Privacy policy
- GENERAL PROVISIONS
1.1. We care about your privacy and the security of your personal data, therefore we have prepared this privacy policy (hereinafter referred to as – Privacy Policy), in which we explain how we process and protect your personal data, what rights we ensure for you, and provide other information about the processing of your personal data.
1.2. The controller of your personal data is UAB “Bonameda” (hereinafter referred to as – we or the Company), legal entity code 140927183, registered seat address Draugystės st. 17-1, LT-51229 Kaunas, business address Breslaujos st. 3B, LT-44403 Kaunas.
1.3. The term ‘personal data’ (hereinafter referred to as – Personal Data) used in this Privacy Policy means any information or set of information from which we can directly or indirectly identify you, for example, your name, surname, e-mail address, telephone number, etc.
1.4. The Privacy Policy applies when you visit the website www.bonameda.com (hereinafter referred to as – Website), when you visit our social media accounts on Facebook (https://www.facebook.com/people/Bonameda/100068670000774/) LinkedIn (https://www.linkedin.com/company/bonameda) (hereinafter referred to as – Social Accounts), view the information provided by us, contact us by phone or electronic communication channels, visit us in person. This Privacy Policy does not apply when you browse the websites of other companies or use the services of third parties. If you use the Website, Social Accounts, it means that you have read and agreed to this Privacy Policy and the purposes, methods and procedure for using your personal data specified therein. If you do not agree to this Privacy Policy or do not understand it, you may not use the Website.
1.5. When processing Personal Data, we comply with the requirements of the General Data Protection Regulation No. 2016/679 (EU) (hereinafter referred to as – GDPR) and the legal acts of the Republic of Lithuania, as well as the instructions of supervisory authorities.
1.6. This Privacy Policy may change, so we ask you to visit the Website from time to time and read the latest version of the Privacy Policy published there.
- WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?
2.1. We process your Personal Data obtained in the following ways:
2.1.1. When you provide Personal Data to us;
2.1.2. When we collect your Personal Data as you use the Website or Social Accounts, contact us by phone or electronic communication means, or visit us in person;
2.1.3. When we obtain them from other persons in accordance with the procedure established by legal acts and the Privacy Policy (e.g. when information is provided by your employers, when we obtain data from official registers, state or local self-government institutions or bodies, agencies selecting candidates for vacant positions).
2.2. We collect, use and otherwise process your Personal Data in order to offer and sell our products, to fulfill our contractual obligations, as well as to pursue our or third parties’ legitimate interests, to comply with legal instructions or obligations.
2.3. When providing Personal Data to us, you are responsible for the accuracy, completeness, and relevance of such Personal Data. When you provide Personal Data about other persons (e.g. your employees and etc.). You are responsible for such person’s consent to his or her Personal Data being provided to us. If necessary (e.g., such person inquires about obtaining his or her Personal Data from us), we will indicate you as the provider of such data.
