Privacy policy

GENERAL INFORMATION

Your personal data provided with the order is stored securely and is never shared with third parties, except when necessary to fulfill the order or when required by the laws of the Republic of Lithuania.

I. KEY TERMS

  1. Company – UAB "Riptona", a company established under the laws of the Republic of Lithuania, with its registered office at Europos pr. 122, LT-46351 Kaunas, Republic of Lithuania, company code 306700418. The company's data is collected and stored in the Register of Legal Entities. Company website: www.riptona.lt.
  2. Data subject – a natural or legal person (buyer) whose data is processed by the Company.
  3. Personal data – means information relating to a natural person – the Data Subject, which is listed in section 2.4 of these rules.
  4. Processing of personal data – means any operation or set of operations performed on personal data, such as collection, recording, storage, classification, grouping, combination, modification (addition or correction), provision, use, destruction, or any other action or set of actions.
  5. Automated data processing – data processing actions carried out fully or partially by automated means.
  6. Employee – means a person who has entered into an employment or similar contract with the Company and is appointed by the Company’s management to process personal data.
  7. Data processor – means a legal or natural person authorized by the Company to process personal data.
  8. Data controller – a legal or natural person who alone or jointly with others determines the purposes and means of processing personal data.
  9. Data recipient – means a legal or natural person to whom personal data is provided.
  10. Inspectorate – the State Data Protection Inspectorate of the Republic of Lithuania.
  11. Other terms used in these personal data processing rules correspond to the terms defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania.

II. GENERAL PROVISIONS

  1. This document regulates the actions of the Company and its Employees regarding the processing of Personal Data using automated personal data processing tools installed within the Company. It also establishes the rights of Data Subjects, factors of risk for personal data protection breaches, measures for implementing personal data protection, and other issues related to personal data processing.
  2. Personal data must be accurate, appropriate, and limited to the extent necessary for their collection and further processing.
  3. The purposes of personal data processing are the necessary means for purchasing and delivering goods and other lawful purposes defined in advance before collecting the data.
  4.  The Company processes the following personal data of Data Subjects for the purposes specified in section 2.3 of these rules:
    1. first and last name;
    2. phone number;
    3. email address;
    4. IP address;
  5. By providing their personal data to the Company, the Data Subject confirms and voluntarily consents that the Company will manage and process the Data Subject’s personal data in compliance with these Rules, applicable laws, and other legal acts.
  6. The processing of Personal Data is carried out in accordance with the Law on the Legal Protection of Personal Data of the Republic of Lithuania, Regulation (EU) 2016/679, other applicable laws and legal acts regulating data processing and protection, as well as these Rules. On the website... www.riptona.lt naudojami slapukai: Google Analytics, interneto svetainės statistikai naudojamas standartinis Google Analytics įrankis.

III. PROCESSING OF PERSONAL DATA

  1. Personal data is processed automatically using personal data processing tools installed and/or rented by the Company.
  2. Only Employees and Processors have the right to process personal data. Each Employee and/or Processor appointed to process personal data must keep the personal data confidential and comply with personal data protection laws and regulations. The Employee / Processor must:
    1. keep personal data confidential;
    2. process personal data in accordance with the laws of the Republic of Lithuania, other legal acts, and these Rules;
    3. not disclose, transfer, or allow access to personal data to any person who is not authorized to process personal data by any means;
    4. immediately report to the Company’s manager or a designated person any suspicious situation that may threaten the security of personal data.
  3. Employees who process personal data automatically or whose computers provide access to local network areas where personal data is stored must use passwords. Passwords must be changed at least every 30 days and also under certain circumstances (e.g., when an employee leaves, there is a hacking threat, suspicion that the password has become known to third parties, etc.). An employee working on a specific computer may only know their own password.
  4. The protection of personal data is organized, ensured, and implemented by the Company’s manager or a designated Employee.
  5. An Employee loses the right to process personal data when their employment or similar contract with the Company ends, or when the Company manager revokes the Employee’s appointment to process personal data.
  6. A Processor loses the right to process personal data when the Processor’s contract with the Company is terminated.

IV. RIGHTS OF DATA SUBJECTS AND THEIR IMPLEMENTATION

  1. The Data Subject, when providing the Company with an identity document, has the right to receive information about the sources and types of their Personal Data collected, the purposes for which the data is processed, and to whom it is disclosed. Access to Personal Data is granted upon submission of a written request to the Company by mail or email.
  2. The Data Subject has the right to data portability. This right allows data subjects to receive the personal data they have provided to the data controller in a structured, commonly used, and machine-readable format, and to transmit those data to another data controller without hindrance. Data portability is the right of the data subject to obtain a subset of personal data processed by the data controller related to the data subject and to store these data for further personal use.
  3. Upon receiving an inquiry from the Data Subject about the processing of their Personal Data, the Company responds whether such Personal Data are being processed and provides the requested data to the Data Subject no later than within 30 calendar days from the date of the Data Subject’s request. At the Data Subject’s request, the data is provided in writing to the specified address or email.
  4. The Data Subject has the opportunity to rectify, erase their Personal Data, or restrict the processing of their Personal Data by submitting a written request to the Company by mail, fax, or email, or an oral request if the Data Subject can be identified. Upon receiving such a request, the Company promptly verifies the Personal Data and immediately corrects any inaccurate, incomplete, or incorrect Personal Data at the Data Subject’s request.
  5. The Company promptly notifies the Data Subject about the Personal Data correction or deletion performed or not performed at their request.
  6. The Data Subject may complain about the Company’s actions (or inaction) to the State Data Protection Inspectorate within 3 months from the day of receiving the response from the Company or within 3 months from the day when the 30-day period for responding expired. The Data Subject may challenge the actions (or inaction) of the State Data Protection Inspectorate in court in accordance with the procedures established by law.
  7. The Company ensures all other rights, guarantees, and interests of data subjects as provided by the laws and other legal acts of the Republic of Lithuania.

