Privacy Policy
1. Basic concepts
1.1 Company or Personal Data Controller - Grožio ritualai, MB, a small partnership established and operating in accordance with the laws of the Republic of Lithuania, whose legal entity code is 305813605, registered office address is Papilėnų g. 3-34, 06224, Vilnius.
1.2 Customer or Data Subject - a natural person - a customer of the Company (including visitors to the website), whose personal data is collected by the Company.
1.3 Online shop - the Company's online shop at https://rossi.lt.
1.4. Services - all services provided by the Company.
1.5 Personal Data means any information relating to a natural person - the Data Subject - whose identity is known or can be identified, directly or indirectly, by reference to data such as a personal identification number, or to one or more factors specific to that person, such as his or her physical, physiological, psychological, economic, cultural or social characteristics.
1.6 Processing of personal data shall mean any operation which is performed upon personal data, such as collection, recording, accumulation, storage, classification, grouping, aggregation, modification (addition or alteration), communication, disclosure, use, logical and/or arithmetical operations, retrieval, dissemination, erasure or any other operation or set of operations.
1.7.Partner - a legal entity that provides services to the Company in connection with the Company's business, or sells goods to the Company, or conducts joint projects with the Company, including, but not limited to, marketing promotions, joint sales campaigns, loyalty programs, etc., 1.8. "Cookie" means a small piece of textual information that is automatically created when browsing a website and is stored on the visitor's computer or other device.
1.9. Direct marketing - an activity aimed at offering goods or services to persons by mail, telephone or other direct means and/or asking their opinion on the goods or services offered.
1.10. Privacy Policy - means this document, which sets out the principles and rules for the processing of Personal Data when using the services of the Online Shop.
1.11. Account means the Customer's basic login data to the Online Shop, which consists of a single email address and a Password.
1.12. Password means a unique combination of numbers, letters, or numbers and letters or other characters created by the Customer and used to access the Online Shop.
2. General provisions
2.1 The Client authorises the Company to carry out all Personal Data processing activities within the scope and for the purposes set out in this Privacy Policy.
2.2 Personal data shall be processed in accordance with the Personal Data Protection Law of the Republic of Lithuania and other legal acts regulating the processing and protection of Personal Data, as well as with the present Privacy Policy.
2.3 The Company processes Personal Data in accordance with the following principles:
2.3.1. Personal Data is collected for specified and legitimate purposes;
2.3.2. Personal Data is processed accurately, fairly and lawfully;
2.3.3. Personal data are adequate and limited to the extent necessary for their collection and further processing;
2.3.4. Personal data are kept up-to-date;
2.3.5. Personal data are kept in such a form as to permit identification of the Data Subject for no longer than is necessary for the purposes for which they were collected and processed.
2.3.6. All information about the Personal Data is confidential;
2.3.7. The Customer's Personal Data and personal information will not be used for any unlawful purposes.
2.4. The Customer, by making a purchase in the Online Shop, is deemed to have read and accepted the Privacy Policy in its current version. If the Customer disagrees with any part of the Privacy Policy or the Privacy Policy, in such case the Customer shall not place an order and shall not purchase the product in the Online Shop.
2.5. The Privacy Policy is available in the Online Shop and can be printed at any time. The Privacy Policy may be amended, supplemented or updated at the discretion of the Company. The new version of the Privacy Policy shall be published in the Online Shop.
2.6. The Customer may place an order in the Online Shop without registering, or through his/her Account by registering in the Online Shop.
2.7. During the initial registration to the Online Shop through the Account, the Customer must provide his/her e-mail address and a secure password, and must provide accurate Personal Data to the Online Shop. The Customer is responsible for their correctness.
2.8. When using the Services, as well as when making purchases in the Online Shop, the Customer must always provide the Online Shop with accurate Personal Data and is responsible for its correctness.
2.9. The Customer has the right to modify and supplement the Personal Data in the Account or to request the Online Shop to delete the Account at any time.
2.10. The Customer is obliged to not disclose the Password to third parties and to protect it, otherwise all the related liability is borne by the Customer.
3. Collection, use, correction and storage of personal data
3.1 The Company respects each Customer's right to privacy. The Customer's Personal Data (i.e. name, surname, email address, telephone number, delivery address, age/year of birth, payment details (bank account number, method of payment, etc.), purchase history, and, with the Customer's consent, age, gender, date of birth, area of residence) is collected and processed for the following purposes:
3.1.1. The following Personal Data is processed: name, surname, email address, telephone number, delivery address, age/year of birth, IP address, payment details for goods/services. The retention period of Personal Data used for e-commerce purposes is 5 (five) years from the date of the last login to the Online Shop.
3.1.2. for direct marketing purposes. The following Personal Data is processed: name, surname, telephone number, e-mail address, address, age, gender, date of birth, place of residence. The duration of storage of Personal Data used for the purpose of Direct Marketing shall be 5 (five) years from the date of the last login to the Online Shop.
