Privacy policy

JSC “AUTOCOM LT“ PRIVACY POLICY

 

This Privacy Policy applies to the processing of personal data by JSC “ AUTOCOM LT“ (the Company), the registered address: Savanorių avenue 129, LT-03150 Vilnius, Lithuania, Tel. +370 (5) 2409546, E-mail: info@autocomcarrental.com, the company is renting vehicles for short-term and long-term rental, providing other services, and serving clients by telephone, e-mail, social networks and/or the website www.autocomcarrental.com

The Company is continuously developing and improving its activities and therefore the Company has the right to change this Privacy Policy at any time in accordance with applicable laws and regulations. All changes shall be immediately posted on the Company website.

The Company shall always follow good practices and ensure that your privacy is not compromised.

This Privacy Policy describes what personal information we collect and for what purposes we process you when you contact the Company.

This Privacy Policy also contains important information on data protection, in particular your rights as a data subject under the General Data Protection Regulation.

It is very important that you read the Privacy Policy carefully as you agree to the terms described in this Privacy Policy each time you visit the Website of the Controller. If you do not agree to these terms, please do not visit our site, use our content and/or services.

If you have any questions regarding the processing of your data or your rights, please contact us by e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it..

 

DEFINITIONS

The recipient of the data” means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not.

Data subject” means an employee, customer or other natural person of the Company whose personal data is processed by the Company.

Processing of data” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Data Controller” means a legal entity that processes personal data on behalf of the Company.

DATA PROCESSING

We take your privacy very seriously. The Company processes personal data accurately, fairly and solely for the purposes for which it was collected, in accordance with the principles and requirements of law governing the processing of personal data.

We shall collect, store and process all personal data in accordance with the General Data Protection Regulation, the laws of the Republic of Lithuania, the rights of our clients, and we shall not transfer them to any third parties unless required to do so by law, regulation or if you explicitly consent to the transfer of your data.

We shall process your personal data on one of the following legal grounds:

 

Processing of Customer Personal Data

We may process the following customer personal data:

 

In all cases, we shall undertake that all personal data collected by the customer will be processed only to the extent necessary to ensure the proper performance of our services, the related purposes and the fulfillment of our legal obligations.

Loyalty and Discount program, Direct Marketing Execution

The Company also processes your personal data in cases where you agree to participate in a loyalty and discount program organized by the Company and/or for direct marketing purposes (e.g. sending newsletters, personalized advertising, promotional announcements, etc.).

When you participate in the loyalty and discount program, the Company processes your name, surname, order history, and customer account information.

For direct marketing purposes, the Company processes your name, surname, e-mail address.

For the purposes of loyalty and discount programs, direct marketing, the Company processes your personal data on the basis of your consent which is expressed through your active actions. You have the right to withdraw your consent at any time. Revocation of consent does not affect the lawfulness of the processing of personal data prior to the revocation of your consent.

Processing of personal data in cases of servicing of persons

The Company also processes your personal data in the event that you contact us, make inquiries, ask questions, or send information to the specified contacts via the Company website.

The Company processes your personal data for the purpose of administering inquiries and complaints, responding to your inquiries, ensuring the quality of the services we provide, protecting and defending the rights and legitimate interests of the Company. You provide us with your data on the basis of consent which is expressed through your active actions, i.e. addressing us.

Your personal data will be deleted upon examination of your application to the Company. In order to fulfill the legitimate interest of the Company in gathering evidence of inquiries received, responses thereto, services rendered and contact made, depending on the type of data and circumstances, it may, in certain cases, be stored longer as long as it is fit for purpose they were collected.

Longer term storage of your personal data may occur in the following cases:

In any case, your personal data will be destroyed after the deadline.

Please note that you must provide the Company with a minimum amount of personal information when making inquiries, questions or other information. Provide only personal data necessary for the purposes for which the letter, request or response is sent.

Please do not use first name, surname, phone number, e-mail address, bank account number, special (sensitive data), etc. Do not include personal data such as personal identification number, health or other sensitive (sensitive) data, financial data and other redundant or unnecessary data in the text of the letter, request or application text.

Processing of personal data on the website

The Company has the right to administer the user account created by you on the website www.autocomcarrental.com. When you create a user account, the Company shall process your name, surname, user account login details and the date the user account was created.