V. TRANSFER OF PERSONAL DATA

  1. Personal Data may only be provided to those Data Recipients with whom the Company has signed appropriate agreements regarding the transfer/provision of Personal Data, and the Data Recipient ensures adequate protection of the transferred Personal Data. Personal Data may also be transferred to third parties in other cases and procedures stipulated by the laws and other legal acts of the Republic of Lithuania.
  2. Personal Data may only be transferred to:
    1. Telia Lietuva, AB, from which the Company purchases internet services.
  3. The Company does not collect special personal information, such as data about age, health, racial origin, religious beliefs, or political opinions, unless required or permitted by law.

VI. FACTORS OF PERSONAL DATA SECURITY BREACH RISK

  1. Personal Data Protection Breach — means actions or omissions that may cause or cause undesirable consequences and contradict the mandatory provisions of laws regulating personal data protection. The degree of impact, damage, and consequences of a personal data protection breach shall be determined in each specific case by a commission established by the Company’s manager or an authorized person.
  2. Risk factors of personal data protection breaches:
    1. Accidental, when personal data protection is violated due to incidental reasons (data processing errors, deletion or destruction of information carriers or data records, incorrect routing (address) during data transfer, system failures due to power outages, computer viruses, internal rules violations, lack of system maintenance, software testing, improper care of data carriers, inadequate line capacity and protection, network integration of computers, insufficient protection of computer programs, improper fax material handling, etc.);
    2. Intentional, when personal data protection is violated deliberately (unauthorized intrusion into the Company’s premises, data carrier storages, information systems, computer networks, malicious violation of established rules for processing personal data, deliberate spreading of computer viruses, theft of personal data, unauthorized use of another Employee’s rights, etc.);
    3. Unexpected accidental events (lightning, fire, flood, overflow, storms, electrical installation fire, effects of temperature and/or humidity changes, influence of dirt, dust, and magnetic fields, accidental technical failures, other irresistible and/or uncontrollable factors, etc.).

VII. MEASURES FOR IMPLEMENTING PERSONAL DATA PROTECTION

  1. In order to ensure the protection of personal data, the Company implements or plans to implement the following personal data protection measures:
    1. Administrative measures (establishing procedures for secure handling of documents, computer data, and their archives, as well as organizing work processes in various operational areas, familiarizing personnel with personal data protection upon hiring and at the termination of employment or similar relationships, etc.);
    2. Technical and software protection measures (administration of workstations, information systems, and databases, maintenance of workplaces and Company premises, protection of operating systems, protection against computer viruses, etc.);
    3. Communication and computer network protection measures (filtering of shared data, programs, unwanted data packets (firewalls), etc.).
  2. The technical and software measures for personal data protection must ensure:
    1. Establishment of storage facilities for backups of operating systems and databases, configuration and monitoring of copying equipment compliance;
    2. Technology for uninterrupted data processing;
    3. Strategy for system operation recovery in unforeseen circumstances (incident management);
    4. Physical (logical) separation of program testing environments from production processes;
    5. Authorized data usage and their integrity.
  3.  All Employees who have the right to process personal data or organize and implement their protection must strictly comply with the personal data protection measures established in the Company and with the requirements of the relevant rules, instructions, or procedures.

VIII. DURATION OF PERSONAL DATA PROCESSING

  1. The Company begins processing Personal Data from the moment the Data Subject (buyer) registers in the Company’s online store and continues processing until the completion of the Data Subject’s purchase transaction.
  2. When the Personal Data is no longer necessary for the purposes of processing, it is destroyed, except for those data that, under legal provisions, must be transferred to state archives.

IX. LIABILITY

  1. Employees who violate the Law on Legal Protection of Personal Data of the Republic of Lithuania, other legal acts regulating the processing and protection of Personal Data, or these Rules, shall be subject to the liability measures stipulated by the laws of the Republic of Lithuania.

X. FINAL PROVISIONS

  1. Supervision of compliance with the Rules and, if necessary, their review is entrusted to the Head of the Company or a person authorized by him.
  2. Responsible Employees are acquainted with the Rules against their signature.
Updated on 2025-06-06
Menu
Menu

Riptona, UAB
Europos pr. 122, LT-46351, Kaunas
info@riptona.lt
+370 659 45650

Engineering construction consulting and solutions © 2025 Riptona

Scroll to Top