RULES OF SELLING OF SERVICES OF JSC BIRSTONAS HEALTH RESORT „VERSME“ VIA ITS WEBSITE

1. Booking of the Services of JSC Birstonas Health Resort „Versme“

Booking using the booking system is made as follows:

1. The Customer is offered an opportunity to choose the wellness packages (hereinafter – „Packages“), standard sleeping accommodations provided in the health resort which have been presented in the Booking Table.
2.  After familiarising with the composition and price of the Package the Customer can choose the dates of arrival and departure for the chosen room.
3. After choosing the offer and the date of arrival the Customer proceeds to the next step – the booking form in which he/she indicates his/her personal data and the comments concerning the booking (in comment box).
4.  After filling in the data the Customer makes advance payment in one of the following ways:

• by a credit card (Visa, Mastercard, Eurocard);
• via online bank transfer (JSC Paysera LT).

4.1.   After choosing one of the two above named opportunities the Customer is directed at the page in which he/she can make the payment using system JSC Paysera LT. Data authorization begins after connecting to system JSC Paysera LT with the help of encryption protocol of 128 bits. After the acceptance of the contribution by system JSC Paysera LT the Customer is automatically informed by an e-mail confirming the payment and booking. The following information will be indicated in the e-mail: data of the customer, name of the health resort, general price of the service, paid advance payment and the amount payable on arrival to the health resort. In the health resort the Customer will have to present the e-mail confirming the booking in proof of the paid advance payment and for the calculation of the remaining amount.
4.2. A Customer using a personal account on BookingRobot system has an opportunity to bind    his/her credit card(s) with his/her account. In this case, any amounts due are debited from the Customer’s credit account automatically each time he/she purchases the services of Health Resort „Versme“ once during the purchase of the service. The Customer may cancel the binding of the credit card anytime by clicking on the “Delete” button in the account settings, item “Payment cards”. The safety of the Customer’s credit cards data is guaranteed by JSC Paysera LT registered with the Bank of Lithuania.
5. The Customer understands that in the case of a failure/programming errors in the online booking system, if, taking into consideration the composition of services, the published price is baselessly low/high, Health Resort „Versme“ is entitled to inform the Customer concerning the error within 10 days since the confirmation of the booking and to demand to pay the whole price and, in the case of the Customer‘s refusal to pay the whole price – to terminate the agreement/refuse to render the services without covering the Customer‘s losses.
6. In case of the absence of an available room during the online booking, the Customer may be offered a room according to the inquiry. After filling in the booking form the Customer receives an e-mail with the confirmation of the term (or its absence) and the information about the way of making advance payment. The Customer may pay advance payment either by a credit card or via online bank transfer. The booking will be confirmed at the time of receiving advance payment. After the payment of advance payment the Customer will receive an e-mail confirming the booking which he/she must present upon his/her arrival to the Health Resort „Versme" for final settlement.

2. Payment for Services and Cancellation of Booking

3. The Final Provisions

12. The Customer must indicate the data in the booking form correctly. The health resort is not liable for either incorrectly chosen arrival or departure time, length of stay or other data specified by the Customer inaccurately.
13. Electronic payment system JSC Paysera LT is responsible for the correct service of the taken booking money.
14.The health resort or the firm serving online booking is not liable for the inaccessibility of the booking system occurring through no fault of theirs and other problems do not depending on them.

4. Personal Data

15. By booking and purchasing services the Customer consents to transfer his/her personal data to the server database. These data will be used to fulfil the procedure of booking to the end. The personal data are processed following the Republic of Lithuania Law on Legal Protection of Personal Data (hereinafter – LLPPD). The rights of a data subject are implemented in the order established in LLPPD Articles 23-27. A data subject has been offered an opportunity to refuse the processing of his/her data for marketing purposes any time. A data subject, after receiving a newsletter and wishing to refuse it, must click on the opt-out link.

