Unless otherwise specified in this Policy, the concepts used in the Policy shall be treated as they are described in General Data Protection Regulation No 2016/679 (the “GDPR”).
1. DATA CONTROLLER’S DETAILS
EUROAPOTHECA, UAB (the “Euroapotheca”, “Company” or “we”) is the data controller of your personal data and responsible for this Website.
Legal entity code: 300854822
Address: Ozo str. 25, Vilnius, Republic of Lithuania
Phone: +370 5 204 2122
E-mail address: [email protected]
We have appointed the DPO who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, please contact our DPO at [email protected].
This Policy applies to all users of our Website anywhere in the world. Unless covered by a separate privacy notice, this notice also applies to:
- Employees/representatives of companies/business partners (i.e., contact persons) and natural persons – suppliers of goods and services who are entering/willing to enter into a contract with us;
- Social media platforms users: people who chose to follow us on social media, comment/react to our posts or interact with us in another form via our social media accounts;
- Shareholders, beneficiaries, management body members;
- Persons requesting information on our services or otherwise contacting us.
3. LEGAL GROUNDS OF PERSONAL DATA PROCESSING
Euroapotheca will process your personal data for (i) the conclusion and execution of a contract with you (Article 6(1)(b) of the GDPR) and/or (ii) with your consent (Article 6(1)(a) of the GDPR) and/or (iii) when we have to comply with a legal obligation (Article 6(1)(c) of the GDPR) and/or (iv) where we (or EUROAPOTHECA group of companies) have a legitimate interest to do so (Article 6(1)(f) of the GDPR), balancing this interest against your interests and fundamental rights. Such legitimate interests may be protection of confidential information, effective communication, verification of information in public registers, etc.
4. PERSONAL DATA PROCESSING PURPOSES
4.1. TO MANAGE REQUESTS AND/OR COMPLAINTS
For the purpose of handling your queries and/or complaints submitted by e-mail, post, social accounts or phone, we may collect the following personal data: name, surname, profile name, e-mail address, phone number, subject matter and text of your query.
The above-mentioned personal data will be processed on the basis of your consent (expressed by your active steps – submitting a request/complaint) and our legitimate interests (to protect/defend our rights and interests).
Euroapotheca will store the personal data related to your request/complaint for 2 years following the receipt of your query/complaint.
4.2. CONCLUSION AND EXECUTION OF CONTRACTS WITH NATURAL PERSONS
We process personal data when you as a natural person enter (or want to enter) into the agreement with us regarding the delivery of goods and/or provision of services (legal basis – conclusion and execution of the agreement). We may use the following personal data to fulfill our agreement with you: name, surname, telephone number, address of the place of residence, e-mail address, date of birth, individual activity certificate number, VAT identification number or tax reference number, bank name and account, payment details.
We may also have a legal obligation to process such data to comply with various regulations, such as payment of taxes (legal basis – legal obligation). Additionally, the processing is necessary for conducting negotiations relating to any future engagement between the parties. We may also process personal data when it is needed in protection of our rights, such as dealing with legal disputes, including incidents that occur during the provision of goods/services (in this case we rely on our legitimate interest to protect/defend our rights and interests).
In general, your personal data is processed for the duration necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, if you are engaged as a supplier/vendor to provide a certain service, we may retain your data for the duration of your service agreement and store it for an additional period, in accordance with our general retention policy (e.g., we keep the concluded contracts for 15 years from their expiration, and payment details shall be stored 10 years after the transaction). Additional periods may be necessary to enable us to protect the rights conferred to us by the law for the period fiscal statute of limitation. However, we do not undertake to keep these data for the entire period mentioned above and we may delete or anonymize your personal data earlier if we do not have a legal obligation to keep it.
Please note that if you fail to provide personal data when requested, which is necessary for us (e.g., bank account), we may not be able to enter into the agreement with you.
4.3. CONCLUSION AND EXECUTION OF CONTRACTS, EFFECTIVE COMMUNICATION AND CREATION OF BUSINESS RELATIONS
When concluding contracts with legal entities, we process the data of the signatories (e.g. name, surname, e-mail, position, basis of action) and data of the employees of the legal entity responsible for the contract (e.g., name, surname, position, employer, e-mail, phone No.). This data is collected in order to conclude contracts with legal entities and to communicate effectively with each other. When processing the above-mentioned data, we rely on the legal obligation (on the collection of data of the signatories to the contract) and our legitimate interests to communicate effectively with each other (regarding the processing of data of the persons responsible for the contract).
