Privacy policy

JSC “AUTOCOM LT“ PRIVACY POLICY

 

This Privacy Policy applies to the processing of personal data by JSC “ AUTOCOM LT“ (the Company), the registered address: Savanorių avenue 129, LT-03150 Vilnius, Lithuania, Tel. +370 (5) 2409546, E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., the company is renting vehicles for short-term and long-term rental, providing other services, and serving clients by telephone, e-mail, social networks and/or the website www.autocom.com

The Company is continuously developing and improving its activities and therefore the Company has the right to change this Privacy Policy at any time in accordance with applicable laws and regulations. All changes shall be immediately posted on the Company website.

The Company shall always follow good practices and ensure that your privacy is not compromised.

This Privacy Policy describes what personal information we collect and for what purposes we process you when you contact the Company.

This Privacy Policy also contains important information on data protection, in particular your rights as a data subject under the General Data Protection Regulation.

It is very important that you read the Privacy Policy carefully as you agree to the terms described in this Privacy Policy each time you visit the Website of the Controller. If you do not agree to these terms, please do not visit our site, use our content and/or services.

If you have any questions regarding the processing of your data or your rights, please contact us by e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it..

 

DEFINITIONS

Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier, or to one or more factors to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 Personal data breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise processed.

GDPR/General Data Protection Regulation is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

 The recipient of the data” means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not.

 Data subject” means an employee, customer or other natural person of the Company whose personal data is processed by the Company.

 Processing of data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 “Data Controller” means a legal entity that processes personal data on behalf of the Company.

 

DATA PROCESSING

We take your privacy very seriously. The Company processes personal data accurately, fairly and solely for the purposes for which it was collected, in accordance with the principles and requirements of law governing the processing of personal data.

We shall collect, store and process all personal data in accordance with the General Data Protection Regulation, the laws of the Republic of Lithuania, the rights of our clients, and we shall not transfer them to any third parties unless required to do so by law, regulation or if you explicitly consent to the transfer of your data.

We shall process your personal data on one of the following legal grounds:

·         On the basis of the consent that you express through active action, i.e. by contacting us and providing your personal data or other active actions of your own;

·         On the basis of mutual agreement performance;

·         The pursuit of our legitimate interests (e.g. administering a website, etc.);

·         To fulfill our statutory responsibilities.

 

Processing of Customer Personal Data

We may process the following customer personal data:

·         Personal data of the Customer (Name, surname, date of birth);

·         Customer contact details (e-mail address, telephone number, residential address);

·         Personal data of the Customer that the Company needs to process in order to fulfill its mutual agreement (license data of the driver of the customer, date and time of use of the car, location and distance travelled, etc.);

·         Other data provided by the client in connection with the execution and performance of the mutual agreement.

 

In all cases, we shall undertake that all personal data collected by the customer will be processed only to the extent necessary to ensure the proper performance of our services, the related purposes and the fulfillment of our legal obligations.

 

Loyalty and Discount program, Direct Marketing Execution

The Company also processes your personal data in cases where you agree to participate in a loyalty and discount program organized by the Company and/or for direct marketing purposes (e.g. sending newsletters, personalized advertising, promotional announcements, etc.).

When you participate in the loyalty and discount program, the Company processes your name, surname, order history, and customer account information.

For direct marketing purposes, the Company processes your name, surname, e-mail address.

For the purposes of loyalty and discount programs, direct marketing, the Company processes your personal data on the basis of your consent which is expressed through your active actions. You have the right to withdraw your consent at any time. Revocation of consent does not affect the lawfulness of the processing of personal data prior to the revocation of your consent.

 

Processing of personal data in cases of servicing of persons

The Company also processes your personal data in the event that you contact us, make inquiries, ask questions, or send information to the specified contacts via the Company website.

The Company processes your personal data for the purpose of administering inquiries and complaints, responding to your inquiries, ensuring the quality of the services we provide, protecting and defending the rights and legitimate interests of the Company. You provide us with your data on the basis of consent which is expressed through your active actions, i.e. addressing us.

Your personal data will be deleted upon examination of your application to the Company. In order to fulfill the legitimate interest of the Company in gathering evidence of inquiries received, responses thereto, services rendered and contact made, depending on the type of data and circumstances, it may, in certain cases, be stored longer as long as it is fit for purpose they were collected.

Longer term storage of your personal data may occur in the following cases:

·         It is necessary for the Company to be able to defend itself against demands, claims or lawsuits;

·         Your data is necessary for the proper resolution of a dispute or complaint;

·         Where there are reasonable grounds for suspecting that the offense has been the subject of an investigation;

·         In presence of provided legal bases in other legislation.

In any case, your personal data will be destroyed after the deadline.

Please note that you must provide the Company with a minimum amount of personal information when making inquiries, questions or other information. Provide only personal data necessary for the purposes for which the letter, request or response is sent.