5. Confirmation of the Provisions

16. After marking: „I have read and consent to the Privacy Policy and the Booking Rules“ the Customer declares that he/she has understood the conditions presented in the Service Booking and Using Rules and consents to them. In the case of unconfirmed provisions, the procedures of service booking and use do not apply.

6. Rules of Booking of Gift Vouchers

PRIVACY POLICY

CHAPTER I

1.        GENERAL PROVISIONS.

1.1. Health care institution JSC Birstonas Health Resort „Versme“ (hereinafter – „Company“), enterprise code 152814478, B. Sruogos str. 9, Birstonas, e-mail versme@versme.com, tel. No: +370 319 65662, Data Security Official tel. No +370 674 80223, respecting the right of the visitors (hereinafter – „Visitors“) of website www.versme.com (hereinafter – „Website“) to privacy, pledges to guarantee the protection of their personal data and the guarantee of their rights as data subjects.
1.2. This Privacy Policy regulates the principles and order of processing of personal data during the use of the services of the Company Website, thus providing one‘s personal data to the Company. The Visitors consent to the provisions of this Privacy Policy, excluding the actions concerning data processing, for which a separate consent of the Visitor, Patient or Customer will be necessary and which will be requested by the Company, when it needs it.
1.3. The Visitors are considered to be familiarised with Privacy Policy, when during the registration in the Website they tick under the text of this Policy or click button „Consent“, „Dissent“ or „Have familiarised“ in the Cookie bar appearing on the top of the Website page. One can familiarize with the Privacy Policy repeatedly any time by clicking „Privacy Policy“ in the Website menu.
1.4. The Company, during the conclusion of a contract with a Patient or Customer, provision of services and similar not with the help of this Website, is entitled to establish additional purposes and conditions of processing of personal data about which there is no information in this Privacy Policy. The Regulation, orders and descriptions of processing of personal data used by Primary Health Care Centre /PHCC/ are also not published in the Website due to their big volume, so wishing to learn more about the processing of personal data in PHCC, you should inquire from the contacts indicated in Item 1.1. or come to our institution to the address indicated in Item 1.1. and exact and exhaustive information will be provided to you.
1.5. During the processing of personal data the Company followsthe provisions ofRegulation (EU) 2016/679 of the European Parliament and of the Councilof 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and according to which Directive 95/46/EC (hereinafter – “Regulation”) is repealed, the Republic of Lithuania /RL/ Law on Legal Protection of Personal Data (hereinafter – LLPPD) and other applicable legal acts regulating the security of personal data.
1.6. The Company may amend these conditions of Privacy Policy at its own discretion by publishing the respective information about it in the Website.

2.                   CONCEPTS USED IN PRIVACY POLICY.

2.1. Personal data mean any information about a natural person whose identity has been established or can be established (a data subject); a natural person whose identity can be established is a person whose identity can be established directly or indirectly, first of all, according to identifier, as name and surname, personal identification number, data of the seat and online identifier or according to one or several features of physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2. Data subject means a natural person (a Visitor of the Website among them) the personal data of whom are collected by the Company.
2.3. Consent of the data subject means any freely given, specific and unambiguous indication of the properly informed data subject‘s will by which he/she, by a statement or by clear affirmative actions, signifies agreement to the processing of personal data relating to him/her.
2.4. Data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, familiarisation, use, disclosure by transmission, dissemination or otherwise making available, also comparison or combination with other data, restriction, erasure or destruction.
2.5. Restriction of data processing means the marking of stored personal data with the aim of limiting their processing in the future.
2.6. The employees of the Company are not considered to be Data Controllers. Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of data.
2.7. Data processor means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller
2.8. A Web Cookie means a small packet of textual information which is automatically produced during browsing a Website and is stored on a computer or other device of a Visitor.
2.9. Direct marketing means activity intended to offer to persons goods or services and (or) inquire about their opinion concerning the offered goods or services by post, telephone or in another direct way.

