RULES FOR PROCESSING PERSONAL DATA OF EMPLOYEES AND CUSTOMERS

The Rules for the Processing of Personal Data of Employees and Customers (hereinafter referred to as the Rules) regulate the principles of collection, use and storage of personal data of employees and customers, determine the purposes and means of processing personal data of employees and customers; data.

DEFINITIONS

Responsible person – a natural or legal person under a service or other contract, except for an employment contract, appointed by the company to process the personal data of Employees / customers;

Company – ”ORIVAS” UAB, 125513093

Other terms used in these Rules shall be understood as they are defined in the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data. The key concepts are:

• Personal data – any information relating to a natural person, a data subject whose identity is known or can be identified directly or indirectly by means of data such as a personal code, one or more physical, physiological, psychological, economic, cultural or signs of a social nature.

• ” Processing of data ” shall mean any operation carried out on personal data: collection, recording, storage, storage, classification, grouping, aggregation, modification (addition or correction), provision, publication, use, logical and / or arithmetic operations, retrieval, dissemination, destruction or other action or set of actions.
• Third party – a legal or natural person, except for the data subject, the data controller, the data processor and persons who are directly authorized by the data controller or data processor to process the data.

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA OF EMPLOYEES AND CLIENTS

The Company follows the following principles when processing the personal data of Employees / customers:

1. The personal data of employees / customers are processed only for the legitimate purposes defined in these Rules;
2. Employees ‘/ customers’ personal data is processed accurately, fairly and lawfully in accordance with legal requirements;
3. The Company processes the personal data of Employees / customers only to the extent necessary to achieve the purposes of processing personal data of Employees / customers;
4. The personal data of employees / customers shall be stored in such a way that the data subjects can be identified for no longer than is necessary for the purposes for which the data were collected and processed;
5. Personal data is processed accurately, fairly and lawfully.
6. The Company processes the personal data of Employees / Customers in such a way that personal data is constantly accurate and is constantly updated in the event of a change;

PURPOSES OF THE PROCESSING OF PERSONAL DATA OF EMPLOYEES AND CLIENTS

Details of the processing of customers’ personal data are provided to customers in a separate consent.
The main personal data processed:
Customer: name, surname, personal identification number, telephone number and more.
Employee: nutrition data, residential address, health information. Information is collected for the conclusion of an employment contract and for the performance of employment functions.
Personal data of employees is processed for the following purposes:

1. Conclusion, execution and accounting of employment contracts;
2. The duty of the company as an employer, established by law, for proper performance;
3. To maintain proper communication with employees outside working hours;
4. To ensure decent working conditions;
5. For the purposes of concluding, executing and accounting employment contracts, the employee’s names, addresses of residence, dates of birth / personal identification numbers, bank account numbers to which wages are paid may be requested, and a social security number or identity card number may be requested.

The company ‘s obligation as an employer is laid down in legislation (payroll, holiday pay) etc.), information on the worker’s marital status is processed for the purpose of proper enforcement.

For the purpose of proper communication with employees outside working hours, the addresses of the employees’ place of residence and personal telephone numbers are processed.

For the purpose of ensuring suitable working conditions, the employer shall, with the consent of the employee, process information related to the employee’s state of health, which directly affects the employee’s work functions and the ability to perform them in accordance with the procedure established by legal acts.

Personal data of employees shall be stored only to the extent and for the time necessary to achieve the specified purposes.

COLLECTION AND PROCESSING OF PERSONAL DATA OF EMPLOYEES AND CLIENTS

Details of the processing and collection of customers’ personal data are provided to customers in a separate consent.

The identification information of the newly hired employee, such as name, surname, personal identification number / date of birth, is collected from the identity document provided by the employee.

1. The identification information of the newly hired employee, such as name, surname, personal identification number / date of birth, is collected from the identity document provided by the employee.
2. Only those persons who need it have the right to process the personal data of the employee
   functions and only where this is necessary to achieve the relevant objectives.

This Procedure sets out the employees (their positions) and the Responsible Persons (by separate agreement) who have the right to process the employee’s personal data.

