Privacy Policy

DATA CONTROLLER

MB "Dinoma", legal entity code 305107621, registration address Neries krant. 14A-7, Kaunas, telephone number +37060826751, email address info@osix.lt  website www.osixnails.lt.

1. TERMS USED

       1.1. Personal data – any information about a natural person which, under personal data protection legislation, is considered personal data.

       1.2. Processing of personal data – any operation or set of operations performed on personal data or on sets of personal data by automated or non-automated means, such as collection, recording, sorting, systematization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure or destruction.

       1.3. Company – MB "Dinoma", legal entity code 305107621, registration address Neries krant. 14A-7, Kaunas.

       1.4. Company client – a natural or legal person who orders or intends to order goods provided by the Company on the Website.

       1.5. Data controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

       1.6. Recipient - a natural or legal person, public authority, agency or another body to which personal data are disclosed, whether a third party or not.

       1.7. Data processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data controller.

       1.8. Data subject – means a natural person (including the Company’s employee) whose personal data are processed or intended to be processed.

       1.9. IP address – a unique number assigned to each computer connected to the Internet, known as an Internet Protocol (IP) address.

       1.10. Account – the result of the Company client’s registration on the Website, as a result of which an account is created that stores their personal data and order history.

       1.11. Service providers – natural or legal persons working under individual activity certificates or under copyright or service contracts who provide services agreed with the Company or supply goods to the Company.

       1.12. Privacy Policy – this document, which sets out the main rules for the collection, accumulation, processing and storage of Personal data when visiting the Website, as well as the rights of Data subjects and the procedure for their implementation applied in the Company.

       1.13. Cookies  – small text elements stored on the device when visiting the Website, which allow the Website to remember information about browsing the Website for some time and to recognize the Website visitor when they visit again. This concept includes not only cookies but also the use of similar measures.

       1.14. Password – a unique combination of letters and numbers created by the Company client and known only to them, entered for the first time when registering on the Website, and later when logging in to the Account.

       1.15. Consent – any freely given, specific and unambiguous indication of the properly informed Data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

       1.16. Website – the Company’s website www.osixnails.lt.

       1.17. Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

       1.18. Direct marketing – activities intended to offer goods or services to persons by mail, telephone or other direct means and/or to inquire about their opinion regarding the offered goods or services.


2. GENERAL PROVISIONS

       2.1. This Privacy Policy provides information on how the Company processes the personal data of Data subjects who have business relations with the Company. Additional information may be provided in the online store purchase–sale rules or in agreements concluded with the Company.

       2.2. Before starting business relations with the Company, we recommend carefully reading this Privacy Policy. You can review the Privacy Policy at any time on the Website.

       2.3. The processing of personal data in the Company is governed by the Regulation, the Law of the Republic of Lithuania on the Legal Protection of Personal Data and other legal acts, as well as the Company’s internal legal acts.


3. ACCOUNT ADMINISTRATION

       3.1. The Company client may perform purchase actions by registering on the Website or without registration. Persons wishing to register on the Website must provide the information specified in clause 5.3 of the Privacy Policy and an invented Password. During registration, an Account is created for the Company client. The Company client enters their data on the Website themselves, therefore only they are responsible for the accuracy of this data. 

       3.2. When ordering goods, the Buyer must indicate in the relevant information fields provided by the Seller the personal data necessary for proper fulfillment of the order: name, surname, telephone number, e-mail address, delivery address. If the goods are purchased by a legal person who needs a VAT invoice, when submitting the order the Buyer must indicate the company name, company code, company address and company VAT payer code.

       3.3. The Buyer, by agreeing that their personal data will be processed for the purpose of selling goods and services in the Seller’s Online Store, also agrees that informational messages necessary for fulfilling the goods order will be sent to the e-mail address and telephone number indicated by them.

       3.4. The Company client undertakes to keep their Website login Password and other login data safe. 

       3.5. The Company client who has an Account, after logging in to the Account, may at any time:

           3.5.1. adjust and/or supplement personal data;

           3.5.2. delete/remove all of their personal data.

