fbpx

We Ride Together, UABprivacy policy

General Provisions

This Privacy Policy (hereinafter referred to as the “Privacy Policy”) contains information about how Together, UAB, legal entity code 305728083, registered office address Gedimino pr. 2-6, LT-01103 Vilnius (hereinafter referred to as the “Company”) handles personal data.

The provisions of the Privacy Policy apply to natural persons whose data are processed by the Company:

  • Customers (including employees and/or representatives of legal entities to which the Company provides its services) who use, have used, have expressed their intention to use or are in any other way related to the services provided by the Company (hereinafter referred to as “Customers“);
  • individuals who contact the Company by submitting requests, requirements directly or by means of remote communication, including by telephone or e-mail.
  • persons who visit the Company’s websites, etc.

Terms

The terms and abbreviations used in this Privacy Policy shall have the following meanings:

  • Personal Data – any information relating to an identifiable individual, whether directly or indirectly, (e.g., first name, last name, contact details, etc.).
  • Data Subject – a natural person (data subject) whose data is processed (e.g. customers of the Company, persons who contact the Company by submitting requests, claims, users of the Company’s website, self-service website and other portals/pages operated by the Company etc.
  • Data Processing – any action performed on Personal Data (e.g. collection, recording, storage, access, transfer, etc.).
  • Services – any goods and services provided by the Company.
  • Supervisory Authority – the State Inspectorate for Data Protection.

Other terms used in the Privacy Policy shall be understood in the manner as defined in the legal acts regulating the protection of personal data (the General Data Protection Regulation (EU) 2016/679 (the Regulation), the Personal Data Protection Law of the Republic of Lithuania, and other).

Purposes and legal grounds for processing of Personal Data

The Company shall process Personal Data only for specific purposes, in accordance with the legal grounds set out in the legal acts:

  • On the basis of the performance of the Contract, when processing of the Personal Data is necessary for entering into and/or performing the Company’s obligations to the Client under the Contract.
  • On the basis of a legal requirement, where the Company is obliged to process your personal data, e.g. for tax accounting purposes, for the purpose of providing personal data to public authorities, etc.
  • On the basis of a legal basis of consent, where you give your explicit consent to the processing of your personal data for one or more specific purposes, e.g. processing of personal data of candidates for job positions, sending of marketing communications, etc.
  • Legal interest basis, where personal data is processed for the purposes of the Company’s legitimate interest, e.g. video surveillance to ensure the protection of the property and/or objects under its control, customers using the Company’s services.

The main purposes for which the Company processes Personal Data are:

  • Provision of services, conclusion and performance of contracts. The Company processes Personal Data in order to ensure the proper conclusion and performance of contracts with customers, the provision of services or goods to customers on the basis of contracts, including the proper provision of information to the customer on matters relating to the goods, services and the contract, in accordance with the contract or as required by the law.
  • Drafting of commercial offers. The Company processes Personal Data with the consent of the Customer in order to provide the Customer with a commercial offer and related information in relation to the service the Customer wishes to purchase.
  • Debt Management. In the event of a debt, the Company processes Personal Data relating to the debt and carries out collection actions on the basis of the contract, legal requirements and legitimate interest.
  • Resolution of queries raised. The Company shall process Personal Data in connection with the handling and resolution of Submitted Issues, Complaints on the basis of contract, consent or legal requirements.
  • Direct Marketing and Customer Experience. The Company may process Personal Data (name, surname, email address, email interaction information) for the purpose of providing offers and news about the Services provided, information about events taking place, and enquiries about the quality of the Services provided. These data are processed and information is sent to the Individual only if the Individual has provided consent for direct marketing.
  • Credit and risk assessment. With the consent of the Customer, the Company may process Personal Data in order to assess credit risk and to determine which Services it can offer to the Customer and under what conditions.
  • Security of persons and objects. The Company may carry out video surveillance, access control, automatic scanning of car license plates on the basis of the Company’s legitimate interest in order to ensure the security of its employees, its property and objects, as well as of Customers using the Company’s services.
  • Searching for and selecting candidates for employment. The Company processes, on the basis of consent, the identity and contact data of candidates, as well as data relating to the qualifications, professional skills and business qualities of candidates.
  • Other purposes. The Company may also process Personal Data for other purposes if it has obtained the individual’s consent and/or in order to comply with legal requirements and on the basis of the Company’s legitimate interest.

