TERMS AND CONDITIONS
These rules of purchase and sale (hereinafter referred to as the Rules) are a legally binding document that sets out the mutual rights, obligations, and responsibilities of the Buyer (hereinafter referred to as You) and the Seller (hereinafter referred to as We) when You purchase goods in the electronic store (hereinafter referred to as e-shop).
TICKET PURCHASE POLICY
– Visitors to the website www.ausraspa.lt have the opportunity to purchase an electronic ticket (e-ticket) online. When purchasing an e-ticket, it is necessary to fill in the contact information correctly.
– An electronic ticket will be sent by the specified e-mail. This ticket must be qualitatively printed on the A4 white sheet of paper and provided to the administration of UAB “AušraSPA”.
– One electronic ticket can be used only once. The e-ticket holder must not allow other persons to copy their tickets. In case of copying the e-ticket, the person who was first to provide the ticket at the entrance control point enters the “AušraSPA” space.
– It is strictly forbidden to copy, multiply, falsify, resell the ticket to third parties. It is also forbidden to use or acquire them in any other illegal way. Individuals violating or attempting to violate these prohibitions shall be liable in accordance with the procedure provided for by the laws of the Republic of Lithuania. Individuals who illegally use tickets may be prosecuted in accordance with Articles 182, 300 and other Articles of the Criminal Code of the Republic of Lithuania. In the event of these violations, we always report to the police. A person who has an illegally purchased ticket may be deprived of the right to use the service specified in the ticket.
Moment of concluding a purchase and sale agreement:
2.1. The agreement between You and Us is considered to be concluded from the moment when You click on the “Order” button in the e-shop, after creating a shopping cart, choosing a payment method, and getting acquainted with our rules.
2.2. The agreement comes into force when We receive Your payment for the goods within 3 (three) working days and is valid until the full delivery of the goods.
2.3. Every agreement concluded between Us and You is stored in the e-shop.
2.4. An emailed and printed order is an advance invoice by which payment is made.
3.1. You have the right to purchase goods in the e-shop in accordance with these rules and e-shop procedures.
3.2. You have the right to withdraw from the purchase and sale agreement with the e-shop unless the agreement is concluded for:
3.2.1. participation in games or lotteries;
3.2.2. in other cases, when the purchase and sale agreement cannot be withdrawn in accordance with the laws of the Republic of Lithuania.
4.1. You must pay for the goods within 3 (three) working days of placing the order and accept them unless otherwise agreed.
4.2. If the data provided on Your registration form changes, You must update it immediately.
4.3. By using the e-shop, You agree to these rules of purchase and sale and must comply with them.
5.1. If the Buyer attempts to impair the operation or stable operation of the e-shop, We may, without prior warning, restrict, suspend access to the e-shop or, in exceptional cases, cancel the Buyer’s registration.
5.2. In the event of serious circumstances, We may temporarily or permanently terminate the operation of the e-shop without informing You in advance.
5.3. We may unilaterally change the terms of these rules.
6.1. To provide all conditions for You to properly use the services provided by the e-shop.
6.2. To send a coupon confirming Your order.
6.3. If in case of important circumstances We are unable to send You the ordered goods, We undertake to offer You an analogous product and if You refuse to accept an analogue of the product, to return You the paid money within 72 hours.
9.1. You are fully responsible for the accuracy of the information provided in the registration form. If You do not provide accurate data in the registration form, We are not responsible for the resulting consequences.
9.2. You are responsible for the actions taken while using the e-shop.
9.3. You are responsible for passing the identification code to third parties. If third parties use Your identification code, You are responsible for the actions taken by the third party.
10.1. We send all messages to the email address provided on Your registration form.
10.2. You send all messages and questions by the means specified in the “Contacts” section of Our e-shop.
Protection of personal data:
11.1. Any information relating to personal data is subject to the Seller’s personal data protection policy, which is regulated by the relevant legal acts of the Republic of Lithuania and which is implemented in accordance with the recommendations of the State Data Protection Inspectorate.
11.2. The Seller does not transfer (except in accordance with the procedure established by the laws of the Republic of Lithuania) personal data of the Buyer to third parties.
