1. General information
Details of the data controller:
Venipak Lietuva, UAB
S. Žukausko g. 49, LT-09131 Vilnius
Company code: 300906055
Tel.: 8 700 55221
Email: [email protected]
All data We process in the framework of our operations is collected in accordance with the requirements laid down in laws of the European Union and the Republic of Lithuania and in line with the instructions of the controlling bodies. All reasonable technical and administrative measures are applied to protect the collected personal data from loss, unauthorised use and modification.
Persons under the age of 16 cannot submit any personal data through our Website. If you are under the age of 16, you must obtain the consent of your parent or other legal guardian before submitting your personal information.
2. What information about you do we collect and how do we use it?
|For what purpose do we collect personal data?||What exactly is the data we collect/process?||Which GDPR clause do we rely on to process your personal data?||How long do we keep this data?|
|2.1. Parcel collection and delivery||Name and surname of the sender and recipient of the parcel, address of the place of delivery, telephone number, email address and other information provided to us by the sender, and signature of the recipient of the parcel (to be provided at the time of collection).
Data generated by us: parcel number, delivery proof, GPS data of the place where the parcel was picked up and delivered, a photo of the parcel left for collection ( a photo of the place where the courier left the parcel, e.g. the entrance door)
|In the case of a sender: (1) the performance and conclusion of a contract (Article 6(1)(b) of the GDPR); and (2) the fulfilment of a legal obligation pursuant to Article 6(1)(c) of the GDPR (Article 10(2) of the Postal Law of the Republic of Lithuania)
In the case of the parcel recipient
(1) the fulfilment of a legal obligation under Article 6(1)(c) of the GDPR (Article 10(2) of the Postal Law of the Republic of Lithuania); and (2) our legitimate interest in the service of the parcel on the right recipient (identification) under Article 6(1)(f) of the GDPR)
|Electronic data files, information systems and database records are kept for a period of four years from the date of receipt.
Documents relating to the collection of consignments (waybills and related documents) are kept for 18 months.
Consignment delivery documents (electronic and paper) are kept for four years.
|2.2. Contracting and performance of contracts||With regard to natural persons who sign a contract: name, surname, personal identification number, address, individual activity certificate or business licence, account details, telephone number, email address, signature and the contract being concluded.
With regard to representatives of legal entities on behalf of which a contract is signed (e.g. company employees): name, surname, job title, telephone number, email address, signature and the contract being concluded.
|The performance of a contract and its conclusion (Article 6(1)(b) of the GDPR)
The fulfilment of a legal obligation to keep proper accounting records in accordance with Article 6(1)(c) of the GDPR (Accounting Law of the Republic of Lithuania, Value Added Tax Law of the Republic of Lithuania)
Our legitimate interest in concluding, performing a contract with the other party to the contract through its representative (for the purpose of concluding, performing, contacting, identifying, signing documents, etc.) (Article 6(1)(f) GDPR)
|10 years from the date of termination of the contract, unless there is a need to keep the data for a longer period, e.g. to defend legal claims|
|2.3. Customs administration||Name, surname, phone number, email address, parcel number, messages sent, contents and value of goods.||The fulfilment of a legal obligation under Article 6(1)(c) of the GDPR (Customs Law of the Republic of Lithuania)||Six months in the active database. After this period, We will transfer the data to the archive for five years.|
|2.4. Making payments and bookkeeping||Data contained in accounting records: name, surname, personal identification number, contact details, bank account number, payment details, services rendered and other information as required by accounting rules.||The fulfilment of a legal obligation to keep proper accounting records in accordance with Article 6(1)(c) of the GDPR (Accounting Law of the Republic of Lithuania, Value Added Tax Law of the Republic of Lithuania)||Ten (10) years, except where there is a need to keep the data for a longer period, for example to defend legal claims.|
|2.5. Direct marketing (informing you about our services and conducting surveys to assess the quality of our services)||Name, surname, email address, phone number, parcel number,||We inform you about our services: (1) if you have used our services, We process your data on the basis of Article 81(2) of the Law on Electronic Communications of the Republic of Lithuania; (2) if you have not used our services (you have not been our customer), We process your data on the basis of the consent that you have given us (Article 81(1) of the Law on Electronic Communications of the Republic of Lithuania and Article 6 (1) (a) of the GDPR).
