Why is this privacy policy necessary?
Stova JSC, entity code 302299725, registered address Konstitucijos pr. 29, 08105 Vilnius (hereinafter referred to as the Company or We), we care about your privacy and protection of personal data. Therefore, we process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and the Council (hereinafter referred to as the Regulation), the Law on Legal Protection of Personal Data and other personal data protection legislation. Hence, in order to ensure fair and transparent informing about the processing of your personal data, we publish this privacy policy (hereinafter referred to as the Policy).
This Policy describes what your personal data we collect and for what purposes we process it when you use our services on the website www.unipark.lt (hereinafter referred to as the Website) or in other ways. This Policy also provides important information about the protection of your personal data, your rights and how to exercise them. Therefore, make sure to read this Policy, and if you have any questions, please do not hesitate to contact us at the contacts listed. Please note that we reserve the right to amend this Policy in the future. You will be notified of any amendments, but we ask you to read this Policy periodically.
What are personal data and how they are processed?
Personal data is any information directly or indirectly related to you when your identity is known or can be directly or indirectly identified by using relevant data, such as name, email address, vehicle registration number, etc.
Processing of personal data means any operation carried out on personal data (including the collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).
When processing your personal data, the company follows the following principles of personal data processing:
- Your personal data are processed only to the extent necessary to achieve the relevant, clearly defined and legitimate purposes, taking into account the protection of your privacy.
- Your personal data are processed accurately, fairly and lawfully and only for purposes that are consistent with the purposes for which your personal data were collected prior to collection.
- Your personal data are processed strictly in accordance with the statutory requirements for clear and transparent processing of personal data.
- Your personal data will be processed only in a form that identifies you for no longer than it is necessary for the purposes for which the personal data are processed.
- The processing of your personal data is subject to relevant technical and organisational measures to ensure the security of personal data, including protection against unlawful data processing and unintentional loss, destruction and damage.
What purposes do we process your personal data for?
I. Conclusion and administration of the Agreement
What personal data of yours do we process?
In order to be able to conclude agreements with us on the Website for parking services (such as factual agreements; agreements for specific parking spaces) and/or to order one-off parking services (such as parking in the airport area; entrance to Neringa, and to administer these agreements and/or the accounting documents issued in accordance with them on the Website, We shall process the following personal data of yours under section Self-service:
- Full name.
- Personal identification number or date of birth.
- VAT payer’s code (when the person is registered as a VAT payer).
- Address.
- Phone number.
- E-mail.
- Vehicle state number plate.
- Agreement details (type of service provision (according to the fact/specific parking lot); date of service provision (conclusion of the agreement); number of parking spaces and other Terms and Conditions of the agreement according to the type of agreement).
- Service order data (type of service provision (parking in airport areas/entrance to Neringa); date of service provision (from/to); type of the vehicle; number of seats and other Terms and Conditions for ordering the service by type of service).
- Self-service login details (email and self-service login password) – when the agreement is concluded.
How do we get your data?
- Directly from you when you provide them to Us when concluding a contract (e.g. on the website under ‘Parking e-contracts and memberships’, ‘Parking membership Vėtrungių St. 71 and 91’) and/or ordering other services on the Website, such as airport parking and/or ‘tickets to Neringa’.
What are your personal data used for?
- All the above data (except for the self-service login data) are used in order to be able to conclude an agreement with you and/or accept orders for the provision of your desired services and to fulfil it.
- Self-service login details, i.e. the email specified in the agreement and one-time login password provided to you, are used to create an account for you on the Website in accordance with the concluded agreement and to give you the possibility to log in and administer the agreement and/or accounting documents issued thereunder.
Who/what can your personal data be transferred to?
- To ensure the due functioning of the Website (where agreements are concluded and/or and/or administered and/or services are ordered), we provide your personal data to the data processors hired, such as IT service providers, etc.
- We transfer your personal data to the owners of the administered parking lots in order to ensure the proper performance/administration of the service, i. y. allow you to enter and/or pay for parking in our administered parking lot, in accordance with the Terms and Conditions of the contract and/or order.
- The data can also be transferred to the competent authorities and/or law enforcement authorities, such as courts, police or other supervisory authorities; legal and/or debt collection service providers; insurance companies, etc. However, your data shall only be provided if required to do so by applicable law and only in accordance with the law, in order to ensure Our rights, the security of Our customers, employees and resources, and to make, provide and/or defend legal claims.
