Privacy policy

Actual edition. Valid from May 25th 2018

RAILEN BALTICS, UAB PRIVACY POLICY

May 25th 2018 saw the entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR“). The provisions of the GDPR concern the privacy of processed data and are designed to strengthen personal data security and protection in the EU and replace the Data Protection Directive and national legislation adopted on October 24th 1995.

The GDPR enables all residents and customers in the European Union to have more control over the use of their personal data, the manner in which the data is obtained, and the manner in which the data subject is contacted. These changes also ensure better protection of personal data.

In line with Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data, with regard to the processing of personal data, to ensure compliance with and implementation of the law of the Republic of Lithuania and other legal acts governing legal protection of personal data and setting out the requirements for personal data processing, we have defined this privacy policy (the “Privacy Policy”) which contains the principal rules of protecting your (Data Subject’s) personal data when you visit our website (www.railen.lt).

We undertake to ensure effective protection of your privacy

Railen Baltics, UAB treats data protection and privacy matters very seriously and undertakes to comply with applicable legislation. Transparency in collection, processing and use of personal data provided by our customers is very important to us. We collect and process personal data that we receive directly from our customers and as a result of monitoring of the use of our services or on the basis of other data and information provided by third parties.

We use cookies and other similar technologies on our website, although never in a manner that would compromise your privacy. Our website only uses the necessary information contained in the cookies to ensure its proper functioning.

In our Privacy Policy, you can read about how your personal data is processed. Please read this Privacy Policy carefully and learn about our approach to the processing of personal data, as well as about our personal data processing practices and methods.

Data controller

Your personal data controller is Railen Baltics, UAB, legal entity code 304721890, with its registered office at Sandėlių g. 44, Vilnius, Republic of Lithuania (the “Company”).

The Company processes your personal data for the purposes described below. All personal data is processed in accordance with the laws governing personal data protection and with the use of appropriate protection measures.

What personal data are processed?

We process various categories of personal data, including:

  • Contact details – name, address, telephone number, e-mail;
  • Data on contracts and services – information about the services you purchase, contract duration and expiry date, and other information on the contract between you and us;
  • Transaction data – data on product purchases and use of services;
  • Financial and billing details – the address where invoices are sent, payment terms, bank account details;
  • Equipment data – IP number and other information collected by cookies.
What sources do we obtain personal data from?

Your personal data that we process is obtained from you when you order our services, fill in a form or send us your data. In such cases, we inform you about the personal data which are required and necessary in order to provide particular services.

What are the purposes of personal data processing?

Your personal data is only processed for clearly defined purposes, including:

  • Managing relations with costumers and trading partners;
  • For billing purposes;
  • For the purpose of concluding a service contract.
Basis of personal data processing
  • Your personal data is disclosed to other data recipients only if it is necessary for achieving appropriate data processing purposes and/or for providing services. Personal data of the Company’s employees (or candidates to work for the Company) may be disclosed, in order to execute and perform a contract, to:
    • A lawyer under a service contract;
    • A financial officer (accountant) under a contract on the provision of accounting services.

We process your personal data on the following legal basis:

  • Your consent. If your personal data is processed by us on the basis of your consent, you can withdraw your consent at any time;
  • An agreement between you and Railen Baltics and our obligation to comply with the obligations set out the agreement;
  • Applicable legislation (e.g., laws that require us to store certain data for specific periods).
  • Conclusion and implementation of contracts, where data is collected and processed for the purpose of:
    • settlements with customers;
    • effective and timely customer support;
    • enforcement of legal claims.
How long are your personal data stored?

Your personal data are stored for no longer than what is required by the purpose of personal data processing. Generally, personal data is stored as long as a relationship with a customer lasts and for three years from the termination of such relationship.

When personal data is no longer required (including after the expiry of the period of personal data storage) or the data subject withdraws its consent for the processing of personal data, personal data is erased. Copies of the Company’s documents, programs and computer files that contain personal data must be erased in a way that prevents their reproduction or recognition of their content. The erasure of personal data is carried out in accordance with the procedure and manner established by the manager of the Company.

Who processes personal data?

Personal data are processed at the Company in accordance with the laws governing privacy protection. The Company does not collect or process special categories of personal data. In this case, the Company has not authorised any other legal or natural person to process your personal data and your personal data is processed by the Company on its own.

In the event that the Company decides to transfer your personal data for processing by third parties, such transfer will be governed by an agreement that guarantees and ensures that the processing of data is carried out in a safe manner, in accordance with the law on protection of personal data and in line with best practice for personal data processing.

Does the Company transfer personal data to third countries?

The Company does not transfer your personal data to third countries.

Your personal data is not transferred outside the European Union or the European Economic Area (EEA). However, if personal data is transferred outside the EU or EEA, this shall be done in line with applicable laws. The personal data processed at the Company may be transferred to third countries only in line the laws of the Republic of Lithuania.