The provision of personal data of the signatories to the contract is mandatory, otherwise it will not be possible to conclude an agreement with a legal entity. The provision of contacts of the employees responsible for the contract is not necessary, but in this case, cooperation between the parties will be significantly complicated. Personal data recorded in the contract will be stored for 15 years after the end of the contract.
4.4. TO MANAGE AND ADMINISTER OUR SOCIAL NETWORKS
For the purpose of managing and administering our social networks (e.g., “LinkedIn” and “YouTube” accounts), we may collect the following personal data you provided voluntarily: your name, surname, social network profile name, position and employer, pictures, and/or public comments.
Euroapotheca processes the above-mentioned personal data on the basis of your consent (expressed by your active steps, e.g., when you chose to write a comment, react to our posts or follow our accounts) and our legitimate interests (to protect/defend our rights and interests).
Please keep in mind that comments published on our social media platforms are public. If you want to communicate with us in private or have a question you need us to answer, do not post to our social networks. Instead, please contact us at any time by e-mail at [email protected].
In addition, please note, that we reserve the discretion to delete or not allow comments that contain:
- Abusive, vulgar, offensive, threatening or harassing language, personal attacks of any kind, unsupported accusations, defamatory language or offensive terms that target specific individuals or groups;
- Suggestions or encouragement of illegal activity;
- Promotion or endorsement of commercial services, products, or entities.
If material provided by a user contains violations of the Policy, we will remove the comment in its entirety. Also, we reserve the right to ban from our social media platforms users who repeatedly violate our Policy.
Euroapotheca will store the personal data related to our social network until such social network account is actively used by us, unless you decide to delete (or ask us to delete) your personal data earlier on. Also remember that the processing of personal data on social networks is subject to the privacy policies of those social networks.
4.5. TO PERFORM OUR DUTIES TO SHAREHOLDERS, BENEFICIARIES, MANAGEMENT BODY MEMBERS
In its activities Euroapotheca shall collect, use, retain, share, or otherwise process its shareholders’, beneficiaries’, management body members’ personal data. Such personal data may include: name, title, address, phone number, e-mail address, date of birth, identification documentation such as passport information or national insurance number, shareholder records (including shares held, share purchases, share disposals, dividend entitlements and payments, votes, proxy appointments) and copies of enquiries, complaints and other correspondence.
We may process the above-mentioned data: for the purpose of internal administration, in order to fulfil our legal obligations (e.g., the requirement to provide the data of the board and its members in the annual report, we rely on legal obligation), to communicate with you (e.g., to notify you of meetings, financial results). We may also process your personal data to further our legitimate interest in managing our relations to shareholders, beneficiaries and/or management body members.
The above-mentioned personal data shall be stored, for as long as it is required to achieve the objectives for which they are processed and in compliance with the requirements for the storage of data of such type stipulated by legal acts, limitation periods applicable for establishing or defending legal claims and, if such claims are established, for as long as it is required for such purposes, or Euroapotheca is deemed to have a legitimate interest in storage, for example, due to liability risks arising from applicable laws. Some data may be stored until the deregistration of the Company.
4.6. TO COMPLY WITH KNOW YOUR CUSTOMER (KYC) REGULATIONS
For the purpose of KYC checks (when needed and in the amount needed) Euroapotheca collects and transfer to institutions executing KYC the following personal data: name, surname, organization, job title or role, office address, e-mail address, phone number, main activity, copy of the ID document including date of birth, personal identification code, photograph, passport/ID number, nationality and country of residence, countries in which the potential client or represented company maintains or intends to maintain business relationships, business activities’ links to special areas, status of a politically exposed person (if exists), political affiliation, payment arrangements and source of funds/income, directorships, shareholdings, bankruptcy, place of birth, place of residence, taxpayer code, certificates of conviction.
The personal data processed for the purpose of KYC checks will be processed on the bases of Euroapotheca legal obligation. Such personal data will be stored for 10 years from the date of our last interaction with that client and in compliance with our obligations under the relevant laws.