The Company processes your personal data in order to control the flow of user accounts and ensure your convenience through the website www.autocomcarrental.com. The personal data you provide is not shared with any recipients.

When you visit our website, the Company may also collect and manage the IP address, network and location data of the visitor. Data is collected with a help of cookies and other similar technologies on the basis of user consent.

Cookies are small text files that our website wants to place on your computer or other devices connected to the Internet, such as tablets or smartphones. If your browser settings accept cookies, your browser appends the text as a small file.

Most of the cookies used by the Company are necessary for the functional Performance of the Website and they are technical.

Most cookies are deleted from your device at the end of your browser session (session cookies). We use the information stored in the necessary cookies only to provide the necessary information on the website.

The Company also uses non-technical cookies:

Slapuko pavadinimas Aprašymas Sukūrimo momentas Galiojimo laikas Naudojami duomenys
NID Sisteminis slapukas naudojamas Google žemėlapio nustatymams Apsilankius svetainėje su Google žemėlapiu 1 metai Unikalus identifikatorius
TawkConnection Time Sisteminis pagalbos bloko slapukas Pirmo įėjimo į puslapį metu Naršant puslapyje sesijos metu Unikalus identifikatorius
_dc_gtm_UA-80048190-4 Statistikos slapukas Apsilankius svetainėje Naršant puslapyje sesijos metu Speciali reikšmė

 

The cookie message informs you that we use cookies. By continuing to use our website and accepting the display of a cookie message, you consent to the cookies and confirm that you are aware of them. You can configure your browser to refuse some or all cookies or to ask for your permission before accepting them. Visit www.aboutcookies.org or www.allaboutcookies.org for information on how to change your browser settings.

More information about handling cookies can be found here:

Video surveillance

In order to ensure the safety of you and our employees, as well as to protect the Company’s property from theft, you are filmed while visiting our car rental offices. We review videos in the event of incidents, theft or other criminal activity in order to protect the legitimate interests of our victims.

Recording of telephone conversations

The Company shall record all telephone conversations for the purpose of gathering evidence of the terms of future transactions and/or transactions entered into and in progress. Each time you start recording a conversation, you will be warned that your telephone conversation with the Company will be recorded. You reserve the right not to consent to the recording of your telephone conversation and to personally visit the car rental office of the Company.

 

DATA CONTROLLERS. RECIPIENTS OF DATA

The Company is entitled to use data controllers in accordance with the provisions of the General Data Protection Regulation. They shall be subject to a contract for processing personal data in accordance with the requirements of that Regulation. Data sub-processors may not be employed without the consent of the Company.

The Company shall only employ data processors when such processing cannot be carried out by itself, i.e.:

These Service Providers shall undertake data processing procedures on behalf of the Company and only as directed by the Company. Third parties who process personal data shall be chosen carefully and in accordance with applicable data protection legislation.

Under certain circumstances, the external service providers of the Company may be granted access to your personal data but only for the specified purposes of processing. Under such agreements, such third parties are required to ensure that their data protection is at least equivalent to that guaranteed by the Company and required by applicable law. All data processed on behalf of the Company remain under the control of the Company. Compliance with the instructions of the Company, data protection levels and contractual obligations with the data controller is continuously monitored.

We do not sell, modify or otherwise make available your Personal Information to third parties without prior notice to users. We may also disclose information when required to do so by law, in the implementation of our Site Policies, or to protect the rights, property or safety of us or others.

 

LINKS TO OTHER WEBSITES

Our Website may contain links to other sites that are not owned or operated by us. Please note that we are not responsible for the privacy policies of such websites or third parties. Please note when you are redirected from our Website to other websites, please read the privacy policies of each website where personal information may be collected.

DATA SUBJECT RIGHTS AND THEIR ENFORCEMENT

The Company will exercise the rights of the data subjects without undue delay but in any event within one month of receipt of the request, will provide the data subject with information on the action it has taken on request. The Company may extend the period of one month by a further two months, depending on the complexity and number of the requests but in any event, the Company will inform you of such extension within one month of receipt of the request, together with the reasons for the delay. The Data Subject must provide a copy of his/her identity document upon request.

