UAB „KAPINIŲ VALDYMO SPRENDIMAI” PRIVACY POLICY

PURPOSE OF THE PRIVACY POLICY

1. Purpose of the Privacy Policy: to provide a natural person – the data subject – with information about the purpose, scope, protection and processing terms of personal data processing at the time of data acquisition and when processing the data subject's personal data.
2. Personal data is any information relating to an identified or identifiable natural person. Definitions, explanations and data categories of personal data are set out in the Annex “Data Categories”.

SCOPE OF APPLICATION OF THE PRIVACY POLICY

3. The Privacy Policy applies to ensuring privacy and personal data protection:
3.1. In relation to natural persons – clients (including potential, former and current ones), as well as third parties who, due to the provision of services to a natural person, receive or transmit any information (including contact persons, payers, etc.) to CEMETERY MANAGEMENT SOLUTIONS;
3.2. Visitors to the CEMETERY MANAGEMENT DECISIONS office and other premises, including those subject to video surveillance;
3.3. In relation to visitors to websites maintained by CEMETERY MANAGEMENT SOLUTIONS;
3.4. with respect to persons who have registered to receive news from CEMETERY MANAGEMENT DECISIONS;
In the following text, all of the above are referred to as Data Subjects.
4. CEMETERY MANAGEMENT DECISIONS cares about the privacy of Data Subjects and the protection of personal data, complies with the rights of Data Subjects to the lawfulness of personal data processing in accordance with applicable legal acts – the Law on the Protection of Personal Data, Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the Regulation, and other applicable legal acts in the field of privacy and data processing.
5. The Privacy Policy applies to data processing regardless of the form and/or environment in which the Data Subject provides personal data (on the CEMETERY MANAGEMENT SOLUTIONS websites www.cemety.lv, www.cemety.lt, by e-mail, in paper format or by telephone) and in which systems or in paper form they are processed.
6. Additional, specific rules may be established regarding specific data processing methods (for example, cookie processing, etc.), environments, and purposes, of which the Data Subject is informed when he or she provides the relevant data to CEMETERY MANAGEMENT SOLUTIONS.
7. CEMETERY MANAGEMENT DECISIONS has the right to make amendments to the Privacy Policy by making the current version available to the Data Subject by posting it on the CEMETY website. CEMETY retains previous versions of the Privacy Policy, which are available on the CEMETY website.

DATA MANAGER

8. The controller of personal data is UAB “KAPINIŲ VALDYMO SPRENDIMAI”, legal address: Eigulių g. 8, Kaunas, Lithuania, LT- 44136, company code 304041197, hereinafter referred to as KVS.
9. KVS contact information for questions related to the processing of personal data: info@cemety.lt. Using this contact information or by contacting the legal address of KVS, you can ask a question regarding the processing of personal data. A question regarding the exercise of your rights can be submitted based on point 24.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

10. KVS processes the personal data of the Data Subject based on the following legal grounds:
10.1. for the conclusion and performance of a contract – to conclude a contract upon the Data Subject's request and ensure its performance;
10.2. to comply with regulatory acts – to fulfill the obligation established by external regulatory acts binding on the QMS;
10.3. based on the consent of the Data Subject;
10.4. legitimate interests – to realize the legitimate interests of the KVS related to the existing obligations of the KVS and the Data Subject or to a concluded contract or law.

