invoice123.com

I. CHAPTER I

GENERAL PROVISIONS

  1. These Marketing Rules of Invoice 123, UAB (hereinafter referred to as the „Company”) (hereinafter referred to as the „Rules”) set out the principles, purposes and data protection requirements of the Company’s marketing and advertising and the processing of personal data in connection therewith and their implementation.
  2. The Rules have been drawn up in accordance with the General Data Protection Regulation (EU 2016/679) (hereinafter referred to as the „GDPR”), the Law on Legal Protection of Personal Data (No. 63-1479 of 3 July 1996) and other legal acts regulating the protection of personal data.
  3. Terms used in the Rules:
    1. Direct marketing means activities designed to offer goods or services to persons by post, telephone or other direct means and/or to seek their opinion on the goods or services offered;
    2. „Advertising” means an activity which increases the awareness of the services provided by the Data Controller by means of visual means (photographs, videos, etc.); hereinafter in the Terms and Conditions, the terms „direct marketing” and „advertising” shall be referred to collectively as „marketing”.
    3. Data Controller – Invoice 123, UAB (company code: 306215564, address: Kauno 9-15, 91156 Klaipėda, Lithuania) – a legal entity which acts as a Personal Data Controller and which alone or jointly with others determines the purposes and means of processing of data;
    4. Personal data means information about an identified or identifiable natural person (data subject) for the purposes of marketing by the Data Controller, including, but not limited to, the person’s name, title, image (photograph), video (footage);
    5. Data Subject – means a natural person from whom the Company receives and processes personal data;
    6. ‘Processing’ means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction;
    7. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
    8. Recipient means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether or not to a third party. However, public authorities which, under Union or Member State law, may receive personal data in the context of a specific investigation shall not be considered as recipients of the data; when processing those data, those public authorities shall comply with the applicable data protection rules that are compatible with the purposes of the processing;
    9. ‘Third party’ means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor, or persons authorised to process personal data under the direct authority of the controller or processor;
    10. 10.Consent of the data subject means any freely given, specific and unambiguous indication of the data subject’s wishes, given by a duly informed person, by means of a statement or an unambiguous action, by which he or she consents to the processing of personal data concerning him or her.

II. CHAPTER II

PRINCIPLES FOR PROCESSING PERSONAL DATA

  1. The Data Controller shall ensure that, in adopting and implementing these Rules, it aims to implement the following fundamental principles relating to the processing of personal data.
    1. The processing of personal data in relation to the Data Subject shall be carried out in a lawful, fair and transparent manner (the principle of lawfulness, fairness and transparency);
    2. Personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes;
    3. Further processing of personal data for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered incompatible with the original purposes (purpose limitation principle);
    4. Personal data are adequate, relevant and only necessary for the purposes for which they are processed (data minimisation principle);
    5. Efforts are made to ensure that personal data are accurate and, where necessary, updated within a reasonable period of time from the date of the change;
    6. All reasonable steps shall be taken to ensure that personal data which are not accurate in relation to the purposes for which they are processed are erased without undue delay or rectified within a reasonable period of time (principle of accuracy);
    7. Personal data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed;
    8. Personal data may be retained for longer periods if the personal data will be processed solely for archiving purposes, in the public interest, for scientific or historical research purposes, or for statistical purposes, subject to the implementation of appropriate technical and organisational measures necessary to safeguard the rights and freedoms of the Data Subject (the retention time limitation principle);
    9. Personal data shall be processed in such a way as to ensure, by means of appropriate technical or organisational measures, adequate security of the personal data, including protection against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage (integrity and confidentiality), taking into account the generic nature of the personal data processed by the Data Controller;
    10. 10.The controller is responsible for ensuring compliance with the above principles and must be able to demonstrate compliance with them (accountability principle).

III. CHAPTER III

THE PURPOSES OF THE PROCESSING OF PERSONAL DATA AND THE CATEGORIES OF DATA PROCESSED

  1. The Company processes personal data for the following purposes:
    1. For direct marketing purposes;
    2. To publicise and raise awareness of the company’s activities and services.
  2. The Company processes the following personal data for the purposes set out above:
    1. For the purposes of direct marketing, publicity and awareness-raising of the company’s activities, personal data of customers and third parties:
      1. Email address;
      2. Mobile phone number.