We carry out surveys on the basis of our legitimate interest to improve the quality of our services in accordance with Article 6(1)(f) of the GDPR.
|Data of contractual customers is processed as long as contract is in force.
If We have your consent for direct marketing, We will process your data for five years from the date of receipt of your consent.
Data used for the purpose of conducting surveys will be processed for a period of three months from the date the service is provided.
|2.6. Managing our social media accounts||Name, surname, account name, gender, contact information (if you provide it to us), country, photo, comments on our posts, shares of our posts, reactions to our posts, reviews and ratings left, information about when you started following or liking our social networking account, messages sent to us with attachments, history of your communications with us (the content of the communications and the timing of when they were received/submitted)||Your consent (Article 6(1)(a) of the GDPR.)||Five years|
|2.7. Debt management||If you are late in fulfilling your contractual obligations to our Company, the following data of the manager or shareholder of a natural or legal person shall be processed: name, surname, personal identification number, address, date of birth, email address, telephone number, payment account number, payment account statements, credit history, and any other data, insofar as it relates to the circumstances under which the debt arose or to the management of the resulting arrears.
Some of these data are obtained from credit, financial, payment and/or electronic money institutions, state or non-state registers, and companies maintaining joint debtor data files (Creditinfo Lietuva UAB in Lithuania and others).
The Company has the right to provide the information it holds about your identity, contact details and credit history, i.e. financial and property obligations and their fulfilment, debts and their payment, to companies managing databases of debtors (e.g. Lithuania Credit Bureau, UAB Creditinfo Lietuva), as well as to debt collection companies.
|Our legitimate interest to receive timely payment for the services we provide in accordance with Article 6(1)(f) of the GDPR||One year after the payment of debt or after the date of debt recovery|
|2.8. Handling inquiries, complaints and requests (internal administration)||Name, surname, contact details and any other information or documents you provide to us||Our legitimate interest in the proper and expeditious handling of complaints, requests and enquiries received in accordance with Article 6(1)(f) GDPR||Data is stored for four years following the handling of an issue. Personal data may be retained for a longer period of time if this is necessary to enable the Company to defend itself against claims, demands or actions brought against it.|
|2.9. Call recording with the purpose to ensure the quality of telephone services and information, the protection of the rights and legitimate interests of employees and stakeholders, the protection of their rights and legitimate interests, the collection of evidence, and the handling of complaints||Audio data (a recording of the phone conversation), the name of the customer service agent, the telephone number of the caller, the date of the conversation and the start and end time are collected||Your actual consent (when you decide to continue the conversation) (Article 6(1)(a) GDPR).
If you do not wish to have your conversation recorded, please contact us at [email protected] or visit us directly at our offices.
|No longer than six months, except where there is a need to keep the data for a longer period, for example, to defend legal claims.|
|2.10. Ensuring the security of parcels stored in post offices and the Company’s assets (video surveillance)||Video data (video recording), date and time of collection||Our legitimate interest in ensuring the security of parcels stored in post offices and the security of the Company’s assets (Article 6(1)(f) GDPR)||No longer than 30 calendar days, unless there is reason to believe that: (1) the video is a recording of an administrative offence, a criminal offence or any other violation of the law, or a violation of labour discipline and/or professional ethics; (2) the video data is necessary for pre-trial or judicial proceedings; or (3) a request for access to the video data has been received prior to the expiration of the data retention period.
In such cases, the image data shall be kept for as long as necessary for those purposes and shall be destroyed as soon as they are no longer required
3. To whom do we disclose your personal data within and outside the eea?
We only transfer your personal data to trusted third parties and only for the purpose of properly fulfilling the purposes of processing your personal data. Specifically, your data may be transferred to:
Within the EEA to:
- other companies in the Venipak Group;
- our partners through whom we carry out shipment transfers;
- companies providing marketing, business management and communication services;
- companies providing telephone call recording services;
- companies providing customer service and customer administration services;
- Creditinfo Lietuva, UAB (provision of debt management services);
- debt collection companies to which claims to debt are assigned;
- IT infrastructure maintenance and service companies;
- companies providing server rental and server maintenance services;
- companies providing electronic communications services;
- companies providing website administration services;
- companies providing accounting, auditing, legal and other services;
- state bodies and institutions, law enforcement authorities, other persons carrying out the functions entrusted to them by law, in accordance with the procedure provided for by the legislation of the Republic of Lithuania.
