PRIVACY NOTICE
PRIVACY NOTICE
General Provisions
UAB “Mantinga Logistics”, legal entity code 300603706, registered office address at Sasnavos str. 18, LT-68113, Marijampolė, tel. + 37034356883, (hereinafter - we, the Company) understands that the protection of personal data is important for our customers, suppliers, partners and all persons (hereinafter - data subjects) who cooperate or use the services of the Company. For this reason, we take all necessary measures to ensure the privacy of each data subject and the exercise of personal data protection rights.
You can contact our appointed personal data protection officer and all data protection-related issues by e-mail at asmensduomenys@mantinga.lt .
In this privacy notice, we present all information about how we, acting as data controllers, process personal data, including information about the purposes and legal grounds for the processing of personal data, what data is collected and further processed, how long it is stored, to whom they are provided, what rights you have and where you can apply for their implementation or any other issues related to the processing of personal data.
Our employees and members of the management body are informed about the processing of their personal data in accordance with the procedure laid down in the internal legal acts of the Company.
The Privacy Notice is prepared based on the following legal acts:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter - the GDPR);
- Law on Legal Protection of Personal Data of the Republic of Lithuania No XIII-1426 (hereinafter - LPPDL);
- Law on Electronic Communications of the Republic of Lithuania No IX-2135;
- Guidelines from the State Data Protection Inspectorate (hereinafter - SDPI).
This Privacy Notice is an integral part of the Personal Data Protection Policy approved by the Company.
How do we collect your data?
Depending on the nature of our cooperation, we process the following personal data:
- Received directly from the data subject (you), for example, when you send us inquiries, share your experience via specified contacts, send us your CV in order to apply for job vacancies;
- Which are generated when you use our services, for example, when you visit our website;
- Which we receive from other sources such as public authorities, insurance companies, and other third parties.
For what purposes and what personal data do we process?
Purpose of data processing | Legal basis for data processing | Data categories | Duration of data storage | Data processors |
Conclusion and execution of contracts with customers | Execution of the contract, Chapter 6 (1)(b) of GDPR | Name, surname, telephone number, place of residence, bank details, personal document number, individual activity certificate number, personal identification number, VAT payer‘s number, e-mail, the content of correspondences and the information given therein | 10 years after the contract expires | UAB “Terra IT” |
Execution of orders for transportation abroad | Execution of the contract, Chapter 6 (1)(b) of GDPR | Name, surname, personal identification number (if a natural person), telephone number, e-mail address of the customer or his representative Driver‘s name, telephone number, vehicle plate number | 10 years | UAB “Terra IT” |
Execution of orders for transportation in Lithuania | Execution of the contract, Chapter 6 (1)(b) of GDPR | Name, surname, personal number (if a natural person), telephone number, e-mail, address of customer or his representative | 10 years | UAB “Terra IT” |
Order execution analytics | Execution of the contract, Chapter 6 (1)(b) of GDPR | Name, surname, personal number (if a natural person), address | 5 years | UAB “Terra IT” |
Debt administration | Legitimate interest, Chapter 6 (1)(f) of GDPR | Name, surname, telephone number, place of residence, bank details, personal document number, individual activity certificate number, personal identification number, VAT payer‘s number, e-mail | 10 years | Recipients are not used |
Accounting of customer invoices | Legitimate interest, Chapter 6 (1)(f) of GDPR | Name, surname, telephone number, place of residence, bank details, personal document number, individual activity certificate number, personal identification number, VAT payer‘s number, e-mail | 10 years | UAB “Mantinga Group” |
Search for suppliers | Legitimate interest, Chapter 6 (1)(f) of GDPR | Name, surname, telephone number, address, position, e-mail, photo | 5 years | Recipients are not used |
Conclusion and execution of contracts with partners | Execution of the contract, Chapter 6 (1)(b) of GDPR | Name, surname, telephone number, bank details, personal document number, individual activity certificate number, personal identification number, VAT payer‘s number, e-mail, position | 10 years after the contract expires | Recipients are not used. |
Handling complaints and inquiries | Legitimate interest, Chapter 6 (1)(f) of GDPR | Contact details, the content of addressing | 5 years after the response to the request | Recipients are not used. |
Sending newsletters for direct marketing purposes | Consent, Legitimate interest, Chapter 6 (1)(a) and (f) of GDPR | E-mail address, newsletter readability statistics, number of openings, time, date | Until withdrawal of consent or 3 years | Recipients are not used. |
Selection of candidates for vacancies | Consent, Legitimate interest, Chapter 6 (1)(a) and (f) of GDPR | Name, surname, date of birth, education, marital status, work experience, contact information, curriculum vitae, CV submission date, interests, results of competence test | Until the end of the selection, if consent is given - 2 years after the end of the selection | “Mantinga” UAB |
Filming of the area for the purposes of property protection, prevention and investigation of incidents at workplace | Legitimate interest, Chapter 6 (1)(f) of GDPR | All information obtained by filming the person, without audio recording | 14 days, unless the data is used as evidence in incident investigations or pre-trial investigations | Recipients are not used. |
How do we protect your data?