For you, the General Data Protection Regulation guarantees the rights of the data subject. At any time, after the Company has properly verified your identity, you have the right to:

The Company will provide you with all information to which you are entitled and not covered by this Privacy Policy, such as: where applicable, the recipients of the personal data; the periods of retention of the personal data or, where that is not possible, the criteria applied for determining that period; the right to request the Company to grant access to the data subject’s personal data and to correct or delete them, or to restrict the processing of data, or the right to object to the processing, as well as the right to data portability; whether the supply of personal data is a legal or contractual requirement, etc.

The Company will confirm to you whether personal data relating to you are being processed and, if such personal data are being processed, to provide all relevant information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the periods for which the personal data will be stored or, where that is not possible, the criteria used to determine that period; the right to ask the controller to correct, delete or restrict the processing of personal data relating to the data subject; where personal data are not collected from the data subject, all available information on their sources. The Company will provide a copy of the personal data processed. Where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic format.

The data subject has the right to require the Company to rectify your inaccurate personal data without undue delay. Subject to the purposes for which the data were processed, the data subject shall have the right to request that incomplete personal data be supplemented.

If you have a reason (for example, personal data are no longer needed to achieve the purposes for which they were collected, etc.), you can request that your personal data be deleted.

You may request a restriction on the processing of your data if it meets the criteria defined in the General Data Protection Regulation, for example, the Company no longer needs your personal data for processing purposes but you need them to assert legal requirements; You dispute the accuracy of the data for a period during which the Company may verify the accuracy of the personal data, etc.

In cases where the Company processes your personal data by automated means with your consent or on the basis of an agreement with the Company, you have the right to receive your personal data in a systematic and computer readable format and to forward it to another controller without any hindrance. You have the right, where technically possible, to forward your personal data to another controller.

You have the right to object at any time to the processing of your personal data when such processing is carried out for the legitimate interests of the Company, except when the Company processes the data for reasons overriding the interests, rights and freedoms of the data subject.

Where personal data are processed for direct marketing purposes, the data subject shall have the right at any time to object to any further processing for marketing purposes. If you object to the processing of data for direct marketing purposes, the Company will no longer process your personal data for such purposes.

To exercise any of the rights set forth in this section, you may contact the Company through the following contacts. Notwithstanding any other remedy, you also have the right to lodge a complaint with the supervisory authorities at any time.

The Company recommends that you always contact us with the contact details listed before submitting your complaint in order to find a prompt and appropriate solution to the problem.

 

BREACHES OF PERSONAL DATA SECURITY

The Company will always report a breach of personal data security to the State Data Protection Inspectorate, unless such breach does not endanger the rights and freedoms of individuals. If the nature and seriousness of the breach would seriously jeopardize the rights and freedoms of individuals, the Company must also notify you as a data subject of the breach. Infringements shall be reported in accordance with the General Data Protection Regulation.

The report to the data subject should include in clear and plain language (if the report is sent by email, SMS, mail, etc.):

Should the notification require a disproportionate effort, the Company will instead make the breach public on its website.

In the event of a breach, the Company will not notify the data subject if as follows: appropriate safeguards have been implemented for the personal data affected by the breach; immediately after the breach, the Company took measures to ensure that the rights and freedoms of individuals could no longer be seriously endangered; this would require a disproportionate effort to contact individuals. In that case, the infringement shall be made public.

 

DATA SECURITY

The Company takes great care in protecting your personal data using appropriate data protection safeguards. These include: active and reactive risk management, periodic software updates, use of antivirus software, access control and protection systems, controlled access/user permissions and oversight, providing skills in the training of personnel involved in the processing of personal data, as well as in the evaluation and selection of data controllers. Paper documents shall be stored in premises with appropriate security measures. Persons working with personal data shall be bound by confidentiality obligations imposed by law, the internal rules of the controller and/or confidentiality agreements. Data is backed up. The company is constantly updating its internal practices.

 

FINAL PROVISIONS

The Company is continuously developing and improving its activities and therefore, the Company has the right to change this Privacy Policy at any time in accordance with applicable laws and regulations. All changes shall be immediately posted on the Company website.

This Privacy Policy is reviewed periodically, but at least every two years.