1.1 GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.2 Personal data - any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.3 Recipient - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
1.4 Data Subject - the Customer or employee of the Data Controller or any other person whose Personal Data is processed by the Data Controller.
1.5 Data processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.6 Data processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1.7 Data controller - e-shop dohotools.com, company code: 305289946, address Veiverių str. 153, Kaunas, Lithuania.
1.8 Third party - a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
1.9 Customer - a person who uses the services provided by the Data Controller or has previously used them.
1.10 Consent of the data subject - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1.11 Policy - means this Personal Data Processing Policy.
Other terms used in the Policy correspond to the terms used in The General Data Protection Regulation (GDPR).
2. General provisions
2.1. The Data Controller collects certain Personal Data for administrative and direct marketing purposes, to conduct its business and to perform legal duties. The Data Controller is responsible for the processing of your Personal Data under the conditions specified in this Policy.
2.2. In this Policy, we explain what Personal Data we collect, how we process and store it when we provide the goods and services we offer. This includes information obtained by providing services to Customers and online through the website www.dohotools.com
2.3. This Policy also applies to our targeted content, including online offers and advertising of products and services, which you may see when you browse the Internet on third-party websites, platforms and gadgets ("Third Party Websites"). Please note that these Third-Party Sites may have their own privacy policies and conditions. Please read them before using these Third-Party Sites.
2.4. You must read and understand this Policy carefully before using our Websites. By using the services provided by the Data Controller, you confirm that you agree to abide by this Policy.
2.5. The Data Subject is not entitled to use the Websites if he / she is not familiar with the Policy and / or does not agree with it. In cases where the Data Subject does not agree with the Policy or any part thereof, he must not use the Websites. Otherwise, it is considered that the Client has read and unconditionally agreed to the Policy.
2.6. Third-party services, such as Facebook, may be subject to third-party terms. For example, Facebook applies a Data Policy to all its users and visitors. It is therefore recommended to consult the terms and conditions applicable to such third parties.
2.7. The controller shall ensure that it complies with the following essential data protection principles:
2.7.1. Personal data must be the data subject's approach to a fair, honest and transparent method (principles of legality, fairness, and clarity);
2.7.2. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; further processing of the data for archival purposes, in the public interest, for scientific or historical research purposes, or for statistical purposes is not considered incompatible with the original purposes (purpose limitation principle);
2.7.3. Personal data must be adequate, relevant, and not excessive in relation to the purposes for which they are processed (data reduction principle);
2.7.4. Personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that Personal Data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
2.7.5. Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; Personal data may be stored for longer periods if the personal data are processed solely for archival purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1) GDPR, subject to appropriate technical and organizational measures required by this Regulation to protect the data subject's rights. and freedoms (principle of limitation of retention period);
2.7.6. Personal data must be processed in such a way as to ensure adequate security of Personal Data through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing of the Data and against unintentional loss, destruction or damage (principle of integrity and confidentiality).
2.7.7. The controller is responsible for ensuring that the above principles are complied with and must be able to demonstrate that they are complied with (accountability principle).
2.8. The data shall be processed after the Data Subjects have been duly informed.
2.9. Data is stored for the periods specified in this Policy for each type of Personal Data. Storage is carried out in accordance with the procedures set out in Chapter 4 of the Policy.
2.10. The data controller's access rights to the Data shall be terminated upon termination of the Personal Data Processing Agreement concluded with the Data Controller or upon the expiry of this agreement.
2.11. Data shall be transferred to Data Processors and Data Recipients when the right and (or) obligation to do so is granted by legal acts on appropriate grounds.
2.12. Personal data of the data controller may be submitted to a pre-trial investigation body, prosecutor, or court in administrative, civil, criminal cases, as evidence or in other cases prescribed by law.
3. Methods of personal data collection
3.1. We collect your personal information directly in a variety of ways, such as when you provide us with your personal information by registering as a Customer on our Website or participating in our loyalty programs, registering for prize lotteries, games and contests, subscribing to our newsletter, receiving information or emails, by purchasing products and services from us, completing questionnaires, commenting, making inquiries or contacting our Customer Service.
3.2. When you provide us with your Personal Data, we process it for the purposes and in accordance with the procedures set out in this Policy. If you do not want us to process your Personal Data in this way, please do not provide it to us.
