Processing of personal data related to the use of our online services.
1. General terms
1.1. Responsible side
UAB “DAUDRIUS”, Žemaitės g. 24, LT-03201 Vilnius, įm.k. 122655461, PVM mok.k. LT100000016817, a/s Recipient: UAB DAUDRIUS
• Email: [email protected]
1.2. Purposes and legal basis
As part of our activities, we process personal data of various data subjects. We inform you about the purposes and legal basis.
1.3. Recipients
Depending on the data processing situation, your personal data may be processed not only by the person responsible but also by third parties. Possible recipients include order processors (e.g. web hosting providers, software and other technical service providers), delivery service providers and third-party providers of online services and content. Disclosure may also be related to official requests, court orders, and processes if necessary for prosecution or enforcement. For more information, please see the notes to the relevant processing.
1.4. Data transfers to third countries
We use services whose providers are partly located or process personal data in third countries (outside the European Economic Area), i.e. countries whose level of data protection is not adequate for the European Union. Where this is the case and the European Commission has not adopted an adequacy decision for these countries (Article 45 GDPR), we take appropriate precautions to ensure an adequate level of data protection for any data transfer. This includes, but is not limited to, the standard contractual clauses of the European Union. When this is not possible, we will rely on the exceptions provided for in Article 49 GDPR, especially your explicit consent or the need to transfer data for the performance of a contract or pre-contractual measures.
1.5. Data retention period
Personal data will be retained for as long as is necessary to fulfill the purpose for which it was collected, as long as required by law, or as long as it is necessary for other legal reasons.
1.6. Rights of interested parties
You have the right to obtain information about the data we hold about you, including recipients and intended retention period, in accordance with Article 15 GDPR. If the data we process is not (or is no longer) correct, you have the right to have it corrected (Article 16 GDPR). If the relevant legal requirements are met, you can request deletion (Article 17 GDPR) or restriction (Article 18 GDPR) of the processing, as well as object to the processing (Article 21 GDPR). If you believe that the processing of personal data relating to you violates data protection legislation, you have the right to lodge a complaint with the relevant data protection supervisory authority (Article 77 GDPR).
1.7. Right to object
You have the right to object to the processing of your personal data at any time in accordance with Article 6, paragraph 1, letter f GDPR. We will then stop processing your personal data unless we have legitimate and compelling reasons for the processing that override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims. You may also object at any time, without giving reasons, to the processing of your data for direct marketing purposes and any related profiling.
2. Data processing situations
2.1. Use of the website
Our online offerings are designed to inform you about our company and services, establish or enter into contractual terms and conditions, and communicate and interact with our customers and stakeholders.
We also process personal data for the aforementioned purposes. The scope of data processing and the legal basis depend on the services requested by the user, the relevant browser settings and any given consent.
Web technologies (cookies and similar technologies)
We use a variety of software solutions and web technologies, including web and marketing analytics tools provided by third parties, as well as integrated services or content from third parties, such as fonts, maps, or videos, to improve communication and customer interaction and optimize the user experience.
Analytics tools are used to collect, measure and analyze data such as a number of visitors, visitor sources, pages visited, time spent on the site, or depth of browsing. Marketing tools allow you to monitor and specifically evaluate marketing activities (advertising campaigns, affiliate advertising, multichannel analysis).
For privacy and data protection purposes, the use of these tools often requires appropriate user consent. We use the consent management tool to obtain and manage the necessary consents in accordance with Article 6, paragraph 1, phrase 1, letter a of the GDPR and, if applicable, section 25, part 1 of the TTDSG (see next section).
Detailed information on the subject and scope of the relevant consents and the processing of data based on them will be provided directly via the consent management tool.
To the extent that consent is not required, the processing of personal data is based on the purposes described in Article 6, paragraph 1, phrase 1, letter f GDPR, which also represents our legitimate interests or those of our partners (“necessary services”). The collection of data for the provision of the website and the storage in log files are necessary for the operation of the website.