1. Employees who have the authority approved by the head of the company have the right to process the employee’s personal data.
2. Employee data is stored: stored on the company’s server, binders, company archive. The data is stored for 50 years after the end of the employment contract. All data is protected from unauthorized access.
3. Employees or other responsible persons authorized to process an employee’s personal data shall respect the confidentiality and confidentiality of any information relating to personal data which they have obtained in the course of their duties, unless such information is
   public in accordance with the provisions of applicable laws or regulations. The obligation to maintain the confidentiality of personal data shall also apply after the transfer to another position or after the termination of the employment or contractual relationship.
4. The personal data of employees, which are relevant in the texts of the document (contracts, orders, requests, etc.), are stored in accordance with the terms specified in the General Index of Document Storage Terms approved by the Order of the Chief Archivist of Lithuania. Other personal data of employees and former employees shall be stored for no longer than is necessary to achieve the purposes provided for in this Procedure. The terms of storage of personal data of individual employees are set by the Head of the Company.

RIGHTS OF THE DATA SUBJECT

The company shall appoint a responsible person who shall ensure that the rights of the employee and the customer as a data subject are safeguarded, properly enforced and that all information is provided in a proper, timely and form acceptable to the employees.

Rights of the employee and the client as data subjects and measures for their implementation:

1. Be aware of the collection of your personal data. When collecting personal data of an employee or customer, the company must inform these persons what personal data the employee / customer must provide, the purpose for which the relevant data is collected, to whom and for what purpose it may be provided and the consequences of not providing personal data. Simplified information is provided in the Employee / Client Consents. The employee and the customer have the right to access their personal data, to demand the correction, correction or addition of incorrect or incomplete personal data. The employee / customer may also object to the processing of certain optional personal data.
2. Access to your personal data and how they are processed. The employee / customer has the right to contact the Company with a request for information on what and for what purpose his / her personal data is processed. Once a year, this information is provided to the employee / customer free of charge. If the Employee / Customer applies for the provision of such information more than once a year, the fee for the provision of such information may not exceed the cost of providing such information.
3. Require the rectification, destruction of your personal data or the suspension of the processing of your personal data.
4. Do not consent to the processing of personal data. The employee / customer has the right to object to the processing of certain optional personal data. Such disagreement may be expressed by not completing certain sections of the questionnaire or other document to be completed, as well as by subsequently requesting the termination of the processing of personal data which is not being processed on a voluntary basis. The company provides written information on what personal data is processed on an optional basis. Upon receipt of a request to terminate the processing of optional personal data, the company shall immediately terminate such processing, unless it is contrary to the requirements of legal acts and informs the employee / customer thereof.

MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA

1. Access rights to personal data and authorizations to process personal data shall be granted, deleted and changed by order of the head of the company.
2. When protecting personal data, the company shall implement and ensure appropriate organizational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.
3. The company ensures proper storage of documents and data files, takes measures to prevent accidental or unlawful destruction, alteration, disclosure of personal data, as well as any other unlawful processing. Copies of documents containing the employee’s personal data must be destroyed in such a way that their contents cannot be reproduced and identified.
4. The Company shall have the right to access personal data only to those persons who have been authorized to access such data and only if it is necessary to achieve the purposes provided for in these Rules.
5. The company ensures the security of the premises where personal data is stored, proper layout and review of technical equipment, compliance with fire safety rules, proper network management, maintenance of information systems and other technical measures necessary to ensure the protection of personal data.

The Company shall take measures to prevent the accidental or unlawful destruction, alteration, disclosure of personal Data, as well as any other unlawful processing, by keeping the documents and data files entrusted to it properly and securely.

If the data controller or other responsible person has any doubts about the reliability of the security measures in place, he / she should contact his / her immediate supervisor to assess the security measures available and initiate the purchase and implementation of additional measures.

Employees or other responsible persons who automatically process personal data or from which computers can access areas of the local network where personal data is stored use the passwords assigned to them. Passwords are changed due to certain circumstances (eg change of employee, threat of burglary, suspicion that the password has become known to third parties, etc.).

An employee working on a specific computer and accessing personal data can only know their password. Passwords are stored in a safe or other secure location and are used only when absolutely necessary.

No personal data breaches are identified (the company will take immediate action to prevent unauthorized processing of personal data).

Continuation of these Rules, taking into account the seriousness of the violation, when the employee did not comply with them, may be considered a violation of work duties, for which the employees may be liable under the Labor Code of the Republic of Lithuania.

FINAL PROVISIONS

1. These Rules are reviewed and updated in the light of changes in the legislation governing the processing of personal data.
2. Employees and other responsible persons are acquainted with these Rules by signing or by electronic means and must comply with the obligations set out in them and follow the principles set out in these Rules when performing their work functions. Upon the Client’s request, they are given the opportunity to get acquainted with these Rules.
3. The Company reserves the right to amend these Rules in whole or in part. Employees and other responsible persons are informed of the changes by signature or electronic means.