We note that your personal data are transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data are not transferred to third countries (i.e. outside the European Union or the European Economic Area) or international organisations.
Under what terms and conditions of lawful processing do we process your personal data?
- When you provide your personal data in the relevant sections of the Website and confirm the Agreement and/or order other services provided by Us, an agreement on the provision of specific services is concluded between you and the Company, therefore We process your personal data in accordance with Article 6(1)(b) of the Regulation,e. the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take action at the request of the data subject before the conclusion of the contract.
- Upon fulfilling the agreement concluded with the Company on the provision of specific services, we shall comply with the obligations established for Us by legal acts and keep this agreement and/or evidence confirming it. Therefore, We shall keep your personal data in accordance with Article 6(1)(c) of the Regulation, e. processing of data is necessary in order to fulfil the applicable legal obligation (established in the General Index of Storage Terms of Documents approved by the order of the Chief Lithuanian Archivist; Civil Code of the Republic of Lithuania; Law on Value Added Tax of the Republic of Lithuania or other related legal acts).
How long do we process/keep your personal data?
- We process the contracts concluded with you and/or orders confirming this (including the specified personal data) the entire term of the contract and keep them for 10 years from the expiration of this contract (execution of the last order).
II. Parking service administration
(Parking management/service provision)
What personal data of yours do we process?
To provide you with parking and parking payment services (e. g. by parking machine or SMS), We shall process the following personal data:
- Vehicle state number plate.
- The location where the vehicle is parked (i. e. the selected zone and/or parking lot).
- Vehicle parking time (i. e. exact start and end dates of parking and parking time).
- Payment details (paid/unpaid; payment amount; and chosen payment method).
- Payment transaction details (e. g. transaction information).
- When payment is made via a mobile operator (e. g. by SMS), the phone number and mobile operator shall be processed.
How do we get your data?
- Directly from you when you provide them when you pay for parking services (e. g. at a parking machine or by SMS).
- We also get your data when you provide it when you pay for parking services by the app UNIPARK. In this case, the processing of your personal data is described in more detail in the App Terms and Conditions.
What are your personal data used for?
- We use the state vehicle number to identify a customer (i. e. the vehicle) who wants to park in the parking lots and/or areas We administer.
- We use the parking time data of the vehicle to calculate the parking time and estimate the price of the service provided to you accordingly.
- We use the payment method and transaction data to collect/receive payment for the services and/or issue an invoice for payment accordingly.
Who/what can your personal data be transferred to?
- To ensure the proper functioning of the services and the quality of the services provided, We can transfer your personal data to third parties assisting Us in providing the relevant services. Such persons may include developers, IT service companies, marketing service companies (acting as data processors) and mobile operators, payment service providers, providers of parking and parking-related services, including zone and/or parking lot owners (acting as data controllers), etc.
- The data can also be transferred to the competent authorities and/or law enforcement authorities, such as courts, police or other supervisory authorities; legal and/or debt collection service providers; insurance companies, etc. However, your data shall only be provided if required to do so by applicable law and only in accordance with the law, in order to ensure Our rights, the security of Our customers, employees and resources, and to make, provide and/or defend legal claims.
Under what terms and conditions of lawful processing do we process your personal data?
- When you provide your personal data and order other services provided by Us, an agreement on the provision of specific services is concluded between you and the Company, therefore We shall process your personal data in accordance with Article 6(1)(b) of the Regulation, i. e. the processing of personal data is necessary for the performance of an agreement to which the data subject is party or in order to take action at the request of the data subject before the conclusion of the agreement.
- Upon fulfilling the agreement/order concluded/placed with the Company on the provision of specific services, We shall comply with the obligations established for Us by legal acts and keep this agreement/order and/or supporting evidence. Therefore, We shall keep your personal data in accordance with Article 6(1)(c) of the Regulation, i. e. processing of data is necessary in order to fulfill the applicable legal obligation (established in the General Index of Storage Terms of Documents approved by the order of the Chief Lithuanian Archivist; Civil Code of the Republic of Lithuania; Law on Value Added Tax of the Republic of Lithuania or other related legal acts).
How long do we process/keep your personal data?