3.                            WHAT PERSONAL DATA ARE COLLECTED ON THE WEBSITE?

3.1. The Company collects and further processes the following personal data of the Visitors which the very Visitors provide during visiting, registering or booking services in the Website: name, surname, e-mail address, telephone No, data related to the provision of services, particulars of the booking, account numbers, payment particulars, information about consent or dissent concerning the processing of personal data for purposes of direct marketing, passwords, any other data which the Visitor has provided additionally on his/her own initiative during his/her Website visit.
3.2. The Company continues to process the collected personal data of the Visitors which the Visitors provide indirectly either by visiting the Website or by registering on it, i.e. these data are automatically collected from the computers and / or mobile devices used by the Visitors after logging on the Website: logging IP addresses and times, the browser used by the user, its version and the language used in it, the websites which the Visitors were visiting before logging on the Website, data about the use of services, devices employing which you logged on the Website, age, sex, geographical indicators and other data collected by Google Analytics and Facebook Pixel. These data are stored in the Company during both the period of cooperation with the Visitor and, depending on the data, up to the end of 26 (twenty six) months since the period of cooperation (or the last session of the Visitor‘s logging on the Website). These data may be stored for a longer period, if there are other legal bases for such storing period.
3.3. You will find more information about the personal data which the Visitors provide indirectly during the Website visit in this Privacy Policy Section 9 Cookies.

4.                   FOR WHAT PURPOSES ARE THE PERSONAL DATA COLLECTED AND PROCESSED?

4.1. The Company may process the personal data of a Visitor, if it has a based and legitimate interest which does not infringe upon the person‘s interests, violate his/her rights and freedoms.
4.2. The Company collects and processes the above indicated personal data in order to conclude a contract with the Visitor (including the actions before the conclusion of the contract), also to be able to fulfil the contractual obligations or provide services without the conclusion of a contract, so that the legal duty applied to Data Controller was fulfiled, striving for legitimate interests of the Data Controller or a third party, striving to perform a task fulfiled for the good of public interest or during the performance of the functions commissioned to the Data Controller by public authorities. The aims of processing of personal data are as follows:
4.2.1.  Identification of the Visitor and his/her registration on the Website;
4.2.2.  Communication with the Visitor;
4.2.3.  Booking of a room for the Customer;
4.2.4.  Purchasing of a Gift Voucher;
4.2.5.  For the purposes of direct marketing by sending newsletters;
4.2.6.  And other purposes related to the legal duties and obligations of the Company.
4.3. If a Visitor does not provide the personal data necessary for the conclusion, execution of the contract, providing the Website services and similar or provides wrong data, the Company will not be able to conclude the contract with the Visitor and /or fulfil its conditions or provide services.
4.4. If the Company wishes to use the data of the Visitor for other purposes for which it has no contractual or other legal basis, the Company will request the consent of the Visitor. Having the consent of the Visitor (which the Visitor can withdraw any time and if it does not contradict the legal acts of RL), the Company will use the data only for the realization of a specific aim. 

5.                   HOW ARE THE PERSONAL DATA OF THE VISITORS PROCESSED?

5.1. The Company guarantees that the personal data of the Visitors will be:
5.1.1.  Processed in a legitimate, honest and transparent way;
5.1.2.  Collected for established, clearly defined and legitimate purposes and not processed further in a way incompatible with these purposes;
5.1.3.  Adequate, appropriate and only such which are necessary striving for the above enumerated purposes for which they are processed;
5.1.4.  Exact and renewed in case of need;
5.1.5.  Processed in such a way that, employing corresponding technical and organizational measures, proper personal data safety was guaranteed, including protection from Data processing without a consent or illegitimate Data processing and from inadvertent loss, destruction or damage.