12.1. Dissemination of any e-shop information without the written consent of the Seller is prohibited.
12.2. These rules are subject to the laws of the Republic of Lithuania:
12.3. All disputes arising from the enforcement of these rules shall be settled by negotiation. If no agreement is reached, disagreements are resolved in accordance with the laws of the Republic of Lithuania.
INTERNAL RULES OF “AUŠRA SPA”
Visitor is a person who, in accordance with the procedure established by the Manager, has purchased a ticket, a membership, received a permit, or entered the pool and sauna area through the entrance gate in other legal ways established by the Manager. The conditions and procedures for the purchase, exchange, and return of tickets and membership shall be established by these Rules (hereinafter referred to as – the Rules).
The Rules establish the procedure for servicing the pool and sauna area visitors, mandatory safety, hygiene, and other requirements for visitors, the rights and obligations of the pool and sauna area Manager, visitors and their responsibilities, the conditions of ticket sales, and the provision of additional services.
The visitor is fully responsible for their health and access to the services provided in the pool and sauna area. The pool and sauna area administration and staff shall not be liable for the health issues, injuries, and accidents of the visitor that occur while visiting the pool and sauna area.
The following persons are not allowed in the pool and sauna area:
- those with infectious diseases;
- those with infectious skin diseases;
- persons with open wounds;
- persons under the influence of alcohol, narcotic drugs, or psychotropic substances;
- persons without an electronic visitor wristband;
- individuals with other ailments that pose or may pose a threat to their health and safety and that of other visitors;
- individuals whose behavior endangers the pool and sauna space, its safety and hygienic condition, or contradicts the rules of conduct adopted by the society.
Children under the age of 16 may visit the pool and sauna area only if they are accompanied by an adult who is responsible for their safety. An adult must be over 18 years of age and take full responsibility for the safety, health, behaviour, compliance with these Rules, storage of children’s belongings, and safe locking of storage cabinets. One adult can accompany no more than 4 children.
Disabled persons, who, due to their medical condition, require the care of another person, may only visit the pool and sauna area when accompanied by the adult responsible for their care.
VISITOR’S CHIP WRISTBAND, ITS PURPOSE, AND USE
Duration of the visit after purchasing a ticket or membership – 2 hours. The exact expiry date of the ticket or membership is indicated in the price list or in the customer programme.
In case of loss of the chip wristband, the visitor must pay the amount specified in the pool and sauna space fees.
Before leaving the pool and sauna area, the visitor must pay at the checkout. The amount to be paid by the visitor for the additional services and/or goods purchased in the pool and sauna space is then shown.
Exceeding the time limit for staying in the pool and sauna area (time not paid for when purchasing the chip wristband) is charged according to the rates in force at the time and shall be paid at the checkout.
OTHER GENERAL INFORMATION
The pool and sauna area is open on weekdays 7.00 a.m. – 10.00 p.m., on Saturdays 10.00 a.m. – 10.00 p.m., on Sundays 10.00 a.m. – 8.00 p.m.
In the pool and sauna area, persons are monitored by video cameras for their safety. Smoking is not allowed in the pool and sauna area.
The pool and sauna area is not responsible for visitors’ personal belongings left unattended in the pool and sauna area and in unlocked storage cabinets.
Visitors must make sure that a storage cabinet is securely locked.
Each visitor has the right to use only one storage cabinet.
If the visitor violates the Rules and is warned by the staff member, he must immediately leave the premises of the pool and sauna area.
Visitors who feel any health problems in the pool and sauna area must contact the rescuer-supervisor or other staff members.
POOL SPACE RULES
Pool visitors must use slippers suitable for damp premises. Longer hair must be tied with hairbands.
In the swimming pool, it is mandatory to wear a swimsuit (no longer than up to the knees).
The swimming pool is accessible only to visitors who can swim.
Visitors must wash themselves in the shower before and after visiting the pool area.
Visitors are not allowed to eat in the pool and wellness areas.
