top of page
EEA_grants_4x-1024x718.png

UAB “Nando” Personal Data Processing Rules and Cookie Usage Information


UAB “Nando” ensures that personal data is processed lawfully, fairly, and transparently, collected only for the purposes defined in this policy, and not further processed in ways incompatible with those purposes.
By applying organizational and technical measures, UAB “Nando” guarantees appropriate security of personal data, including protection against unauthorized or unlawful processing, as well as accidental loss, destruction, or damage.
 
MAIN DEFINITIONS


Privacy Policy – these personal data processing rules and cookie usage information, published on the website www.nando.lt.


Website – the website at www.nando.lt, where visitors may provide consent for their personal data to be processed for direct marketing purposes.


Data Controller – a legal or natural person who, alone or jointly with others, determines the purposes and means of processing personal data. In this Privacy Policy, the Data Controller is UAB “Nando”, legal entity code: 300594552, registered office: Europos pr. 39, 46329 Kaunas, Lithuania. Contact details: info@nando.lt, tel. +370 37 441891.


Data Subject – a client or website visitor whose personal data is processed by the Data Controller for the purposes of direct marketing, inquiry administration, or loyalty program administration.


Data Processor – a natural or legal person who assists the Data Controller in achieving the specified purposes according to its authorizations.


Personal Data – any data relating to an identified or identifiable natural person, processed by the Data Controller, including but not limited to: name, surname, email address, phone number, etc.


Data Processing – any operation performed on personal data: collection, recording, accumulation, storage, alteration (addition or correction), provision, use, destruction, or any other action or set of actions.


Direct Marketing – activities carried out by mail, telephone, or other direct means to offer goods or services, propose promotional discounts, and/or request opinions regarding the offered goods or services.


Consent – a freely given action by the Data Subject, confirming their agreement to the processing of personal data.


Supervisory Authority – the State Data Protection Inspectorate of the Republic of Lithuania.
 
PROCEDURE FOR COLLECTING, STORING, AND USING PERSONAL DATA


The Data Subject agrees that, for direct marketing, provision of information, or trial product dispatch purposes, the Data Controller may process the following personal data:

  • Name, surname
     

  • Phone number
     

  • Email address
     

  • IP address
     

  • Delivery address
     

  • Parcel locker address
     

Such personal data is stored for 5 (five) calendar years.


The Data Subject is informed that consent to process their personal data for direct marketing may be withdrawn at any time by submitting a request to the Data Controller via info@nando.lt from the same email address provided in the consent form.


The Data Subject is also informed that, for sending trial products or other direct marketing materials, the Data Controller engages data processors – courier companies:

  • UAB “Nėgė”, legal code 149872578, Europos pr. 83, LT-46333 Kaunas
     

  • AB Lietuvos paštas, legal code 121215587, J. Jasinskio g. 16, 03500 Vilnius
     

For inquiry administration purposes, when a request is submitted by email, the Data Controller processes the following personal data:

  • Name, surname
     

  • Email address
     

  • Comment/request
     

Such data is not disclosed to third parties and is stored for 2 (two) calendar years from submission. Consent may be withdrawn by submitting a request to info@nando.lt from the same email address used for the inquiry.


For newsletter and direct marketing purposes, the Data Controller processes:

  • Phone number
     

  • Email address
     

This data is stored for 2 (two) calendar years from submission. Consent may be withdrawn at any time by notifying the Data Controller via info@nando.lt from the same email address used when subscribing or receiving the communication.


For this purpose, the Data Controller engages:

  • UAB “Kokosas”, legal code 303559108, Maironio g. 6-1, Kaunas – newsletter distribution service provider.
     

The Data Controller confirms that personal data is collected only directly from the Data Subject, not from other sources.


Personal data is not disclosed to third parties, except in the following cases:

  • With the Data Subject’s consent
     

  • To processors providing delivery or other ordered services
     

  • To law enforcement authorities as required by law
     

  • When necessary to prevent or investigate criminal activity
     

EXERCISING DATA SUBJECT RIGHTS


The Data Subject grants the Data Controller the right to collect, manage, process, and store personal data to the extent and for the purposes set out in this Privacy Policy.


Consent may be withdrawn at any time, especially for direct marketing purposes, without justification. Upon receiving such a request, the Data Controller immediately ceases processing and deletes the related personal data, unless there is a lawful basis to retain it (e.g., state security, public order, criminal investigation, protection of significant economic or financial interests, or protection of others’ rights and freedoms).


By properly identifying themselves (name, surname, email), the Data Subject has the right to access their personal data by submitting a written request to:

  1. By mail or in person: Europos pr. 39, 46329 Kaunas

  2. By email: sandra@nando.lt (from the same email address registered with the Controller).

     

If another person seeks access, a notarized authorization must be provided; lawyers must provide a power of attorney and specify the purpose.


The Data Controller responds to requests within 30 calendar days, free of charge, confirming whether data is processed and, if so, which data and to whom it has been disclosed within the last year.


If the Data Subject finds their data inaccurate, incomplete, or processed unlawfully, they may request correction or deletion. Verified requests must be fulfilled immediately, no later than within 5 business days, with written confirmation.


The Data Subject has the “right to be forgotten” – all related personal data will be deleted if no longer required, if consent is withdrawn, or if processing violates legal requirements.
The Data Subject may also lodge a complaint with the Supervisory Authority if they believe their rights have been violated.
 
DATA PROTECTION RISK FACTORS AND SAFEGUARDS


To ensure proper protection of personal data, the Data Controller applies:


Organizational measures:

  • Work organization that ensures secure handling and archiving of data/documents
     

  • Access granted only to employees who need it for their duties, having signed confidentiality agreements
     

Technical measures:

  • Processors (service providers) act only under the Controller’s authorization
     

  • Personal data is secured against loss, unauthorized use, and alterations
     

  • Internet connection is encrypted; the website uses HTTPS protocol
     

  • Computers protected with anti-virus software and firewalls


USE OF COOKIES


Cookies are used on www.nando.lt for statistical purposes: measuring traffic and content popularity. Such processing does not allow direct or indirect identification of website visitors.


Visitors may delete or block cookies in their browser, but some website functionality may not work properly as a result.
 
FINAL PROVISIONS


This Privacy Policy is reviewed every 2 (two) years and updated as necessary.
This Privacy Policy is effective as of February 1, 2018.

bottom of page