IIV. CHAPTER IV

RECEIPT, STORAGE AND DESTRUCTION OF PERSONAL DATA

  1. The personal data referred to in Clause 6 of these Rules shall be obtained and processed only with the consent of the Data Subject:
    1. The consent of customers and/or third parties to participate in the Company’s marketing is obtained directly from the customer/third party by providing the data subject with personal data on the Company’s website (at https://saskaita123.lt/), informing the customer/third party about the personal data collected, the purposes for which it is used, and about his/her rights as a Data Subject and the exercise of those rights;
  2. Customers and third parties whose consent is the basis for the processing of their personal data for the purpose of carrying out marketing shall be informed that they have the right to withdraw their consent to the processing of their personal data for the purpose of marketing at any time, without prejudice to data lawfully processed on the basis of their consent prior to the withdrawal of consent:
    1. Persons who have consented to receive newsletters by e-mail may withdraw their consent to direct marketing at any time by contacting the Company directly by telephone or e-mail (alina@cpartner.lt).
  3. Personal data processed for the purposes referred to in Clause 5 of these Rules shall be stored in accordance with the General Index of Document Retention Periods approved by the Chief Archivist of Lithuania, but no longer than required for the purposes of personal data processing referred to in Clause 6 of these Rules:
    1. Consents to the processing of personal data – 1 year (after the expiry of the retention period of the personal data for which consent was given);
    2. Contracts for goods, works, services, acceptance certificates for goods, works and services – 10 years (after the end of the contract).
  4. Personal data provided in consents and other documents are stored in the Company’s personal health record file.
  5. Upon expiry of the retention period, the personal data contained in the above-mentioned documents shall be transferred to the archive and stored in accordance with the terms set out in the Index of General Document Retention Periods approved by the Chief Archivist of the Republic of Lithuania on 9 March 2011 (Order No. V-100), and shall be destroyed.
  6. Data destruction is carried out by destroying paper copies of documents using special paper shredders and deleting electronic versions from all applications and systems used by the Company, without any possibility of recovery.

V. CHAPTER V

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

  1. Personal data processed for the purposes of marketing as set out in these Terms and Conditions is/may be transferred to recipients such as:
    1. State bodies and institutions, other persons exercising functions assigned to them by law (e.g. the State Tax Inspectorate, SODRA, law enforcement authorities, bodies supervising the Company);
    2. Legal entities (divisions) within the corporate network;
  2. Authorised data processors – Third parties:
    1. Parties which maintain registers and/or IT systems (where personal data are processed) or which mediate the provision of personal data from such registers;
    2. Companies and/or individuals providing advertising and marketing services;
  3. Other persons related to the Company’s activities, such as archivists, postal service providers, Partners, Suppliers, other authorised parties related to the Company’s marketing process.