RIGHTS AND DUTIES OF THE MANAGER
The Manager has the right to:
- not to allow persons whose behaviour may disturb the order, endanger the safety of other visitors, the state of hygiene of the pool and sauna area and/or contradict the social norms of conduct;
- not to allow persons into the pool and sauna area if they do not agree to comply with these Rules;
- to take out from the pool and sauna area those visitors who violate the Rules, disregard warning signs, requirements in the signs, or do not follow the instructions of the staff. In this case, the money is not refunded to visitors;
GENERAL RULES OF CONDUCT
- In certain places requiring more care, there are warning signs that must be observed.
- Noise is prohibited in the saunas.
- Because of the high temperature, it is not allowed to touch the salt wall and sauna stoves as well as hot stones.
- It is necessary to wash themselves in the shower before and after visiting saunas.
- Dry saunas can only be entered with a towel which must be put on a wooden lounger under the whole body.
- The towel must be put on chairs and loungers under the whole body.
- Slippers must be left at the entrance to the sauna.
The following is prohibited in the swimming pool and sauna area:
- bringing glass, breakable or sharp items;
- bringing drinks or food;
- bringing animals;
- climbing steel constructions or otherwise damaging the pool and sauna area inventory;
- shouting loudly, whistling, falsely calling for help, running (the visitor may slip and get hurt), pushing;
- spitting on the floor or into the water, urinating, or defecating in other places than toilets.
- leave children under 16 unattended;
- wearing outdoor footwear, except the area to the changing room;
- using a chip wristband not assigned to the visitor;
- jumping into the water from the edge of the pool or jacuzzi in order to dive;
- for children under 3 years of age, going in the swimming pool without diapers;
- bringing to the saunas and using there personal infusions, extracts, and bath brooms;
- pouring water on the stones in the saunas by themselves;
- adjusting devices in sauna rooms;
- making photos and videos;
- pouring drinks into the pools and jacuzzi;
- being in the pool under the influence of alcohol, narcotic or psychotropic substances.
Last updated on 30.09.2020
A reference to “Your personal data” in this Policy shall mean any information from which Your identity can be established (hereinafter referred to as Personal data).
We are the data controller of the Personal data within the scope of this Policy.
We use Your Personal data in carrying out our activities and providing services to You. Our purpose is to process only the Personal data that You have voluntarily provided to us after receiving detailed information about the purposes of data processing and the data that is necessary for the performance of contracts with You, the implementation of legal requirements, and the performance of our activities.
- Collection and use of personal data
1.1 What information we collect
We process Your Personal data if You voluntarily provide it to us, e.g. Your email within the scope of a letter to us, ordering our services, filling in a form on the website, or contacting us by phone/SMS. In certain cases, we already process the Personal data You have previously provided, for example, if You are a current or former client of ours. We will process the Personal data You provide in accordance with this Policy and the legislation applicable to us. Your Personal data will not be used for purposes other than provided for at the time of the receipt of the data unless we obtain Your additional consent or such use is provided for by law. If You send us Your CV, we will use the information You provide to offer You the most suitable place of employment in our company.
1.2 Legal basis for the processing of Your Personal data
Usually, we collect Your Personal data only to the extent that is necessary for providing services to You. EU law obliges us to inform the persons whose data we process about the legal basis for processing the data. When processing Your Personal data, we rely on one of the following legal bases:
Basis for the performance of the contract. It is applied when the processing of Your data is necessary to fulfil our obligations to You under the contract, e.g. to issue You a loyalty card or make/receive payment for services.
Basis for the legislative requirement. It is applied when we are under a statutory or regulatory obligation to process Your Personal data, for instance, for tax accounting purposes, provision of data to public authorities or the police.
Legal basis for consent. In certain cases, we will only process Your Personal data if we have obtained Your prior consent. You can withdraw Your consent to process data by contacting us at any time via email firstname.lastname@example.org
Legal basis for legitimate interests. We will process Your Personal data in cases where we have a legitimate interest and such processing does not infringe the protection of Your interests and rights.
The above-mentioned legitimate interest, for instance:
- We provide our visitors with information about the Company’s services or job offers;
- We try to prevent fraud and crime, protect our assets and the IT systems we use;
- We organise and monitor the advertising solutions we use;
- We strive to ensure the fulfilment of corporate and public obligations of the Company;
- We ensure the implementation of the rights provided for in Articles 16 and 17 of the Charter of Fundamental Rights of the European Union, including the freedom to conduct a business and the right to property.