Consent management tool
We use a consent management tool (“HGC”) for consent management purposes. You can access the HGC at any time here or by clicking on the “Cookie Settings” link in the footer of the website. When you access our website, an HGC cookie is set which is used to store and manage individual consents for certain services and to activate or deactivate relevant features.
The HGC is used to obtain the necessary consents and document them in accordance with our obligation to provide evidence. The legal basis for this is Article 6, paragraph 1, phrase 1, letter c GDPR.
The collected data will be stored until you delete the cookie. Detailed information about the data processing performed by HGC can be found in the user interface of the tool.
Google Tag Manager
We use Google Tag Manager on our website, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. Tag Manager is used to manage website tags, including tracking tools and other services known as website tags. Google Tag Manager does not require the use of cookies.
Legal basis – Article 6, paragraph 1, sentence 1, letter f GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in an efficient way.
Criteo
As part of our shared responsibility as defined in Article 26 GDPR, we use services provided by Criteo SA, 32 Rue Blanche, 75009 Paris, France (“Criteo”) to collect information about user behavior (e.g. products viewed, added to cart, or purchased) completely anonymously to improve the advertising offer. We set the boundaries of a specific advertising campaign with Criteo. Criteo is then responsible for implementing that advertising campaign, including deciding which ads to show.
Given our joint responsibility for the above processing, you may exercise your rights under the GDPR against both us and Criteo. We have entered into a joint liability agreement with Criteo, the main terms of which we will make available on request.
2.2. Customer management, direct marketing
For centralized management of information related to sales and direct marketing, we use the Customer Relationship Management (CRM) system at UAB “DAUDRIUS”. The data managed by CRM includes existing customer contacts and registered users on the website, including newsletter subscribers and other marketing contacts.
Customer/user profiles
CRM allows us to compare and analyze marketing information from various sources to optimize marketing strategies and send direct mail. This may include creating and analyzing customer or user profiles to identify the most popular products and services and tailor marketing campaigns to individual interests.
In addition to operational data from existing customers, we also process data generated through our online offerings (e.g., landing pages, contact forms) into the CRM. Email marketing and social media data (e.g., open rates, referral routes, etc.) may also be included.
We strive to ensure that the sales and marketing efforts of UAB DAUDRIUS’ various business units are efficient, focused, and coordinated across departments. In this case, we manage (with the help of service providers) the relevant CRM data, following Article 6 (1) sentence 1 lit. f of the Data Protection Act of the Republic of Lithuania, based on a balance of interests.
Consent Management (email advertising)
Another component of our CRM is consent management. According to Section 7 (2) paragraphs 1 and 2 of the German Unfair Competition Act (UWG), certain types of direct advertising, especially advertising to consumers by e-mail or telephone, are only permitted after explicit consent has been obtained.
If you give us your consent to advertise our online offers (e.g., when registering for a newsletter), we document and store the necessary information for evidence (Art.
7 (1) of the Data Protection Act of the Republic of Lithuania and, if applicable, Article 7a UWG), based on Article 6 (1) phrase 1 lit. c of the General Data Protection Regulation (GDPR) as of June 1, 2008.
In case of withdrawal of consent, we keep the evidence for documentation purposes by Article 6 (1) sentence 1 lit. f GDPR until the statutory limitation periods have expired. This is in line with our interests in case a legal defense is necessary. The same applies to the documentation of objections to advertising, which we also keep blacklisted to ensure that advertising is not sent to recipients who clearly do not wish to receive it.
Conditions for direct mail service and personally selected newsletters
Where consent has been given (e.g., for shopping cart reminders or opinion and satisfaction surveys), data processing for the purposes specified in the consent is carried out in accordance with Article 6 (1) letter a of the General Data Protection Regulation (GDPR) 2010.
Irrespective of any consent requirement, we process personal data from our CRM and, where appropriate, other sources (including service providers), in order to create specific and, where appropriate, personalized deliveries and direct mail. The legal basis for data processing for our advertising interests is Article 6 (1), phrase 1 lit. f GDPR.
On our website, you can subscribe to a free and regular newsletter that includes information tailored to you, news about our products, and current special offers.
