Checkout

DAILY SPOON Privacy Policy and Personal Data Processing Rules

The Customer Personal Data Processing Rules (hereinafter – the Rules) govern the principles of the collection, use, and storage of customers’ personal data, define the purposes and means of processing customers’ personal data, and determine who may access customers’ personal data and for what purposes.

DEFINITIONS

Responsible Person – a natural or legal person appointed by the Company under a service or other agreement to process customers’ personal data.

Company – MB “Daily Spoon”, legal entity code 305911572 (Švitrigailos g. 16B-63, LT-03223 Vilnius, Lithuania, +370 677 94653, [email protected]).

Other terms used in these Rules shall be understood as defined in the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data. The main definitions are as follows:

Personal Data – any information relating to a natural person (data subject) whose identity is known or can be identified directly or indirectly by reference to such data as a personal identification number or one or more factors specific to the physical, physiological, psychological, economic, cultural, or social identity of that person.

Processing of Personal Data – any operation or set of operations performed on personal data, such as collection, recording, storage, organization, structuring, classification, grouping, combination, alteration (supplementation or correction), disclosure, publication, use, logical and/or arithmetic operations, retrieval, dissemination, erasure, or any other action.

Third Party – a natural or legal person other than the data subject, the data controller, the data processor, or persons directly authorized by the data controller or data processor to process personal data.

SECTION II

Principles of Customer Personal Data Processing

The Company, when processing customers’ personal data, is guided by the following principles:

• Customer personal data are processed only for lawful purposes and to achieve the objectives defined in these Rules;
• Customer personal data are processed accurately, fairly, and lawfully in accordance with legal requirements;
• The Company ensures that customer personal data remain accurate and are regularly updated in case of any changes;
• The Company processes customer personal data only to the extent necessary to achieve the purposes of personal data processing;
• Customer personal data are stored in a form that allows identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed;
• Personal data are processed accurately, fairly, and lawfully.

SECTION III

Purposes of Customer Personal Data Processing

Detailed information on the processing of customers’ personal data is provided in this Policy.

The main personal data processed include: name, surname, phone number, email address, and other data necessary for order fulfillment and the provision of marketing offers.

The main purposes of personal data processing are:
Order management and fulfillment; user data, purchase, and website usage analysis for the purposes of improving user experience and website functionality; and marketing and advertising activities.

SECTION IV

Data Subject Rights

The Company appoints a responsible person to ensure that customers’ rights as data subjects are properly protected, implemented, and that all information is provided appropriately, in a timely manner, and in a form understandable to employees.

Rights of customers as data subjects and measures for their implementation:

• Right to be informed about the collection of personal data. When collecting customer personal data, the Company must inform individuals what personal data must be provided, the purpose of data collection, to whom and for what purpose the data may be disclosed, and the consequences of not providing the requested data. Simplified information is provided in the customer consent forms. The customer has the right to access their personal data, request correction, clarification, or supplementation of inaccurate or incomplete data. The customer may also object to the processing of certain non-mandatory personal data.
• Right to access personal data and information on how it is processed. The customer has the right to request information about which of their personal data are processed and for what purposes. This information is provided to the customer free of charge once per year. If the customer submits such a request more than once per year, the fee for providing this information shall not exceed the cost of providing the information.
• Right to request correction, deletion, or suspension of personal data processing. Right to object to data processing. The customer has the right to object to the processing of certain non-mandatory personal data. Such objection may be expressed by not filling in certain sections of forms or other documents, or by subsequently submitting a request to terminate the processing of non-mandatory personal data. The Company shall provide written information indicating which personal data are processed on a non-mandatory basis. Upon receiving a request to terminate the processing of non-mandatory personal data, the Company shall immediately cease such processing unless this conflicts with legal requirements and shall inform the employee/customer accordingly.

SECTION V

Measures for Ensuring Personal Data Security

Access rights to personal data and authorizations to process personal data are granted, revoked, and modified by order of the Company’s head.

When protecting personal data, the Company implements appropriate organizational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.

The Company ensures proper storage of documents and data files and takes measures to prevent accidental or unlawful destruction, alteration, or disclosure of personal data, as well as any other unlawful processing. Copies of documents containing employees’ personal data must be destroyed in such a way that the content cannot be restored or identified.