  6.                   WHOM ARE THE PERSONAL DATA OF THE VISITORS PROVIDED TO?

6.1. Access of the employees and authorised persons of the Company to the personal data of the Visitor is provided only for the performance of official duties according to the duties of the Employee and his/her role in the Company.
6.2. All the data recipients to which the Company transfers the personal data are pledged to protect confidential information upon signature. In case of failure to get the consent or request of a Visitor, the Company will not transfer personal data to other persons not indicated in these terms, excluding the cases when the Company is obliged to do it in the order provided for in the laws.
6.3. During the execution of a contract, fulfilment of the requirements of legal acts or its obligations and in presence of legal basis the Company may transfer the data of a Visitor to law enforcement institutions, state institutions, legal or natural persons: leasing, credit, insurance, legal and other companies, partners or service providers for the purposes of internal administration or in conformity with based interest of the Company, also to third persons, if that is necessary, striving to defend the rights of the Company or fulfiling the obligations placed on the Company by laws.
6.4. To guarantee the services provided by the Website the personal data of the Visitors are transferred to the following Data Processors:
6.4.1.  JSC „200mi“;
6.4.2.  Small Partnership ”DigiAstrum”;
6.4.3.  Small Partnership „Todo sprendimai“;
6.4.4.  JSC „Ekostream“.
6.5. The Company makes use only of those Data Processors which guarantee that proper technical and organizational measures were carried out in such a way that the Data processing met the requirements of the Regulation and the protection of rights of the Visitors as Data subjects was ensured.
6.6. The Company signifies that the above indicated Data Processors are entitled to process the personal data of the Visitors only according to the instructions of the Company.

7.                   HOW LONG ARE THE PERSONAL DATA STORED?

7.1. The personal data of the Visitors are stored during the period of the whole cooperation and insofar as they will be necessary for the execution of the contract or the fulfilment of the Website services and afterwards for such a period for which the storing of data in PHCC is obligatory in accordance with the order provided for in the Republic of Lithuania legal acts. The storing periods of different Personal data according to different purposes of data processing may be from 1 to 50 years, so, on purpose to learn the information you are concerned at, you can address the contacts and / or address indicated in this Privacy Policy Item 1.1.

CHAPTER 2. MARKETING

8.      PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING.

8.1. Without a separate consent of a Visitor the Company may use the contact data of the Visitor for sending notices or reminders by post, e-mail, telephone or an SMS message, when these notices are related to the conclusion of the contract, including actions before the conclusion of the contract, rendered services and / or guarantee of legal duties and / or obligations of the Company and similar purposes (which are not attributable to the purposes of direct marketing).
8.2.Having the advance consent of the Visitor and following the provisions of the Regulation, the Company may use the contact data of the Visitor for sending newsletters, offers, invitations and other advertisements, also inquire concerning the quality of the present services or goods by post, e-mail, telephone or an SMS message.
8.3. For the purposes of Direct marketing the Company may perform the following actions:
8.3.1. Send newsletters for the purposes of loyalty program;
8.3.2. For the purposes of giving discount (loyalty) cards, discount accounting, card administering, informing about novelties and promotional offers the persons which have loyalty cards and have given consent concerning data processing by post, e-mail, telephone or an SMS message
8.3.3. For the purposes of direct marketing, organization and playing games, carrying out lotteries, polls, quizzes, competitions, making promotional offers, carrying out statistical activity, questionnaires, taking votes and similar actions;
8.3.4. For the purposes of guarantee of the participation of a person in the purchaser loyalty (discounts) program, doing direct marketing, as far as it is related to the loyalty (discounts) program;
8.3.5. For the purposes of business analytics and statistics analysis, conducting general investigations enabling to improve the services and perfect their quality.
8.4. The Company may process the following personal data according to the purposes of direct marketing indicated in Item 8.3.: name, surname, year of birth/personal number, e-mail address, telephone number.
8.5. The periods of processing and storing personal data processed for the purposes of direct marketing:
8.5.1. Concerning the persons which during the collection of data had not contradicted such processing of personal data - till the promotional offer or project for which the consent has been given runs. After their end the data are stored for 2 years;
8.5.2. Till the consent is withdrawn. The consent may be withdrawn in accordance with the conditions indicated in Privacy Policy Item 18.