2.4. We process your Personal Data for the following purposes and under the following conditions:
Purpose of personal data processing | Personal Data being processed | Personal data processing deadlines | Legal basis for processing personal data |
Conclusion of contracts with business partners. | Name, surname, position, personal identification number (only if necessary), address (only if necessary), telephone number, e-mail address, represented person (when a company or other person is represented), relationship with the represented person, other cooperation data of the partner who is natural person or of the participant, representative of a legal entity, other natural persons specified when concluding the contract. | Data is stored for the duration of the contract and for 5 years after the contract expires. | The processing of data is necessary for the conclusion and performance of a contract (Paragraph 1 (b) of Article 6 of the GDPR). Lawful interests of the data controller or third party to perform their obligations in a high-quality and effective manner (Paragraph 1 (f) of Article 6 of the GDPR). |
Consultations on goods, services provided and quality assurance. | If provided: name, surname, e-mail address, telephone number; represented person (when you represent a company or another person), relationship with the represented person; subject and content of the communication (message, response); data necessary for resolving quality issues; If communication is via social networks – the publicly visible account information. | Data is stored for the duration of the communication and up to 1 year after the end of the communication (last message); Data in social network accounts is stored according to their settings, but no longer than 1 year from the end of communication; If consent is revoked, until the expiration of the consent (when data is processed on the basis of consent). | Consent of the data subject (Paragraph 1 (a) of Article 6 of the GDPR); Lawful interests of the data controller or third party to perform their obligations in a high-quality and effective manner (Paragraph 1 (f) of Article 6 of the GDPR); |
Sending direct marketing, information messages and invitations to Company events. | Name, surname, telephone number, e-mail address, name of workplace, name of department in which he or she works, area of interest, e-mail interaction (information about whether the newsletter was read, when and how many times it was read/opened, whether it was forwarded, what operating system and e-mail server (its location) were used). | Data is stored for 5 years from the date of receipt of consent. If consent is revoked, until the expiration of the consent (when data is processed on the basis of consent). | Consent of the data subject (Paragraph 1 (a) of Article 6 of the GDPR); |
Conducting market research. | Name, surname, telephone number, e-mail address. | Data is stored for 5 years from the date of receipt of consent. | Consent of the data subject (Paragraph 1 (a) of Article 6 of the GDPR); Legitimate interests of the data controller or a third party in analyzing aggregated marketing results (Paragraph 1 (f) of Article 6 of the GDPR); |
Registration for events and their organization, including informing participants and smooth administration of the event. | Name, surname, contact information (e-mail address, telephone number), participant’s organization or represented institution, payment information (if the event is fee-based). | During the period of registration for the event and its organization and for 1 month after its expiry. If the data relates to payments or financial records, it may be stored for up to 10 years in accordance with statutory requirements. | Consent of the data subject (Paragraph 1 (a) of Article 6 of the GDPR); The right of the data controller to ensure the effective organization and management of events, ensuring smooth registration, informing participants and the quality of events, while creating a professional image and strengthening relationships with participants (Paragraph 1 (f) of Article 6 of the GDPR); |
Raising public awareness about the Company’s activities. | Personal Data contained in publications, issues, other presentation content, photos, video material, excerpts from event content, information collected during events (e.g., photos or videos with the participant’s consent, if the event is recorded). | Data is processed for 5 years from the date of collection; If consent is revoked, until the expiration of the consent (when data is processed on the basis of consent). Publicly available data (in issues, publications, etc.) is processed until the end of their public availability. | Consent of the data subject (Paragraph 1 (a) of Article 6 of the GDPR); The right of the data controller to inform the public about the Company’s activities, achievements, services or products provided, strengthening the Company’s reputation, transparency and relations with existing and potential customers or partners (Paragraph 1 (f) of Article 6 of the GDPR); |
Management and administration of the website www.bonameda.com and Social Accounts | Name, surname, e-mail address, telephone number (contact form on the website), IP address, information collected by cookies. Data collected through social account integration, username, post comments and shares, information about ‘likes’ and ‘follows’, information about reactions to posts, photo, message and reply data (time of receipt, content, attachments), information about rating, other information provided by you. | The data provided in the contact form is stored for 1 year from the date of contact. The IP address is stored for 14 days. Cookie storage periods are provided in Section 7 of the Privacy Policy. Information in social accounts is stored in accordance with the terms and conditions set by the owner of the relevant social network. | Consent of the data subject (Paragraph 1 (a) of Article 6 of the GDPR); Our legitimate interests or those of a third party in the quality and efficient management of social accounts and other electronic information provision channels (Paragraph 1 (f) of Article 6 of the GDPR). |