VI. CHAPTER VI

RIGHTS OF DATA SUBJECTS AND THEIR IMPLEMENTATION

  1. The data protection legislation provides Data Subjects whose personal data is processed for the purposes set out in these Rules with rights relating to the processing of personal data:
    1. Right of access to personal data processed: the data subject has the right to request confirmation from the Company as to whether his or her personal data are being processed and, in such cases, to request access to the personal data processed. In order to exercise this right, the Data Subject may submit a written request to the Data Protection Officer of the Company at alina@cpartner.lt;
    2. The right to have inaccurate personal data rectified: if the Data Subject considers that information about him or her is incorrect or incomplete, he or she has the right to request its rectification. In order to exercise the above right, the Data Subject may submit a written request to the Company at alina@cpartner.lt;
    3. Right to object to the processing of personal data: the data subject has the right to object to the processing of personal data where the personal data are not processed on the basis of the legitimate interests of the Company. However, notwithstanding the Data Subject’s objection, the Company will continue to process your data where there are valid reasons for continuing to process the data. In order to exercise the above right, the Data Subject may submit a written request to the Company at alina@cpartner.lt;
    4. The right to request the erasure of personal data (right to be forgotten): in certain circumstances, the Data Subject has the right to request that the Company erases your personal data. However, this does not apply if the Company is required by law to keep personal data. In order to exercise the above right, the Data Subject may submit a written request to the Company at alina@cpartner.lt;
    5. The right to restrict the processing of personal data: in certain circumstances, the Data Subject also has the right to restrict the processing of his or her personal data. In order to exercise this right, the Data Subject may submit a written request to the Company at alina@cpartner.lt;
    6. The right to lodge a complaint regarding improper processing of personal data with the State Data Protection Inspectorate directly at L. Sapiegos g. 17, Vilnius or by e-mail ada@ada.lt.
       The Company, upon receipt of a request to cease the processing of optional personal data, shall, within 30 calendar days of the Data Subject’s request, cease the processing of such data, unless it is contrary to the requirements of the legislation, and shall inform the Data Subject thereof in writing.

VI. CHAPTER VI

RIGHTS OF DATA SUBJECTS AND THEIR IMPLEMENTATION

  1. These Terms apply to all data subjects of the Company whose personal data is processed for the purposes of marketing as set out in these Terms.
  2. The Company shall have the right to amend/update these Terms at any time in the event of changes to the marketing process and/or legislation governing the Company’s activities and/or marketing. Data Subjects may access the changes to the Terms and Conditions by visiting the Company and the Company’s website at https://saskaita123.lt/.
  3. These Rules shall enter into force on 12 January 2022.

CONSENT TO THE PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES

  1. Invoice 123, UAB (company code: 306215564, address: Kalvarijų g. 137E, LT-08221 Vilnius) (hereinafter referred to as the „Data Controller”) will process my personal data for the purposes of direct marketing, including the provision of personalized offers.
  2. I confirm that:
    1. I am informed that for the purpose of direct marketing, the Data Controller will process the following personal data about me for a maximum period of 3 (three) years:
      1. Phone number;
      2. Email address.
    2. After the expiry of the term of data processing for direct marketing purposes or if I withdraw my consent, the Data Controller will retain data on the fact of giving this consent for 5 (five) years from the expiry of the term of data processing referred to in this paragraph or the withdrawal of the consent for the purpose of asserting, exercising or defending the legal claims of the Data Controller;
    3. I am informed that my personal data processed for the purpose of direct marketing may be transferred by the Data Controller to data processors who provide direct marketing services to the Data Controller and process the data on behalf of the company;
    4. I am aware that I have the right to object, without giving reasons for objection, to the processing of my personal data for direct marketing purposes, including profiling, insofar as it relates to direct marketing, unless the processing is carried out for the purposes of a legitimate interest pursued by the Data Controller or by a third party to whom the personal data are provided and unless my interests are overridden.
    5. I am aware of my rights as a data subject:
      1. Know (be informed) about the processing of personal data;
      2. To have access at any time to the processing of my personal data and how it is processed;
      3. The right to have personal data rectified, erased or to suspend, with the exception of storage, the processing of personal data;
      4. In the case of processing that does not comply with the provisions of the legislation, to request that the personal data processed, if processed by automated means, be transmitted by the controller to another controller or to me, if this is technically feasible (right to data portability);
      5. If the data controller has violated my rights, I can lodge a complaint about the processing of my personal data with the State Data Protection Inspectorate either directly or by email to ada@ada.lt.
    6. I am aware that I can inform the Data Controller at any time that I do not wish to receive personalised offers and advertising. I can opt out of offers and advertising by contacting the Data Controller by e-mail: alina@cpartner.lt;
    7. I am aware that the Data Controller’s processing of personal data is disclosed by the Data Controller in the Privacy Policy available at https://www.cpartner.lt/.
  3. I am aware and understand that in order to obtain more information about the processing of my personal data, I can contact the Data Controller directly by phone +370 670 27384 or by email info@invoice123.com
  4. This Consent is freely given. I have read and agree to the processing of my personal data for direct marketing purposes.

Marketing rules