3.3. We may also obtain your personal data from other sources, including commercial sector data sources such as public databases and data collectors, and information from third parties. If you do not want us to receive your personal data from other sources, please indicate your preferences to the relevant sources.
3.5. If you become a member of any of our loyalty programs, we may consider it your consent that we want us to process your personal data for marketing purposes. You may opt out of these marketing communications at any time and this will not affect your participation in the Loyalty Program and its benefits.
3.6. When processing your personal data with your consent, we will ask for your consent for the specific purpose of the processing. We will also ask for your consent if we need your personal data for purposes other than those specified in this Policy.
3.7. Please review Section 4.1 for more information on the various personal data we may collect, the purposes for which they are collected and the legal basis for the processing of such data.
3.8. Our Websites are intended for adults, but there may be times when a portion of Customers under the age of 16 (sixteen) view or purchase products on our Websites. If we know that the Customer is under 16 (sixteen) years of age, we will not use such Customer's personal data for marketing purposes unless we obtain their parental consent.
3.9. To provide parental consent for the use of the data for marketing purposes, ask your parents or guardians to contact us as described in Section 12.
3.10. In certain cases, we will consider that you have obtained parental consent based on your actions. We then reserve the right to decide whether to receive our marketing communications until you reach the required age.
3.11. We would like to point out that access to prizes, samples and other awards can only be allowed to users who have reached the required age. We may process your Personal Data to verify your age and enforce any age restrictions.
4. Purposes of personal data processing
4.1. Browsing websites
4.1.1. Personal data collected:
Information about the browser you use when you visit our Websites, your IP address and device address, links clicked, other websites visited in front of our Websites, and information collected through cookies and similar tracking tools. Your username, profile photo, gender, connections, and any other information you agree to share through third-party sites (such as when you click "Like" on Facebook).
4.1.2. Purpose of personal data processing:
4.1.3. Personal data retention period:
Use the Cookie Permission Tool to find out how long each cookie is stored.
4.1.4. Legal basis for the processing of personal data:
4.2. Offering products and services
4.2.1. Personal data collected:
Name, surname, postal address, e-mail address, mobile phone number, loyalty card number, order history / wish list (including your purchases on our Website, store), payment history, age, date of birth, gender, Your viewed products on our Websites, favorite brands, favorite store, Your actions on our Websites and in reading our letters, your responses to surveys or contests, your buying habits and priorities, and information about your lifestyle, hobbies, and areas of interest.
4.2.2. Purpose of personal data processing:
To offer you customized products or services (including from related third parties) that may be of interest to you based on your purchasing history and behavior, priorities, and our marketing segmentation strategies. We can do this by sending you information by mail, e-mail. by mail, newsletters, SMS messages or phone about products, services, promotions, etc. We may also contact you and offer to participate in Customer Surveys, Promotions, Prize Lotteries and Contests. You may also receive promotional promotions (such as coupons) run by stores once you have created an account on our websites or are participating in a loyalty program.
4.2.3. Personal data retention period:
As long as you buy from us. If no transactions have taken place within 3 (three) years, we will delete your personal data, unless the law provides for a longer retention period for such data. If you shop online as a guest, we store your data for 1 (one) year after the purchase. If you have subscribed to our newsletter, we will retain your Data until you unsubscribe.
4.2.4. Legal basis for the processing of personal data:
* You allow us to process your personal data if you become a member and agree to the terms of our customer loyalty program (fulfilling a contract).
* If you give us permission to process your Personal Data by subscribing to our newsletters.
* If you shop online as a guest, we will contact you regarding related offers to the fullest extent permitted by law, including provisions regarding the sending of spam.
* You may unsubscribe from our marketing communications at any time by using the Privacy Settings panel in your profile (if you have one) or by clicking the unsubscribe button in our marketing emails sent to you. You can unsubscribe from our SMS messages sent for direct marketing purposes by contacting us by e-mail: [email protected]
4.3. Customer service
4.3.1. Personal data collected:
Name, postal address, home phone number, mobile phone number, passwords, order history, payment history, payment information (i.e. bank or credit card information), order history / wish list, age, gender, request fulfillment information, postings and other content that you provide on our Websites, as well as other information that you provide when you purchase or order the Service, by posting a request.
4.3.2. Purpose of the processing of personal data:
We process your Personal Data when you contact us and when we respond to your inquiries and comments.