- We shall process your orders, together with supporting evidence (including the personal data provided), for the duration of the order and keep them for a period of 3 years from the date on which the service is provided and/or the date of full payment for the services.
III. Managing arrears
(Administration of payment irregularities, including identification)
What personal data of yours do we process?
If you breach the Company’s service payment procedures and fail to pay a debt for services provided, we shall collect and process the following personal data of yours:
- Details of the owner and/or manager of the vehicle: name, surname, personal identification number, and address.
- Information on the use of the service and the violation of the payment procedure: photos of the vehicle and/or its state number plates, information on the provision of the service (i. e. parking space, entry/exit time (parking time), amount to be paid etc.).
How do we get your data?
- Information on the use of the service and violation of the payment procedure shall be collected when you use the services provided by the Company. This information may be collected by video cameras, recorded by the Company’s employees/controllers, etc.
- The vehicle owner’s data shall be obtained from the Register of Road Vehicles of the Republic of Lithuania administered by the State Enterprise Regitra (according to the state number plate of the vehicle that has violated the payment procedure), publicly available sources and/or other state registers.
What are your personal data used for?
- Information on the use of the service and the violation of the payment procedure shall be used to justify the recorded violation of the payment procedure and the arrears incurred.
- The vehicle owner’s data shall be used to communicate with the owner, including identification the owner, for the purpose of recovering arrears. If no agreement can be reached with the owner on the payment of the arrears in a pre-judicial debt recovery procedure, the arrears may be transferred or sold to debt collectors and recovery may be pursued in accordance with the law.
Who/what can your personal data be transferred to?
- To contact and communicate with the person who violated the payment procedure, We shall use a data processor, which, acting as a data processor, shall carry out the functions of arrear management on Our behalf, including identification, sending of the notification, and/or follow-up communication in the course of the recovery of the arrears.
- The data can be transferred to the competent authorities and/or law enforcement authorities, such as courts, police or other supervisory authorities; legal and/or debt collection service providers; insurance companies, etc. However, your data shall be provided only if required by applicable law and only in accordance with the law, in order to ensure the legitimate interests of the Company, the security of the Company’s employees and/or resources, and to make and/or defend legal claims.
We note that your personal data shall be transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data shall not be transferred to third countries (i. e. outside the European Union or the European Economic Area) or international organisations.
Under what terms and conditions of lawful processing do we process your personal data?
- We have a legitimate interest in receiving payment for services provided, therefore we carry out arrear recovery, including identification, in respect of persons who have failed to comply with the payment procedure and shall process this personal data in accordance with Article 6(1)(f) of the Regulation, i. e. the processing is necessary in order to pursue the legitimate pecuniary interests of the data controller in relation to the obtaining of payment for the service.
How long do we process/keep your personal data?
- To manage arrears, we shall process the data collected until the arrear has been recovered (i. e. paid in full or cancelled). Further, the above personal data shall be processed for a period of 3 years together with the order information (i. e. the orders made, together with supporting evidence).
IV. Issuance and administration of accounting documents
What personal data of yours do we process?
To ensure the proper implementation of tax obligations (i.e. correct issuance and declaration of accounting documents to public authorities) and issue and administer accounting documents (such as VAT invoices, VAT credit invoices) in cases when you use Our services, We process the following personal data of yours:
- Full name.
- Date of birth.
- VAT payer’s code (when the person is registered as a VAT payer).
- Vehicle state number plate.
- Email.
- Service details (type of service; date of service provision (from/to);
- Receipt number (when paying at the cash register); cost of the service/amount paid).
How do we get your data?
- Directly from you, when you provide them to Us in the agreement (on Self-service) and/or under ‘Issue an invoice’ on the Website.
What are your personal data used for?
- All the above data is used for the purpose of correctly issuing accounting documents and declaring the services provided to you to the state authorities.
Who/what can your personal data be transferred to?
- To ensure the proper functioning of the ‘Self-service’ and/or ‘Issue an invoice’ of the Website (which contain the above-mentioned accounting documents), We provide your personal data to the hired data processors, such as IT service providers, etc.
- Data can also be transferred to state institutions – tax authorities (such as the State Tax Inspectorate), consultants; auditors, etc.
We note that your personal data are transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data are not transferred to third countries (i.e. outside the European Union or the European Economic Area) or international organisations.
Under what conditions of lawful processing do we process your personal data?
