PRIVACY POLICY

The privacy policy aims to inform how data subjects' data are collected and processed, to explain how long they are stored, to whom they are provided, what rights data subjects have, and where to apply for their implementation or other issues related to personal data processing.

Personal data is processed by the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter - the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating the protection of personal data protection.

UAB „Nordic Idea“ is guided by the following basic principles of data processing:
• personal data is collected only for clearly defined and legitimate purposes;
• personal data is processed only legally and fairly;
• personal data are constantly updated;
• personal data is stored securely and for no longer than the established purposes of data processing or legal acts require;
• personal data is processed only by employees of the Company who have been granted such a right according to their work functions or by duly authorized data processors.

• 1. CONCEPTS
• 1.1. Data controller - UAB "Nordic Idea" (hereinafter - the Company), legal entity code 302642572, registration address Vasario 16-osios st. 38, Garliava, Kaunas district. self.
• 1.2. Data subject – any natural person whose data is processed by the Company. The Data Controller collects only those data of the data subject that are necessary for the Company's activities and/or visiting, using, and browsing the Company's websites, Facebook social network account, etc. (hereinafter referred to as the Website). The company ensures that the collected and processed personal data will be secure and will be used only for a specific purpose.
• 1.3. Personal data – any information directly or indirectly related to a data subject whose identity is known or can be directly or indirectly determined using the relevant data. Processing of personal data is any operation performed with personal data (including collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).
• 1.4. Consent any voluntary and knowingly given confirmation by which the data subject agrees to process his data for a specific purpose.
• 2. SOURCES OF PERSONAL DATA
• 2.1. Personal data is provided by the data subject himself. The data subject applies to the Company, uses the services provided by the Company, purchases goods and/or services, leaves comments, asks questions, applies to the Company for information, etc.
• 2.2. Personal data is obtained when the data subject visits the Company's website. The data subject fills in the forms therein or leaves his contact details etc. for any reason.
• 2.3. Personal data is obtained from other sources. Data is obtained from other institutions or companies, publicly available registers, etc.
• 3. PROCESSING OF PERSONAL DATA
• 3.1. By submitting personal data to the Company, the data subject agrees that the Company will use the collected data to fulfill its obligations to the data subject, providing services that the data subject expects.
• 3.2. The Company processes personal data for the following purposes:
• 3.2.1. Provision of furniture production services and administration of company debtors. For this purpose, the following data is processed:
• • When providing furniture manufacturing services, personal data of customers (natural persons) may be processed: first name(s), last name(s), phone number, email address, bank details, and other data related to the sale of goods and/or the provision of services.
  • When administering the Company's debtors, transferring debts for collection, personal data of clients (debtors, natural persons) may be processed: first name(s), last name(s), telephone number, e-mail address, bank details, the amount owed, information about services provided and/or sold goods, other data related to indebtedness.
  • Contracts, VAT invoices - invoices and other related documents are stored by the terms specified in the general document storage index, approved by order of the Chief Archivist of Lithuania.
  • Data related to the administration of the Company's debtors are stored no longer than is necessary for the purposes for which the personal data is processed.
  • The legal basis for data processing is the need to fulfill a contract to which the client is a party as a data subject, or to take action at the client's request before concluding a contract with him (GDPR Article 6 d. 1 point b), when certain personal data are required to be processed by legal acts (GDPR Article 6 d.1 point c) and the need to pursue the Company's legitimate interests in improving its operations and business success indicators (GDPR Article 6 d.1 point f).
• 3.2.2. Ensuring and continuity of the company's activities. For this purpose, the following data is processed:
• • Personal data of suppliers (natural persons) may be processed to conclude and execute contracts: first name(s), last name(s), personal identification number or date of birth, place of residence (address), telephone number, e-mail address, workplace, position, signature, data in the business certificate (type of activity, group, code, name, periods of activity, date of issue, amount), individual activity certificate number, data or the data subject is a VAT payer, bank account and bank, amount of service/goods, currency and other data provided by the person himself, which the Company receives by legislation in the course of the Company's activities and/or which the Company is required to process by-laws and/or other legal acts.
  • Data of supplier representatives are processed to conclude and execute contracts: first name(s), last name(s), telephone number, e-mail address, company name, address, duties, and authority data (number, date, date of birth of authorized person, signature).
  • Contracts, VAT invoices - invoices and other related documents are stored by the terms specified in the general document storage index, approved by order of the Chief Archivist of Lithuania.