1.3 Automatic collection of Personal data
1.3.1 IP addresses
IP address is the number given to Your computer when connecting to the Internet. It allows computers and servers to recognise each other and share data. When You visit our website, Your IP address is recorded and used for system diagnostics and protection purposes. The IP address is also used to compile indicators that determine the traffic and utility of a Website.
Cookies will be normally stored on Your computer or other devices to which You connect to the Internet each time You connect to our Website. This allows us to distinguish Your device from others.
We sometimes use third-party tools and widgets to extend the functionality of our Website. Typically, these tools and widgets will store a cookie on Your computer or device to ensure the operation of additional functionality.
Cookies do not automatically tell us Your e-mail address or otherwise allow us to identify You. We use different identifiers, including IP addresses, to assess website performance but only to determine the number of unique website visitors and the geographical distribution of users and not to single out specific users.
BY BROWSING OUR WEBSITE, YOU AGREE TO KEEP THE COOKIES THAT ARE NECESSARY FOR THE WEBSITE TO OPERATE ON YOUR COMPUTER OR OTHER DEVICE.
1.3.3 Network data loggers (Web beacons)
A network data logger is a small video file on a website that can be used to collect information about a visitor’s computer, including IP address, time of visit, browser type, and cookies already recorded by the same server. When using network data loggers, we strictly follow the requirements of the legislation.
We or our service providers will use network data loggers to ensure the proper management of cookies and to determine the usefulness of the services provided to us by third parties, for instance, visitors attracted by information dissemination, advertising, or staff selection services.
You can limit the functionality of network data loggers by prohibiting the preservation of cookies necessary for their operation. In this case, the network data logger can still capture an anonymous visit from a specific IP address but cookie information will not be stored.
In some of our newsletters or other communication tools, we use network data loggers to monitor the actions of the recipients, for instance, the opening of an e-mail. The collected information is used to identify consumer interest and increase consumer satisfaction levels in the future.
1.3.4 Location identification tools
When You use our services, we may collect information about the location of Your computer or other devices. We use this information to better tailor our services to You.
1.4 Social media tools and applications
1.5 Personal data of children
We understand the significance of the proper protection of children’s personal data privacy. Our Website and services are not designed for children under 16. We will never purposefully collect or store information about children under the age of 16 unless such information is necessary to provide our services to You.
- Transfer of Personal data to third parties
We do not share Your Personal data with third parties unless this is necessary to ensure the provision of services to You, the implementation of Your requests, our legitimate interests, and business needs, or if it is required by specific legislation. For more information about the use of third parties see the link.
We do not transfer Your Personal data to any third parties that might use this data for direct marketing purposes.
- Your choices
Usually, You will not be required to provide personal information when using our services unless it is necessary for the provision of the services, e.g. to conclude a contract or maintain contact with You. Upon receipt of Your request for information about our services to You, we may ask You to provide additional Personal data. In certain cases, We may ask for Your additional consent to the processing of Personal data and You have the right to refuse to give consent to the processing of data for these purposes. If You give consent to the receipt of certain services or information notices, we will give You the opportunity to withdraw this consent at any time. In the event of withdrawal of consent, we will endeavour to stop the use of Your Personal data for the purposes specified in the consent as soon as possible.
As stated in the “Cookies” section above, if You wish to prohibit Your tracking using cookies on our Website, You may remove cookies from Your web browser and prohibit further storage of such cookies. In this case, certain functionality of our Website may not work properly.
- Your rights
If we process Your Personal data, You can exercise these rights:
Access and correction. You have the right to access Your Personal data processed by us. In order to get acquainted with Your Personal data we process, You can submit a request to us. If, after assessing Your request, we decide that we are obliged to grant You this right, we will provide the information free of charge. In order to ensure the protection of the rights of others and to respond appropriately to Your request, we may ask You to provide proof of personal identity and other information regarding Your relationship with us before providing a reply. If Your data processed by us is inaccurate, You have the right to request the correction of this data.