- After providing you with services and/or receiving payment for the provided services, We must comply with the obligations imposed on Us by legal acts to properly keep the Company’s accounting and store accounting documents, therefore We process your personal data in accordance with Article 6(1)(c) of the Regulation,e. processing of data is necessary in order to fulfil the applicable legal obligation (established in the Law on Value Added Tax of the Republic of Lithuania).
How long do we process/keep your personal data?
- We shall keep the accounting documents issued to you and other related personal data for 10 years from the date of issue of the accounting document.
V. UNIPARK parking service administration, process quality assurance/Asset and infrastructure protection
(Video surveillance of the parking lots)
What personal data of yours do we process?
To ensure quality UNIPARK service and protection of property and/or infrastructure in the parking lots managed by Us, We shall process the following personal data of yours:
- Photo of the vehicle state number plates (e. g. at the time of entry/exit).
- Video (including captured personal images, vehicle state plate numbers, etc.).
- Video technical details (date, duration, etc.).
How do we get your data?
- Directly from you (captured by video cameras) when you visit the territory of the parking lots administered by Us. The fact that the parking lot is filmed with video cameras, i. e. video surveillance is used, will be communicated to you by information signs before entering the monitored area (e.g. at the entrance or other clearly visible places).
What are your personal data used for?
- We use video technical data to make it easier to find the video you need, if necessary.
- We use the video to ensure the quality of the UNIPARK service administration process (such as identifying process/usage breaches, infrastructure and/or system failures) and the protection of Our property and/or infrastructure (such as collecting evidence of property and/or damage and/or theft of infrastructure, breaches of public order and/or law, etc.).
Who/what can your personal data be transferred to?
- To ensure and continuously improve the quality of the UNIPARK service administration process, We can transfer your data to data processors, such as an IT service provider, consultants, etc.
- The data can be transmitted to the owners/partners of the administered parking lots, as well as to the competent authorities and/or law enforcement authorities, such as courts, police or other supervisory authorities; legal and/or debt collection service providers; insurance companies, etc. However, your data shall only be provided if required to do so by applicable law and only in accordance with the law, in order to ensure Our rights, the security of Our customers, employees and resources, and to make, provide and/or defend legal claims.
We note that your personal data are transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data are not transferred to third countries (i.e. outside the European Union or the European Economic Area) or international organisations.
Under what terms and conditions of lawful processing do we process your personal data?
- When providing you with the UNIPARK service, We shall actively supervise the service administration and/or service process in order to ensure quality service provision and protection of property and infrastructure. Therefore, we process your personal data in accordance with Article 6(1)(f) of the Regulation, i.e. processing of data is necessary in order to protect the legitimate interests of the data controller (Stova JSC) to protect its property.
How long do we process/keep your personal data?
- We keep videos and other related personal data for 2 months from the date of recording thereof. At the end of this period, the records shall automatically be deleted.
- Evidence of orders (i. e. photographs of the vehicle state number plates taken at the time of entry and/or exit) shall be processed together with the order information and shall be retained for a period of 3 years from the date of the provision of the service and/or the date of full payment for the service.
- Videos that record the circumstances of a particular event, such as a breach of usage and/or rights; damage and/or theft of property and/or infrastructure; a breach of public order, etc., shall be stored as evidence for a relevant period of time (i.e. the whole period of out-of-court, pre-trial or judicial proceedings).
VI. Direct Marketing
(Sending newsletters, offers or similar messages)
What personal data of yours do we process?
In order to send you general and/or personalised direct marketing communications (such as information about the Company’s products, services, tenders, events, surveys or other news) that you agree to receive, We process the following personal data about you:
- Full name.
- Email.
- Telephone number.
- Information on place of residence (e.g. city).
- Service usage data (e.g., used parking lots, charging stations, etc.).
How do we get your data?
- Directly from you, when you provide them to Us when concluding agreements, registering on the Website under the ‘Self-service’ , in the UNIPARK mobile app and/or other ways. and at the same time you give your consent (e.g. by ticking the box) to process this personal data for direct marketing purposes.
What are your personal data used for?
- We will use your email address and telephone number to send the information at the contact information provided by you about the Company’s goods, services, tenders, events, surveys or other news, i.e. direct marketing communications.
