1. General Provisions

1.1. This Privacy Policy (the ‘Policy’) governs the principles and procedures for the processing of personal data carried out by Danbalt International UAB, registration number 110474962, registered office address: Business Centre PENTA, Ozo g. 12A-1, LT-08200, Vilnius, Lithuania (here in after referred to as the ‘Company’, ‘we’, ‘us’, ‘our’, etc.), as well as the terms and conditions for the operation of the jointly-controlled website https://danija.ee/ (the ‘Website’).

1.2. We aim to ensure that our service users, Website visitors and others whose personal data we process have complete confidence in our services and are given transparent information about how we process their data. In this Policy you will find information about the way we collect and use (or wish to collect and use) your personal data.

1.3. In our operations, we are guided by the following data processing principles:

1.3.1. Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘principle of lawfulness, fairness, transparency’);

1.3.2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation principle’);

1.3.3. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation principle’);

1.3.4. Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy principle’);

1.3.5. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject (‘storage limitation principle’);

1.3.6. Personal data shall be processed in a manner that ensures appropriate security and confidentiality of the personal data, including protection against unauthorised or unlawful access to or use of personal data and the equipment used for the processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality principle’);

1.3.7. We are responsible for, and must be able to demonstrate, our compliance with all of the above principles (‘accountability principle’).

1.4. This Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR), the Law on the Legal Protection of Personal Data of the Republic of Lithuania (the ‘LPPD’), and other legal acts of the European Union and the Republic of Lithuania. Definitions used in the Policy shall be interpreted as defined in the GDPR and the LPPD.

2. Personal Data Collection, Processing and Storage

2.1. It is imperative that you read the Policy carefully, as this Policy will be directly applicable to the collection, processing and, where specified in the Policy, transfer of your personal data to data recipients when you visit the Website and use our services.

2.2. If you do not agree with the Policy and personal data processing described herein, please do not visit the Website and/or use our services.

2.3. It is your responsibility to ensure that the data you submit is accurate, correct and complete. Deliberate submission of incorrect data is considered a breach of the Policy. You must notify us of any changes to the data provided. We are under no circumstances liable for any damage caused to you and/or third parties as a result of you submitting incorrect and/or incomplete personal data, or failing to update and/or amend the data when it changes.

2.4. The entities to whom we may disclose your personal data are detailed under each data processing activity.

2.5. We may disclose your information to entities other than those specified in the following limited instances:

2.5.1. To comply with the law or in response to a mandatory request by a court (e.g. following a court order to disclose data);

2.5.2. To confirm the legality of our actions;

2.5.3. To protect our rights, property or security;

2.5.4. In other cases, with your consent or at your lawful request.

3. Personal Data Processing for Recruitment Processes

3.1. In the event that you decide to apply to Danbalt International for a work opportunity and submit your data via the Website, Danbalt International, as the data controller, will process the following personal data provided by you as a job candidate:

3.1.1. Name;

3.1.2. Surname;

3.1.3. Telephone number;

3.1.4. Email address;

3.1.5. Preferred job location/city;

3.1.6. Education;

3.1.7. Current employer;

3.1.8. Preferred working hours;

3.1.9. Work experience;

3.1.10. Other voluntary information contained in your CV and/or other documents submitted.

3.2. The legal basis for personal data processing is Article 6(1)(b) of the GDPR – processing is necessary in order to take steps at your request as a job candidate prior to entering into a contract.

3.3. To the extent that the legislation of the Republic of Lithuania imposes additional restrictions on what information about candidates may be processed, Danbalt International shall ensure that we only process authorised personal data about you as a candidate.

4. E-commerce Operations

4.1. We process the following personal data about you so you can shop in the online store on the Website and use our services:

4.1.1. Name;

4.1.2. Surname;

4.1.3. Telephone number;

4.1.4. Email address;

4.1.5. Home address (if courier delivery is selected);

4.1.6. If necessary, the recipient may include additional information required for delivery (e.g. building door code).

4.2. For e-commerce purposes, we also process the personal data of persons who create an account on the Website. Personal data processed for this purpose include:

 4.2.1. Name;

 4.2.2. Surname;

 4.2.3. Email address;

 4.2.4. Password;

 4.2.5. Address;

 4.2.6. Mobile number;

 4.2.7. Order history;

 4.2.8. Return history.

4.3. The legal basis for personal data processing for the purpose of e-commerce is Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract concluded with you when you purchase Goods.