Performing financial transactions and maintaining accounting records, managing debts | Name, surname, personal identification number (when required by law), address, e-mail address, represented person (when a company or other person is represented), relationship with the represented person, contact telephone number, account number, payment institution, transaction amount, date, time, currency, order amount, payment history, data on indebtedness. | The data is stored in accordance with the legal acts regulating financial transactions and accounting, including the Index of Internal Administration Document Storage Terms (Official Gazette, 17 March 2011, No 32-1534), approved by Order No V-100 of the Chief Archivist of the Republic of Lithuania dated 9 March 2011. Data that does not fall within the scope of storage of the above-mentioned legal acts are stored for the entire term of the contract and 10 years after the end of the contract. | Conclusion and performance of a contract with the data subject (Paragraph 1 (b) of Article 6 of the GDPR). The aim of fulfilling a legal obligation imposed on the data controller (Paragraph 1 (c) of Article 6 of the GDPR) in accordance with the Law of the Republic of Lithuania on Tax Administration (Official Gazette, 28 April 2004, No 63-2243), the Law on Financial Accounting (Official Gazette, 28 November 2001, No 99-3515), the Law on Financial Reporting by Enterprises and Groups of Enterprises (Official Gazette, 30 June 2024, No 12134), the Law on Payments (Official Gazette, 17 November 1999, No 97-2775); the Law on Companies (Official Gazette, 31 July 2000, No 64-1914) and other legal acts; The legitimate interests of the data controller in the efficient management of financial transactions and debts (Paragraph 1 (f) of Article of the GDPR); |
Evaluation and selection of candidates for the proposed job position. | Name, surname, e-mail address, telephone number, address, educational and activity (experience) data, content of the CV, other information necessary for the selection and (or) evaluation of the candidate or voluntarily provided by the candidate. | Personal data is stored for the duration of the specific selection for the proposed job position and for 3 (three) months after the end of the selection, if the candidate has not given consent to the further storage of his/her personal data. If the Company does not select a candidate for a specific offered position, but the candidate consents to his/her personal data being processed for the purpose of offering a job in the future, it may be processed for 1 (one) year after the end of the selection (unless consent is withdrawn earlier). If you submit your personal data on your own initiative for purposes other than specific selection, the Company will store the submitted personal data for 1 (one) year. | Consent of the data subject (Paragraph 1 (a) of Article 6 of the GDPR); Legitimate interests of the data controller (Paragraph 1 (f) of Article 6 of the GDPR) – to assess the candidate’s skills, qualifications, experience, suitability for certain job positions, and to select the best candidate for the offered job position.
|
Resolution of disputes and claims. | Name, surname, e-mail address, telephone number, address, position; represented person (when you represent a company or another person), relationship with the represented person; content of the complaint/claim/procedural document, information related to the dispute/claim. | The data is stored for the entire period of the dispute/claim investigation and for 3 years after the end of the out-of-court examination of a dispute/claim and 10 years after the end of the court examination of a dispute. | Processing of data is necessary to fulfill a legal obligation imposed on the data controller (Paragraph 1 (c) of Article 6 of the GDPR) in accordance with the Civil Code of the Republic of Lithuania (Official Gazette, 6 September 2000, No 74-2262), the Code of Civil Procedure (Official Gazette, 6 April 2002, No 36-1340) and other legal acts; The legitimate interests of the data controller to assert, exercise or defend its rights and legal claims (Paragraph 1 (f) of Article 6 of the GDPR); |
Video surveillance in order to ensure the safety and health of property and individuals, the protection of information, as well as to ensure the objective resolution of incidents and disputes and the protection of their evidence. | Video surveillance data captured by video surveillance equipment and/or means, image of a person. | Video data is stored for 1 month from the moment of its capture. Upon expiry of the storage period, Video Data is automatically deleted, except in cases where it is necessary to store it for a longer period. If it is necessary to store Video Data for a period longer than the storage period (e.g., it is used as evidence in investigations or disputes, a reasoned request from the Data Subject has been received, etc.), this data is stored for as long as necessary to achieve the specific purposes of data processing and is destroyed immediately when it is no longer necessary. | The legitimate interest of the data controller in ensuring the safety and health of property and individuals, information protection, the purpose of objectively investigating and controlling unlawful conduct or conflict situations and protecting their evidence (Paragraph 1 (f) of Article 6 of the GDPR); |
You have the right to object or withdraw your consent to the processing of your data for the purposes specified above at any time, where your Personal Data is processed on the basis of your consent.
