WHO ARE WE AND HOW YOU CAN CONTACT US?
UAB BUSNEX, legal entity code: 302671887, registered address: Dariaus ir Girėno g. 21A, 02189 Vilnius, Lithuania; tel.: +370 640 24547; email: [email protected] (hereinafter – “We”, “Ours”, the “Company”) process the personal data of users (visitors) of it’s websites (hereinafter – “You”, “Your”) personal data in accordance with the provisions of the legal acts regulating the legal protection of personal data and applying the highest technical and legal standards of protection and taking all necessary measures to prevent possible breaches of personal data protection.
In processing the Personal Data, we responsibly comply to the regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter – the “GDPR”), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania and other directly applicable legal acts regulating the protection of Personal Data, as well as instructions from competent authorities.
WHAT PRINCIPLES DO WE COMPLY TO?
When processing your Personal Data, we:
- comply with current and applicable legislation, including the GDPR;
- we will process your Personal Data in a lawful, fair and transparent manner;
- we will collect your Personal Data for specified, clearly defined and legitimate purposes and will not continue to process it in a way incompatible with those purposes, except to the extent permitted by law;
- take all reasonable steps to ensure that Personal Data which are inaccurate or incomplete, having regard to the purposes for which they are processed, are rectified, supplemented, suspended or destroyed without delay;
- we will keep them in such a form that your identity can be established for no longer than is necessary for the purposes for which the Personal Data are processed;
- ensure that your Personal Data is processed in such a way as to ensure the appropriate security of Personal Data through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing of Personal Data and against unintentional loss, destruction or damage.
WHAT PERSONAL DATA, FOR WHAT PURPOSE AND BASIS DO WE PROCESS?
|The purpose of the processing of Personal Data. Why we process Personal Data?
|The categories of processed Personal Data. What kind of categories of Personal Data we process?
|The legal basis of the processing (the Artical 6 of the GDPR). On what legal basis do we process Personal Data?
|Administration of our Websites
|When you visit our Websites, data about your browsing on the Websites, etc., is collected using cookies.
We use necessary / technical cookies to ensure the proper functioning of the Websites and / or other third-party cookies in order to improve your browsing experience (i.e. to take into account your needs, to continuously improve the website and to make offers that suit your interests).
|Data using cookies and similar technologies related to Internet browsing, etc. are collected (processed) in accordance with Article 6 Part 1. a) of the GDPR, i. e. with your consent (except for necessary cookies). You can find more information about cookies in the Cookie notices on our Websites.
|Responding to your sales, trade-in, repair or other enquiries
|Our Websites provide contacts where you can contact us to purchase the goods we offer, take advantage of our services or consult us on issues that concern you. We will accept, review and respond to all your messages.
If you contact us by e-mail, regular mail or using the contact form function on our Websites, we will process the following Personal Data of yours: your name, surname, e-mail, postal address and the text of the correspondence and / or attached documents. This data will be processed for the administration of your inquiries and / or preparation of the contract, execution of the contract. Communication with you will be handled until the request is fully processed and stored for 3 months from the date of the review or full performance of the contract and stored for 10 years, along with the contract and other documents (i.e. contract and accounting documents).
If you contact us by telephone, the following data is saved: the phone number you are calling from. Such information is stored for 6 months, after which it is destroyed.
Please note that we may need to contact you by mail, email. by mail or telephone, so be sure to notify us of any changes to your Personal Data.
|All Personal Data you provide when communicating with us is used only for the above purposes and to view messages and to administer (manage) communication flows and provide you with a response. We will process the said Personal Data in accordance with Article 6 Part 1. a) of the GDPR, i. e. with your consent, which you express by contacting us by e-mail. by mail and / or by continuing the telephone conversation. If the communication is intended for concluding and (or) performing the agreement concluded with you, then we will process Personal Data in accordance with Article 6 Part 1. b) of the GDPR, i. e. in order to conclude and / or perform a contract concluded with the data subject.
|Selling you goods (e.g. a vehicle)
|If you decide to purchase a vehicle, we will ask you to provide us with your personal details. Such personal data includes the buyer’s name, surname, address, personal identification code, e-mail., postal address, telephone number and payment details that we must collect in order to enter into a contract with you and sell you a wehicle. We will also ask m show you your ID.