- Name, surname and information on the place of residence will be used by Us to personalise the relevance of the direct marketing communications sent to you based on this information (personalised direct marketing). When personalising marketing, you can be assigned to an appropriate customers’ category (e.g. by city or service usage history) but such assignment/profiling will in no way cause you legal consequences or similar adverse effects.
Who/what can your personal data be transferred to?
- In order to ensure proper and uninterrupted ordering and/or sending of direct marketing communications, We can transfer your data to hired data processors (such as IT service providers, specialised marketing service providers, consultants, etc.).
- The data can also be transferred to the competent authorities and/or law enforcement authorities, such as court, police or other supervisory authorities; legal service providers; insurance companies, etc. However, your data shall only be provided if required to do so by applicable law and only in accordance with the law, in order to ensure Our rights, the security of Our customers, employees and resources, and to make, provide and/or defend legal claims.
We note that your personal data are transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data are not transferred to third countries (i.e. outside the European Union or the European Economic Area) or international organisations.
Under what terms and conditions of lawful processing do we process your personal data?
- By marking your consent to receive direct marketing and/or ordering direct marketing in another way, you express your consent to such processing of personal data. Therefore, We shall process your personal data in accordance with Article 6(1)(a) of the Regulation, i. e. the data subject has consented to the processing of his or her personal data for one or more specific purposes.
- When you become Our client (e.g., by registering in the “Self-service” section of the Website, concluding a contract, and/or registering your account in the UNIPARK mobile app) and for that purpose providing your contact personal data, We have a legitimate interest in using this data for the direct marketing of our goods and/or services (Article 6 (1)(f) of the Regulation, in accordance with the conditions of Article 81 (2) of the Law on Electronic Communications of the Republic of Lithuania).
In addition, We inform you that you can revoke your consent to the Company for the purpose of direct marketing at any time and refuse to receive such communications by notifying about it by email info@unipark.lt or by clicking on the link at the bottom of the newsletter.
How long do we process/keep your personal data?
- We also keep your personal data and will send Direct Marketing communications to you with your consent for as long as this consent is valid but for not longer than 3 years.
- The fact of consent (i.e. information that you have given a consent) will be kept by Us as evidence for 2 years starting with the date of withdrawal of the consent. If necessary, evidence of the consent can be included in other processing purposes provided for in this policy and kept as evidence for an appropriate period of time. It is worth noting that the withdrawal of your consent does not affect the lawfulness of the use of your personal data prior to the withdrawal of the consent.
VII. Improving the Quality of Customer Service and Informing
(Recording telephone conversations)
What personal data of yours do we process?
To make sure you get a due service and be informed or make transactions by telephone, We shall process (record and store) the following personal data of yours:
- Conversation recording.
- Telephone.
- Technical details of the conversation (date, duration, etc.).
How do we get your data?
- Directly from you, when you call Us to the telephone numbers provided to order services, to report any problems or request the information you need. We only record incoming calls, which callers are provided with additional information before the call begins.
What are your personal data used for?
- We use the telephone number and technical details of the call to make it easier to find the call record and identify the caller if necessary.
- We use the call recording to evaluate the quality of telephone service and/or as evidence of a transaction, complaint or other issue.
Who/what can your personal data be transferred to?
- To evaluate and continuously improve Our telephone service, We can provide access to your personal data to Our employees and hired data processors, such as a call centre, IT service provider, consultants, etc.
- The data can also be transferred to the competent authorities and/or law enforcement authorities, such as court, police or other supervisory authorities; legal service providers; insurance companies, etc. However, your data shall only be provided if required to do so by applicable law and only in accordance with the law, in order to ensure Our rights, the security of Our customers, employees and resources, and to make, provide and/or defend legal claims.
We note that your personal data are transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data are not transferred to third countries (i.e. outside the European Union or the European Economic Area) or international organisations.
Under what terms and conditions of lawful processing do we process your personal data?
- If you contact Us by telephone and hear the information that the conversation will be recorded and continue the conversation, you express your consent to such processing of personal data. Therefore, we shall process your personal data in accordance with Article 6(1) (a) of the Regulation, i. e. the data subject has consented to the processing of his or her personal data for one or more specific purposes.
How long do we process/keep your personal data?