5. Cookies and similar technologies
5.2. Cookies can be temporary or permanent: a) temporary cookies are valid and are not deleted while you are browsing your browser; b) persistent cookies are not deleted after closing the browser and the information stored in them facilitates later access to your Account (password, username). Such Cookies speed up and facilitate the use of the Websites.
A. Web Analytics with Google Analytics
5.4. The Websites use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called cookies, which are text files stored on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website is usually sent to a Google server in the United States where it is stored. However, if you have IP anonymization enabled for this site, Google will first shorten your IP address in European Union member states or other EEA countries. At the request of the website operator, Google uses this information to analyze how you use the website, to provide us, the website operators, with reports about the operation of the website and to provide us with other services related to your use of the website and the internet. The IP address that Google Analytics sends through your browser will not be associated by Google with any other available data. If you want to prevent the collection of cookie-generated data and site usage data collected by Google (including your IP address), and to opt out of the processing of such data by Google, you can download and install a browser plug-in.
5.5. Data collected by Google Analytics is stored for 26 months.
Please note that without cookies you may not be able to use all the services of our websites.
B. Use of Google Inc.'s remarketing or similar audience feature
C. Using Google AdWords Conversion Tracking
5.7. As Google AdWords customers, we use Google Conversion Tracking, an analytics service provided by Google Inc. Google AdWords places a cookie on your computer (the "conversion cookie") when you access our websites through a Google ad. These cookies expire after 300 days and are not used for personal identification. If you visit certain of our pages and the cookie has not yet expired, we and Google may recognize that someone clicked on your ad and was directed to our site. Each advertiser receives a different cookie. Cookies cannot be tracked through advertiser sites. The information collected through the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted into conversion tracking. Advertisers will see the total number of users who clicked on the ad and were directed to the conversion tracking tag page. However, they do not receive personally identifiable information. If you do not wish to participate in tracking, you may object to this use by preventing cookies from being set to the appropriate setting in your browser software (opt-out option). You will not be included in your conversion tracking statistics.
6. Data retention periods
6.1. We will only process your Personal Data until we have fulfilled the above purposes for which we collected or received your Personal Data and until the expiry of our record keeping obligations as set out in Section 4.
7. Rights of data subjects
7.1. The data subject may exercise the following rights in accordance with the procedure established by the GDPR:
7.1.1. The right to receive confirmation as to whether we process your Personal Data;
7.1.2. The right to access your Personal Data;
7.1.3. The right to request the correction of inaccurate personal data;
7.1.4. The right to request the deletion of your Personal Data ("right to be forgotten");
7.1.5. The right to object to the processing of Personal Data;
7.1.6. The right to restrict data processing;
7.1.7. The right to data portability - to receive our Personal Data held by us in a structured, commonly used and automatically scanned form and forward it to another Data Controller;
7.2. In cases where the Customer's consent constitutes a legal basis for us to process your Personal Data, you may revoke your consent in the following ways:
7.2.2. Administrative and other purposes: send us an e-mail at [email protected]
7.2.3. Please note that the withdrawal of your consent does not affect the lawfulness of the processing of your Personal Data prior to the withdrawal.
7.3. The rights specified in clauses 7.1.1-7.1.7 of the Policy shall be exercised within the periods specified in the GDPR. The periods mentioned above and established by the GDPR are as follows:
Request of the data subject
Right to be informed
When the Data is collected (if provided by the Data Subject) or within one month (if provided by a non-Data Subject)
Right of access
Right to adjustment
Right of erasure
Without undue delay
Right to Restrict Data Processing
Without undue delay
Right to data portability
Right to object
Upon receipt of the objection
7.4. The Data Controller has the right to reasonably refuse to allow the Data Subject to exercise his / her rights or to charge a reasonable fee in accordance with Article 12 (5) of the GDPR. in the circumstances provided for in point (b).
8. To whom can we transfer (share) your personal data?
8.1. We share your Personal Data with the following processors (i.e. service providers who assist us in performing the above tasks):
8.1.1. Related to the e-shop www.dohotools.com and reliable third parties that directly support our activities, website administration (specifically “UAB” Magnus IC), management, support, maintenance and testing of IT systems (specifically “UAB” Magnus IC).
8.2. We emphasize that we impose strict requirements on these Data Processors in accordance with applicable data protection laws to process your personal data only in accordance with the purposes and scope specified by us and to meet high IT security standards.