Please do not use first name, surname, phone number, e-mail address, bank account number, special (sensitive data), etc. Do not include personal data such as personal identification number, health or other sensitive (sensitive) data, financial data and other redundant or unnecessary data in the text of the letter, request or application text.

 

Processing of personal data on the website

The Company has the right to administer the user account created by you on the website www.autocom.lt. When you create a user account, the Company shall process your name, surname, user account login details and the date the user account was created.

The Company processes your personal data in order to control the flow of user accounts and ensure your convenience through the website www.autocom.lt. The personal data you provide is not shared with any recipients.

When you visit our website, the Company may also collect and manage the IP address, network and location data of the visitor. Data is collected with a help of cookies and other similar technologies on the basis of user consent.

Cookies are small text files that our website wants to place on your computer or other devices connected to the Internet, such as tablets or smartphones. If your browser settings accept cookies, your browser appends the text as a small file.

Most of the cookies used by the Company are necessary for the functional Performance of the Website and they are technical.

Most cookies are deleted from your device at the end of your browser session (session cookies). We use the information stored in the necessary cookies only to provide the necessary information on the website.

The Company also uses non-technical cookies:

 

Name of the cookie

Description

Moment of creation

Duration

Data used

NID

System cookie for Google maps

When displaying Google map on website

1 year

Unique id

TawkConnection Time

Help block cookie

Entering website for the first time

During browser session

Unique id

_dc_gtm_UA-80048190-4

Statistics

Entering website

During browser session

Special variable

IDE

DoubleClick cookies for various services, they are used for advertising purposes

Entering website

1 year

Unique id

_ga

Statistics

Entering website

2 years

Unique id

_gat

Statistics

Entering website

During a browser session on a page while being the site

Special variable

_gid

Statistics

Entering website

24 val.

Unique id

_hjlncludedlnSample

Statistics and visitor tracking cookie

Entering website

1 year

Special variable

A2c4b989ad9fcbf4dd192c94ad663f10

System cookie to set the language of the site

Entering website

During browser session

Language id

 

The cookie message informs you that we use cookies. By continuing to use our website and accepting the display of a cookie message, you consent to the cookies and confirm that you are aware of them. You can configure your browser to refuse some or all cookies or to ask for your permission before accepting them. Visit www.aboutcookies.org or www.allaboutcookies.org for information on how to change your browser settings.

More information about handling cookies can be found here:

 

Video surveillance

In order to ensure the safety of you and our employees, as well as to protect the Company’s property from theft, you are filmed while visiting our car rental offices. We review videos in the event of incidents, theft or other criminal activity in order to protect the legitimate interests of our victims.

 

Recording of telephone conversations

The Company shall record all telephone conversations for the purpose of gathering evidence of the terms of future transactions and/or transactions entered into and in progress. Each time you start recording a conversation, you will be warned that your telephone conversation with the Company will be recorded. You reserve the right not to consent to the recording of your telephone conversation and to personally visit the car rental office of the Company.

 

DATA CONTROLLERS. RECIPIENTS OF DATA

The Company is entitled to use data controllers in accordance with the provisions of the General Data Protection Regulation. They shall be subject to a contract for processing personal data in accordance with the requirements of that Regulation. Data sub-processors may not be employed without the consent of the Company.

The Company shall only employ data processors when such processing cannot be carried out by itself, i.e.:

·         Maintenance of computer programs, access to customer and employee data;

·         Administration of the accounting program;

·         Customer database maintenance.

These Service Providers shall undertake data processing procedures on behalf of the Company and only as directed by the Company. Third parties who process personal data shall be chosen carefully and in accordance with applicable data protection legislation.

Under certain circumstances, the external service providers of the Company may be granted access to your personal data but only for the specified purposes of processing. Under such agreements, such third parties are required to ensure that their data protection is at least equivalent to that guaranteed by the Company and required by applicable law. All data processed on behalf of the Company remain under the control of the Company. Compliance with the instructions of the Company, data protection levels and contractual obligations with the data controller is continuously monitored.

We do not sell, modify or otherwise make available your Personal Information to third parties without prior notice to users. We may also disclose information when required to do so by law, in the implementation of our Site Policies, or to protect the rights, property or safety of us or others.

 

LINKS TO OTHER WEBSITES

Our Website may contain links to other sites that are not owned or operated by us. Please note that we are not responsible for the privacy policies of such websites or third parties. Please note when you are redirected from our Website to other websites, please read the privacy policies of each website where personal information may be collected.

 

 

DATA SUBJECT RIGHTS AND THEIR ENFORCEMENT

The Company will exercise the rights of the data subjects without undue delay but in any event within one month of receipt of the request, will provide the data subject with information on the action it has taken on request. The Company may extend the period of one month by a further two months, depending on the complexity and number of the requests but in any event, the Company will inform you of such extension within one month of receipt of the request, together with the reasons for the delay. The Data Subject must provide a copy of his/her identity document upon request.