       3.6. If the Company client does not log in to the Account for more than 2 (two) years, the Account is deleted.


4. PRINCIPLES OF PERSONAL DATA PROCESSING

       4.1. The scope of processed personal data depends on the goods ordered by the data subject and on what information the data subject provides when ordering goods and/or using services and visiting the Website.

       4.2. Data are processed only when there is a lawful processing criterion – in order to ensure the provision of services published on the Company’s Website; with the Person’s consent; when the Company is obliged to process Personal data by relevant legal acts; when Personal data must be processed due to the legitimate interest of the Company or a third party.

       4.3. The Company seeks to ensure that Personal data are processed accurately, fairly and lawfully, that they are processed only for the purposes for which they are collected, in compliance with clear and transparent personal data processing principles and requirements established in legal acts.

       4.4. When processing Personal data, the Company ensures each person’s right to privacy, strictly complies with the requirements of the Regulation, the Law of the Republic of Lithuania on the Legal Protection of Personal Data and other legal acts, as well as these principles: lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; accountability.

       4.5. Data subjects are not required to provide the Company with any personal data, however it may be that in such a case it will be partially or completely impossible to establish business relations with the Company.


5. SCOPE, PURPOSES, BASIS OF PERSONAL DATA PROCESSING

       5.1. Data are processed only when there is a lawful processing criterion. The Company processes personal data for the purposes of selling the Company’s goods  (including, but not limited to, cosmetic nail products, manicure tools and art supplies), administering inquiries, statistics, increasing awareness, direct marketing (sending newsletters) and other purposes specified in this Privacy Policy and the Company’s internal legal acts.

       5.2. Personal data in the Company are stored no longer than required by the purposes of data processing, Data subjects and/or legal acts. Typically (unless otherwise specified) personal data are processed in the Company for 10 (ten) years from receipt of personal data. Specific terms for processing Personal data, including storage, are or may be specified in the Privacy Policy and/or the Company’s internal legal acts. 

       5.3. The personal data of the Company’s clients are processed for the purposes of concluding and performing the purchase–sale agreement (including communication with the client), the basis for processing personal data is performance of the concluded agreement. For this purpose, the Company collects the following personal data of clients: the Data subject’s name, surname, telephone number, e-mail address, residential address, if the client is a legal person: the representative’s name, surname, position, basis of representation, telephone number, e-mail address and other information provided to the Company by the client in order to receive services. Data are processed until the agreement concluded with the client ends by proper performance; thereafter the data are stored for 10 (ten) years in order to assert, exercise or defend the Company’s legal claims and for the Company to fulfill the obligation provided by legal acts regarding archiving of documents.

       5.4. The Company also processes the personal data of potential clients when they contact the Company, fill in the registration form on the Website, create an Account, contact by e-mail or phone. The personal data of potential clients are processed for the purpose of concluding an agreement, including, but not limited to, the purpose of providing a preliminary consultation and offering the Company’s goods. The basis for processing personal data of potential clients is legitimate interest. The Website collects name, surname, telephone number, e-mail address, as well as other information provided by the potential client in the registration form. When potential clients contact by e-mail or phone, the Company may also process other personal data of potential clients. Data on this basis are processed until the Company client purchases the goods sold by the Company  (after which personal data are processed based on clause 5.3 of the Privacy Policy) or the potential client refuses to conclude an agreement; thereafter the data are stored for 5 (five) years in order to assert, exercise or defend the Company’s legal claims.

