Processing of Personal Data

The controller of personal data collected on the website www.frog.lt is: Zoom Trade MB (registration code 307256973).

A data protection officer has been appointed, who can be contacted at [email protected].

What personal data is processed

• name, telephone number and email address;
• delivery address of goods;
• bank account number;
• price of goods and services and data related to payments (purchase history);
• data necessary for providing customer support.

For what purpose personal data is processed

Personal data is used for managing customer orders and for delivering goods.

Purchase history data (date of purchase, product, quantity, customer data) is used to compile an overview of purchased goods and services and to analyse customer preferences.

The bank account number is used for refunding payments to the customer.

Personal data such as email address, telephone number and customer name is processed in order to resolve issues related to goods and the provision of services (customer support).

The IP address of the online store user or other network identifiers are processed in order to provide the online store service as an information society service and for the purpose of compiling internet usage statistics.

Legal basis

Personal data is processed for the purpose of performing a contract concluded with the customer.

Personal data is processed for the purpose of fulfilling a legal obligation (for example, accounting and resolving consumer disputes).

Recipients to whom personal data is disclosed

Personal data is disclosed to the customer support service of the online store for managing purchases and purchase history and for resolving customer issues.

The name, telephone number and email address are disclosed to the transport service provider selected by the customer. If the goods are delivered by courier, the customer’s address is also disclosed in addition to contact details.

If the accounting of the online store is carried out by a service provider, personal data is disclosed to the respective service provider for the performance of accounting operations.

Personal data may be disclosed to information technology service providers if this is necessary to ensure the functionality of the online store or data storage.

Security and access to data

Personal data is stored on servers of Infonet DC OÜ located within the territory of a Member State of the European Union or countries that have joined the European Economic Area. Data may be transferred to countries whose level of data protection has been deemed adequate by the European Commission, as well as to companies in the United States that have joined the common “data protection shield” framework (Privacy Shield).

Access to personal data is available to employees of the online store who may access personal data in order to resolve technical issues related to the use of the online store and to provide customer support services.

The online store applies appropriate physical, organisational and information technology security measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised access and disclosure.

The transfer of personal data to authorised processors of the online store (for example, transport service providers and data storage) is carried out on the basis of agreements concluded between the online store and the authorised processors. When processing personal data, authorised processors are obliged to ensure appropriate protective measures.

Access to and correction of personal data

Personal data can be accessed and corrected in the user profile of the online store. If a purchase has been made without creating a user account, personal data can be accessed by contacting customer support.

Withdrawal of consent

If personal data is processed on the basis of the customer’s consent, the customer has the right to withdraw consent at any time by notifying customer support by email.

Retention

Upon closing the customer account in the online store, personal data is deleted, except in cases where such data must be retained for accounting purposes or for resolving consumer disputes.

If a purchase is made in the online store without creating a customer account, the purchase history is retained for three years.

In the event of disputes related to payments and consumer claims, personal data is retained until the relevant claim has been fulfilled or until the expiry of the limitation period.

Personal data required for accounting purposes is retained for seven years.

Requests for data erasure

Requests for the deletion of personal data may be submitted by email. We respond within 1 month and indicate the expected deletion period.

Data portability

A response to a request for the portability of personal data submitted by email is provided no later than within one month. Customer support verifies the identity of the individual and informs about the transfer of personal data.

Direct marketing communications

The email address and telephone number are used for sending direct marketing communications if the customer has given the relevant consent. If the customer does not wish to receive direct marketing communications, they should click the relevant link at the bottom of the email or contact customer support.

If personal data is processed for direct marketing purposes (profiling), the customer has the right to object at any time to both the initial and further processing of their personal data, including profiling related to direct marketing, by informing customer support by email.

Dispute resolution

If you have any questions or complaints related to the processing of your personal data, please contact us at: [email protected].

Supervisory authority:

State Data Protection Inspectorate of Lithuania (Valstybinė duomenų apsaugos inspekcija)

Email: [email protected]

Website: vdai.lrv.lt