To subscribe to our newsletter, we use a double confirmation process, which means that we will only send you the newsletter by email if you click on the link in our newsletter to confirm that it is your email address. If you confirm your email address, we will store your email address, the time you registered and the IP address used to register until you unsubscribe from the newsletter. The sole purpose of this storage is to send you the newsletter and confirm your registration. You can unsubscribe from the newsletter at any time. You will find a link to unsubscribe in each newsletter. You can also inform us of your wish to unsubscribe using the contact details provided above or in the newsletter (e.g. by email or post).
The legal basis for data processing is your consent in accordance with Article 6 (1) paragraph 1 lit. a GDPR. The registration of registration process is based on our legitimate interests under Article 6 (1) phrase 1 lit. f of the Data Protection Act of the Republic of Lithuania (BDAR) to demonstrate consent.
For the purpose of determining when and how our emails are used, we record and analyze newsletter interactions and access data (e.g., open or click rates) using standard market technologies. For this purpose, our emails contain web beacons. These are small images downloaded from our website that allow us to identify when you opened an email. We can also find out which links within the email you have clicked. We use this access data to continually improve our services, content, customer communications, and for statistical purposes. We also use this information to better understand what content and products you are interested in so that we can provide you with the most relevant content in the future.
When you register to receive promotional emails, we also ask for your consent to tailor the emails to your needs and interests, taking into account the data we store about you across devices, such as access data, account information, if applicable, and your purchase history (orders, returns, incomplete orders). The legal basis for this is your consent in accordance with Article 6 (1), letter a of the General Data Protection Regulation (GDPR).
Access data (opening and click data) is stored anonymously. It is not possible to perform a separate exception to the described analysis of your access data and the creation of a personalized profile of your usage. However, you can configure your e-mail program so that e-mails are displayed in text format instead of HTML. This prevents video files and graphics from being displayed, so they cannot be tracked. In this case, the newsletter will not be displayed in its entirety, and you will not be able to use all of its features. If you do not want us to analyze your access data or create a personalized profile of your usage, you may withdraw your consent to receive personalized email advertising at any time as described above.
Advertising to current customers
Please note that under the terms of section 7 (3) of the German Unfair Competition Act (UWG), consent is not required for sending and tracking advertisements by post or
e-mail to current customers. Data processing based on legitimate interests under section 6 (1), phrase 1 lit. f of the Data Protection Act of the Republic of Lithuania (BDAR) may also apply to email and postal marketing if you have not consented to the advertising or have withdrawn any consent you have given us. You may object to the use of your data for advertising purposes based on our legitimate interests at any time by using the appropriate link in emails or by contacting us via the contact details provided above (e.g. email or post), without having to incur any additional costs other than broadcast costs at basic rates.
For SMS and telephone contact, MP-CARPARTS.
If you have given your consent and provided your mobile and/or landline phone number in your customer account, we will contact you by phone or SMS for satisfaction surveys, special offers and promotions, product information and statistical purposes. You may withdraw your consent at any time in the future by contacting us via the contact details above (e.g., by email or post).
If you give your consent at the beginning of a conversation, we will record the conversation. The information provided during the call will be stored for training of support staff and call center quality assurance, and will normally be deleted after three months, unless the law or evidential requirements require a longer retention period. We may retain a recording for up to three years for evidential purposes (e.g., for sales contracts). Your consent is the legal basis (Article 6 (1) sentence 1 lit. a of the Data Protection Act of the Republic of Lithuania (BDAR)) for the recording and evaluation of the conversation.
Surveys and contests
If you participate in one of our surveys, we use your data for market research and opinion polls. We only analyze the data in an anonymous form for internal purposes only. In exceptional cases where surveys are not evaluated anonymously, data is collected and processed only with your consent (Article 6 (1) letter a of the Data Protection Law of the Republic of Lithuania (BDAR)).
In the context of contests, we use your data to organize the contest and notify you about prizes. You will find more detailed information in the specific terms and conditions of the competition. П
The legal basis for processing is the competition contract in accordance with Article 6 (1), letter b of the General Data Protection Regulation (GDPR).
