protection Officer.
8.2. If you would like to find out how the Company handles your personal data, or if you intend to exercise your rights as a Data Subject, please contact the Company’s designated Data Protection Officer by e-mail: email@example.com .
9. FINAL PROVISIONS