Rules for treatment of Personal Data

1. Basic concepts.

1.1. The company «Komfort Europa», established in accordance with the legislation of the Republic of Lithuania, the registered office is at Moldovos Street 28a, Republic of Lithuania, company code is 304424056, its data is accumulated and stored in the Register of Legal Entities.
1.2. Data subject means an individual with personal data the Company works with.
1.3. Personal data means any information related to an individual - a data subject whose identity is known or can be directly or indirectly established using data such as a personal code, one or more signs of a physical, physiological, psychological, economic, cultural or social nature characteristic of the face.
1.4. Privacy Statements mean any action performed with Personal data: collection, recording, accumulation, storage, classification, grouping, merging, modification (addition or correction), presentation, publication, use, logical and / or arithmetic operations, search, distribution or other action or complex of actions.
1.5. Automatic method means actions, fully or partially performed by automatic means.
1.6. An Employee means a person who signed a contract or an agreement of a similar nature with the Company and, by decision of the head of the Company, has been appointed to the treatment of Personal Data, or whose personal data is being processed.

1.7. A Manager means legal or natural person who is authorized by the Company to deal with personal data. The manager (s) must be registered to the Inspectorate.
1.8. A recipient of data means a legal or natural person to whom Personal Data is transferred. The recipient (s) of the data must be registered to the Inspectorate.
1.9. An Inspectorate is the State Data Protection Inspectorate of the Republic of Lithuania.

2. General provisions
2.1. This document regulates the actions of the Company and its Employees with Personal Data using automatic tools for treatment of Personal Data that are equipped at the enterprise, and also establishes the rights of Data Subjects, risk factors for violation of requirements for the protection of Personal data, means of protecting Personal data and other issues related to treatment of Personal Data.

2.2. Personal data must be clear, proper and to the extent necessary for their collection and further treatment. If it is necessary for the purpose of privacy statements, then Personal Data is constantly updated.
2.3. Purposes of privacy statements are direct marketing and other legitimate purposes determined in advance before collecting the data.
2.4. The Company, for the purpose specified in clause 2.3 of the Rules, works with the following Personal data of Data Subjects:
(a) name;
(b) surname;
(c) email;
(d) phone number;
(e) address;

3. Treatment of Personal Data
3.1. Personal data is processed in a non-automatic way and in an automatic way by means of treatment of Personal Data equipped in the company.
3.2. Only Employees and Managers have the right to process personal data. Each Employee / Controller who is appointed to deal with Personal Data is obliged to keep Personal Data in secret and comply with the requirements of legal acts on the protection of personal data.
3.3. The Employee / Manager is obliged to: (a) keep Personal Data in secret; (b) deal with Personal Data in accordance with the laws of the Republic of Lithuania, other legal acts and these Rules; (c) not disclose, transfer or by any means create conditions for acquaintance with Personal Data to any person who is not authorized to work with Personal Data; (d) immediately inform the head of the Company about any suspicious situation that may threaten the security of Personal Data.
3.4. Employees who process data in an automatic way, or from whose computers it is possible to access the local network where Personal Data is stored, are required to use passwords. Passwords must be changed from time to time, and also in certain circumstances (for example, an employee has changed, there is a threat of hacking / penetration, there are suspicions that the password has become known to third parties, etc.). An employee working at a specific computer can only know his own password.
3.5. The employee, who is responsible for maintaining computers is obliged to ensure that files with Personal Data are not “shared” from other computers, and to update antivirus programs from time to time.
3.6. The computer maintenance worker makes copies of the data files on the computers. If these files are lost or damaged, the responsible employee must restore them no later than within a few working days.
3.7. The protection of Personal data is organized, provided and carried out by the head of the Company or an appointed employee.
3.8. The Employee loses the right to process Personal Data when the Employment Agreement or a similar agreement with the Company expires, or when the head of the Company revokes the appointment of the Employee to deal with Personal Data.
3.9. The Administrator loses the right to process Personal Data when the Agreement between the Administrator and the Company is terminated.