Only persons authorized to access personal data may do so, and only when necessary to achieve the purposes set out in these Rules.

The Company ensures the security of premises where personal data are stored, appropriate arrangement and supervision of technical equipment, compliance with fire safety regulations, proper network management, maintenance of information systems, and implementation of other technical measures necessary to ensure personal data protection.

The Company takes measures to prevent accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing of personal data by properly and securely storing entrusted documents and data files.

If an employee or other responsible person processing data doubts the reliability of the implemented security measures, they must contact their direct supervisor to assess the existing security measures and, if necessary, initiate the acquisition and implementation of additional measures.

Employees or other authorized persons who process personal data automatically or from whose computers access to local network areas storing personal data is possible shall use assigned passwords. Passwords shall be changed under certain circumstances (e.g., change of employee, suspected security breach, suspicion that the password has become known to third parties, etc.).

An employee working on a specific computer and accessing personal data may know only their own password. Passwords must be stored in a secure location and used only when necessary.

Upon detecting personal data security breaches, the Company shall take immediate measures to prevent unlawful processing of personal data.

Failure to comply with these Rules may, depending on the severity of the violation, be considered a breach of work duties if committed by an employee and may result in liability in accordance with the Labour Code of the Republic of Lithuania.

SECTION VI

Data Collection and Cookies

We process your Personal Data obtained in the following ways:

• When you provide Personal Data to us yourself;
• When we collect your Personal Data while you use our website, our managed social media accounts, contact us by phone or electronic communication means, or visit our product pickup point;
• Within the scope permitted by applicable legislation, we may also obtain information about you from other sources, such as publicly available registers, databases, marketing partners, and other third parties;
• Depending on your social media settings, if you choose to link your social media account with your account on our website, we may access certain data from your social media profile, including your personal account information: your name, surname or nickname, profile photo, and email address;
• You have the right to modify and update the information you provide to us. In certain cases (for example, when selling or delivering goods to you), we must have accurate and up-to-date information about you in order to provide high-quality services; therefore, we may ask you to periodically confirm that the information we hold about you is correct;
• By providing Personal Data to us, you are responsible for the accuracy, completeness, and relevance of such Personal Data;
• On our website, we use third-party cookies, meaning cookies managed by entities other than us, such as Google services including Google Analytics and Google Ads, as well as Facebook cookies. These cookies are used to obtain statistical information about website usage and for behavior-based online advertising purposes.

What is a cookie and what is its purpose?

A cookie is textual information sent by a server to a browser and stored in the browser. This information is sent back to the server every time the browser requests to open a webpage. This allows the server to remember browser settings or track website visits.

Cookies help websites operate more efficiently and improve their services, as well as provide information to website administrators for statistical or advertising purposes. In particular, cookies help personalize the browsing experience by remembering you (for example, recognizing you when logging into your account and preventing the display of irrelevant advertising offers).

More information about the cookies used on the website can be found here:

How can I delete or disable cookies?

In most browsers, cookies can be disabled through the settings. However, we remind you that disabling navigation or functional cookies may affect website performance and/or limit the services we can provide. Below are instructions by browser on how you can manage cookies:

• Firefox
• Chrome
• Internet Explorer
• Safari

To learn more about cookies, their management, and your preferences regarding third-party profiling, please visit youronlinechoices.com/lt/. To disable analytical cookies and prevent Google Analytics from collecting data about your browsing, you may install an additional browser plugin provided by Google: tools.google.com/dlpage/gaoptout.

SECTION VII

Final Provisions

These Rules are reviewed and updated in the event of changes to legislation regulating the processing of personal data.

Employees and other authorized persons are introduced to these Rules by signing or through electronic means and are obliged to comply with the obligations established herein and follow the principles defined in these Rules when performing their work duties. Upon the client’s request, they are provided with the opportunity to familiarize themselves with these Rules.

The Company has the right to partially or fully amend these Rules. Employees and other responsible persons shall be informed of any amendments by signing or through electronic means.

If you have any questions, please contact MB Daily Spoon at [email protected].