9.                   WEB COOKIES.

9.1. Striving to ensure the Visitors the opportunity of more convenient and effective browsing in the Website, Web Cookies are used.
9.2. What are Web Cookies? Web Cookies are small textual files stored in the browser of the device (e.g., computer, mobile telephone, tablet) of the Visitor of the Website, when the Website Visitor is browsing on online websites. Web Cookies are widely used to make the websites operate or make them operate better and more effectively. In this Policy all the mentioned technologies are called „Cookies“.
9.3. Why are Cookies used? Striving to provide full-rate services of a website to the Website Visitor and ensuring the Visitor the opportunity to browse in the website more conveniently and effectively, Cookies are served in the computer (device) of a Visitor. The Company uses the set information for the recognition of the Visitor as a former Visitor of the Website, saving the information about the rendered services and / or purchases, collecting the statistics on the attendance of the Website and others. Cookies enable to ensure the operation of a website in such a way in which it must operate; ensure that the Visitor will not have to log in anew every time he/she visits the Website (if log in function is used); enable to save the settings of the visitor chosen during the visit; increase the speed and safety of operation of the Website; offer the Visitors an opportunity to share the pages in the social network; ensure the opportunities of a Visitor to apply the Website for his/her needs; ensure quicker search for information on the Website; enable to improve the Website, so that it was even more attractive to the Visitors; enable to apply more effective marketing.
9.4. What are the sorts of Cookies?
9.4.1. Essential Cookies. These Cookies are necessary in the Website, so that a Visitor could browse and use the Website functions. You can set your browser in such a way, that it blocked these Cookies or informed about them, but in such case certain places or functions of the Website can fail to operate and the Website would operate not as smoothly, as it ought to. These Cookies do not collect any information for marketing purposes and do not store the information about the browsing of the Visitor in the Web.
9.4.2. Analytical Cookies. These Cookies enable to calculate visits and the sources of Visitor flow, so that the operation of the Website can be measured and improved. E.g., analytical Cookies can demonstrate in which pages the visits are the most frequent, assist to register the problems occurring on the Website and indicate if the adverts demonstrated on the Website are effective. Analytical Cookies do not collect personal user information and all the information collected by these Cookies is generalized and anonymous.
9.4.3. Functional Cookies. These Cookies offer an opportunity to improve functionality and personalisation, for example, they make the format and form of the presented content more effective, establish the size of script or the positions of the Website elements. Functional Cookies do not track the actions of the Visitor in other websites. If the visitor does not let these Cookies act, certain or all the mentioned functions will not be able to operate properly.
9.4.4. Targeting or advertising Cookies are used in order to show to the Visitor of the Website more interesting adverts which correspond to his/her interests more or to limit the number of displays of the same adverts in the Website. Cookies of this sort are also used to measure the effectiveness of advertising campaign. These Cookies can be used striving to store what the Visitor was paying attention to during his/her visit in the Website.

10.                                                   THE COOKIES USED ON THE WEBSITE.

11.1. Essential Cookies are a compulsory condition of the use of the Company Website. If you refuse these Cookies, the Company will not be able to ensure the functionality of the Website.
11.2. The Visitor of the Website can control the use of functional, targeting or advertising Cookies by changing the settings of the Website Cookies or used browser. In the majority of browsers it is possible:
11.2.1. To inspect which Cookies have been served and to disable separate Cookies;
11.2.2. To block third-party Cookies;
11.2.3. To block the Cookies from specific websites;
11.2.4. To block the sending of all Cookies;
11.2.5. To disable all Cookies during the closing of browser;
11.3.    You can review the opportunities of clearing of cache and Cookies by clicking the following link: https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DDesktop&hl=lt.
11.4. Note that after disabling Cookies or turning them off in the future, the Website can operate improperly or not operate at all. Due to these reasons the Company does not recommend to turn off Cookies during the use of the Website.