  • The legal basis for data processing is the need to fulfill a contract to which the client is a party as a data subject, or to take action at the client's request before concluding a contract with him (GDPR Article 6 d. 1 point b), when certain personal data are required to be processed by legal acts (GDPR Article 6 d. 1 point c).
• 3.2.3. Execution of practice contracts. For this purpose, the following data is processed:
• • Name(s), surname(s), personal identification number, if not available - date of birth, signature, phone number, e-mail address, address, educational institution, conviction/non-conviction data, time of practice, activity.
  • Personal data of interns, which are contained in the texts of relevant documents (contracts, orders, requests, etc.) (in electronic space, paper document, or other media), are stored by the terms specified in the General Document Storage Index, approved by order of the Chief Archivist of Lithuania.
  • The legal basis for data processing is the need to fulfill a contract to which the intern is a party as a data subject, or to take action at the request of the intern before concluding a contract with him (GDPR Article 6 d. 1 point b) and when certain personal data are required to be processed by legal acts (GDPR Article 6 d. 1 point c).
• 3.2.4. Administration of inquiries, comments, and complaints. For this purpose, the following data is processed:
• • Name(s), surname(s) and/or username, e-mail address, telephone number, address, subject of the request, comment or complaint, text of the request, comment or complaint.
  • The data of requests, comments, and complaints are stored for 1 year after their submission.
  • Legal basis for data processing – processing data is necessary for the pursuit of the legitimate interests of the data controller or a third party, except in cases where such interests of the data subject or the fundamental rights and freedoms necessary to ensure the protection of personal data override them, especially when the data subject is the child (GDPR Article 6 d.1 point f) and consent of the data subject (GDPR Article 6 d.1 point a).
• 3.2.5. To ensure the security of the company's employees, other data subjects, and property (video surveillance). For this purpose, the following data is processed:
• • Image representation. Video surveillance systems do not use facial recognition and/or analysis technologies, the video data captured by them are not grouped or profiled according to a specific data subject (person). The data subject is informed about the ongoing video surveillance using information signs with a video camera symbol and Company details, which are presented before entering the monitored territory and/or room. The surveillance field of video cameras does not include premises where the data subject expects absolute protection of personal data.
  • Personal data (video data) obtained by video surveillance cameras are stored for up to 14 (fourteen) days from the moment of their capture, after which they are automatically destroyed, except in cases where there is reason to believe that a misdemeanor has been recorded, a criminal act or other illegal acts have been recorded (until the end of the relevant investigation and/or trial).
  • Legal basis for data processing – processing data is necessary for the pursuit of the legitimate interests of the data controller or a third party, except in cases where such interests of the data subject or the fundamental rights and freedoms necessary to ensure the protection of personal data override them, especially when the data subject is a child (GDPR Article 6 d. 1 point f).
• 3.2.6. Administration of Whistleblowers in the Company:
• • Personal data of presenters: first name(s), last name(s), personal identification number, workplace (service, work, or contractual relations with the Company), position, telephone number, personal e-mail mailing address, or residential address.
  • Data on the violation: violation, place of violation, time, and other collected information about the violation.
  • Person(s) who may have committed the violation: : name(s), surname(s), employees te, responsibilities.
  • Witness(es) to the violation: first name(s), last name(s), position, workplace, phone number, e-mail address.
  • Documents and data are stored by the terms specified in the General Document Storage Index, approved by order of the Chief Archivist of Lithuania.
  • Legal basis for data processing – when certain personal data are required to be processed by legal acts (GDPR Article 6 d. 1 point c).
• 3.2.7. For other purposes for which the Company has the right to process the data subject's data when the data subject has expressed his consent, when the data needs to be processed due to the legitimate interest of the Company, or when the Company is required to process the data by relevant legal acts.
• 4. USE OF SOCIAL NETWORKS
• 4.1. All information you submit via social media (including messages, use of the Like and Follow boxes, and other communications) is controlled by the operator of the relevant social network.
• 4.2. Currently, our Company has an account on the social network Facebook, whose privacy policy is available at https://www.facebook.com/privacy/explanation;
• 4.3. Our Company currently has an account on the social network LinkedIn, whose privacy policy is available at https://www.linkedin.com/legal/privacy-policy.
• 4.4. We recommend that you read the privacy notices of third parties and contact the service providers directly if you have any questions about how they use your data.
• 5. PROVISION OF PERSONAL DATA
• 5.1. The company undertakes to observe the duty of confidentiality towards the data subjects. Personal data may be disclosed to third parties only if it is necessary to conclude and execute a contract for the benefit of the data subject, or other legitimate reasons.