- We keep records of your conversation and other relevant personal data for 6 months from the date of the end of the conversation. Interview records that record the circumstances of a particular event, such as the conclusion/termination of an agreement, submission/handling a complaint, etc., shall be included in other processing purposes set forth in this policy and shall be retained as evidence for an appropriate period of time.
VIII. Administration of Requests, Complaints, and Claims
(Handling inquiries)
What personal data of yours data do we process?
In order for us to evaluate and resolve your requests, complaints, claims or other inquiries you make to Us and to make sure that they are reasonable and provide you with an answer and/or to make, enforce or defend legal claims, We process the following data:
- Name.
- Surname.
- Vehicle state number plate.
- Contact details, such as address, email address, and telephone number.
- Description of the complaint or other inquiry.
- Documents supporting the complaint.
How do we get your data?
- Directly from you and/or your representative, when you send us your requests, complaints, claims or other inquiries to the contacts provided by Us, such as address, email, telephone, public space, including social network communication, etc.
What are your personal data used for?
- We use the descriptions of your complaint or other inquiry and the supporting documents to evaluate the circumstances of your inquiry and ensure that they are reasonable.
- We use your name, surname, vehicle state plate number and contact details to identify you (i.e. identify the applicant) and provide you with an answer to your inquiry.
Who/what can your personal data be transferred to?
- To evaluate the circumstances of your complaint or other inquiry and to make sure that it is reasonable, We can transfer your personal data to persons providing legal services (lawyers, bailiffs, consultants, etc.).
- We can also transfer this data to the competent authorities and/or law enforcement authorities, such as courts, police or other supervisory authorities; debt collection service providers; insurance companies, etc. However, your data shall only be provided if required to do so by applicable law and only in accordance with the law, in order to ensure Our rights, the security of Our customers, employees and resources, and to make, provide and/or defend legal claims.
We note that your personal data are transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data are not transferred to third countries (i.e. outside the European Union or the European Economic Area) or international organisations.
Under what terms and conditions of lawful processing do we process your personal data?
- If you submit a complaint, claim or other inquiry regarding possible violation of your rights and/or interests protected by law, We have a legal obligation to examine your inquiry and provide you with an answer. Therefore, we process your personal data in accordance with Article 6(1)(c) of the Regulation, i.e. processing of data is necessary in order to fulfil the applicable legal obligation (established in the Law on Consumer Protection of the Republic of Lithuania).
- By submitting a request, remarks, feedback or other inquiry to Us that does not involve a possible violation of your rights and/or interests protected by law, you express your consent for Us to access and respond to your inquiry. Therefore, We process your personal data in accordance with Article 6(1)(a) of the Regulation, i. e. the data subject has consented to the processing of his or her personal data for one or more specific purposes.
How long do we process/keep your personal data?
- We shall handle complaints, requests, comments, feedback, claims or other inquiries submitted by you the entire period of handling the inquiry and keep it for 3 months from the date of handling thereof (except for communication in the public space). Personal data can be stored for a longer period if the complaint or request, comments, claim, response or other inquiry is not handled or is still pending during that period, and if the personal data is necessary to protect Our or third parties’ legitimate interests, e.g. in the event of a statutory limitation period or a legal dispute. If the complaint has been handled by signing a peace treaty, your personal data shall be stored for 10 years.
IX. Ensuring the Safety of the Company’s Employees and/or Property and Supervision/Control of the Provisions of the UNIPARK Service Terms and Conditions and/or Traffic Rules
(Video surveillance (with sound) in parking lots and/or areas)
What personal data of yours do we process?
In order to ensure high-quality supervision/control of the UNIPARK service and/or traffic rules, as well as security of the Company’s employees and/or property (by preventing disputes or other incidents and at the same time helping to maintain public order), in the parking lots and/or supervised areas administered by Us, We shall process the following personal data of yours:
- Videos (including captured personal images, vehicle state plate numbers, etc.).
- Audios (including recorded surrounding sounds and nearby conversations).
- Video and audio technical details (date, duration, etc.).
How do we get your data?
- The Company’s employees/controllers supervising/controlling the UNIPARK service Terms and Conditions and/or traffic rules, during their working hours/shifts have a portable digital video camera (with sound recording function) pinned in work clothes. Therefore, recorded videos (with sound) are received directly from you when you visit the territory of Our administered parking lots and/or supervised areas and communicate with Our employees/controllers.