Right to object to data processing. You have the right to object to us processing Your Personal data if we are no longer able to use it.
Other rights. If You believe that we should not process or store Your Personal data for too long, You have the right to request for Your Personal data to be deleted or its use to be restricted. In certain cases, You also have the right to request a copy of the electronically stored information.
To exercise Your rights, You can contact us by e-mail email@example.com. Upon receipt of Your request, we will make every possible effort to assist You in exercising Your rights following applicable law and professional practice.
- Data security and integrity
When storing Your Personal data, we use organisational and technical data protection measures and procedures to protect Your Personal data against unlawful loss, misuse, alteration, or destruction. Despite all our efforts, it is not possible to take into account all possible threats and guarantee the absolute safety of personal data. To ensure maximum protection of personal data when processing Your Personal data, access to the data is restricted to our employees in accordance with the “need-to-know” principle. Data controllers are obliged to comply with strict requirements for the processing of personal data.
We make every effort to ensure that Your Personal data is processed only:
- as long as this information is necessary for the provision of services or information to;
- as long as we are required to protect this information in accordance with legislation or business necessity, or
until You ask to destroy Your Personal data. The specific limit for the storage of data depends on the circumstances in which the information was collected and the purposes for which the information was used but subject to the requirements set out in I)–III) above, personal data will not be stored for more than 2 years.
- Links to other websites
- Changes to this Policy
Upon receipt of Your request, we will confirm this request within 14 days and will endeavour to respond within one month of receipt of the request. If Your request is complicated or we have received a very large number of requests at the time, we may extend the deadline for answering the request to three months from the date of the receipt of the request.
Finally, You always have the right to file a complaint about the improper processing of Your data with the National Data Protection Inspectorate.
The highlighted link in Section 2.2 (Transfer of data to third parties) should lead to a separate page where the following text should be provided:
Transfer of data to third parties
We do not share Your Personal data with third parties unless required for the provision of services to You, for the fulfilment of Your requests, for our reasonable operational needs and/or if this is provided for by law. It includes:
Our service providers: We share Your Personal data with third parties that provide services to us, for instance, our IT maintenance providers, our website hosting providers, our accounting service providers, consultants, lawyers, and other providers of goods and services. We work with these third parties to process Your Personal data. We only transfer Your Personal data to these third parties if they comply with our strict personal data processing and security requirements. We share Your Personal data only to the extent necessary to provide the services of these third parties.
If we or any part of our business were sold, reorganised, or transferred to another company: we would transfer personal data related to the sale or reorganisation as far as it is directly related to the performance of the business being sold or transferred.
Pre-trial investigation authorities, courts, or other state authorities: we will transfer personal data requested by courts, pre-trial investigation authorities, or other empowered authorities when it is necessary for the performance of our legal duties or if there will be another legal basis for data transfer.
Audit: we will transfer personal data if it is necessary to conduct a financial, data privacy, and security audit or to investigate and respond appropriately to a complaint or security threat.
Below is a detailed list of cookies:
Cookies used in www.ausraspa.lt
This cookie is set by the “Polylang” plugin for “WordPress” managed sites. The cookie stores the language code of the last page browsed.
This cookie is used by “Google Analytics” to understand user interaction with the site.
This Cookie was installed by “Google Analytics”. The cookie is used to calculate visitors, session, campaign data, and to track website usage for the site analysis report. Cookies store information anonymously and assign a randomly generated number to identify unique visitors.
This Cookie was installed by “Google Analytics”. The cookie is used to store information about how visitors use the website and helps to generate an analytical report on how the website works. The data collected, including the number of visitors, the source where they came from, and the pages were made public on an anonymous basis.
“Google” uses this cookie to separate users.
This cookie is set by “Hubspot” and it is used to track visitors. It contains domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
This cookie is used by “HubSpot” to track site visitors. This cookie is transmitted to “Hubspot” by submitting a form and is used to deduct contacts.
This cookie is set by “Hubspot”. According to their documentation, each time “HubSpot” changes a session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when “HubSpot” manages cookies, it is considered a new session.