• 5.2. The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only by the Company's instructions and only to the extent that it is necessary to properly fulfill the obligations set out in the contract. The company uses only those data processors who sufficiently ensure that appropriate technical and organizational measures will be implemented in such a way that the data processing meets the requirements of the Regulation and ensures the protection of the data subject's rights.
• 5.3. The company may also provide personal data in response to court or state authority requests to the extent necessary to properly comply with applicable legislation and state authority orders.
• 5.4. The company guarantees that personal data will not be sold or rented to third parties.
• 6. PROCESSING OF PERSONAL DATA OF MINORS
• 6.1. Persons under the age of 14 may not provide any personal data through the Company's website. If a person is younger than 14 years old, to use the Company's services, before submitting personal information, it is mandatory to submit the written consent of one of the representatives (father, mother, guardian) regarding the processing of personal data.
• 7. PERSONAL DATA STORAGE TERM
• 7.1. Personal data collected by the Company are stored in printed documents and/or in the Company's information systems. Personal data is processed no longer than is necessary to achieve the purposes of data processing or no longer than is required by the data subjects and/or provided for by legal acts.
• 7.2. Although the data subject may terminate the contract and refuse the Company's services, the Company must continue to store the data subject's data due to possible future demands or legal claims until the data storage terms expire.
• 8. RIGHTS OF THE DATA SUBJECT
• 8.1. The right to receive information about data processing.
• 8.2. The right to access the processed data.
• 8.3. The right to demand rectification of data
• 8.4.The right to request deletion of data ("Right to be forgotten"). This right does not apply if the personal data that is requested to be deleted is also processed on another legal basis, such as if the processing is necessary for the performance of a contract or is the fulfillment of an obligation according to applicable legislation.
• 8.5. The right to restrict data processing.
• 8.6. The right to object to data processing.
• 8.7.Right to data portability. The right to data portability cannot adversely affect the rights and freedoms of others. The data subject does not have the right to data portability about personal data that is processed manually in systematized files, such as paper files.
• 8.8.The right to request that a decision based solely on automated data processing, including profiling, not be applied.
• 8.9. The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
• 9. The company must provide conditions for the data subject to implement the above-mentioned rights of the data subject, except in cases established by law when it is necessary to ensure state security or defense, public order, prevention of criminal activities, investigation, detection or prosecution, important the economic or financial interests of the state, the prevention, investigation, and determination of violations of official or professional ethics, the protection of the rights and freedoms of the data subject or other persons.
• 10. PROCEDURE FOR IMPLEMENTATION OF DATA SUBJECT'S RIGHTS
• 10.1. The data subject, to exercise his rights, can contact the Company:
• 10.1.1. by submitting a written request in person, by post, through a representative, or using electronic communication - e-mail by mail: info@nordicidea.eu;
• 10.1.2. orally - by phone: +370 618 00609;
• 10.1.3. in writing - to the address: Vasario 16-osios g. 38, Garliava, Kaunas district. self.
• 10.2. To protect data from illegal disclosure, the Company, upon receiving a data subject's request to submit data or exercise other rights, must verify the identity of the data subject.
• 10.3. The company's response to the data subject is given no later than one month from the date of receipt of the data subject's request, taking into account the specific circumstances of personal data processing. This period may be extended by another two months if necessary, depending on the complexity and number of requests.
• 11. RESPONSIBILITY OF THE DATA SUBJECT
• 11.1. The data subject has:
• 11.1.1. inform the Company about changes in the provided information and data. The company needs to have correct and valid data subject information;
• 11.1.2. to provide the necessary information so that, at the request of the data subject, the Company can identify the data subject and make sure that it is communicating or cooperating with a specific data subject (provide a document confirming the identity of the person or by the procedure established by legal acts or electronic means of communication that would allow the proper identification of the data subject). This is necessary for the data protection of the data subject and other persons so that the disclosed information about the data subject is provided only to the data subject, without violating the rights of other persons.
• 12. FINAL PROVISIONS
• 12.1. By transferring personal data to the Company, the data subject accepts this Privacy Policy, understands its provisions, and agrees to comply with it.
• 12.2. During the development and improvement of the Company's activities, the Company has the right to unilaterally change this Privacy Policy at any time. The company has the right to unilaterally, partially, or completely change the Privacy Policy by announcing it on the website www.nordicidea.eu.
• 12.3. Additions or changes to the privacy policy take effect from the date of their publication, i.e. i.e. from the day they are placed on the website www.nordicidea.eu.