- You will be informed/warned by information signs on the employee’s/worker’s work clothes that you are being filmed with sound cameras (i.e. that the employee/controller is performing video surveillance).
What are your personal data used for?
- We use video and audio technical data to make it easier to find the video (with sound) you need, if necessary.
- We use videos (with sound) to ensure the supervision/control of the UNIPARK service Terms and Conditions and/or traffic rules, such as collecting evidence of breaches of public order and/or law, breaches of rules, conflicts, etc., and ensure the protection of Our employees/controllers and/or property (by preventing disputes or other incidents and at the same time helping to maintain public order).
- In case of grounds, such as breach of public order and/or legal acts, violation of rules, disputes/conflicts, etc., we can use the collected video (with sound) data to represent and/or defend the Company’s and/or workers’ rights and legitimate interests.
Who/what can your personal data be transferred to?
- In order to ensure the processing and security of videos (with sound), we can transfer this data to the hired data processors, such as IT service providers, consultants, etc.
- The data can be transferred to the competent authorities and/or law enforcement authorities, such as courts, police or other supervisory authorities; legal and/or debt collection service providers; insurance companies, etc. However, your data shall be provided only if required by applicable law and only in accordance with the law, in order to ensure the legitimate interests of the Company, the security of the Company’s employees and/or resources, and to make and/or defend legal claims.
We note that your personal data are transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data are not transferred to third countries (i.e. outside the European Union or the European Economic Area) or international organisations.
Under what terms and conditions of lawful processing do we process your personal data?
- When supervising/controlling the UNIPARK service Terms and Conditions and/or traffic rules, We have an active duty to ensure proper working conditions of the Company’s employees/controllers and to ensure a safe environment (prevention of disputes or other incidents). Therefore, we process these personal data in accordance with Article 6(1)(f) of the Regulation, i.e. processing of data is necessary in order to protect the legitimate interests of the data controller (Stova JSC) to protect its employees and/or property.
How long do we process/keep your personal data?
- We keep videos (with sound) and other related personal data for a maximum of two days from the date of recording thereof. At the end of this period, the records shall automatically be deleted. Videos that capture the circumstances of a particular event, such as breach of rules, public order and/or law, a crime or other illegal acts) shall be kept as evidence for a relevant period of time (i.e. the whole period of out-of-court, pre-trial or judicial investigation/dispute resolution).
X. Increasing Representation and Awareness in the Public Space
(Communication on social networks)
In order to properly represent the Company and increase Our awareness in the public space, the Company administers the following accounts for social purposes:
@uniparklt, at: https://www.facebook.com/uniparklt/.
unipark-lt, adresu: https://www.linkedin.com/company/unipark-lt/.
What personal data of yours do we process?
In order to communicate with you on social networks, We process the following personal data of yours:
- Name and surname (title).
- Information about communication in the account (‘Like’, ‘Follow’, ‘Comment’, ‘Share’, etc.).
- Photos (of the profile and/or in which the Company is marked).
- Message received.
- Information about the message (time of receipt of the message, message content, message attachments, correspondence history, etc.).
- Information on participation in events and/or games organised by the Company (participation, non-participation, interest, compliance with the rules of the game, etc.).
- Information about the Company’s evaluation (evaluation score, feedback, etc.).
How do we get your data?
- Directly from you (on your social network account) when you communicate with Us and/or visit social network accounts administered by Us.
What are your personal data used for?
- All the above-mentioned personal data of you are used for mutual communication in the public space, i. e. on social networks.
Who/what can your personal data be transferred to?
- In order to ensure a proper representation of the company in the public space and to constantly communicate with you, we can transfer your data to data processors, such as advertising agencies, consultants, etc.
- The data can also be transferred to the competent authorities and/or law enforcement authorities, such as court, police or other supervisory authorities; legal service providers; insurance companies, etc. However, your data shall only be provided if required to do so by applicable law and only in accordance with the law, in order to ensure Our rights, the security of Our customers, employees and resources, and to make, provide and/or defend legal claims.
- We note that your personal data are transferred only to those third parties who ensure appropriate Terms and Conditions for the processing and protection of personal data. Your personal data are not transferred to third countries (i.e. outside the European Union or the European Economic Area) or international organisations.
Please note that personal data provided on social networks is processed jointly with the social network manager (i.e. on Facebook and/or LinkedIn platforms). Therefore, for more information, we offer to read the social network manager’s privacy policies.