If you buy a car on behalf of a company but are not an authorized person to act on behalf of the company, we will also ask you to provide documents proving your right to act on behalf of the company. We also need to know your name, address (if these details do not match the buyer’s details), contact details, e-mail. email address, company name (if applicable).
We will use this information to manage and administer the purchasing process and our relationship with you, for example by contacting you by phone and notifying you that your car is ready to be handed over and delivering it to the appropriate location, notifying you of defects, about the technical inspection for the application of the warranty, etc.
Contracts and accounting documents (in physical and electronic form) are kept for 10 years from the date of full performance of the contract.
|We will process this Personal Data of yours in accordance with Article 6 Part 1. b) of the GDPR, i. e. to conclude a contract with you and perform it, as well as Article 6 Part 1. c) of the GDPR., i. e. we are subject to a legal obligation to keep contracts and accounting documents and Article 6 Part 1. f) of the GDPR, i. e. our legitimate interest in asserting and / or defending our legal claims (where applicable).
|Providing you services (i.e. vehicle service, test drive, warranty service)
|If you decide to register for our service (i.e. to order the inspection / repair or other services provided by us), we will ask you to fill in the personal data requested in the registration form and process them for the purpose of providing the service you are ordering. Such data includes your name, surname, e-mail. postal address, telephone number and other information about the order (eg service city; registration date, time; service manager (name, surname); planned works; short job description; car model; registration number; request for a free replacement car whether to pick up and return the car, the address to pick up and return the car and information about the services provided (date, services provided, goods purchased, price, quantity).
In order to properly perform warranty service, we will process the following personal data: vehicle body number (VIN), other data related to the vehicle (e.g. mileage, photos, videos, repair history, etc.). Your Personal Data may be transferred to the manufacturer of the vehicle.
It should be noted that we process service registration data in the active database for 6 months from the date of provision of service services. We must keep the service contract and the documents confirming the payment for 10 years from the date of full performance of the contract.
If you decide to test the selected vehicle and register for the test drive, we will ask you to fill in the personal data requested in the test drive form. We will process this data for the purpose of providing the service you have ordered. Such data includes your name, surname, e-mail. e-mail address, telephone number and other information about the service ordered (such as the car model of interest; city) or the service provided (such as driving date, time; car model; comments, etc.). ). In addition, your identification data necessary for concluding the contract (such as date of birth, personal identification number, etc.) may be collected. This data will be used to conclude and execute the test drive contract
It should be noted that we process the registration data of the test run in the active database for 3 months, counting from the day of the test run. We must keep the test drive contracts and / or other related documents for 10 years from the date of full performance of the contract.
|The above-mentioned data will be used for concluding and executing a service contract and processed in accordance with Article 6 Part 1. b) of the GDPR, i.e. concluding and executing a contract with you, as well as Article 6 Part 1. c) of the GDPR., i. e. we are subject to a legal obligation to keep contracts and accounting documents, and Article 6 Part 1. f) of the GDPR, i. e. our legitimate interest in asserting and / or defending our legal claims (where applicable).
The Personal Data of the Company’s Customers may be transferred to the manufacturer in accordance with Article 6 Part 1. b) of the GDPR (performance of the contract), also in accordance with Article 6 Part 1. f) of the GDPR, in order to ensure the legitimate interests of the Company to ensure the warranty service of the Company’s customers’ vehicles and the transfer of their data to the manufacturer.
|Providing you with news, promotions and information (direct marketing)
|If you agree to subscribe or otherwise receive our newsletter, we will use your email. send an e-mail address and / or telephone number for general and / or individual marketing (e.g. about goods, services, discounts, offers, competitions, events, news, surveys and other news). by mail, post, telephone, short message and we will contact you for these purposes. The information collected will only be used for direct marketing.
When submitting joint marketing offers, you will be sent general information that we will share with all our customers.
We may also contact you without your consent to receive direct marketing when you buy our goods or services (similar goods / services are offered) or opinions are asked about the goods / services you have purchased. In the latter case, We provide an easy-to-implement option to object to the receipt of notifications of the relevant nature, i. e. opt out of receiving such marketing at the time of first contact (e.g. by selecting a link in the email you received that you no longer wish to receive such notifications and / or express your disagreement in other ways).