UAB "Nordic Idea" (hereinafter - the Company) takes care of the security of your data. We are committed to protecting and responsibly handling your data. In this document, we provide information about how we process your data using cookies.

Personal data is processed by the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter - the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating personal data protection.

• 1. USE OF COOKIES
• 1.1. The company's website uses cookies - small pieces of textual information that are automatically created when browsing the website and are stored on a personal computer or another device you use. Cookies are used to improve the browsing experience of website visitors and analyze website visitor traffic and behavior on the website.
• 1.2. The Company uses cookies on the website to improve and improve the experience of website visitors.
• 1.3. The following types of cookies may be used on the company's website:
• 1.3.1. Technical cookies – help the website visitor to display the website and its content, and help to ensure the functionality of the website. Technical cookies are necessary for the proper functionality of the website.
• 1.3.2. Functional cookies – are used to help the website visitor use the Company's website, to remember the choices and preferences made during browsing. Functional cookies are not necessary for the website to be fully functional, but they add functionality and improve your experience of using the Company's website.
• 1.3.3. Analytical cookies – used to obtain information about how website visitors use the Company's website. This is necessary so that we can optimize and improve the Company's website. With the help of analytical cookies, we can collect data about the web pages you have viewed, which pages you came from, and which e-mails you sent. the emails you opened and responded to and information about the date and time. This also means that we may use information about you and how you use this website, such as frequency of visits, number of clicks on a particular page, search terms used, etc.
• 1.3.4. Commercial cookies (targeting or advertising cookies) – used to provide personalized advertising to the visitor of the Company's website. This is called "re-marketing" which is based on browsing activities such as the products and/or services you search for, and view.
• 1.4. Company employees who are responsible for analyzing this data and improving the website have access to statistical data about visitors to the Company's website.
• 1.5. Access to technical records may also be provided by the Company's partners who provide tools for managing the content of the Company's website.
• 1.6. The Google Analytics tool is provided by the US company Google Inc., so it also has access to the statistical data collected by the Google Analytics tool. This provider is subject to contractual and legal obligations to ensure privacy.
• 1.7. Data collected by cookies are stored in the Company no longer than is necessary to achieve the purposes of data processing or no longer than is required by the data subjects and/or provided for by legal acts.
• 1.8. You can find more detailed information about cookies at: AllAboutCookies.org.
• 1.9. If you do not agree that we use cookies, you have the opportunity to change the settings of your internet browser and control the amount of cookies. Helpful links on how to opt out of cookies can be found below:
• • For the Chrome browser: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DDesktop
  • For the Firefox browser: https://support.mozilla.org/lt/kb/Slapuk%C5%B3%20%C5%A1alinimas;
  • For the Safari browser: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac;
  • For the Edge browser: https://support.microsoft.com/lt-lt/microsoft-edge/slapuk%C5%B3-naikinimas-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09.
• 2. DESCRIPTIONS OF COOKIES USED ON THE WEBSITE

• Cookie name	Cookie purpose description	Provider	Validity
  evo_session	No description	www.nordicidea.eu	2 hours
  __cf_bm	„Cloudflare“is a cookie to support „Cloudflare Bot Management.	.vimeo.com	30 minutes
  _ga	„Google Analytics“is a cookie to count visitor, session, and campaign data and track website usage in the website analytics report. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors	.nordicidea.eu	1 year 1 month 4 days
  _gid	„Google Analytics“sets this cookie to store information about how visitors use the website while generating an analytical report on the performance of the website. Some of the data collected includes the number of visitors, their source, and the pages they visited they visit anonymously	.nordicidea.eu	1 day
  _gat	„Google Universal Analytics“sets this cookie to limit the frequency of requests and thus limit data collection on high-traffic sites	.nordicidea.eu	1 minute