2.5. To the extent permitted by applicable legal acts, in addition to the information you provide, Personal Data we automatically collect, when you use the Website or Social Accounts, or through other digital channels, we may also receive information about you from other sources, such as publicly available registers, databases, social media platforms and other third parties.
2.6. You have the right to change and update the information you have provided to us. In some cases (e.g., when selling our products) it is necessary for us to have accurate and up-to-date information about you, so we may ask you to periodically confirm that the information we hold about you is correct.
2.7. We have accounts on certain social media (Facebook, LinkedIn) where we post information about ourselves and our activities. The privacy policy and rules of the social media where our account is located apply to the users of the accounts. This Privacy Policy applies to your accounts and the information contained in them when you visit our accounts to the extent provided for in this Privacy Policy and to the extent it logically covers the actions you take.
2.8. In some cases, we process your Personal Data as a data processor. When processing Personal Data in this way, we act on the instructions of the data controller. All information about the processing of your Personal Data in such a case will be provided to you by your Personal Data controller.
- HOW DO WE USE YOUR PERSONAL DATA AND WHAT PRINCIPLES DO WE FOLLOW?
3.1. We collect and process only such Personal Data as is necessary to achieve the purposes for which they are collected. We do not collect and store Personal Data that is not relevant to the performance of our activities.
3.2. When processing your Personal Data, we:
3.2.1. comply with the requirements of valid and applicable legal acts, including the GDPR;
3.2.2. process your Personal Data in a lawful, fair and transparent manner;
3.2.3. collect your Personal Data for specified, explicit and legitimate purposes and do not process it in a manner incompatible with those purposes, except to the extent permitted by law;
3.2.4. take all reasonable measures to ensure that Personal Data that is inaccurate or incomplete, having regard to the purposes of its processing, is promptly corrected, supplemented, that its processing is suspended or that this data is destroyed;
3.2.5. store them in a form that allows you to be identified for no longer than is necessary for the purposes for which the Personal Data are processed;
3.2.6. do not provide Personal Data to third parties and will not disclose it, except as specified in the Privacy Policy or applicable laws;
3.2.7. ensure that your Personal Data is processed in such a way that, by applying appropriate technical or organizational measures, appropriate security of Personal Data is ensured, including protection against unauthorized or unlawful processing of data and against accidental loss, destruction or damage.
- WHO DO WE TRANSFER YOUR PERSONAL DATA TO?
4.1. We may transfer your Personal Data:
4.1.1. if you have consented to the disclosure of Personal Data;
4.1.2. to companies of the group of companies to which we belong: UAB “Energenas”, UAB “Inospectra”, UAB “Turimeda”;
4.1.3. to our partners or trusted third parties who help us offer or sell our products and carry out our activities, such as distributors, auditors, consultants, insurance companies, market research companies, etc.;
4.1.4. to state and local authorities and institutions, law enforcement institutions, courts, other persons performing functions assigned by law, in accordance with the procedure established by the legal acts of the Republic of Lithuania. We provide these entities with information that is mandatory to provide, as established by law or specified by the entities themselves;
4.1.5. to the engaged processors of Personal Data (e.g., companies providing IT, server services, website administration, etc.). We require the processors to store, process and handle Personal Data with the same responsibility as we do and only in accordance with our instructions;
4.1.6. If necessary – to companies that intend to buy or would buy our business;
4.1.7. to debt collection companies to which claims on the client’s indebtedness are assigned, courts, out-of-court dispute resolution institutions and bankruptcy administrators.