It should be noted that personal data collected for the purpose of direct marketing will be processed in the active database for 3 years, but not longer than the validity of your consent. To revoke the consent given and / or express the disagreement, you can do so by notifying the e-mail. by e-mail [email protected] or by clicking the link at the bottom of the received newsletter.
|Personal Data for direct marketing is processed in accordance with Article 6 Part 1. a) of the GDPR, i. e. with your consent or Article 6 Part 1. f) of the GDPR, i. e. our legitimate interestto offer you a similar goods/services to ones you have purchased from us and to get your feed back about purchased goods/services.
|Video surveillance at our dealerships
|In our dealerships, video surveillance is carried out for the protection of property and individuals. We can pass on information to the police and insurance companies in the event of vehicle damage, theft, etc. Video data is stored for 30 days.
|Video data is processed in accordance with the legitimate interest of the Company (Article 6 Part 1. f) of the GDPR). The legitimate interest is expressed in the aim to ensure the protection of the Company’s property, as well as the property and health of the employees and customers.
If you do not provide Personal Data, the provision of which to the Company is necessary to ensure compliance with the requirements of legal acts and / or the conclusion and / or performance of the contract, we will not be able to provide you with services or conclude another transaction.
HOW WE PROCESS YOUR PERSONAL DATA?
Our use of your Personal Data will always have a lawful basis. Most commonly, we use your Personal Data:
- Where we need to conlude any contract and/or perform any contract we have entered into with you;
- Where we need to comply with a legal obligation;
- Where we have your consent;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interest.
HOW LONG WE WILL RETAIN YOUR PERSONAL DATA?
We ensure and take all necessary measures to avoid storing outdated or unnecessary Personal Data about You and to keep Your Personal Data up-to-date and accurate.
HOW DO WE PROTECT YOUR DATA?
We responsibly implement appropriate organisational and technical Personal Data security measures intended for the protection of Personal Data against accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The security measures we implement include the protection of personnel, information, IT infrastructure, internal and public networks as well as office buildings and technical equipment.
In the event of Personal Data breach of security that could seriously jeopardise your rights or freedoms and determine the circumstances with which unauthorised access to Personal Data has been obtained, we will immediately inform you about it.
TO WHOM IS YOUR DATA ARE DISCLOSED
We may share some of your Personal Data with the following categories of third parties:
- representatives acting on our behalf with respect to the promotion of our services in particular territories;
- companies providing data centers, hosting, cloud, site administration and related services, software developers, providing, maintaining and developing companies, companies providing information technology infrastructure services, companies providing communication services;
- credit and debit card companies used to facilitate payment transactions related to the provision of our services, banks and other credit and/or payment companies;
- our professional advisors, auditors, lawyers and/or fiancial advisers;
- our other service providers (data processors) or our subcontractors;
- notaries, if the contract concluded with you requires a notarial form;
- judicial officers, entities providing legal s and/or debt recoveries services, subrogator of claim right;
- companies providing advertising and marketing services;
- companies providing archiving, physical and / or electronic security, asset management and / or other business services;
- in accordance with the laws to state institutions, establishments, etc .;
- law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution bodies; tax administrators
DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA?
As a general rule, your Personal Data will be processed in the countries of the European Economic Area (hereinafter – EEA). However, in certain cases, your Personal Data may be transferred to non-EEA countries. Please note that in non-EEA states, Personal Data may be subject to less protection than within the EEA, but we carefully evaluate the conditions under which such data will be processed and stored after being transferred to the above-mentioned entities.
Please note that if the European Commission has determined that the third country, territory or one or more specified sectors in that third country or international organization concerned provides an adequate level of Personal Data protection, the transfer must take place in the same manner as in the EEA. Please be informed that you can have access to the information as to the states in respect of which the decision of the European Commission has been taken, here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
In other cases, we take all necessary measures to ensure that your Personal Data is transferred to the recipient safely processing the data. The tools we use: a contract with a non-European recipient of Personal Data includes specific clauses for the secure processing of the data. In certain cases, we ask for your consent to transfer your data outside the Republic of Lithuania or the EEA.
DO WE APPLY AUTOMATED DECISION-MAKING OR PROFILING?
We do not normally use automated decision-making under Article 22 of the GDPR to initiate and execute contractual relationships. Should we apply this procedure in individual cases, we will inform you separately, if required by law.
We process your Personal Data in a partially automated way in order to assess certain personal aspects (hereinafter – Profiling). We use profiling, for example, when we are required by law to prevent money laundering or manage financial risk.