LEGITIMATE INTERESTS OF CEMETY

11. The legitimate interests of the KVS are:
11.1. to carry out economic activities;
11.2. to provide services;
11.3. verify the identity of the Data Subject before concluding a contract;
11.4. ensure the fulfillment of contractual obligations;
11.5. to save the Data Subject's applications and statements in writing, comments on them, including those made orally, by calling the office, on websites and in self-service environments;
11.6. analyze the performance of QMS websites, prepare and implement their improvements;
11.7. administer the Data Subjects' account on the KVS websites;
11.8. segment the customer database in order to provide services more efficiently;
11.9. to prepare and develop services;
11.10. to advertise its services by sending commercial messages;
11.11. send other notifications about the progress of the contract and events important for the performance of the contract, as well as conduct surveys about the services and the experience of using them;
11.12. prevent criminal acts;
11.13. ensure QMS management, financial accounting and analysis;
11.14. ensure effective QMS management processes;
11.15. to increase the efficiency of service provision;
11.16. ensure and improve the quality of services;
11.17. to administer payments;
11.18. to apply to state management and operational institutions and the court in order to protect one's legal interests;
11.19. to inform the public about its activities.

PURPOSES OF PERSONAL DATA PROCESSING FOR CEMETERY MANAGEMENT SOLUTIONS

12. KVS processes personal data for the following purposes:
12.1. to provide the service :
12.1.1. to identify the data subject;
12.1.2. to prepare and conclude a contract ;
12.1.3. to ensure sales ;
12.1.4. to assess the attraction of financing ;
12.1.5. to examine and process claims and conduct public opinion surveys;
12.1.6. to prepare reports ;
12.1.7. according to risk management measures.
12.2. Video surveillance in the sales area and office premises;
12.3. For employee selection;
12.4. Provision of information to state government bodies and operational entities in cases and to the extent established by external regulatory acts.
12.5. For other specific purposes, of which the Data Subject is informed when he/she provides the relevant data to the KVS.

PRINCIPLES OF PERSONAL DATA PROCESSING

13. KVS processes the Data Subject's data using the capabilities of modern technologies, taking into account existing privacy risks and the organizational, financial and technical resources available to KVS.
14. KVS does not carry out automated decision-making with respect to the Data Subject.
15. In order to ensure high-quality and prompt performance of the obligations under the contract concluded with the Data Subject, KVS may authorize KVS cooperation partners to perform individual service provision actions. If, in performing these tasks, KVS cooperation partners process the personal data of the Data Subject at the disposal of KVS, certain KVS cooperation partners are considered KVS data processing operators (processors) and KVS has the right to transfer to KVS cooperation partners the personal data of the Data Subject necessary for the performance of these actions to the extent necessary for the performance of these actions.
16. KVS cooperation partners (having the status of personal data controllers) will ensure compliance with the requirements for the processing and protection of personal data in accordance with KVS requirements and legal acts, and will not use personal data for purposes other than the performance of obligations under the contract concluded with the Data Subject on behalf of KVS.

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

17. KVS does not disclose to third parties the personal data of Data Subjects or any information obtained during the provision of services and the validity of the contract, including information about the services received, except for :
17.1. if data needs to be transferred to a certain third party under a concluded contract (for example, to ensure IT systems support service, remote (cloud) computing service, legal service, accounting and audit service; debt collection service; document copying, scanning and destruction service, etc.);
17.2. to perform any function necessary for the performance of the contract or delegated by law;
17.3. based on the clear and unambiguous consent of the Data Subject;
17.4. to persons specified in external regulatory acts, upon their reasonable request, in accordance with the procedure and scope established by external regulatory acts;
17.5. in cases established by external regulatory acts to protect the legitimate interests of KVS, for example, by applying to court or other state institutions against a person who has violated these legitimate interests of KVS.
18. Personal data of KVS are not transferred to third countries ( i.e. countries outside the European Union and the European Economic Area). In special cases, they may be sent to third countries or international organizations only if the controller has complied with the conditions set out in the Regulation.

PERSONAL DATA PROTECTION

19. KVS protects the Data Subject's data with physical and logical security measures, using modern technologies, taking into account existing privacy risks and the organizational, financial and technical resources available to KVS, including using the following software security measures:
19.1. data encryption during data transmission (SSL encryption);
19.2. firewall ;
19.3. anti -hacking and disclosure program;
19.4. other security measures in accordance with current technical development possibilities.
20. KVS protects the Data Subject's data using the following physical security measures:
20.1. protection of technical resources from threats to the information system caused by physical impact;
20.2. ensuring the storage of existing data in paper form in locked cabinets;
20.3. ensuring the protection of stored data against fire, flood, voltage drop or surge in the power supply network, theft of technical resources, humidity, and air temperature that do not comply with the operating rules.