12.               THE LINKS PRESENTED ON THE WEBSITE.

12.1. On the Website links to the websites of third parties, legal acts, social network and other sources may be presented. It should be noted that for the websites of third parties the links of which are presented on the Website the privacy policies of these websites are applied and the Company does not accept the responsibility for the content of information presented on these websites, their activity and the provisions of their privacy policies.
12.2. After clicking the links of social network Facebook, Instagram, YouTube and others on the Website, on which the Company administers the accounts belonging to it, Cookies which are administered by the controllers of the social network may be used as well. Certain data collected with the help of these Cookies may be transferred to the Company.

CHAPTER 3. THE RIGHTS OF DATA SUBJECTS

 13.               THE RIGHT OF A DATA SUBJECT TO FAMILIARISE WITH THE DATA AND THE WAY THEY ARE PROCESSED.

13.1. A data subject, after presenting to the Data Controller or data processor a document confirming his identity either in the order established in legal acts or by means of electronic communication which enable to identify the person properly, having confirmed his/her identity, is entitled to receive from the Data Controller a confirmation if the personal data related to him/her are processed and, if such personal data are processed, is entitled to familiarise with his/her personal data, from what sources and what personal data of his/her have been collected, for what purpose they are processed, to what data recipients they are presented and have been presented at least during the last 1 year. When personal data are transferred to a third state, the data subject is entitled to be informed about proper security means related to data transfer. On request the Data Controller once per calendar year presents a copy of the processed personal data free of charge. For any other copies requested by the data subject the Data Controller may take based payment established according to administrative expenses. When the data subject presents the request by electronic means and, excluding cases when the data subject requests to present it otherwise, the information is presented in the electronic form used usually.

 14.            THE RIGHT OF A DATA SUBJECT TO DEMAND TO CORRECT INACCURATE DATA.

14.1. A data subject is entitled to demand from the Data Controller to correct inaccurate personal data related to him/her without baseless delay. Taking into consideration the purposes for which the data are processed, a data subject is entitled to demand that non-exhaustive personal data were supplemented, inter alia, by presenting an additional application.

 15.               THE RIGHT TO DEMAND TO DELETE DATA („THE RIGHT TO BE FORGOTTEN“).

15.1. A data subject is entitled to demand from the Data Controller to delete the personal data related to him/her without baseless delay, if that can be based on one of the following causes:
15.1.1. The personal data are no longer necessary for reaching the purposes for which they were collected or processed otherwise;
15.1.2. The personal data subject withdraws his/her consent and there is no other legal basis to process the data;
15.1.3. The personal data subject does not consent to data processing according to Regulation Article 21;
15.1.4. The personal data have been processed illegitimately;
15.1.5. The personal data have been collected when the data subject was younger than 16 and the data of the minor have been collected without the consent of his/her parents or guardians;
15.2.   However these rights do not apply, when data processing is necessary for the following purposes:
15.2.1. Striving to use the right to freedom of expression and information;
15.2.2. Striving to follow the right of a member of the Union or a member state which is applicable to the Data Controller, established legal obligation according to which data processing is required or striving to perform a task fulfiled for the good of public interest or for the performance of functions commissioned to the Data Controller by public authorities;
15.2.3. Due to the causes of public interest in the sphere of public health;
15.2.4. For archivation purposes for the good of public interest, for the purposes of scientific or historical investigations or statistical purposes;
15.2.5.   Striving to file or defend legal claims or fulfil legal requirements.