For you, the General Data Protection Regulation guarantees the rights of the data subject. At any time, after the Company has properly verified your identity, you have the right to:

  • Be informed about data processing

The Company will provide you with all information to which you are entitled and not covered by this Privacy Policy, such as: where applicable, the recipients of the personal data; the periods of retention of the personal data or, where that is not possible, the criteria applied for determining that period; the right to request the Company to grant access to the data subject's personal data and to correct or delete them, or to restrict the processing of data, or the right to object to the processing, as well as the right to data portability; whether the supply of personal data is a legal or contractual requirement, etc.

  •  Access the data being processed

The Company will confirm to you whether personal data relating to you are being processed and, if such personal data are being processed, to provide all relevant information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the periods for which the personal data will be stored or, where that is not possible, the criteria used to determine that period; the right to ask the controller to correct, delete or restrict the processing of personal data relating to the data subject; where personal data are not collected from the data subject, all available information on their sources. The Company will provide a copy of the personal data processed. Where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic format.

  • Require rectification of the data

The data subject has the right to require the Company to rectify your inaccurate personal data without undue delay. Subject to the purposes for which the data were processed, the data subject shall have the right to request that incomplete personal data be supplemented.

  • Request deletion of data (“right to be forgotten”)

If you have a reason (for example, personal data are no longer needed to achieve the purposes for which they were collected, etc.), you can request that your personal data be deleted.

  • Restrict data processing

You may request a restriction on the processing of your data if it meets the criteria defined in the General Data Protection Regulation, for example, the Company no longer needs your personal data for processing purposes but you need them to assert legal requirements; You dispute the accuracy of the data for a period during which the Company may verify the accuracy of the personal data, etc.

  • Data portability

In cases where the Company processes your personal data by automated means with your consent or on the basis of an agreement with the Company, you have the right to receive your personal data in a systematic and computer readable format and to forward it to another controller without any hindrance. You have the right, where technically possible, to forward your personal data to another controller.

  • Disagree

You have the right to object at any time to the processing of your personal data when such processing is carried out for the legitimate interests of the Company, except when the Company processes the data for reasons overriding the interests, rights and freedoms of the data subject.

Where personal data are processed for direct marketing purposes, the data subject shall have the right at any time to object to any further processing for marketing purposes. If you object to the processing of data for direct marketing purposes, the Company will no longer process your personal data for such purposes.

To exercise any of the rights set forth in this section, you may contact the Company through the following contacts. Notwithstanding any other remedy, you also have the right to lodge a complaint with the supervisory authorities at any time.

The Company recommends that you always contact us with the contact details listed before submitting your complaint in order to find a prompt and appropriate solution to the problem.

 

BREACHES OF PERSONAL DATA SECURITY

The Company will always report a breach of personal data security to the State Data Protection Inspectorate, unless such breach does not endanger the rights and freedoms of individuals. If the nature and seriousness of the breach would seriously jeopardize the rights and freedoms of individuals, the Company must also notify you as a data subject of the breach. Infringements shall be reported in accordance with the General Data Protection Regulation.

The report to the data subject should include in clear and plain language (if the report is sent by email, SMS, mail, etc.):

  • a description of the nature of the infringement;
  • contact details of the data protection officer;
  • a description of the likely consequences of the breach;
  • a description of the measures taken by the Company to remedy the breach;
  • Other information that the Company believes should be provided to the data subject.

Should the notification require a disproportionate effort, the Company will instead make the breach public on its website.

In the event of a breach, the Company will not notify the data subject if as follows: appropriate safeguards have been implemented for the personal data affected by the breach; immediately after the breach, the Company took measures to ensure that the rights and freedoms of individuals could no longer be seriously endangered; this would require a disproportionate effort to contact individuals. In that case, the infringement shall be made public.

 

DATA SECURITY

The Company takes great care in protecting your personal data using appropriate data protection safeguards. These include: active and reactive risk management, periodic software updates, use of antivirus software, access control and protection systems, controlled access/user permissions and oversight, providing skills in the training of personnel involved in the processing of personal data, as well as in the evaluation and selection of data controllers. Paper documents shall be stored in premises with appropriate security measures. Persons working with personal data shall be bound by confidentiality obligations imposed by law, the internal rules of the controller and/or confidentiality agreements. Data is backed up. The company is constantly updating its internal practices.

 

BAIGIAMOSIOS NUOSTATOS FINAL PROVISIONS

The Company is continuously developing and improving its activities and therefore, the Company has the right to change this Privacy Policy at any time in accordance with applicable laws and regulations. All changes shall be immediately posted on the Company website.

This Privacy Policy is reviewed periodically, but at least every two years.