In order to assess the level of security appropriate to the risk in the processing of data, the Company has implemented all appropriate technical and organisational measures. When selecting and implementing appropriate technical and organisational measures to ensure the security of data processing, we are guided by:
- ENISA guidelines: https://www.enisa.europa.eu/publications/guidelines-for-smes-on-the-security-of-personal-data-processing ;
- Good information security practices;
- SDPI guidelines: https://vdai.lrv.lt/uploads/vdai/documents/files/VDAI_saugumo_priemoniu_gaires-2020-06-18.pdf .
Who do we provide your data to?
For processing personal data, the Company only uses data processors that ensure compliance with the GDPR and the same level of security of personal data as set out in our personal data protection policy.
Here we provide a list of categories of data recipients of the Company:
- State institutions in accordance with the procedure laid down by the laws;
- Companies providing data centres, hosting, cloud, website administration and related services, creating, providing, supporting and developing software, companies providing information technology infrastructure services, companies providing communication services;
- Subcontractors;
- Law enforcement authorities at their request or on our initiative, if there is a suspicion that a criminal offence has been committed, as well as courts and other dispute settlement bodies;
- Personal data may be made available to other companies of the group of companies for the purpose of internal administration on the basis of legitimate interest.
Do we provide your data outside the European Union and the European Economic Area?
We ensure that your data is processed in accordance with the requirements and standards established by European Union legislation and inform you that your data is processed only within the limits of the European Union and the European Economic Area.
Or
Your data may be transferred outside the European Union and the European Economic Area by signing contracts that meet the requirements of the European Union with data processors.
Data may be transferred outside the European Union and the European Economic Area when such transfer is necessary for the conclusion, execution of contracts, and proper provision of services provided by the Company. In such cases, we ensure that we take the necessary steps to ensure that the data transfer is properly performed and that the rights of data subjects are protected.
When providing data outside the European Union and the European Economic Area, the Company follows the decision of the European Commission on the adequacy of the state concerned, as well as on standard contract terms and conditions.
Consequences of failure to provide data
You have the right to refuse to provide your personal data, but the provision of your personal data is required and necessary for the purposes set out in this Privacy Notice, therefore, if you do not provide your personal data, we would not be able to achieve the objectives listed.
What rights do you have and how can you exercise them?
In accordance with the provisions of the GDPR, you, as a data subject, can exercise the following rights:
- 1. The right to access personal data. I.e. to submit a request for information on whether your personal data is being processed and if your personal data is processed, you have the right to access your personal data processed.
- The right to rectification of personal data. I. e. to submit a request for rectification of your personal data if you determine that the personal data processed by us are incorrect, incomplete or inaccurate.
- 3. The right to delete the data (the right to be forgotten). e. to request to delete your personal data if you believe that your data is being processed unlawfully or fraudulently.