16.                                 THE RIGHT TO LIMIT THE PROCESSING OF DATA.

16.1. A data subject is entitled to demand to limit data processing from the Data Controller when one of the following cases applies:
16.1.1. The personal data subject disputes the exactness of data, for such a period during which the Data Controller can examine the exactness of personal data;
16.1.2. The processing of personal data is illegitimate and the data subject does not consent to the data to be deleted and instead of it requests to limit their use;
15.2.6. The Data Controller does not need the personal data for data processing purposes, but the data subject needs them as he/she strives to file or defend legal claims or fulfil legal requirements; or
16.1.3. The data subject has objected to data processing, till it is examined if the legitimate causes of the Data Controller prevail over the causes of the data subject.

17.                                               THE RIGHT TO DATA TRANSFERABILITY.

17.1. A data subject is entitled to receive the personal data related to him/her which he/she has presented to the Data Controller in systematized, usually used format readable by a computer and is entitled to forward these data to another Data Controller and the Data Controller to which the personal data have been presented must not prevent it, when:
17.1.1. Data processing is based on consent;
17.1.2. Data are processed by automated means.
17.2.    This right may not impact negatively on the rights and freedoms of others.
17.3.    Using his/her right to data transferability, the data subject is entitled to consent to direct forwarding of the personal data from one Data Controller to another, when that is technically possible.
17.4.    This right does not apply when data processing is necessary striving to fulfil the task performed for the good of public interest or when the Data Controller performs the functions commissioned by public authorities 

18.  THE RIGHT TO DISSENT FROM DATA PROCESSING AND WITHDRAW ONE‘S CONSENT FOR IT.

18.1.A data subject due to the causes related to his/her specific case is entitled to dissent from the processing of the personal data related to him/her any time, when such data are processed in accordance with the Regulation Article 6 Part 1 Items e or f, including profiling, following those provisions. A Data Controller no longer processes personal data, excluding the cases when the Data Controller proves that the data are processed due to persuasive legitimate causes which prevail over the interests, rights and freedoms of the data subject, or striving to file or defend legal claims or fulfil legal requirements.
18.2. When personal data are processed for the purposes of direct marketing, a data subject is entitled to dissent from the processing of the personal data related to him/her any time for the purposes of such marketing, including profiling, to such extent to which it is related to such direct marketing.
18.3. When the data subject objects to data processing for the purposes of direct marketing, the personal data are no longer processed for such purposes.
18.4. When the personal data are processed for the purposes of scientific or historical investigations or statistical purposes according to Article 89 Part 1, a data subject due to causes related to him/her in a specific case is entitled to dissent from the processing of the personal data related to him/her, excluding the cases when data processing is necessary to fulfil a task performed due to the causes of public interest.
18.5. Note: The refusal of a Visitor to consent to data processing may limit or completely deprive him/her of the opportunity to use the services of the Website, if without the data of the Visitor the Company is not able to carry out the rendering of services or meeting its obligations. However, if the processing of the Visitor‘s data is stopped for the purposes of direct marketing, the Visitor will be able to continue using the services of the Company, but will not be able to receive notices of the rendered services or similar related with direct marketing. 

19. THE RIGHT TO DEMAND THAT A DECISION BASED ONLY ON AUTOMATED DATA PROCESSING, INCLUDING PROFILING, WOULD NOT APPLY.

19.1. In the following cases a data subject is entitled to demand that in respect of him/her a decision based only on automated data processing would not apply and such decision would be reviewed:
19.1.1. When the Company takes decisions based only on automated data processing.
19.1.2. In case a data subject addresses concerning the review of a decision based on automated data processing, the Data Controller must perform exhaustive evaluation of all the important data, including the information presented by the data subject as well, the evaluation is performed by a person of the Data Controller which has corresponding authority and the competence to alter the decision.

20. THE RIGHT TO FILE A COMPLAINT TO AN INSTITUTION CONTROLLING DATA SECURITY.

20.1.    In the Republic of Lithuania data processing and security is supervised and controlled by State Data Protection Inspectorate (SDPI). If you decided that the Company violated your rights to data processing, you are entitled to address SDPI by telephone or e-mail: +370 85 279 1445 or e-mail: ada@ada.lt.