This cookie is set by “Hubspot”. The purpose of the cookie is to track sessions. This is used to determine if “HubSpot” should increase the __hstc cookie session number and timestamps. It contains a domain, viewCount (increases each session pageView), and a session start timestamp.
RULES OF VIDEO DATA PROCESSING
- The purpose of the video data processing rules (hereinafter referred to as the Rules) is to regulate the video surveillance performed by UAB SPA “Aušra” in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1) (hereinafter referred to as Regulation (EU) 2016/679), compliance with and implementation of the Law on the Legal Protection of Personal Data of the Republic of Lithuania, other laws and legal acts regulating the processing and protection of personal data.
- Data Manager – UAB SPA “Aušra”, code 305295212, office: Vytauto pr. 23, LT-44352 Kaunas (hereinafter referred to as the Company).
- The Company uses an external data processor to process video data.
- Terms in video processing rules:
- Employee means a person who has entered into employment or similar contract with the Company and is assigned to process personal data by the order of the Company’s Director or whose personal data is processed.
- Third party is a natural person who is not a data subject and whose identity can be directly or indirectly determined by the scope of the video data recorded in the video (person’s face, height, vehicle registration number, etc.).
- Video data recorders are servers and/or digital devices in the Company’s asset accounting for recording, storing, viewing, and copying video data.
- Video recording is video data captured by video surveillance cameras specified in these Rules and stored on servers and/or video data storage devices.
- Video surveillance means the processing of video data related to a natural person (hereinafter referred to as Video data) using video surveillance cameras specified in these Rules, regardless of whether this data is stored on a data medium.
- Video surveillance system means servers and/or video data storage devices, video surveillance cameras, and data storage mediums that store video data.
- Other terms used in these Rules shall be understood as defined in Regulation (EU) 2016/679 and legal acts of the Republic of Lithuania.
- When processing video data, the Rules of personal data processing approved by the Director of the Company shall be followed insofar as otherwise provided in these Rules.
- The Rules shall determine the purpose and scope of video surveillance performed by the Company, the term of video data storage, the conditions of access to the processed video data, the conditions and procedure of destruction of this data, and the requirements for the employee processing this data. The Rules regulate video surveillance of the Company’s indoor and outdoor area.
- The Rules are binding on all employees of the Company who are appointed to process personal data in the Company or become aware of them in the course of their duties. These rules must be followed by all members and guests of the Company’s community.
PURPOSE AND SCOPE OF VIDEO SURVEILLANCE
- The purpose of video surveillance is to ensure the safety of employees and other persons visiting the Company, the safety of these persons’ and the Company’s property, and public order.
- Video data shall be recorded by video surveillance cameras, which (and their recording areas) are specified in Annex 2 to these Rules.
- The video capture modes (continuous, time-specific, or responding to motion) of the indoor and outdoor video surveillance cameras of the Company’s building are set out in Annex 2 to these Rules.
- Video surveillance cameras shall be installed in such a way that video surveillance is not carried out in a larger area or room of the data controller than is specified in Paragraph 10 of these Rules and Annex 2 to the Rules.
- The installation and operation of video surveillance cameras in such a way as to give access to a living room, and/or a private area belonging to it or the entrance to it shall be prohibited, except as provided for by law.
- Video surveillance is prohibited in premises where the data subject reasonably expects absolute protection of privacy and where such surveillance would undermine human dignity (e.g. toilets, etc.).
RIGHTS, DUTIES AND FUNCTIONS OF THE DATA CONTROLLER
- The data controller has the following rights:
- to develop and adopt domestic legislation governing video surveillance;
- to address issues regarding the provision of video data;
- designate the person (s) or unit responsible for video data protection.