       5.5. On the Website, the Company provides information about cookies (personal data intended to be collected using cookies and the purposes of processing the collected personal data, the cookie storage period, information that the user may withdraw their consent for storing cookies at any time when cookies are stored on the basis of the Data subject’s consent). The Company provides an opportunity to consent to the storing of cookies on the Website visitor’s terminal device when functional, tracking, advertising cookies and/or third-party cookies are stored. Necessary cookies are used on the basis of legitimate interest. Cookies are used for the purposes of improving the Website, making marketing campaigns more relevant, Website traffic statistics and monitoring. Information on the use of cookies must be provided and consent must be obtained before using a cookie for the first time, i.e. prior consent to the use of the cookie is required. In the event that consent has been obtained, in the future when reusing the same cookie for the same purpose there is no need to obtain consent again. This also applies with regard to cookies used by third parties. 

       5.6. The Website also collects the data of Website visitors: IP address, Website browsing history and date. Data are collected for statistical purposes. Website visitor statistics are analyzed using Google Analytics. Information collected by Google Analytics cookies about the Website browsing history will be transmitted to and stored on Google.org servers. Information collected by cookies allows ensuring more convenient browsing of the Website, providing offers and learning more about Website visitor behavior, analyzing trends and improving both the Website and the services provided. More detailed information is provided at www.allaboutcookies.org or www.google.com/privacy_ads.html.

       5.7. If the Data subject does not agree that cookies would be stored on their computer or other terminal device, they may change their internet browser settings and disable all cookies or enable/disable them one by one. Please note that in some cases this may slow down browsing speed, limit the functioning of certain Website features or block access to the Website.

       5.8. For the purposes of direct marketing (sending newsletters), the Company processes personal data on the basis of the Data subject’s consent. The Company processes the following data: the Data subject’s name, surname, e-mail address, telephone number. Data are processed from the receipt of the Data subject’s consent for 5 (five) years or until the Data subject withdraws the given consent for data processing. If the Data subject withdraws consent for data processing for the purpose(s) discussed in this clause, only the fact of the Data subject giving consent is stored for 10 (ten) years from the end of the consent term or withdrawal of consent in order to assert, exercise or defend the Company’s legal claims. The Data subject may at any time withdraw the given consent for direct marketing by contacting the Company by e-mail info@osix.lt or by clicking “Unsubscribe” (English: unsubscribe) in the received newsletter.

       5.9. For the purposes of increasing the Company’s awareness, on the basis of legitimate interest, the Company manages accounts in social media tools in which the following personal data are processed: the Data subject’s profile and other information such as the date of viewing the Company’s profile, comments, “Like”, “Follow” and similar clicks. Although the Company has created and manages accounts in social media tools, the information that the Data subject provides through social media tools (including messages, “Like”, “Follow” and similar clicks, and other communication) or that is received when the Data subject visits the Company’s profiles (including information received through cookies used by the social media tool) or when reading the Company’s posts in the social media network is controlled by the social network controller. Usually, the social network controller processes personal data (even those collected when the Company has selected additional account settings) for the purposes set by the social network controller, based on the social network controller’s privacy policy. Social network controllers collect information about what type of content the Data subject sees, what they do in the social network, with which persons they communicate, how often and how long they communicate with them, activity in the social network and other information, including information about the terminal device used. Social network controllers’ privacy policies are published at: https://www.facebook.com/policy.php; https://help.instagram.com/519522125107875. 

       5.10. At the time of goods collection, the identity document of the Company client presented to the Company or the courier service employee for ознакомнаком and the data contained therein are used only for proper identification of identity.

       5.11. When administering the Website and diagnosing possible disruptions, the Company may use the IP addresses of the Company’s clients and other Website visitors.

       5.12. The Company has the right to store personal data on the server as long as necessary according to the specifics of the activity carried out on the Website, if the data provided by the Company client were (i) used in carrying out an unlawful act or (ii) there was a suspicion that identity theft or another violation was committed, due to which an investigation by the relevant law enforcement authorities was or will be carried out, (iii) if the Company has received complaints related to the relevant Company client, or if the Company has noticed violations committed by the relevant Company client, or (iv) for other legitimate purposes to store personal data. These data are destroyed upon receiving lawful instructions from law enforcement or other authorized institutions.