PERSONAL DATA STORAGE PERIOD

21. KVS stores and processes the personal data of the Data Subject as long as at least one of the following criteria exists:
21.1. only as long as the contract concluded with the Data Subject is valid;
21.2. until the KVS or the Data Subject can exercise their legitimate interests (for example, submit claims or bring or conduct legal proceedings) in accordance with the procedure established by external regulatory acts;
21.3. until either party is legally obligated to retain the data;
21.4. as long as the Data Subject's consent to the relevant processing of personal data is valid, unless there is another lawful basis for data processing.
22. After the circumstances referred to in paragraph 21 cease to exist, the personal data of the Data Subject shall be deleted.

DATA SUBJECT'S ACCESS TO PERSONAL DATA

23. The data subject has the right to receive information prescribed by regulatory enactments related to the processing of his or her data.
24. Based on regulatory acts, the Data Subject also has the right to request from the KVS access to his/her personal data, as well as to request the KVS to supplement, correct or delete them, or to restrict processing in relation to the Data Subject, or he/she has the right to object to processing (including processing of personal data carried out in accordance with the legitimate (legitimate) interests of the KVS), and also has the right to data portability. These rights are exercised to the extent that data processing is related to the KVS's obligations assigned to it by applicable regulatory acts and which are complied with in the public interest.
25. The data subject may submit a request for the exercise of his or her rights:
25.1. in written form at the KVS office, showing a personal identification document;
25.2. by e- mail, signing with a secure electronic signature.
26. Upon receiving a request from the Data Subject for the exercise of his or her rights, the KVS shall verify the identity of the Data Subject, assess the request and execute it in accordance with regulatory enactments.
27. The KVS shall send the response to the Data Subject by post to the contact address specified by the Data Subject or by e-mail, taking into account, where possible, the method of receiving the response specified by the Data Subject.
28. The KVS ensures compliance with data processing and protection requirements in accordance with regulatory enactments and, upon receipt of a claim from the Data Subject, takes appropriate actions to resolve disputes. However, if this fails, the Data Subject has the right to apply to the supervisory authority - the State Data Inspectorate.

PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

29. Special categories of personal data are data revealing a person's race or ethnicity, political opinions, religious or philosophical beliefs or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
30. KVS does not process special categories of data of its clients. The only exception may be made only if processing is necessary to protect the vital interests of the client (for example, if the client's health condition suddenly deteriorates and it is necessary to call an ambulance, and in similar emergency situations).

DATA SUBJECT'S CONSENT TO DATA PROCESSING AND THE RIGHT TO WITHDRAW IT

31. The data subject provides consent to the processing of personal data, the legal basis of which is consent (for example, video publication, advertising, etc.), in KVS registration forms, KVS service portals/applications, KVS and other websites (for example, registration forms for receiving news), upon arrival at KVS.
32. The list of categories of personal data with data that may be processed based on the consent of the Data Subject and other legal grounds is provided in the Annex “Data Categories”.
33. The data subject has the right to withdraw consent to data processing at any time in the same manner as it was given upon arrival at the KVS. In such a case, further data processing based on previously given consent for a specific purpose will not be carried out.
34. Withdrawal of consent does not affect data processing carried out at the time when the Data Subject's consent was valid.
35. Withdrawing consent may not terminate data processing carried out on other legal grounds.