3.2.The Customer may give consent to the processing of his/her Personal Data (name, surname, telephone number, e-mail address, address, age, gender, date of birth, place of residence) for the purpose of Direct Marketing. If, after giving consent to the processing of his/her data for the purpose of Direct Marketing, including the receipt of Direct Marketing Communications, the Customer subsequently ceases to consent and informs the Company thereof, the Company will no longer process his/her Personal Data for the purpose of Direct Marketing and will not send the Customer any electronic newsletters, except for information related to the Customer's order.
3.3 The Customer shall have the right at any time to withdraw its consent in clause 3.2 for the Company to process the Customer's Personal Data for the purpose of Direct Marketing by giving notice to the Company by email to info@rossi.lt and stating explicitly that it withdraws its consent to the use of the Customer's Personal Data for the purpose of Direct Marketing and that it does not wish to receive any Direct Marketing communications.
3.4 The Customer shall also have the possibility to opt-out of the exercise of his/her right to object to the processing of the Customer's Personal Data for the purpose of Direct Marketing by clicking on the relevant link contained in each email sent.
3.5 The Customer, as a Data Subject, shall have the following rights in relation to the processing of the Customer's Personal Data:
3.5.1. to receive from the Company information about the processing of the Customer's Personal Data, to have access to their Personal Data and how it is processed;
3.5.2. receive information from the Company on the sources and nature of the Client's Personal Data, the purposes for which it is processed, the recipients to whom it is provided and has been provided for at least the last 1 (one) year;
3.5.3. request the rectification or destruction of the Client's Personal Data or the suspension of the processing of his/her Personal Data, except for the retention of the Personal Data, where the Personal Data is processed in a manner not in accordance with the provisions of the Law on Legal Protection of Personal Data of the Republic of Lithuania and other laws;
3.6 In exercising his/her rights, the Customer must present his/her passport, identity card or driving licence. The Company shall provide the Data Subject with information on the processing of the Data Subject's Personal Data once a year free of charge. The Customer may exercise his/her rights under Clause 3.5 by contacting info@rossi.lt. The Company shall have the right to correct, amend, delete Personal Data or suspend the processing of Personal Data only after the identity of the Customer who made the request has been identified.3
3.7.1. When the Customer's consent has been obtained, as specified in this Privacy Policy;
3.7.2. Personal data for e-commerce purposes is provided to Partners providing services to the Company related to the Company's activities;
3.7.3.Payments in the online shop are processed using the makecommerce.lt platform, which is operated by Maksekeskus AS (Liivalaia 45, Tallinn 10145, Estonia, reg. no.: 12268475), and therefore your personal information necessary for the execution and confirmation of the payment will be transmitted to Maksekeskus AS.
3.8 The Customer is aware of his/her right to object to the processing of his/her Personal Data for the purpose of Direct Marketing, i.e. the Customer has the right to object immediately or at a later stage.
3.9 The Customer consents to the transfer of his/her Personal Data to Partners in the execution of the Customer's order placed on the Online Store, as well as in the provision of the Services to the Customer by the Company, and to the Partners of the Company, as referred to in Clause 3.7.
3.10. If the Customer does not agree to the Privacy Policy, the Customer will not be able to use the services of the Online Shop.
3.11. The Company shall implement organisational and technical measures to protect Personal Data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unauthorised processing.
3.12. The Customer agrees that in cases where it is necessary pursuant to the instructions of the competent authorities and/or the Customer's Personal Data may have been used in the course of an illegal activity, or where there are reasonable suspicions of identity theft for which a pre-trial investigation is being conducted by the competent law enforcement authorities, or where there are any other legitimate grounds or purposes, the Customer's Personal Data shall be retained on the Company's servers for a longer period of time than that set out in this Privacy Policy.
3.13. Upon receipt of an instruction or enquiry from a Data Subject in relation to the processing of Personal Data, the Company shall provide the Client with a response, either granting the request/instruction or reasoned refusal to do so, no later than 30 (thirty) calendar days from the date of the Data Subject's request. If the Data Subject so requests, the response shall be in writing.
3.14. In order for the Company to be able to offer the Customer a full range of services in the Online Shop, the Customer's computer (device) shall, with the Customer's consent, store information Cookies, which are used to identify the Customer as a previous user of the Online Shop, to collect statistics on the traffic of the Online Shop, information on the shopping cart. The Customer may at any time view which Cookies are stored and may delete some or all of the stored Cookies.
3.15. To learn more about Cookies, such as how to manage or delete them, you can visit www.allaboutcookies.org.
4. Other provisions
4.1 The Company has the right to change, amend or supplement the "Privacy Policy" in whole or in part. Amendments or changes to the Privacy Policy shall come into effect from the date of their publication.
4.2. If you have any questions, please contact the following contacts: info@rossi.lt