- The right to restriction of the processing. I.e. to submit a request to restrict (suspend) the processing of your personal data, except for storage: in the case, for example, when you request the rectification of your personal data (as long as the accuracy of your personal data is checked and/or it is corrected), it is determined that the personal data is processed unlawfully and you do not agree to the deletion of the data, you have expressed an objection to the processing of your personal data, etc.
- The right to data portability. I.e. to submit a request to transfer your personal data, which is processed by automated means, to you and/or another data controller in a structured, commonly used and computer-readable format.
- The right to object to data processing. I.e. to express an objection to the processing of personal data where the data is processed on the legal grounds of legitimate interest or public interest.
- The right to require not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you.
- 8. The right to withdraw the consent given to us for processing personal data at any time, for example, for direct marketing.
You can exercise your rights as follows:
- By sending us a free-form request at the following e-mail address: asmensduomenys@mantinga.lt. The request must be signed with an electronic signature or the request must be accompanied by a copy of the personal document certified by a notary so that we can verify your identity.
- When sending a request by registered mail at the address Sasnavos str. 18, LT-68113, Marijampolė, the request must be signed. The request must be accompanied by a copy of your identity document certified by a notary.
- You can also exercise your rights through a representative. In this case, your representative must provide his/her name, surname, contact details, a copy of the personal identity document certified by a notary, and information about you, namely: name, surname, and other data on the basis of which we could identify you as a data subject, as well as provide a copy of the document justifying your representation certified by a notary.
The request must be legible, signed, and it must include the name, surname, place of residence of the data subject and other data of the desired form to maintain communication, information about which of the data subject’s rights and to what extent the data subject wishes to exercise them.
We will respond to your request at least within one month from the date of receipt of the request. In exceptional cases requiring additional time, we will have the right to extend the time limit for considering the presentation of the requested data or other requirements specified in your request up to two months from the date of your address.
Where can you address for the questions related to personal data?
If you have any questions regarding the information given in this Privacy Notice or regarding the protection of your personal data and the exercise of your rights in the Company, please contact our representative responsible for data protection in any way convenient to you:
- By mail at asmensduomenys@mantinga.lt .
- In writing at the address Sasnavos str. 18, LT-68113, Marijampolė.
If a mutually satisfactory solution cannot be found, you have the right to apply to the State Data Protection Inspectorate at the following address L. Sapiegos str. 17, Vilnius, e-mail at ada@ada.lt .
Cookies
A cookie is a small text file that a website places on your computer or mobile device browser when you visit the website. This allows the website to “remember” your actions and preferences (such as your registration name, language, font size and other display options) for a certain period of time so that you do not have to re-enter them every time you visit the website or browse its different pages.
The information collected by cookies allows us to ensure your ability to browse more conveniently and learn more about the behaviour of website users, analyse trends and improve the website.
You can find out what cookies are used on this page and how to manage them in the cookie control panel on each page.
What cookies we use?
In order to ensure that you can use the website more conveniently and efficiently, we use the following cookies:
- Required:
Cookie name | Cookie purpose | Expiration |
---|---|---|
wp-wpml_current_language | Used to maintain a user session. | Valid until the browser is closed |
PHPSESSID | Used to maintain a user session. | Valid until the browser is closed |
- Google Analytics:
Cookie name | Cookie purpose | Expiration |
---|---|---|
ga - Google Analytics | To collect information about website traffic. | 2 years |
_gat - Google Analytics | To regulate the number of requests. | 10 minutes. |
gid_Google Analytics | For tracking purposes to distinguish between users. | 24 hours. |
_utma - Google analytics | To collect statistical information about website traffic. | 2 years |
_utmz - Google analytics | To collect statistical information about website traffic. | 6 months. |
Final Provisions of the Privacy Notice
The Privacy Notice is amended at the discretion of the Data Controller or in the event of a change in the requirements of applicable legal acts.
The website publishes an up-to-date version of the Privacy Notice and therefore it is recommended to familiarise yourself with the latest version.
The Privacy Notice was last updated on 11 January 2024.