COMMERCIAL MESSAGES AND COMMUNICATION

36. KVS communicates with the Data Subject using the contact information provided by the Data Subject (telephone number, e-mail address, postal address).
37. Communicates about the fulfillment of contractual obligations for services based on the contract concluded with the QMS (for example, information about payments, changes to services, etc.).
38. Communication regarding commercial messages about the KVS and/or third-party services and other messages not related to the direct provision of the agreed services (for example, surveys) is carried out by the KVS on the basis of external regulatory acts or on the basis of the consent of the Data Subject.
39. The data subject may give consent to receive commercial communications from KVS using KVS registration forms, KVS and other websites (for example, newsletter subscription forms).
40. The consent given by the data subject to receive commercial communications is valid until its withdrawal (including after the termination of the service agreement). The data subject may at any time refuse to continue receiving commercial communications in any of the following ways:
40.1. by sending an e-mail to the address info@cemety.lt;
40.2. upon arrival at the KVS;
40.3. using the automated option provided in the commercial message to refuse to receive further communications by clicking on the opt-out link at the end of the relevant commercial message (e-mail);
41. KVS stops sending commercial messages as soon as the Data Subject's request is processed. Processing the request depends on technological capabilities, which may take up to three days;
42. By expressing their opinion in surveys and leaving their contact information (e-mail, phone), the Data Subject agrees that KVS may contact them using the contact information provided in connection with the assessment provided by the Data Subject.

VISITING WEBSITES AND COOKIE MANAGEMENT

43. KVS websites may use cookies. Cookie management rules are attached in the appendix "Terms of Use of Cookies".
44. KVS websites may contain links to third-party websites that have their own rules of use and personal data protection, for which KVS does not assume responsibility.

PURCHASE OF SERVICE

45. You can order or purchase the Service on our website.
46. The buyer pays for services and/or goods by bank transfer (Klix)
47. Contact time after ordering/purchasing the service: 24 hours .
48. Method of communication after purchasing the service: e-mail or phone call, or other contact method specified by you.

SERVICE PERFORMANCE

The exact time will be agreed upon after you purchase the service.

REFUND POLICY

Of failure to perform the service due to our own fault, the influence of third parties, or in the event of force majeure, we apply a refund policy.

FINAL PROVISIONS

If you are browsing the cemety.lt website, it means that you have read and agreed to the Terms of Service and Privacy Policy. Otherwise, you do not have the right to browse the cemety.lt website.

KLIX payment methods

UAB "Kapinių valdymo sprendimai"