4.4. Danbalt International engages third-party payment collection and parcel delivery service providers (third parties) to collect payments for and deliver the Goods.

5. Loyalty Programme and Related Direct Marketing

5.1. Danbalt International offers what can be described as ‘direct marketing’ to loyalty programme members (DANIJA Customer Card holders by way of email newsletters, invitations to events, and information about promotions and discounts via email and text messages. If you are a participant in the Danbalt International loyalty programme, the following personal data about you may be collected for the loyalty programme and related direct marketing on the basis of your consent:

5.1.1. Name;

5.1.2. Surname;

5.1.3. Email address;

5.1.4. Telephone number;

5.1.5. City/town;

5.1.6. Date of birth;

5.1.7. Information on the types of goods purchased and the amounts spent.

5.2. Danbalt International uses this personal data for direct marketing purposes.

5.3. The legal basis for the processing of personal data is Article 6(1)(a) of the GDPR – your consent as a participant in the loyalty programme.

5.4. You have the right to withdraw your consent to email and/or text message communications at any time, without prejudice to the lawfulness of the data processing based on your consent prior to the withdrawal, although we would no longer be able to provide you with special offers and other information related to the loyalty programme.

6. Call Recording

6.1. In an effort to improve the quality of telephone customer service, the Company has introduced a call recording service, i.e. the telephone calls made by individuals to the Company are now recorded and stored.

6.2. The service includes recording the call and storing its content and identifiers such as the date, time and duration of the call, as well as the phone number associated with the call, for 180 calendar days.

6.3. The call recording service is provided by Baltnetos Komunikacijos UAB (the ‘Provider’) under a service contract, which includes confidentiality obligations and a signed personal data processing agreement in line with the requirements of the General Data Protection Regulation (GDPR).

6.4. The personal data is obtained directly from the data subject – the caller. The customer is identified by their order number. The following additional personal data may be collected during the call:

6.4.1. Name;

6.4.2. Surname;

6.4.3. Telephone number;

6.4.4. Email address;

6.4.5.  Address;

6.4.6. Name and job title of the employee (if applicable).

This personal data is collected for legitimate business interests and for the purpose of solving a problem and/or answering a customer’s query.

6.5. All callers will be advised that the Company is recording calls with the following message: ‘Hello, you have reached the Customer Service Centre. To improve our service quality, your call will be recorded. Please hold if you are happy continue.’

7. Personal Data Retention Procedures and Periods

7.1. We use organisational and technical measures to ensure the protection of your personal data against accidental or unlawful destruction, alteration, disclosure or any other unauthorised processing when processing and storing your personal data.

7.2. We set different personal data retention periods depending on the purpose for which your personal data is processed.

7.3. We apply the following personal data retention periods:

 

No

Purpose of personal data processing

Retention period

1.1.

Selection of job candidates

1 year after receipt of the data, subject to the candidate’s consent or at the candidate’s request. Otherwise, until the end of the selection process.

1.2.

E-commerce operations

Personal data of registered users of Danbalt International is retained for 3 years after the last visit to the Website. The data of other customers is stored for 3 years from the last purchase of goods.

1.3.

Loyalty programme and related direct marketing

Until the end of the loyalty programme.

1.4.

Returns requests

10 years, together with the store’s archived documents.

1.5.

Call recordings

Up to 180 days.

1.6.

Raffles and other games

3 years.

 

7.4. Exceptions to the above retention periods may be made to the extent that they do not prejudice your rights as a data subject, comply with legal requirements and are adequately documented.

7.5. In the event that some of your personal data is necessary to assert, exercise or defend legal claims, we will retain the data for the period necessary to achieve such purposes through judicial, administrative or extrajudicial proceedings.

8. Your Rights

8.1. You have the right, at any time and at your request, to have access to your personal data processed by us and to know how it is processed, to request the rectification of incorrect, incomplete or inaccurate personal data, to request the suspension of the processing of your personal data, except for retention, if it is processed in breach of the legal requirements, and/or to request the deletion of your personal data, i.e. the ‘right to be forgotten’.

8.2. To the extent that the personal data is processed on the basis of consent, you have the right to withdraw your consent at any time without prejudice to the lawfulness of the consent-based processing prior to the withdrawal of your consent.

8.3. You may exercise your rights by sending a written request to Danbalt International at info@danija.ee or by post to Business Centre PENTA, Ozo g. 12A, LT-08200, Vilnius, Lithuania, or by visiting us directly at the address above.