Failure by the data subject to comply with the obligations laid down in the agreement with the Company will entitle the Company to disclose the data subject’s personal data to a lawyer, court, bailiff and/or other public authorities for the purpose of debt management.

How does the Company protect personal data?

The Company has implemented appropriate technical and organisational measures that will ensure an appropriate level of protection of your data in line with the security of service requirements. The Company uses electronic and procedural measures to protect information from loss, theft or any unauthorised use, disclosure or modification.

Persons whose functions are directly related to the processing and use of personal data as well as employees who get to know personal data processed by the Company are obliged to read and comply with this Privacy Policy and to keep personal data secret.

The Company employees and other persons authorised by the Company are subject to the obligation of confidentiality and are required to keep secret the personal data they get to know in the course of their duties unless such information is public or the data subject gives its consent to disclose such information or when the disclosure is necessary to prevent a crime as well as in other cases stipulated by law. The Company employees must observe the principle of confidentiality and on any basis also upon termination of their contractual relationship with the Company.

How do we obtain personal information through IP addresses, cookies and similar technologies?

When you use our services or visit our website, we may collect your data using cookies, the IP address or other similar technology. Cookies are small files sent to your browser and stored on your computer, phone, or other device that connects to the website. Cookies allow a website to recognise your browser. The main purpose of cookies is to remember your options, such as the preferred language for the website. Cookies also help to recognise you when you return to the same website. They help tailor the website to your personal needs. Cookies may not be used to run programs on or spread viruses to your computer. Cookies are only for you and can only be read by the web server for the domain that has sent you a cookie.

Cookies

The Company uses cookies for the following purposes:

  • To remember your visits on the website and your preferences regarding the website;
  • To ensure proper functioning of the website and improve the browsing experience;
  • To create anonymous website visit statistics (including website traffic calculations) and for website improvement.

You may block cookies by changing your browser settings. This, however, may affect correct display of the content on our website. For more information on how to manage cookies in your browser, see the “Help” tab in the browser.

What rights do you have in connection with the processing of your personal data by the Company?

A data subject has all the rights laid down in applicable legislation and may exercise those rights in accordance with this Privacy Policy. Those rights include:

  • The right to know (to be informed) about the processing of their personal data - Data subjects provide their personal data specified in applicable laws at the time of obtaining personal data by the Company (e.g., when a contract is signed – in contracts, on the Company’s website, etc.). Information for data subjects on the processing of their personal data is provided during contact with the data subject in the same manner in which the Data Subject contacted the Company, except in cases where the data subject already has such information.
  • The right to access their personal data, obtain information on how the data are processed and other information as laid down in applicable laws - the data subject has the right to receive from the Company information about whether their personal data are processed by the Company and, if their personal data are processed, to access their personal data and obtain information about:
    • The purpose of processing of their personal data;
    • What personal data of the data subject is being processed;
    • Recipients of their personal data (who has been or will be provided with their personal data);
    • The period for which their personal data will be stored.
  • The right to have their personal data rectified – if the data subject becomes aware that their personal data are inaccurate, it may request the Company to rectify the data, and the Company shall review, correct and supplement the data.
  • The right to erasure (the right “to be forgotten”) - The Company shall immediately erase any unauthorised personal data where one of the following grounds applies:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
    • the personal data have been unlawfully processed;
    • in other cases provided for by law.
  • Right to restriction of processing, with the exception of storage – The data subject shall have the right to obtain from the Company restriction of processing where one of the following applies:
    • the accuracy of the personal data is contested by the data subject, for a period enabling the Company to verify the accuracy of the personal data;
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    • The Company no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
    • The data subject has objected to processing pending the verification whether the legitimate grounds of the Company override those of the data subject.
  • The right to data portability - The data subject has the right to transmit their personal data, which means that in certain circumstances the data may be provided to the data subject in a structured, commonly used and machine-readable format or transferred in that format directly to another controller.
  • The right to withdraw consent to the processing of personal data if the personal data is processed based on the Data Subject’s consent. If the withdrawal of the Data Subject’s consent is legally justified, the Company shall immediately terminate any processing of the Data, free of charge.
  • The right to object. If the Data Subject makes such a request, the Company shall immediately terminate the Data processing operations, free of charge, unless the Company demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • The right to lodge a complaint with the supervisory authority – you have the right to lodge a complaint with the National Data Protection Authority if you consider that our processing of personal data infringes applicable laws.
Amendments to this Privacy Policy

If you have any questions, comments or requests regarding this Privacy Policy, please contact us using the contact details provided below.

This Privacy Policy is reviewed at least once every two years. If this Privacy Policy is updated, the main changes will be posted on the Website. If you use the content and/or services after posting such notice, we will assume that you accept the terms of the updated Policy. The latest version of this Privacy Policy is always available at www.railen.lt.

Privacy Policy authorised by Company manager on May 25th 2018 by order no. RB-25.

Contact details:
Railen Baltics, UAB
e-mail: office@railen.lt
Phone: +370 5 208 04 45

This page uses cookies.Close