4.7. PROTECTION OF CONFIDENTIAL INFORMATION AND RISK MANAGEMENT
Based on the Company’s legitimate interest in protecting its confidential information, managing possible risks and in case of a reasonable suspicion of illegal activity, the employee’s electronic communication can be checked, so if you sent or received letters from our employee, the content of the communication can be viewed not only by the addressee, but also by other employees of the Company.
The collected information is stored for 3 months or while the investigation / legal proceedings are ongoing until their completion.
4.8. ADMINISTRATION OF THE ESSENTIAL DOCUMENTS OF THE COMPANY’S ACTIVITIES
In accordance with the duties established by law, we administer the essential documents of the Company’s activities, which may contain the data of the board members, personal data of the board and / or persons appointed / recalled by the shareholder, authorized or performing the order, data of the shareholder’s representative, data of the persons signing the documents.
These documents have particular importance to the Company and are stored until the Company is deregistered.
4.9. ADMINISTRATION OF INTERNAL DOCUMENTS OF THE COMPANY
In carrying out its activities and having a legitimate interest in processing the documentation generated during the business, the Company administers various internal documents, which may contain various personal data, which are not only those of our employees. Incoming, outgoing letters, partner’s powers of attorney to employees or other documents arising in the Company’s activities contain the personal data of the letter preparers / recipients (for example, name, surname, e-mail address, signature, position, scope of powers of attorney, date of birth, basis of representation, etc.).
When administering such internal documents, the Company shall keep it for 15 years from the end of the term of the contract, and if the expiration date is not specified, then for 15 years from the date of conclusion of the document.
4.10. VERIFICATION OF DATA ON LEGAL ENTITIES
In the course of its activities, the Company has a legitimate interest in checking information in a public register about legal entities of its current or future partners. When receiving information about a specific legal entity, the Company also begins to process personal data of natural persons (managers, the board or the supervisory board).
Such personal data shall be processed for no longer than is necessary to achieve the purpose. If such data was collected in order to conclude a contract, then in this case the data can be stored for 15 years from the end of the contract.
4.11. PERFORMANCE OF THE FUNCTIONS PROVIDED FOR IN THE COMPANY’S ARTICLES OF ASSOCIATION
In the performance of the functions provided for in the Articles of Association of the Company, the need may arise to obtain certain data from the Real Estate Register. In certain cases, there may be cases where the data received also contain data of natural persons. Such personal data shall be processed for no longer than is necessary to achieve the purpose. If such data was collected in order to conclude a contract, then in this case the data can be stored for 15 years from the end of the contract.
4.12. TO ENSURE THE FUNCTIONALITY AND SECURITY OF THE WEBSITE
When you visit our Website, we may collect certain user information automatically from your device. For the purpose to ensure the functionality of the Website and to collect statistical information. Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information only for our business purposes, including internal analytics purposes and to improve the quality and relevance of our Website to our visitors.
Specifically, the user information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g., country or city-level location) and other technical information. We may also collect user information about how your device has interacted with our Website, including the pages accessed and links clicked.
Some of this information may be collected using cookies and similar tracking technology, as explained further below.
Cookies are not required for many parts of our services, hence you can accept/reject, manage and/or delete cookies according to your preferences. However, some of our Website services may not function properly if you disable cookies (e.g., remembering your language preferences).
In any case, the processing of personal data with the help of cookies is based on your explicit choice (consent) using the Website’s cookie banner. You can change your cookie consents at any time by clicking on the cookie icon at the bottom left of the Website.
More detailed information about the information collected by cookies, the duration of storage and the purpose of the cookie can be found in the cookie tool by clicking on the “Cookie Settings” button.
If you need more information about cookies, visit aboutcookies.org (you will find detailed, independent information on how to disable cookies through your browser preferences and how to remove cookies that are already on your computer). In order to remove cookies from your mobile phone, you should find this information in the user guide for your phone.
We receive information when you view content on or otherwise interact with our services, which we refer to as “Log Data”. This Log Data includes information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), search terms (including those not submitted as queries), and cookie information. We also receive Log Data when you click on, view, or interact with links on our services.