       5.13. The Company may process Your personal data for other purposes as well, in compliance with the requirements of the Regulation, the Law of the Republic of Lithuania on the Legal Protection of Personal Data and internal legal acts.

       5.14. For the purpose of employment and related personnel administration, the Company processes the following Personal data provided by the Data subject: curriculum vitae (CV), motivation letter, name, surname, telephone number, e-mail address, residential address, documents provided to the Company. Your Personal data provided to the Company when applying for a specific position announced by the Company are processed on the basis of concluding an employment contract with You. If by submitting the questionnaire You apply for a specific position but a job offer is not made to You, or You did not indicate that You apply for a specific position, the Company, upon receiving Your consent, will store and process Your Personal data for future employee selections for a period not longer than 1 (one) year. Candidates are informed about the personal data storage period and the possibilities to express consent by e-mail when responding to the candidate’s letter with the sent Personal data. Throughout the entire data storage period, the Company may evaluate Your candidacy and offer You job positions in the Company. You have the right at any time to withdraw the given consent for processing Personal data for the purpose specified in this section of the Privacy Policy by clearly and unambiguously expressing Your will in writing to a Company employee, contacting the Company using the contacts specified on the Website. The Company may obtain candidates’ data directly from Data subjects or by using websites https://www.cvbankas.lt/ , https://www.cvonline.lt/   or other internet portals chosen by the Company where employee search is carried out and job advertisements are published.


6. DISCLOSURE OF PROCESSED DATA TO OTHER ENTITIES. DATA CONTROLLERS AND PROCESSORS

       6.1. The Company does not provide processed Personal data to third parties without the prior consent of the Data subject, except in cases established by law. Personal data may be provided under a personal data provision agreement concluded between the Personal data controller and the recipient (in the case of repeated provision) or upon the recipient’s request (in the case of one-time provision). The agreement specifies the purpose of use of Personal data, the legal basis for provision and receipt, the conditions, procedure and scope of Personal data provided. The request specifies the purpose of use of Personal data, the legal basis for provision and receipt and the scope of the Personal data requested to be provided.

       6.2. Both personal data received from the Data subject and personal data collected by the Company may be transferred by the Company to competent state institutions if this is related to their conducted investigation/inspection or a certain performed function and legal acts provide for the Company’s obligation to provide such information to them.

       6.3. Personal data may be processed by data processors providing the Company with accounting, server rental, mail, parcel courier and other services, as well as suppliers of goods.

       6.4. Data processors have the right to process Personal data only according to the Company’s instructions and only to the extent necessary to properly fulfill the obligations established in the agreement. By engaging data processors, the Company seeks to ensure that data processors have implemented appropriate organizational and technical security measures and maintain the confidentiality of personal data.

       6.5. Personal data may be provided to third parties in the following ways: in writing, by electronic communications means or in another way agreed with personal data controllers.


7. PERSONAL DATA SECURITY

       7.1. The Company processes personal data in accordance with the basic personal data processing principles established in the Regulation, including the principles of lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; accountability.

       7.2. By means of its internal organizational and technical measures, the Company makes all reasonable efforts to ensure that Personal data are protected from any unlawful actions. All Personal data and other information provided by the Data subject are considered confidential. Access to Personal data is granted only to those Company employees and the Company’s data processors for whom it is necessary to perform job functions or provide services.


8. RIGHTS OF DATA SUBJECTS

       8.1. Each Data subject has the following rights:

           8.1.1. to access at any time the personal data provided by them;

           8.1.2. to receive information about from which sources and what personal data of theirs were collected, for what purpose they are processed, to whom they are provided;

           8.1.3. to require correction of incorrect, incomplete, inaccurate personal data and/or suspension of processing actions of such personal data;

           8.1.4. to object to the processing of their personal data, except where such personal data are processed for the legitimate interest pursued by the data controller or a third party to whom personal data are provided, and if the interests of the Data subject are not overriding;

           8.1.5. to require that the provided personal data be destroyed;

           8.1.6. to require restriction of personal data processing actions;

           8.1.7. to require that the personal data provided by them, if they are processed on the basis of their consent or a contract and if they are processed by automated means, be transmitted by the data controller to another data controller, if technically possible (data portability);

           8.1.8. the right to object to exclusively automated processing;

           8.1.9. the right to object to the processing of personal data for direct marketing purposes;

           8.1.10. the right to withdraw given consents for data processing;

           8.1.11. the right to submit a complaint regarding personal data processing to the State Data Protection Inspectorate.