Reviews with comment function and star rating system
We offer the possibility to publicly provide feedback on our products and services on our websites. When you participate in the star rating system, we calculate an overall score on an opinion scale. In the case of a comment function, your review can also be published on our websites only with your initials or your chosen name (pseudonym).
This processing is carried out in accordance with Article 6(1), letter f of the General Data Protection Regulation (GDPR), based on the legitimate interest of obtaining the opinions of users and thus building a basis of trust through the use of the website. We also have a legitimate interest in ensuring that our sales reports are transparent to other customers and confirmed by actual purchases.
Contact
If you contact us using our contact forms or by email, we regularly process your personal data (including assistance from service providers) to respond to your inquiry or process your request in accordance with Article 6(1) letter f GDPR in order to protect our fundamental commercial interests, especially commercial communication.
Contract-related communication necessary to fulfill the contractual relationship established with you or to apply pre-contractual measures based on your request is also carried out in accordance with Article 6(1) letter b GDPR.
You can also contact us by telephone. If you give your consent at the beginning of the call, we will record the conversation. Information provided during the call will be stored for training of support staff and call center quality assurance, and will normally be deleted after three months, unless the law or evidentiary requirements require a longer retention period. We may retain a recording for up to three years for evidential purposes (e.g. for sales contracts). Your consent is the legal basis for the recording and evaluation of the conversation, in accordance with Article 6(1), letter a of the GDPR.
2.4 Customer Account
On our website, we offer users the opportunity to create a customer account or register in our login area to use all functions of our website. The registration of a user subscription constitutes a contract for the use of the MP-CARPARTS store account. The registration information is used to process orders in our online store and to create a customer account.
customer account. Without this information, registration would not be possible. The legal basis for processing is Article 6(1) letter b of the General Data Protection Regulation (GDPR).
Additional information may also be displayed optionally in the public profile of the user, in project descriptions and in news feeds.
In addition, we collect your IP address when you make a publication and/or leave a comment. This is necessary for the defense or fulfillment of legal requirements.
Personal data will be processed as long as the online contribution remains published and will then be deleted.
The legal basis for processing is Article 6(1) letter b of the Bundestag Data Protection Act (BDAR) and otherwise Article 6(1) letter f of the BDAR, based on our legitimate interest to provide a function that allows users to create individual profiles.
The information you provide is used solely to create a member account and personal profile. Data will be deleted as soon as it becomes unnecessary for the purpose for which it was collected, unless a longer retention period is required to fulfill legal obligations.
2.5 Order Process
If you place an order, in addition to the information provided during registration, we may collect the information necessary to process the order.
You may provide additional information such as telephone and fax numbers so that we can contact you by these means in case of questions or request payment by telephone if you do not pay on time and a written reminder if necessary, and we are unable to contact you otherwise.
The legal basis for processing is Article 6(1) letter b of the General Data Protection Regulation (GDPR).
2.6 Payment Service Provider
You may choose from several payment service providers and payment methods to make a payment, including prepayment, Paysera, and invoices. For this purpose, we may directly provide these payment service providers with payment processing-related data such as payment addresses, IBAN, BIC, and preferred payment method. For payment verification purposes, such as for the issuance of purchased goods, we obtain relevant payment information from the payment service providers. We also obtain basic data and financial information from payment service providers as part of any legally required identity verification.
Unless you have given us your consent by Article 6, paragraph 1, sentence 1, letter a) BDAR, the legal basis for the transfer of data to payment service providers in the context of contract processing is Article 6, paragraph 1, sentence 1, sentence
1, letter b) GDPR, as the processing is necessary for the performance of the contract and the processing of the order.
The legal basis for the data processing performed by payment service providers in the performance of their duties and additional information can be found in the data protection policy of the respective payment service provider. Please note that not all payment methods may be available in all countries.
Paysera LT, UAB Bank address: Pilaitės pr. 16, Vilnius, LT-04352, Lithuania, tel: +37052071558
Remember that the most effective way to exercise your privacy rights is to contact your payment service provider directly, as only they have access to the data and can take direct action.