8.4. When submitting your request, you are required to prove your identity in the following ways: 1) if the request is handed in directly when you visit Danbalt International, you must provide an identity document or a copy thereof certified in accordance with the procedure of the Lithuanian legislation;  2) if the request is made by post or email, you must provide details that identify you; 3) if the request is submitted through a representative, you must produce a copy of your identity document, certified in accordance with the procedure of the Lithuanian legislation, together with a representation certificate (or a copy of a power of attorney certified in accordance with the procedure of the Lithuanian legislation).

8.5. On receipt of your written request, Danbalt International shall provide the requested information in writing (including by electronic means) or give reasons for refusing to comply with your request within 30 calendar days of receiving your request.

9. Contact Details and Complaint Procedure

9.1. If you have any questions about personal data protection, please contact us at info@danija.ee.

9.2. If you are not satisfied with our reply or if you believe that we are processing your data in breach of legal requirements, you have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania in its capacity as supervisory authority.

10. Cookie Information

10.1. When you visit the Website, it is our intention to deliver content and functionality that meet your needs. To do this, we use cookies. Cookies are small text files that are stored on your browser or device (such as a personal computer, mobile phone or tablet).

10.2. We use cookies to ensure a better experience for visitors to the Website and to improve the Website itself.

10.3. The cookies used on our Website may be grouped into the following types:

10.3.1. Strictly necessary cookies are used to ensure that the Website can perform its basic functions. These cookies allow you to navigate the website and use its features, for example, to access secure areas of a particular page.

10.3.2. Performance (analytical) cookies collect anonymous information about how visitors use the Website. By reporting information about the sections visited, the time spent on the Website and any problems experienced, such as error messages, these cookies help us understand how visitors behave on the Website. This information helps us improve the performance of the Website.

10.3.3. Functional cookies serve to improve your experience on the Website. For example, these cookies may remember information such as your saved products and your username.

10.3.4. Marketing cookies: we use our own and third-party cookies to deliver personalised advertising on our own and other websites. This is referred to as ‘remarketing’ and relies on your browsing patterns, such as the products you have searched for and viewed.

10.4. Please refer to our Cookie Policy for more information about the cookies we use, their storage periods and purposes.

11. Personal Data Processing by Third Parties

11.1. The use of third-party services, such as visiting our social media account on Facebook, may be subject to third-party terms and conditions. For example, Facebook applies its own Data Policy to all its users and visitors. If you use the services of such third parties, we strongly advise that you consult their terms and conditions.

12. Special Category Data Processing

12.1. We do not collect special category data such as political opinions, religious or philosophical beliefs, race or ethnicity, genetic data, biometric data, health data or data relating to sexual orientation.

Please exclude special category data in your communications and contact us using the contact details below if you believe we may hold such information. We reserve the right to delete any information that we believe may contain special category data immediately.

13. Personal Data Processing for Games, Promotions and Competitions

13.1. Processing of personal data in the context of games, promotions and competitions. We process your personal data for the purpose of administering games, promotions and/or competitions organised and run by us or our providers, if you have opted-in to participate in them. We process your personal data to identify and announce the winner and award prizes. If you wish to participate in a game and/or competition, your personal data is required. If you do not submit your personal data, you will not be able to participate in the game and/or competition; and if you win, we will not be able to award you your prize. Your identity will be verified when you claim your prize. Where required by law, we must inform the competent authorities (e.g. the State Tax Inspectorate) of the prize.

13.2. Participation in games is open to all individuals aged 18 years or older.

13.3. If the prize winner does not respond to the email or other communication about the prize within ten (10) working days of the award announcement, or does not exercise their right to the prize within the set terms and conditions, the prize winner shall forfeit the prize.

14. Final Provisions

14.1. The law of the Republic of Lithuania shall apply to all legal relations related to this Policy.

14.2. We shall not be liable for any damages, including damages caused by disruptions in the use of the Website, for loss or corruption of data caused by acts or omissions by you or by third parties acting with your knowledge, including false data entries, other errors, wilful damage, or other misuse of the Website. Similarly, we shall not be liable for any interruptions in access to and/or use of the Website and/or any damage caused by such interruptions and/or damage resulting from the acts or omissions of third parties not affiliated with us, you or other data subjects, including interruptions in power supply, internet access, etc.

14.3. This Policy shall be reviewed and, if necessary, updated at least once every two years. Amendments or changes to the Policy shall become effective from the moment they are published on the Website.

14.4. If you use the Website and our services after Policy updates, we shall assume that you are aware of and have accepted the changes made.

Last update: 28 December 2023