       8.2. When contacting the Company, the Data subject must provide an identity document or a notarized copy thereof, and when contacting by electronic communications means, confirm their identity by electronic communications means that allow proper identification of the person, as provided for in legal acts.

       8.3. A request to exercise the Data subject’s rights must be legible, signed by the person, and must indicate the Data subject’s name, surname, address  and/or other contact details for communication or by which it is desired to receive a response regarding the implementation of the Data subject’s rights.

       8.4. The Data subject may exercise their rights themselves or through a representative. In the request, the person’s representative must indicate their name, surname, address and/or other contact details for communication by which the representative wishes to receive a response, as well as the name and surname of the represented person and indicate other data necessary for proper identification of the Data subject, and provide a document confirming representation or a copy thereof.

       8.5. Upon receiving a request, the Company provides a response no later than within 30 calendar days from the date of receipt of the request. If the Data subject applies without complying with the procedure established in the Privacy Policy, the Data subject is informed about deficiencies no later than within 7 calendar days from receipt of the application. The Data subject’s request is not examined if the Data subject does not correct the indicated deficiencies or does not inform the Company about the reasons why the indicated deficiencies cannot be eliminated. If there are objective circumstances due to which the Data subject cannot eliminate the indicated deficiencies, the Company, after evaluating them, may accept the Data subject’s request and examine it.

       8.6. The Company, acting as the Data controller, has the right to reasonably refuse to implement the Data subject’s rights on the grounds established in the Regulation. 

       8.7. The Company’s actions or inaction related to the implementation of the Data subject’s rights may be appealed to the State Data Protection Inspectorate, as well as to the competent court.

       8.8. Information about personal data processing is provided, the lawfulness and fairness of data processing is checked, processing actions are terminated, data are destroyed free of charge.

       8.9. Data subjects may submit a request in the following ways: by e-mail info@osix.lt
.

9. PAYMENT METHODS

    9.1. In the e-store, payments are processed using the makecommerce.lt platform, the controller of which is Maksekeskus AS (Niine 11, Tallinn 10414, Estonia, reg. no.:12268475), therefore Your personal information necessary for payment execution and confirmation will be transferred to Maksekeskus AS. 

1. FINAL PROVISIONS

       10.1. The Privacy Policy contains references to the websites of other persons, companies or organizations and the privacy provisions contained therein. The Company is not responsible for the content of such websites and privacy provisions and their compliance with legal acts, therefore before providing information about themselves, the Website visitor should familiarize themselves with the privacy provisions of the relevant website.

       10.2. The law of the Republic of Lithuania shall apply to the performance and interpretation of the provisions of the Privacy Policy. 

       10.3. If any provision of the Privacy Policy becomes or is declared invalid, the remaining provisions remain in force.

       10.4. This Privacy Policy shall not be considered an agreement between the Company and the Client regarding the processing of the Client’s Personal data. By this Privacy Policy, the Company informs You about the principles of processing Your Personal data in the Company, therefore the Company has the right to unilaterally change and/or supplement this Privacy Policy at any time. Amendments and/or supplements to the Privacy Policy enter into force from the moment they are published on the Website.

       10.5. This Privacy Policy is valid from the day it is published on the Website. The Company may change the Privacy Policy at any time. All changes to the Privacy Policy are published on the Website. Amendments and/or supplements to the Privacy Policy enter into force from the moment they are published on the Website. We recommend regularly reviewing our Privacy Policy.