2.7 Sanctions Verification
To fulfill our obligations under EU counter-terrorism legislation, we cross-check EU-managed and published sanctions lists. The legal basis is Article 2, paragraph 6, clause 6, sentence 1, letter c) BDAR as well as our legitimate interest under Article 6, paragraph 1, sentence 1, letter f) GDPR to check whether commercial transactions violate § 134 of the German Commercial Code and to prevent sanctions.
We carry out this check by comparing your name and shipping address with the latest sanctions lists at checkout. If there is a positive match, we check the result manually. If the result of the verification is unclear after the automatic process, we will contact you and, if necessary, ask for additional information (especially a copy of an identification document showing your nationality, date and place of birth). We will immediately remove the ID copies after manual verification. During the verification process, your order is temporarily delayed. If the verification result is negative, we will continue processing your order. If the result of the check matches an entry on the sanctions list, we will notify you and give you an opportunity to comment. We will then decide whether to establish or continue a business relationship with you.
### 3. Social Media Access
We maintain an online presence on social media to communicate with customers and stakeholders and to provide information about our products and services.
Typically, user data is managed by the social networks themselves for market research and advertising purposes. Thus, usage profiles can be created based on users’ interests. Cookies and other identifiers are used on users’ computers for this purpose. On the basis of these usage profiles, advertisements are placed on social networks, for example, on social networks.
Based on these usage profiles, advertisements are placed, for example, on social networks and also on third-party websites. By participating in online activities, we can access information such as usage statistics provided by social networks. These statistics are aggregated and may include demographic information and data about interactions with our online presence and the content we share.
You can find details and links to the social media data we have access to as operators of online activities in the list provided below.
Legal basis for data processing – our legitimate interest to inform and communicate effectively with users or, by extension, to maintain relationships with our customers and to inform and conduct activities prior to entering into a contract with potential customers and stakeholders.
For information on the legal basis for data processing by social networks, please see the data protection information of the respective social networks. You will also find further information on data processing and objection possibilities in the links provided below.
We would like to emphasize that the most effective way to address privacy concerns is to contact the social network provider directly, as only they have access to the data and can take direct action.
Below is a list of information about the social networks on which we are present:
– **Facebook** (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
– Management of the Facebook Fan Page on a shared responsibility basis on the basis of the Agreement on the Joint Processing of Personal Data (Insights page data supplement regarding the responsible party).
– Information about the Insights page data processed and contact options in case of data protection requests: [Information about Facebook Page Insights data](https://www.facebook.com/legal/terms/information_about_page_insights_data).
– Privacy Policy: [Facebook Privacy Policy](https://www.facebook.com/about/privacy/).
– Exclusion options: [Facebook Ad Settings](https://www.facebook.com/settings?tab=ads) and [Your Online Choices](http://www.youronlinechoices.com).
– **Instagram** (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
– Privacy Policy: [Instagram Privacy Policy](https://help.instagram.com/519522125107875).
– **Google/YouTube** (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland)
– Privacy Policy: [Google Privacy Policy](https://policies.google.com/privacy).
– Exclusion Option: [Google Advertising Settings](https://www.google.com/settings/ads).
– **Twitter** (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland)
– Privacy Policy: [Twitter Privacy Policy](https://twitter.com/de/privacy).
– Possible
Opt-out option: [Twitter Personalization](https://twitter.com/personalization).
– **LinkedIn** (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
– Manage LinkedIn’s company page on a shared responsibility basis based on the Joint Insights Page Data Controller Agreement.
– Information about the Insights page data processed and contact options in case of data protection requests: [LinkedIn Page Insights Joint Controller Agreement Page Insights Addendum](https://legal.linkedin.com/pages-joint-controller-addendum).
– Privacy Policy: [LinkedIn Privacy Policy](https://www.linkedin.com/legal/privacy-policy).
– Exclusion capabilities: [LinkedIn Retargeting Invitation and Exclusion Controls](https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out).
– **TikTok** (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland)
– Privacy Policy/Exceptionalities: [TikTok Privacy Policy](https://www.tiktok.com/legal/privacy-policy?lang=en)