In all of the above cases, the Company shall process Personal Data only to the extent necessary to achieve the relevant clearly defined and legitimate purposes in accordance with the requirements of the protection of personal data.

Scope (categories)

The main categories of Personal Data and the data processed by the Company for the purposes and on the legal grounds listed above are:

  • Personality or Identification Data – name, surname, personal identification number, date of birth etc.
  • Contact Data – address, telephone number, e-mail address etc.
  • Data relating to the provision of Services, conclusion and performance of contracts – contract data.
  • Payment data – amounts due to the Company, outstanding debts, payment history, etc.
  • Data relating to credit and risk assessment – information about liabilities and debts owed to third parties, where the Company assesses the customer’s solvency before it starts providing services to the customer.
  • Data on video surveillance, access control, automatic scanning of car license plates, captured to ensure the security of the property and/or objects under management, as well as the security of the Clients using the Company’s services.
  • Page data – information on the behaviour of visitors on the Company’s website or self-service, etc. More detailed information about the use of cookies can be found in the bangaramppark.lt function “view site information” on the Company’s website, but not in this Policy.
  • Other data processed by the Company in accordance with the legal basis established by law.

Provision of Personal Data

The Company may, in accordance with the requirements of the law, transfer the Personal Data it processes to the following categories of recipients of the data:

  • Service providers. The Company may transfer the Personal Data processed to third parties acting on behalf of and/or at the direction of the Company who provide customer support, software maintenance, accounting, mailing and other services to the Company in order to ensure the proper provision, management and development of the Company Services. In such cases, the Company shall take the necessary measures to ensure that the service providers (data processors) used process the Personal Data provided only for the purposes for which it was provided, ensuring appropriate technical and organisational security measures, in accordance with the Company’s instructions and the requirements of the applicable legislation.
  • Government, law enforcement and regulatory authorities. The Company may provide the Personal Data processed by it to governmental or law enforcement authorities (e.g. police, etc.), supervisory authorities, where required to do so by applicable law or in order to safeguard the legitimate interests of the Company or of third parties.
  • Persons/companies carrying out the debt collection process, maintaining joint databases. In the event of the Client’s failure to duly and timely make payments due under the Contract, the Company shall have the right to provide the Client’s personal data to controllers maintaining joint debtor data files, debt management and collection companies, courts, notaries, bailiffs, after 30 calendar days’ notice by post or e-mail.
  • Other third parties. The Company may provide Personal Data to other recipients in accordance with the lawful grounds defined by law.

Generally, the Company stores Customer Data within the territory of the European Union or the European Economic Area (EU/EEA). Should there be cases where Customer Data should be transferred outside the EU/EEA, this shall only be done if at least one of the following conditions is met:

  • The European Commission has recognised that the country to which the data is transferred ensures an adequate level of protection of personal data;
  • A data processing contract has been concluded in accordance with the standard terms and conditions approved by the European Commission;
  • Codes of conduct are followed, and other safeguards in accordance with the Regulation are in force.

Data retention

The Company shall not process Personal Data for longer than required by the stated purposes of the processing or by the applicable legislation, if the latter provides for a longer retention period.

The Company shall apply criteria for determining the data retention period which are in line with the obligations laid down in the legislation, taking into account also the rights of the individual, e.g. by providing for a data retention period within which claims relating to the performance of the contract may be made, if any, etc.

You can obtain more detailed information on the retention periods for the relevant categories of data by contacting the Data Controller We Ride Together, UAB, legal entity code 305728083, registered office address Gedimino pr. 2-6, LT-01103 Vilnius; e-mail. ride@bangaramppark.lt

Security Measures

The Company ensures the confidentiality of Personal Data in accordance with the requirements of the applicable legislation and the implementation of appropriate technical and organizational measures to protect Personal Data against unauthorized access, disclosure, accidental loss, alteration or destruction or other unlawful processing.