- The data controller has the following duties:
- to ensure compliance with the requirements for the processing of personal data established in Regulation (EU) 2016/679, the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Rules for the Processing of Personal Data, these Rules and other legal acts regulating the processing of personal data;
- to implement the rights of the data subject in accordance with the procedure established by Regulation (EU) 2016/679, the Rules for the Processing of Personal Data and these Rules;
- to ensure the security of personal data and to implement appropriate organisational and technical measures for the security of personal data;
- The data controller performs the following functions:
- determines the purpose and scope of video surveillance;
- organises installation works of the video surveillance system;
- establishes the procedure for granting, modifying, and deleting access rights and authorisations to process video data;
- analyses technological, methodological, and organisational problems of video data processing and makes decisions necessary to ensure proper video surveillance;
- provide methodological assistance to employees on video processing;
- performs other functions necessary for the implementation of the rights and obligations of the data controller referred to in Paragraphs 15–16 of these Rules.
PROVISION OF VIDEO DATA AND DATA RECIPIENTS
- In statutory cases and in accordance with procedures, the Company shall provide the video data it processes to law enforcement authorities and to other persons to whom the Company is obliged by law or other legal acts to provide personal data in the course of its statutory functions, as well as to the requests of the recipients under at least one of the conditions for the lawful processing of personal data referred to in Article 6 of Regulation (EU) 2016/679. The request shall specify the purpose of the use of the video data, the legal basis for the provision and receipt of the video data, and the scope of the video data requested.
- The decision on the provision of video data is made by the Director of the Company or a responsible person authorised by him.
ORGANISATIONAL AND TECHNICAL MEASURES FOR SECURITY OF PERSONAL DATA
- The following organisational and technical measures for the security of personal data are implemented to ensure the security of video data:
- the protection, management, and control of access to video data is ensured;
- access to video data may be granted only to the person who needs the video data to perform his/her functions;
- only those actions for which the user is granted rights may be performed with the video data;
- access to personal data is protected by passwords;
- protection of personal data against unauthorised access to the local area network by means of electronic communications is ensured;
- the security of the premises where the video data is stored is ensured (access of unauthorised persons to the relevant premises is restricted, etc.);
- the protection of computer equipment from malicious software (installation, updating of antivirus programmes, etc.) is ensured.
- Only an employee responsible for the maintenance of the video surveillance system and the processing of video data (hereinafter referred to as the employee processing the video data) designated by the Director of the Company or a responsible person authorised by him/her shall be entitled to process all video data. Access to their video data is open to all employees who, in the exercise of this right, are required to comply with the requirements laid down in the legislation on the protection of personal data.
- Access rights to video data shall be granted and edited in accordance with the procedure established by the data controller.
- Access rights to video data shall be terminated upon termination of the authority of the employee processing the video data, employment relationship, change of the employee’s functions for which access to video data is not required.
- The employee processing the video data must:
- comply with the basic requirements for the processing and security of personal data established in Regulation (EU) 2016/679, the Law on the Legal Protection of Personal Data of the Republic of Lithuania, the Rules for the Processing of Personal Data, these Rules, and other legal acts;
- ensure that the area captured by video surveillance cameras does not enter the living room and/or the private territory belonging to it or the entrance thereto, except in cases provided by law, and premises where the data subject reasonably expects absolute privacy protection and where such surveillance would undermine human dignity;
- comply with the organisational and technical security measures for personal data set out in these Rules in order to prevent the unintentional or unlawful destruction, loss, alteration, disclosure of video data, as well as any other unlawful processing, by storing video data on video data recording devices and/or media;
- ensure that the video surveillance system is in technical order and the technical malfunctions of this system are eliminated promptly, using all available technical resources;
- not to disclose, transmit or facilitate access to video data by any means to a person who is not authorised to process video data;
- immediately inform the Director of the Company or the responsible person authorised by him/her and the data protection officer (if a data protection officer has been appointed) of any suspicious situation that may endanger the security of video data processed by the Company;
- comply with other requirements established in the Rules of Personal Data Processing, these Rules and other legal acts regulating the protection of personal data.
- The Company’s employees must not allow unauthorised persons to enter the Company’s premises with video data recording devices and immediately inform the employee processing video data or the Company’s Director or his her authorised responsible person if they notice any malfunction of the video surveillance system.
- No copies of video data are made.