The above-mentioned information is always provided by your browser and automatically logged by most websites. Log Data is stored in a secure location and used only for our business purpose of internal analysis of traffic patterns within our Website and its security.
5. DATA SHARING AND TRANSFERS
Any information that you provide, including any data collected by using cookies, may be shared with third parties (data processors) which provide us with services, help us to administer our Website and protect its data and act on our behalf (suppliers of database software, providers of database administration services, providers of cloud services, etc.). We ensure that the processing of personal data by such third parties will be based on legal ground and will be performed in accordance with our lawful instructions and in compliance with the GDPR requirements.
Euroapotheca may share personal data with the following categories of third parties (data processors, data recipients or separate data controllers) as necessary:
- Within the family of companies controlled by EUROAPOTHECA for internal reasons, primarily for business and operational purposes;
- If we go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal data will likely be among the assets transferred;
- When legally required to do so (e.g., to report on the change of members of management bodies to the Register of Legal Entities, as well as to cooperate with law enforcement investigations or other legal proceedings);
- With our service providers who provide information technology and system administration services, translation, marketing, accounting, legal, audit, postal or courier, event management and coordination or other services.
Euroapotheca will not transfer your personal data to third countries (countries outside the European Economic Area (the “EEA”), unless this is assessed as necessary. Euroapotheca informs that personal information collected with the help of cookies providers can be transferred to a non-EEA country (e.g., US, when Google Analytics are used). However, it will be ensured that such transfers are in compliance with relevant data protection laws, including, if applicable, EU Standard Contractual Clauses, or a European Commission positive adequacy decision.
In other words, your rights and protections remain with your data and we make every effort to ensure that the recipients of your personal data protect it.
6. LINKED WEBSITES
For your convenience, the Website may include links to the websites that are owned, published and maintained by third parties (the “linked sites”). It could as an example be social media platforms/services. If you click on the linked sites, that website operator might figure out that you came from our Website. Such operators may also collect other personal data from you, such as cookie identifiers or your IP address.
In addition, we are not responsible for the accuracy or reliability of any such third-party websites, and this Policy does not apply to, the privacy practices of any linked sites or of any companies that we do not own or control.
7. YOUR RIGHTS
With respect to your personal data you have the following rights:
- Access the information we process about you;
- the right to rectification of incorrect, inaccurate or incomplete data
- to request the erasure or restriction of the processing of personal data
- To object to processing activities;
- If the processing of your personal data is based on your consent, you are entitled to revoke such consent at any time (revocation of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent);
- To receive your personal data provided to us in a structured, commonly used and machine-readable format and have the right to transmit that personal data to another controller.
To exercise these rights, you should make a written request at [email protected]. We will identify and do our very best to deal with the issue within 30 days. If the issue is difficult or requires a lot of work it may take longer, but we will keep you updated. In order to ensure data protection and properly exercise your rights, Euroapotheca has the right to ask you to provide proof of your identity.
Also, you have the right to complain if you do not feel that we are living up to our responsibilities when it comes to your data. We have appointed the data protection officer (the “DPO”), who takes your complaint very seriously. You can contact our DPO on this e-mail [email protected]. However, you always have the right to complain to the authorities as well, but because we take privacy matters very seriously, we would really appreciate it, if you would talk to us first. The authority having the right to look at us, is the Lithuanian State Data Protection Inspectorate, address L. Sapiegos str. 17, 10312 Vilnius, Lithuania, e-mail [email protected], website https://vdai.lrv.lt/.
Please note that some of the rights listed above may be limited where our legitimate interests or legal obligations override your interests and rights (particularly, in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations).
8. GOVERNING LAW AND JURISDICTION
This Policy is applied and interpreted in accordance with the laws of the Republic of Lithuania. All disputes arising from the Policy are settled in the courts of the Republic of Lithuania.
9. CHANGES TO THE POLICY
We are constantly working to improve our Website, so we may need to change, modify, add or remove any part, content and/or this Policy of the Website, in whole or in part, based on any new features or regulations. We will notify you of material changes by providing notice on our Website when we are required to do so under applicable law. All changes to this Policy take effect from the date of their publication – you can see when this Policy was last updated by checking the date at the bottom of this page. You undertake to periodically review this Policy to learn about any changes.
Last update: 25th May 2023