4. Exercise of the rights of the data subject
4.1. The data subject, by presenting an identity document, has the right to receive information about from which sources and what personal data were collected, for what purpose they are processed and to whom they are provided. The opportunity to get acquainted with the Personal Data is provided after submitting a written request to the Company to get acquainted with the Personal Data by mail, fax or e-mail.
4.2. The Company, having received a request to deal with Personal Data from the Data Subject, answers whether the Personal data associated with him is processed, and provides the Data Subject with the requested data no later than within 30 calendar days from the date of the Data Subject's request. At the request of the Data Subject, such data are provided in writing to the specified address or email.
4.3. The opportunity to correct, delete your Personal Data or suspend actions on privacy statements is provided to the Data Subject after submitting a written request to the Company by mail, fax or e-mail. or verbal request, if it is possible to identify the Data Subject. The Company, having received such a request, verifies immediately the Personal Data and, at the request of the Data Subject, corrects immediately incorrect, incomplete, inaccurate Personal Data.
4.4. The Company informs immediately the Data Subject about the correction, deletion of Personal Data, whether or not performed at his request.
4.5. The Company also ensures the exercise of all other rights, guarantees and interests of the subjects of personal data, which are guaranteed by the laws and other legal acts of the Republic of Lithuania.
 

5. Risk factors for violation of personal data protection requirements
5.1. Personal data protection violations are actions or omissions that may or may cause undesirable consequences, as well as are contrary to mandatory rules of laws governing the protection of personal data. The degree of influence of violation of requirements for the protection of personal data, damage and consequences in each specific case is established by a commission created by the head of the Company or his authorized person.
5.2. Risk factors for violation of requirements for the protection of personal data: (a) unintentional, when the protection of Personal data is violated due to random reasons (error in the processing of information, storage media, deletion of data records, setting incorrect routes (addresses) during data transmission, etc. or failure in systems due to power failure, computer virus, etc., violation of internal regulations, deficiencies in system maintenance, software testing, inadequate media supervision, inadequate line capability and protection, integration of computers into the network , due to insufficient protection of computer programs, transmission of materials by fax, etc.);
(b) deliberate, when the protection of Personal data is deliberately violated (illegal entry into premises, storage of personal data carriers, information systems, computer network of the Company / hotel, willful violation of the established rules in the processing of Personal data, deliberate spread of a computer virus, theft of Personal data, illegal use of the rights of another Employee, etc.);
(c) unexpected accidental events (lightning, fire, flood, flooding, storms, burned out electrical wiring, exposure to temperature and / or humidity changes, the influence of dirt, dust and magnetic fields, accidental technical accidents, other insurmountable and / or uncontrolled actions, etc.). NS.).
 

6. Measures to implement the protection of personal data
6.1. In order to ensure the protection of Personal Data, the Company implements or provides for the implementation of the following measures to protect Personal Data:
(a) administrative (ensuring the safe handling of documents and computer data and their archives, as well as establishing a procedure for organizing work in various areas of activity, provide the protection of Personal data for the staff when employment and termination of work or similar relationships, etc.);
(b) protection of hardware and software (administration of service stations, information systems and databases, control of workplaces, premises of the Company, protection of operating systems, protection from computer viruses, etc.);
(c) protection of communications and computer networks (public data, programs, filtering (firewalling) unwanted data packets, etc.).
6.2. Technical and software means of personal data protection must ensure: (a) installation of storage for copies of databases and operating systems, installation by copying equipment and monitoring of compliance; (b) technology of continuous data handling (data processing); (c) a strategy for recovering systems from unforeseen events (management of surprises); (d) the physical (logical) separation of the software testing environment from the running processes; (e) authorized use of data, its invulnerability.
6.3. All Employees who have the right to Privacy Statements or organize and implement their protection are obliged to comply strictly with the measures for the protection of Personal Data and the relevant rules, instructions or routine requirements established by the Company.
 

7. Time limit for Privacy Statements.
7.1. The Company deals with the client‘s personal data within 2 years from the moment of the last connection to the email store.
7.2. When Personal data are unnecessary, they are deleted, except for those that, in cases established by law, must be transferred to the state archives.
 

8. Responsibility
8.1. For employees who violate these Rules or the requirements of the Law of the Republic of Lithuania on the protection of personal data, other legal acts regulating dealing and protection of Personal data, the measures of responsibility provided for in the legislation of the Republic of Lithuania are applied.
9. Заключительные положения

9. Final provisions

9.1. Supervision over compliance with the rules and, if necessary, their revision is entrusted to the head of the Company or his authorized person.
9.2. Responsible Employees read the Rules against signature.