4.2. We generally process Personal Data within the European Union/European Economic Area (hereinafter referred to as – EU/EEA); however, in some cases your Personal Data may be transferred outside the EU/EEA. Your Personal Data is transferred outside the EEA only under the following conditions:
4.2.1. Data is transferred only to our trusted partners who ensure the provision of our services to you;
4.2.2. Data processing agreements have been signed with such partners, whereby they ensure the security of your Personal Data in accordance with statutory requirements;
4.2.3. The European Union Commission has adopted a decision on the suitability of the country in which our partner is established, i.e. an adequate level of security is ensured;
4.2.4. You have consented to the transfer of your Personal Data outside the European Economic Area.
4.3. In order to publish content on Social Accounts, we provide Personal Data to the following social media platform operators outside the European Economic Area (EEA):
4.3.1. LinkedIn Ireland Unlimited Company (Ireland) and LinkedIn Corporation (USA) (data is transferred pursuant to an adequacy decision adopted by the European Commission);
4.3.2. Meta Platforms Ireland Ltd. (Ireland) and Meta Platforms Inc. (USA) (data is transferred pursuant to an adequacy decision adopted by the European Commission).
- DATA SUBJECT RIGHTS
5.1. You, as a data subject, have the following rights in relation to your Personal Data:
5.1.1. to know (be informed) about the processing of your Personal data (right to know);
5.1.2. to access your Personal Data and know how it is processed (right of access);
5.1.3. to demand the rectification or, taking into account the purposes of processing Personal Data, the completion of incomplete Personal Data (right to rectification);
5.1.4. to demand the destruction of your Personal Data or the suspension of actions of processing of your Personal Data (except for storage) (right to destruction and right to be forgotten);
5.1.5. to demand us to restrict the processing of Personal Data on one of the legitimate grounds (right to restriction);
5.1.6. The right to data portability (right to portability). This right will be exercised only if there are grounds for its exercise and adequate technical measures ensuring that the transfer of the requested Personal Data will not pose a risk of security breach to the data of other persons;
5.1.7. to object to the processing of your Personal Data where we process your Personal Data on the basis of our or a third party’s legitimate interests, including profiling. If you object, we will continue to process your Personal Data only for compelling legitimate grounds which override your interests, rights and freedoms, or in order to assert, exercise or defend legal claims;
5.1.8. to withdraw consent to the processing of your Personal Data where the Personal Data is processed on the basis of consent, including where these data are processed or are intended to be processed for direct marketing purposes, including profiling* to the extent it is related to such direct marketing.
*Based on the Personal Data you provide, profiling of your Personal Data may be carried out for the purpose of direct marketing in order to offer you individually tailored solutions and offers. You may withdraw your consent to the processing of your Personal Data by automated means, including profiling, or object to it at any time.
5.2. If you do not wish your personal data to be processed for direct marketing purposes, including profiling, you can opt out of such data processing by clicking on the relevant link in the newsletter or by sending an e-mail to info@bonameda.com or by calling +370 37 280710.
5.3. We may refuse to exercise your rights listed above, except for objection to the processing of Personal Data in cases where Personal Data is processed with your consent, where the provisions of the GDPR allow us to refuse to satisfy your request, or where, in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of crimes, violations of official or professional ethics, as well as the protection of the rights and freedoms of the data subject, us and other persons.
5.4. Where your Personal Data is processed on the basis of consent, you may withdraw such consent at any time. We will immediately, within a reasonable time limit, cease the processing of your Personal Data. Withdrawal of consent does not automatically oblige us to destroy your Personal Data or provide you with information about the Personal Data we process, therefore, if you want us to perform these actions as well, you must specify such a request separately.