Under what terms and conditions of lawful processing do we process your personal data?
- By communicating with Us and/or visiting accounts administered by Us, you consent to us being able to access and respond to your communications. Therefore, We process your personal data in accordance with Article 6(1)(a) of the Regulation, i. e. the data subject has consented to the processing of his or her personal data for one or more specific purposes.
How long do we process/keep your personal data?
- We process the personal data provided by you until the moment of revocation of your consent (i.e. deletion of the provided personal data from the account) but not longer than until the deletion of the Company’s account. Please note that personal data shall be processed only on the platform of the social network manager. Thus, the exact terms and conditions of processing are determined by the platform manager.
- In the event of unauthorised communication, such as defamation, diminishing of the Company’s reputation, etc., We can retain this communication as evidence for a relevant period of time to defend our violated rights or legitimate interests (i.e. the entire period of out-of-court, pre-trial or litigation).
What rights do you have and how can you exercise them?
Data subjects whose personal data we process have the right to:
- Request and access their personal data, as well as obtain a copy thereof.
- Request the correction or restriction of inaccurate or incomplete personal data.
- Request the deletion or restriction of redundant or unlawfully processed personal data.
- Not to consent to the processing of his or her personal data.
- Request the transfer of their personal data provided in a structured computer-readable format.
- The right to withdraw their consents at any time when the processing of data is based on the consent of the data subject (pursuant to Article 6 (1)(a)). Withdrawal of the data subject’s consent shall not affect the lawfulness of the processing prior to the withdrawal of the consent.
- File a complaint to the State Data Protection Inspectorate (ada@ada.lt).
The Company does not apply making decisions based only on automated data processing, including profiling, which could have legal consequences or similar significant effects on you in a similar way.
The data subject can exercise his or her rights by submitting a written request to the Company/an employee of the Company in person, by post, through a representative or by electronic means of communication – by email: info@unipark.lt, in writing – at Konstitucijos pr. 29, 08105 Vilnius.
Upon request, the data subject must prove his or her identity in one of the following ways:
- By submitting a request to an employee of the Company, together with a valid identity document.
- By submitting a request by post or courier, together with a copy of a valid identity document certified in accordance with the procedure established by legal acts.
- By submitting a request electronically, confirming it by electronic means of communication that allow proper identification of the person (e.g. mobile signature, qualified e-signature, etc.).
Upon receipt of your request for the exercise of the data subjects’ rights, immediately but not later than within 1 month from the date of the request We will provide you with an answer. This period can, if necessary, be extended for a month more depending on the complexity and the number of requests. You will be additionally notified of such an extension within one month. The information you request shall be provided free of charge. However, if we see that your requests are apparently unreasonable or disproportionate, in particular due to their repetitive content, We have the right to charge a reasonable fee for this (i.e. to claim administrative costs) or refuse to act on such request from the data subject.
The answer will be provided in the manner chosen in your request. If you do not specify in the request the manner in which you wish to receive an answer, it shall be sent to you in the same manner as the request was submitted.
What are your duties and responsibilities?
You are responsible for the accuracy, correctness, and completeness of the personal data you provide. Therefore, in the event of a change in your personal data (which is necessary to achieve the above objectives), you have an obligation to immediately notify the Company of the change in your personal data.
By submitting your personal data, you assume full responsibility for the lawfulness of the submission of your personal data and are liable for any losses incurred by Us and/or third parties that can result from any unlawful processing of such personal data.
How do We protect your personal data?
When processing your personal data, We use relevant organisational and technical measures to protect your personal data from accidental or unlawful disclosure, destruction, alteration or other unlawful actions. These measures are selected taking into account the risks to the rights and freedoms of you as the data subject.
In this case, We ensure strict access control to the processed personal data, therefore we grant access to them only to those employees who need your personal data to perform work functions and monitor the use of the provided access. Access to personal data is ensured through passwords of the appropriate level and confidentiality agreements with individuals who access your personal data.
Please note that all employees of the Company who have access to your personal data have familiarised themselves with personal data protection requirements and ensure the confidentiality of personal data processed.
Who should you apply to, if you still have any questions?
Should you have any questions, please contact Us, Our Data Protection Officer, at the email: info@unipark.lt or call the Company by telephone +370 700 77877.