Outside the EEA:
- Facebook, Inc. (JUSA). Facebook no longer relies on the data transfer scheme Privacy Shield to transfer data to the US, but is participating in the programme. For transfers of personal data outside the EEA, Facebook uses Standard Contractual Clauses (SCC) approved by the European Commission.
- LinkedIn Corporation (USA). LinkedIn no longer relies on the data transfer scheme Privacy Shield to transfer data to the US, but is participating in the programme. For transfers of personal data outside the EEA LinkedIn uses Standard Contractual Clauses (SCC) approved by the European Commission.
For all these service providers, we will only provide them with as much of your personal information as is necessary for the performance of the specific service.
4. What do we do to protect your data?
Your Personal Data is processed responsibly and securely and is protected against loss, unauthorised use and alteration. We have put in place physical and technical measures to protect all information that we collect for the purposes of providing our services against accidental or unlawful destruction, damage, alteration, loss, disclosure or any other unauthorised processing. Personal data security measures are determined taking into account the risks involved in processing personal data.
5. Your rights
Each data subject, i.e. each of you whose data is processed in our activities, has the following rights to:
- know (be informed) about the processing of your personal data (Articles 12-14 of the GDPR);
- have access to your personal data processed (Article 15 of the GDPR);
- request the rectification of inaccurate personal data relating to you (Article 16 of the GDPR);
- request the erasure of personal data relating to you (“right to be forgotten”) (Article 17 of the GDPR).
Please note! You only have the right to be forgotten if one of the following reasons applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you withdraw your consent to the processing of the personal data on which the processing is based and there is no other basis for processing the data;
- you do not consent to processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for processing.
- Restrict processing (Article 18 GDPR):
Please note! You only have the right to restrict the processing of your data if:
- your personal data is inaccurate;
- the processing of personal data is unlawful but you do not consent to the erasure of the data;
- the data controller no longer needs the personal data for its own purpose but you need it to assert, exercise or defend legal claims against you;
- you object to the data processing in accordance with Article 21(1) of the GDPR, provided that the data controller’s legitimate reasons do not override your reasons.
- Transfer of your personal data where the processing is based on consent or contract and the processing is carried out by automated means (Article 20 of the GDPR);
- Object to the processing of personal data on grounds relating to your particular case where the processing is carried out for the legitimate interests of the data controller or of a third party, unless the data controller demonstrates that the processing is carried out for compelling legitimate grounds which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (Article 21 of the GDPR).
If you believe that Venipak Lietuva, UAB is unlawfully processing your personal data or is not exercising your rights, you have the right to file a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, 10312 Vilnius, tel. (8 5) 271 2804, 279 1445, email [email protected]).
If you no longer wish to have your personal data processed for direct marketing purposes or have any other request or instruction related to the processing of your personal data, please contact us by email at [email protected] or phone at 8 700 55221.
Upon receipt of your request or instruction, we will provide you with a response within no later than 1 (one) month from the date of the request and will carry out the actions specified in the request or inform you why we refuse to do so. If necessary, the time limit may be extended by a further two months depending on the complexity and number of requests. In this case, we will inform you of the extension and the reasons for it within one month of receipt of the request.
6. Third party products on our websites and cookies
This Website may contain third party banners and links to their websites and services. Please note that we are not responsible for the content of these websites or the data security measures used by them. Therefore, if you click on a link from Our Website to other websites, you should consult their privacy policies separately.
Should you have any questions regarding the protection of your personal data, please contact us in any way that suits you best:
By post or in person at our registered office at: Venipak Lietuva, UAB, S. Žukausko g. 49, LT-09131 Vilnius
By phone: 8 700 55221
By email: [email protected]