5.5. You may submit any request or instruction related to the processing of Personal Data to us in writing in one of the following ways: by delivering it directly to the address: Breslaujos st. 3B, LT-44403 Kaunas, or by e-mail: info@bonameda.com . When you submit such a request, we may, in order to better understand the content of your request, ask you to fill out the necessary forms, as well as provide an identity document or other information that will help us verify your identity. If you submit a request by e-mail, depending on its content, we may ask you to come to us or submit the request in writing.
5.6. Upon receipt of your request or instruction regarding the processing of Personal Data, we will provide a response and perform the actions specified in the request or inform you why we refuse to perform them no later than within 1 month from the date of the request. If necessary, the specified period may be extended by another two months, taking into account the complexity and number of requests. In such case, we will inform you of such extension within 1 month from the date of receipt of the request.
5.7. If Personal Data is deleted at your request, we will only keep copies of the information that are necessary to protect our legitimate interests and those of other persons, comply with the obligations imposed on us by state or local government institutions and bodies, resolve disputes, identify disruptions, or comply with any agreements you have entered into with us.
- WHO CAN YOU FILE A COMPLAINT WITH?
6.1. If you wish to make a complaint about our processing of Personal Data, please submit it to us in writing, providing as much information as possible, using the contact details provided at the end of this Privacy Policy. We will cooperate with you and endeavour to resolve any issues promptly.
6.2. If you believe that your rights under the GDPR have been violated, you may file a complaint with our supervisory authority – the State Data Protection Inspectorate, more information and contact details can be found on the inspectorate’s website ( https://vdai.lrv.lt/ ). We strive to resolve all disputes promptly and amicably, so we first invite you to contact us.
- HOW DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
7.1. Our website uses cookies (small files stored on the hard drive of the website visitor’s device) to distinguish you from other website visitors. The information collected by cookies allows us to ensure your browsing experience is more convenient.
7.2. We use cookies to analyze information flows, promote trust, and ensure security.
7.3. You can choose whether you want to accept cookies. If you do not agree to cookies being stored on your computer or other terminal device, you can change your web browser settings and disable all cookies or enable/disable them one by one. If you want to refuse cookies on your mobile device, you must follow the instructions of the manufacturer of this device. However, we note that in some cases this may slow down the speed of web browsing, limit the functionality of certain website functions or block access to the website. More detailed information is available at AllAboutCookies.org or www.google.com/privacy_ads.html.
7.4. More information about the cookies used on our website and their functions, as well as how to change their settings, can be found in our Cookie Policy.
7.5. Some third parties, such as social media controllers, may use their own anonymous cookies to tailor their applications or apps to your needs. We do not control the use of these cookies. For more detailed information, we recommend that you check the third party’s privacy policy.
- EXTERNAL WEBSITES
8.1. The Website may contain links to external websites, such as our partner websites or websites that advertise our products. When following such links to any of the websites, please note that these websites and the services accessible through them have their own separate privacy policies and we do not assume any responsibility or liability for these policies or for the personal data collected on these websites or the personal data collected in the course of providing the services, such as contact or location data. Please review these policies before providing any personal data on these websites or using any services.
- CONTACT US
9.1. If you have any questions regarding the information provided in this Privacy Policy, please contact us:
By mail: Breslaujos st. 3B, LT-44403 Kaunas, by phone: +370 37 280710, by e-mail: info@bonameda.com.
- FINAL PROVISIONS
10.1. We have the right to unilaterally modify the terms of the Privacy Policy. We will notify you about the modifications by posting the updated Privacy Policy on the Website or by other usual communication means. Additions or amendments to the Privacy Policy shall enter into force from the date of update specified in the Privacy Policy, unless another date of entry into force is specified.
10.2. If you continue to use the Website after the terms of the Privacy Policy have been modified, it is deemed that you have agreed to the modified terms of the Privacy Policy.
10.3. Disagreements regarding the implementation of this Privacy Policy shall be resolved through negotiations. If an agreement cannot be reached, the disagreements shall be resolved in accordance with the procedure established by the laws of the Republic of Lithuania.
Last update date: 20 January 2025