- In video recording devices, the video data captured by the video surveillance cameras is digitally recorded on the internal hard drives of these devices. These devices and their internal hard disk capacities are specified in Annex 2 to these Rules. Video cameras whose video data are not only recorded but can also be viewed in real-time, as well as video recording devices that allow searching for videos by date and time are specified in Annex 2 to these Rules. The video data shall be stored on the recording devices for a maximum period of 21 (twenty-one) calendar days and shall be destroyed after the expiration of this period as specified in Annex 2 to the Rules. The maximum term for the storage of video data of each device is specified in Annex 2 to these Rules. If the video data is used as evidence in a case or other cases prescribed by law, the video data may be stored to the extent necessary for these purposes of data processing and destroyed immediately when it is no longer needed.
PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT
- The data subject has the following rights:
- receive information on data processing;
- access data;
- request the erasure of data (“right to be forgotten”) if the video data is stored for longer than the storage period specified in these Rules;
- limit data processing;
- disagree with data processing.
- The rights of the data subject referred to in Paragraph 28 of these Rules shall be exercised in accordance with the procedure established in the Rules of Personal Data Processing of SPA “Aušra”, unless otherwise provided for in these Rules.
- Right to information on data processing:
- Persons who are not employees and whose video data can be processed through video surveillance shall be informed of the video surveillance being carried out:
- By placing information tables and/or stickers before entering the Company’s premises or the area where video surveillance is carried out. Information tables and/or stickers must be visible before entering the video surveillance area;
- By indicating at least the following information in the information tables and/or stickers: about the video surveillance carried out, the name of the Company, contact information (address, e-mail address, and/or telephone number), the purpose of the video processing, reference to the source of information with more detailed information about the performed video surveillance; the model form of the information board (sticker) is set out in Annex 1 to these Rules;
- Information on the presence of video surveillance shall be provided in all cases, regardless of the fact that some designated locations are not currently subject to video surveillance (e.g. part-time video surveillance, video surveillance at set periodicity, etc.).
- Employees shall be informed of the video surveillance carried out by signing or by any other means of proof provided by Article 13 (1) and (2) of Regulation (EU) 2016/679 and by being informed of these Rules before the video surveillance takes place either on the employee’s first working day or on the first working day following the employee’s vacation, sick period, etc., if video surveillance was started during this period.
- Right of access to data:
- At the request of the data subject to access his/her video data, the video data requested from the data subject may be provided by allowing the video to be viewed on the premises and/or by providing a copy of the video on the Company’s external data carrier or a photograph if the video data is stored.
- The exercise of the data subject’s right of access to his or her video data shall ensure the right to the private life of third parties. If at the time of data subject accessing a video it is identified that a video contains third parties or other information that may violate the privacy of third parties, those images must be retouched or otherwise removed from the possibility of identifying third parties or, if possible, the written consent of these persons to the provision of their video data to the data subject is obtained. If it is not possible to implement the measures referred to in this clause of the Rules that ensure the right to privacy of third parties, the video data shall not be provided to the data subject.
RESPONSIBILITY OF EMPLOYEES
- Employees are acquainted with these Rules by signing and thus undertake to comply with them and other legal acts establishing the requirements for the processing of personal data.
- Employees are subject to statutory liability for violating the provisions of the Rules.
- The Rules are published on the Company’s website.
- The supervision of compliance with the provisions of the Rules and periodic review of the Rules at least once every 2 years is the responsibility of the Director of the Company or his/her authorised person, who, after assessing the practice of applying the Rules in case of need and/or changes in the legislation governing the processing of personal data, shall initiate an update of the Rules.
- Once the Rules have been approved, all employees are acquainted with them by signing. A new employee must be introduced to the Rules on the first working day. The person appointed by the Director of the Company shall be responsible for introducing new staff to the Rules.
- Companies carry out employee training in accordance with the established procedure and, if possible, create conditions for raising the qualification of employees in the field of the legal protection of personal data.
Annex 1 to the Rules for Processing Video Data of UAB SPA “Aušra”
VIDEO SURVEILLANCE IS CARRIED OUT TO ENSURE THE SECURITY OF PERSONS AND SAFETY
UAB SPA “Aušra”, Vytauto ave. 23, Kaunas
More detailed information:
www.ausraspa.lt, by phone +370 687 83344 or by e-mail: firstname.lastname@example.org