Policy for Processing of Personal Data for Direct Marketing Purposes 07 June 2018
Objective of the Policy for Processing of Personal Data for Direct Marketing Purposes
This Policy for Processing of Personal Data for Direct Marketing Purposes (hereinafter – the Policy) establishes a procedure of “KLAIPEDA FREE ECONOMIC ZONE MANAGEMENT COMPANY” JSC (hereinafter – the Company) for processing of personal data for direct marketing purposes.
The Company shall process personal data for direct marketing purposes in accordance with the procedure established herein and ensure the security of such data.
Purpose of Data Processing
The purpose of processing of personal data of the data subject (hereinafter – the Purpose) is direct marketing. For this purpose, the Company collects, analyses, stores, or otherwise processes personal data of data subjects in written and electronic form.
Basis for Data Processing
The legal basis for processing personal data of the data subject for the above purpose is the consent of the data subject. The data subject shall give the consent by signing the Consent to process personal data for direct marketing purposes. The consent is not obligatory.
Details of the Data Controller
“KLAIPEDA FREE ECONOMIC ZONE MANAGEMENT COMPANY” JSC Legal entity code: 110707092
Office address: Pramonės st. 8, LT-94102 Klaipėda
VAT payer code: LT107070917
Mobile phone: +37069808144 Email: firstname.lastname@example.org
Personal data of the data subject shall be available to all employees of the Company. The Company is a sole controller of the data subject’s personal data under the Policy.
Personal data of the data subject, that are processed by the Company for the Purpose specified herein, i.e., full name, e-mail address, telephone number, are obtained directly from the data subject or from other sources.
Scope of Personal Data Processing
The Company shall process personal data of the data subject to the extent necessary to achieve the Purpose.
Data Processing Period
The Company shall process personal data of the data subject until the expiration of 1 year period from the date of receiving the data subject’s consent, but not longer than is necessary to achieve the above purpose. The data subject shall have the right at any time, before the expiration of the data processing period, to request his/her personal data to be erased by submitting an appropriate application following the procedure provided for in Section 9 hereof.
The Company shall protect the data subject’s personal data and ensure confidentiality, integrity, and limited accessibility thereof. Confidentiality means that such data of data subjects shall not be disclosed to parties who are not entitled to access this data. The Company shall ensure the confidentiality of the data subject’s personal data and shall not disclose them to any third parties, except for the data controllers resorted to by the Company as specified in Section 4 hereof. Integrity means that the data subject’s personal data shall be accurate, relevant, and applicable for the purpose which they are processed for. Limited accessibility means that only authorised persons (users) shall have access to and process the data subject’s personal data for legitimate and defined purposes.
The Company shall take any necessary technical and organisational measures to protect the data subject’s personal data against unauthorised processing and/or loss. The Company employs the appropriate hardware and software and applies the essential security measures (including physical and electronic access control).
Rights of the Data Subject
The data subject shall have the right to apply for:- Information and access to his/her personal data controlled by the Company;
– Rectification of personal data of the data subject;
– Erasure of personal data of the data subject;
– Restriction of processing of personal data of the data subject;
– Receiving of personal data of the data subject in a structured, machine-readable format (right to data portability).
The data subject may withdraw his/her consent to process personal data for direct marketing purposes by submitting an application to the Company by e-mail email@example.com or by clicking the “Cancel” link upon receipt of a newsletter/information;
The application submitted by the data subject shall include:
– Details of the data subject enabling the Company to identify the data subject;
– Actions requested;
– Personal data with regard to which the action is requested.
The Company shall examine applications within 15 (fifteen) calendar days following the receipt thereof, apart from further inquiries regarding the application received, and inform the data subject about any actions taken in response to the application received. The data subject shall be informed in the format in which the application was made.
Should the data subject believe that his/her rights related to the processing of his/her personal data by the Company have been violated, he/she shall have the right to apply to the supervisory authority:
The State Data Protection Inspectorate
Legal entity code 188607912
A. Juozapavičiaus st. 6, 09310 Vilnius Tel. (8 5) 271 2804, 279 1445
Fax (8 5) 261 9494
The Policy shall apply to all data subjects whose personal data is processed for the Purpose specified herein. The policy is reviewed regularly, but not less than once a year, and, if necessary, adjusted accordingly.
The Policy shall be valid as long as it is not amended or cancelled by the Company