PRIVACY POLICY ADDENDUM

COOKIE TERMS OF USE

1. The cookie usage rules on the CEMETERY MANAGEMENT SOLUTIONS websites www.cemety.lv, www.cemety.lt, describe the use of cookies, UAB „KAPINIŲ VALDYMO SPRENDIMAI“, legal address: Eigulių g. 8, Kaunas, Lithuania, LT- 44136, company code 304041197, contact information info@cemety.lt, specify the purposes of using cookies, as well as the rights of users to change and choose the use of cookies according to their needs.
2. Cookies are small text files that a browser (such as Internet Explorer, Firefox, Safari, etc.) saves on the user's end device (computer, mobile phone, tablet) when the user visits a website to identify the browser or to save information or settings in the browser. In this way, using cookies, the website is able to save the user's individual settings, recognize him and respond accordingly in order to improve the experience of using the website. The user can cancel or limit the use of cookies, but without cookies it will not be possible to fully use all the functions of the website.
3. Depending on the functions performed and the purpose of use, CEMETERY MANAGEMENT SOLUTIONS uses mandatory, functional, analytical and targeted (advertising) cookies.
4. These cookies are necessary for the user to be able to freely visit and browse the website and use the options it offers, including obtaining information about services and purchasing them. These cookies identify the user's device, but do not reveal the user's identity, nor do they collect or aggregate information. Without these cookies, the website will not be able to fully function, for example, to provide the user with the necessary information, ensure requested services in the e-store, logging into a profile or registering for a service. These cookies are stored on the user's device until the browser is closed.
5. Functional cookies allow the website to remember the settings and choices made by the user to make the website more convenient for the user. These cookies are stored permanently on the user's device.
6. Analytical cookies summarize information about how the website is used, stating the most frequently visited sections, including the content that the user selects when browsing the website. The information is used for analytical purposes, in order to find out what interests the website users, and in order to improve the functionality of the website, make it more convenient to use. Analytical cookies only identify the user's device, but do not reveal the user's identity.
7. In individual cases, some of the analytical cookies are managed by third parties – data controllers (operators), for example, Google Adwords, on behalf of the website owner, based on his instructions and only for the specified purposes.
8. Targeted (advertising) cookies are used to summarize information about the websites visited by the user and to offer our services or those of our cooperation partners that are of interest to a specific user, or to address offers that are of interest to a specific user. Typically, these cookies are placed by third parties, such as Google Adwords, with the permission of the website owner for the specified purposes. Targeted cookies are stored permanently on the user's end device.
9. CEMETERY MANAGEMENT SOLUTIONS uses cookies to improve the website experience:
9.1. - ensure the functionality of the website;
9.2. - adapt the functionality of the website to your usage habits – including language, search queries, previously viewed content;
9.3. - to obtain statistical data about the flow of visitors to the website - the number of visitors, time spent on the website, etc.;
9.4. to authenticate users .
10. Unless otherwise specified, cookies are stored until the action for which they were collected is performed, and then they are deleted.
11. Cookie information is not transferred for processing outside the European Union and the EEA.
12. When visiting the CEMETERY MANAGEMENT SOLUTIONS websites, the user is shown a window with a notification that the website uses cookies.
13. By closing this notification window, the user confirms that he has read the information about cookies, the purposes of their use, cases when their information is transferred to a third party, and agrees with this. The legal basis for the use of cookies is the user's consent. If the user concludes a contract while using the website, the processing of cookies is necessary for the performance of the contract with the user , or for CEMETERY MANAGEMENT SOLUTIONS to fulfill its legal obligation or implement its legitimate interests.
14. The security settings of each web browser allow you to restrict and delete cookies. However, it should be borne in mind that you cannot refuse to use mandatory and functional cookies, as without them it is impossible to ensure the full use of the website.

15. If the user has any questions regarding the use of cookies, he or she may contact CEMETERY MANAGEMENT SOLUTIONS using the following contact information: info@cemety.lt.

UAB "Kapinių valdymo sprendimai" PRIVACY POLICY ADDENDUM

DATA CATEGORIES DATA CATEGORY EXAMPLES

1. Personal identification data: name, surname, personal code/ID, date of birth, position, workplace, passport number / ID number.
2. Personal contact information: address, telephone number, e-mail address.
3. Special categories of data (sensitive): signs of incapacity for work, data on mandatory health checks of employees.
4. Data subject's contact details: contact person's name, surname, e-mail address, telephone number.
5. Data subject data: data subject contract number, data subject registration date, status.
6. Service data: contract number, price, discount.
7. Service contract data: contract number, date of signing/approval, type, annex number, annex date.
8. Communication data: type of incoming/outgoing letters, number, date, registrant, content, channel, delivery status.
9. Payment details: payment agreement number, decision, payment schedule.
10. Settlement data: settlement system account number, bank account number, account number, date, amount, method of receipt of the bill, payment date, debt amount, debt collection information.
11. Claim data: claim number, registration/resolution date, method, description.
12. Data subjects' survey data: survey title, date of sending, date of response, survey questions and responses provided.
13. Actions performed on CEMETERY MANAGEMENT SOLUTIONS websites: IP address, name of the action performed, website section, date and time.
14. Video data : video recording of events, video surveillance in CEMETERY MANAGEMENT SOLUTIONS, recording date.
15. System access data: usernames and passwords provided to the data subject.
16. Consent information: a note on the consent expressed by the data subject by topic, date and time of consent, source.