RIGHTS GUARANTEED TO YOU
We guarantee the implementation of these rights and the provision of any related information at your request or in case of your query:
- know (be informed) about the processing of your Personal Data;
- to get access to your Personal Data which are processed by the Data Controller;
- request correction or addition, adjustment of your inaccurate, incomplete Personal Data;
- require the destruction of Personal Data when they are no longer necessary for the purposes for which they were collected;
- request the destruction of Personal Data if they are processed illegally or when you withdraw your consent to the processing of Personal Data or do not give such consent, when is necessary;
- disagree with the processing of Personal Data or withdraw the previously agreed consent;
- request to provide, if technically possible, the provision of your Personal Data in an easily readable format according to your consent or for the purpose of performing the contract, or request the transfer of data to another data controller.
In order to exercise your rights, please send us the request by e-mail to [email protected] or by regular mail to Dariaus ir Girėno g. 21A, 02189 Vilnius, Lithuania.
Upon receipt of your request, we may ask you to provide proof of your identity or other identifying information to ensure that we are exercising your rights as a data subject and to prevent unauthorized disclosure of Personal Data or information to others who are not entitled to it. If we are unable to identify you, we will not be able to exercise your rights as a data subject.
We provide information about the processing of your Personal Data free of charge. If your request is unfounded, repetitive or disproportionate, we may charge a fee commensurate with our administrative costs.
Upon receipt of your request, we will respond to you within 30 calendar days of receipt of your claim and the due date for submission of all documents necessary to prepare the answer.
By refusing to comply with your requirement, we will clearly indicate the grounds for such refusal.
If you disagree with our actions or the response to your request, you can complain to the competent state authority (the list of supervisory authorities by each EU countries: https://edpb.europa.eu/about-edpb/board/members_en). In all cases, we recommend that you contact us before making a formal complaint so that we can find the right solution.
WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?
We may, from time to time, expand or reduce the scope of our business operations and this may involve the sale and/or the transfer of control of all or part of our business. Any Personal Data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this notice, be permitted to use that data only for the same purposes for which it was originally collected by us.
LINKS TO OTHER WEBSITES
Our Websites may contain links to other websites, which are not operated by us. We have no control over how your data is collected, stored, or used by such other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
When you visit social networks, your Personal Data is processed by a specific social network, and we start processing your Personal Data when you visit UAB BUSNEX on social networks. Through various social media channels, we want to introduce you to our wide range of services / products and exchange ideas and opinions with you on important topics.
Your Personal Data provided on the social network is processed for the following purposes:
- communicate with our social network visitors;
- respond to visitor inquiries;
- obtaining statistical information;
- conducting customer surveys, marketing campaigns, market analysis, lotteries, competitions or similar actions or events;
- if necessary, defending the legitimate interests of the Company in institutions and in other cases.
Unless explicitly stated otherwise, the legal basis for Personal Data processing is Article 6 part 1 point (f) of the GDPR. Our legitimate interests are to be able to answer your messages or questions and analyze our availability on social networks, to present our products and services. To the extent that you wish to enter into a contractual relationship with us with your request, the legal basis for such processing is Article 6 part 1 point (b) of the GDPR.
If we intend to process your Personal Data for any other purpose not mentioned above, we will notify you prior to such processing.
Our pages on social networks are managed by specific social networks, so when you visit them, the processing of Personal Data is based on the social network privacy policies. With some social networks, depending on the social network policy, the purposes and scope of the processing, we are considered as joint data controllers.
Currently we use these social networks:
- On Facebook – @sereslietuva, which privacy notice is available at: https://www.facebook.com/privacy/explanation
- On LinkedIn – SERES Lietuva, the privacy notice of which is available at: https://www.linkedin.com/legal/privacy-policy
- On Instagram – @sereslietuva, which privacy notice is available at: https://help.instagram.com/519522125107875?helpref=page_content
- On YouTube – SERES Lithuania, which privacy notice is avaivalble at: https://www.youtube.com/static?template=privacy_guidelines and https://policies.google.com/privacy.
 AVIA SOLUTIONS GROUP PLC, a private limited liability company, established and acting under the laws of the Republic of Cyrpus, registration code HE 380586, registration addres 28 Oktovriou, 1, ENGOMI BUSINESS CENTER BLC E, Flat / Office 111 Egkomi, 2414, Nicosia, Cyprus.