21. PRESENTATION OF A REQUEST TO IMPLEMENT THE RIGHTS OF A DATA SUBJECT.

21.1. A data subject is entitled to address concerning the implementation of his/her rights orally or in writing, by presenting a request personally, by post or electronic means. If you want to make use of your rights, an employee of the Company will present a document form in which you will indicate your wishes concerning your data processing in the enterprise. We will present a reply about the decision within 30 calendar days.
21.2. You can address the Company concerning the implementation of the rights of a data subject at the contacts and / or address indicated in this Privacy Policy Item 1.1.
21.3. If a data subject addresses concerning the implementation of his/her rights orally or the request is presented in writing personally, the data subject must confirm his/her identity by presenting a document confirming his/her personal identity. In case of failure to do this, the rights of a data subject are not implemented. This provision does not apply, if the data subject addresses concerning informing about personal data processing according to Regulation (EU) 2016/679 Articles 13 and 14.
21.4. If there is an address concerning the implementation of the rights of a data subject in writing, by presenting the request by post, a copy of the document confirming personal identity certified by a Notary must be presented with the request as well. If the request is presented by electronic means, the request must be signed by a qualified electronic signature or it must be formed with the help of electronic means which enable to ensure textual integrity and text‘s inalterability. This provision does not apply, if the data subject addresses concerning informing about personal data processing according to Regulation (EU) 2016/679 Articles 13 and 14.
21.5. The request to implement the rights of a data subject must be legible, signed by the person, it must contain the data subject name, surname, address and (or) other contact data for keeping in touch or by which the data subject wishes to get a reply concerning the implementation of his/her rights.
21.6. A data subject may implement his/her rights himself/herself or through a representative.
21.7. In the request the representative of a person must indicate his/her name, surname, address and (or) other contact data for keeping in touch by which the representative of the person wishes to get the reply, also the represented person‘s name, surname, personal number, identification number according to the Data Controller’s identification system (if such is used), address and other data which are necessary for the identification of the data subject and also present a document confirming representation.
21.8. In case of doubts concerning the identity of the data subject, the Data Controller requests additional information necessary to satisfy the identity.

 22.  THE EXAMINATION OF THE REQUEST TO IMPLEMENT THE RIGHTS OF A DATA SUBJECT.

22.1.After the reception of the request of a data subject, not later than within one month since the reception of the request he/she is presented the information about the actions that were taken according to the received request. If the presentation of the information is late, the data subject is informed about it within an indicated term, indicating the causes of delay and the opportunity to file a claim to the State Data Protection Inspectorate. When a data subject presents the request by the means of electronic form, the information to him/her is also presented by electronic means, if that is possible, excluding the cases when the data subject requests to present it otherwise.
22.2. If the request was presented departing from the order and requirements established in the Rules Article 9, it is not examined and the data subject is informed about it immediately, but not later than within 14 working days, indicating the causes.
22.3. If during the examination of the request it is established that the rights of the data subject are restricted on the bases provided for in Regulation (EU) 2016/679 Article 23 Part 1, the data subject is informed about it.
22.4.The information according to the request of the data subject concerning the implementation of his/her rights is presented in official language.
22.5. All the actions according to the requests of the data subject to implement the rights of the data subject are performed and the information is presented free of charge.
22.6. The actions or inaction on implementation of the rights of a data subject may be appealed against by the data subject himself/herself or by a representative of the data subject, also by a non-profit institution, organization or association meeting the requirements of Regulation (EU) 2016/679 Article 80, authorised by him/her, to the State Data Protection Inspectorate, A. Juozapaviciaus str. 6, Vilnius, e-mail ada@ada.lt, website https://vdai.lrv.lt, also to RL court.
22.7. If the data subject incurs material or non-material damage due to the violation of his/her rights, the data subject is entitled to a compensation concerning the adjudgement of which he/she is entitled to address RL court. 

CHAPTER 4. FINAL PROVISIONS