8.3. We share your personal data with the following third parties who process your personal data for their own purposes (i.e. these third parties are not our authorized Data Processors, they use your Personal Data for their own benefit or because you have consented to it):
8.3.1. Interested third parties (who are not affiliated with www.dohotools.com), who will send you marketing material, but only if you have agreed to receive it from them.
8.3.2. For law enforcement and other authorities, if the disclosure of your personal data is required by law, a lawful instruction from a government / official or a court decision.
8.4. Please note that we never share your Personal Data on social networks. When we expand our customer base or match customers through social networks such as Facebook or Google, we make your personal information anonymous before transmitting it. If there are changes in the future and we must share your personal data on social networks, we will ask for your consent in advance.
8.5. With your consent, we will share information about your use of the Websites with trusted third parties (i.e. advertisers, advertising agencies, advertising networks, data exchange entities, etc.) in order to provide you with content that may be relevant and of interest to you based on your past activity on our Websites. These trusted third parties may set and use their own cookies, web beacons and similar tracking technologies on your device to help us provide you with customized content and advertising when you visit our respective websites. See Section 5 for more information on cookies and opting out.
9. Data Protection Officer
9.1. According to the GDPR, the presence of a Data Protection Officer is obligatory if the main activity of the Data Controller consists of data processing operations that require regular and systematic monitoring of data subjects on a large scale, or when the main activity of the Data Controller or Processor is large-scale processing.
9.2. The rights and obligations of the Data Protection Officer are detailed in the GDPR, in the Policy Annexes, in the Staff Regulations if this position is occupied by an employee of the Data Controller, or in the service contract if the Data Protection Officer is an external service provider.
9.3. In view of the above criteria and the activities carried out by the Data Controller, the Data Controller is not obliged to appoint a Data Protection Officer.
10. Procedures for managing and responding to personal data security breaches
10.1. Employees of the Data Controller who have the right to access the Data must inform the responsible employee and / or their immediate supervisor if they notice any violations of the Data Security (inaction or actions of persons that may cause or pose a threat to the Data Security.
10.2. After assessing the data protection risk factors, the degree of impact of the breach, the damage and the consequences, the Data Controller shall decide on the measures necessary to eliminate the Data Protection breach and its consequences and to inform the necessary entities in accordance with the relevant internal procedures.
10.3. If you believe that we are violating data protection laws by processing your Personal Data, you may file a complaint with the competent supervisory authority in your country of residence or where the GDPR has been violated.
11. Technical and organizational measures for the security of personal data
11.1. The organizational and technical data security measures implemented by the Data Controller shall ensure a level of security commensurate with the nature of the Data managed by the Data Controller and the risks involved in its processing, including but not limited to the measures specified in this Chapter.
11.2. Personal data security measures:
11.2.1. Hardware and software protection (administration of servers, information systems and databases, maintenance of workstations, protection of operating systems, monitoring of user access, protection against computer viruses, etc.);
11.2.2. Administration of information systems and databases, workplace maintenance, protection of operating systems, protection against computer viruses, etc.;
11.2.3. Security of communications and computer networks (hardware and software for sharing data, programs, encryption and transmission of personal data, filtering of unwanted data packets, etc.).
11.3. The personal data protection measures listed above ensure: 1) installation of copies of operating systems and databases, control of storage of copying equipment; 2) technology of continuous data processing process; 3) contingency strategy for systems (contingency management); 4) unique user identification and password system; 5) physical (logical) separation of the program testing environment from the operating mode processes; 6) registered use of data, their inviolability.
11.4. The Data Controller shall ensure the procedure for the recovery of Personal Data in case of their accidental loss. The Data Controller backs up the system data at the intervals specified by the Data Controller and stores them under the specified conditions. Data is restored according to an approved internal procedure using backup and SQL database tools from the libraries of the backup devices. Backups of the Data shall in all cases be stored within the Data Retention Terms set forth in the Policy.
12.1. You can contact this Policy and / or general data protection issues by contacting the following:
Company code: 305289946
Registration address: Veiverių st. 153, Kaunas, Republic of Lithuania
E-mail: [email protected]
Tel. No. +370 686 47 132
13. Final provisions
13.1. The Policy may be reviewed once a calendar year at the initiative of the Data Controller and / or by changes in the legislation governing the processing of Personal Data.
13.2. The policy and its amendments shall enter into force on the date of their approval.