Personal Rights

A person who contacts the Company has the right to:

  • To have access to his/her Personal Data processed by the Company;
  • To request the rectification of his/her Personal Data that are incorrect, incomplete or inaccurate;
  • To request the destruction of Personal Data or the suspension of the processing of the Personal Data, if this is carried out in violation of the requirements of legal acts, or if the Personal Data are no longer necessary for the achievement of the purposes for which they have been collected or otherwise processed (with the exception of the storage, if required by the legal acts);
  • To receive Personal Data concerning him or her which he or she has provided in a structured electronic format in common use;
  • To object to the processing of his or her Personal Data and/or, where Personal Data is processed on the basis of consent, to withdraw his or her consent to processing of his or her Personal Data at any time, without prejudice to the lawfulness of the processing on the basis of the consent prior to the withdrawal of consent. You may withdraw your consent to direct marketing by:
  • emailing ride@bangaramppark.lt
  • to We Ride Together, UAB, Gedimino pr. 2-6, LT-01103 Vilnius;
  • Submitting a complaint regarding the processing of Personal Data to the Supervisory Authority.

Enforcement of the rights of individuals

Persons may apply to the following authorities regarding the processing of personal data by the Company:

  • Mail: We Ride Together, UAB, Gedimino pr. 2-6, LT-01103 Vilnius;
  • by contacting ride@bangaramppark.lt
  • directly at the Company’s Service Delivery Points.

In order to exercise his/her rights pursuant to the Regulation, a person must submit a request to the Company in person, by mail, by a representative, or by means of electronic communications.

The person submitting the request must verify his or her identity:

  • if the request is made in person to an employee, the person must provide proof of identity;
  • if the request is made by post, the request must be accompanied by a copy of the proof of identity certified by a qualified electronic signature;
  • if the application is submitted through a representative, the representative shall indicate his/her name, address and contact details for communication with which the person’s representative wishes to receive the reply, as well as the name and personal identification number of the represented person, and shall provide a copy of the representative’s identity document, certified by a qualified electronic signature, and of the document proving the representation, or a copy of the representation certified by a legal authority;
  • if the application is submitted by electronic means, the application must be signed with a qualified electronic signature or made by electronic means which ensure the integrity and the unalterability of the text.

The undertaking may refuse to act on a person’s request if the person’s request is manifestly unfounded or disproportionate.

The undertaking shall provide the person with a reply within one month of receipt of the request at the latest, which shall contain information on the action taken in response to the request, in accordance with Article 15 to 22 of the Regulation. That period may be extended by a further two months, if necessary, depending on the complexity of the request and the number of requests handled. The company shall inform the person of the extension of the time limit for examining the request within one month of receipt of the request, stating the reasons for the extension.

Duties of Individuals

Persons, by submitting their personal data to the Company, confirm that they are duly acquainted with the terms and conditions of processing of their personal data as set out in the present Privacy Policy, do not object to the Company’s processing of the personal data provided by the persons, the data and information provided by the persons are accurate and truthful, and the Company is not liable for the submission of redundant data and the processing if the person submits such data to the Company through negligence.

The person undertakes to inform the Company of any changes in the data provided or other relevant information.

Validity and amendments to the Privacy Policy

This Privacy Policy contains the main provisions for the processing of personal data. Additional information about the Company’s processing of personal data can be found in the Company’s contracts, other internal documents of the Company.

In the event of changes in legal requirements and/or changes in the Company’s business processes, services, etc., the Company has the right to unilaterally review and update this Privacy Policy. The Company will inform about the changes to the Privacy Policy by posting it on the Company’s website.

Date of last update of the Privacy Policy: 2024-07-xx

Let's ride

Subscribe to our newsletter and get 10% off your first visit to the park.

Special offers, discounts, news and information about events are also available.