Privacy policy

PURPOSE OF THE PRIVACY POLICY
1.1. This Privacy Policy sets out the terms and conditions for the processing of Users' Personal Data when using the Website. By submitting their Personal Data, Users also consent to the Data Controller collecting, storing, using and disclosing their Personal Data in accordance with the procedures set out in this Privacy Policy.
1.2. These rules apply to the User each time he/she accesses the Website and/or purchases goods or services from the Data Controller.
1.3. The Data Controller shall ensure the confidentiality of Personal Data and shall take appropriate technical and organisational measures to protect Users' Data against unauthorised access, disclosure, loss, modification or destruction, or other unauthorised processing of Data.
1.4. The provisions contained in this Privacy Policy have been prepared and Personal Data on this Website is processed in accordance with the requirements of the legislation of the Republic of Lithuania and the Regulation.

TERMS USED
2.1. In this Privacy Policy, the following terms are used to mean:
2.1.1. "Personal Data" or "Data" means any information about an identified or identifiable natural person (the "Data Subject").
2.1.2. "Processing" means any operation or sequence of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, alignment with or combination with other data, restriction, erasure or destruction.
2.1.3. "Data Controller" is UAB Mazon Home, e-mail address: hello@bohemehouse.lt, company code: 305888757, VAT tax code: LT100014345513, address: Muitinės g. 9-2, Kaunas, Lithuania, - the person who determines the purposes and means of the processing of the Data subjects' Data.
2.1.4. "Website" means the website operated by the Data Controller, whose address is www.bohemehouse.lt.
2.1.5. "Privacy Policy" means this Privacy Policy, which sets out the basic rules for the collection, collection, processing and storage of Personal Data by the Data Controller, applicable to Users using the Website.

2.1.6 "Regulation" means Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which entered into force in the European Union on 25 May 2018, and repeals Directive 95/46/EC.
2.1.7. "Cookies" are small text documents with a unique identification number that are transmitted from the Website to the hard drive of the User's computer to enable the Data Controller to distinguish the User's computer and to view the User's online activity.
2.1.8. "Consent" means any freely given, specific and unambiguous indication of the data subject's wishes, by means of a statement or an unambiguous action, by which he or she freely consents to the processing of personal data concerning him or her
2.1.9. "User" means a natural person (data subject) who has visited the Website of the Data Controller and has provided his or her Personal Data therein.
2.2. Other terms mentioned in this Privacy Policy shall have the meaning given to them in the Regulation, which can be consulted by clicking on the following link here.

PERSONAL DATA PROCESSED
3.1. In order for the Data Controller to be able to properly provide its services, it collects the following Personal Data from the User:
3.1.1. Personal data provided by the User: name, surname, telephone number, e-mail address, address of the place of delivery, other payment information (payment method, payment card number).
3.1.2. Automatically collected Data: the Website uses cookies to collect Data that reveal the use of the Website or automatically generated visit statistics. For more information about the use of Cookies on this Website, please refer to the Cookie Policy.
3.1.3. Data from third parties: if the User links and accesses his/her account on the Website using third-party service providers (e.g. Facebook, LinkedIn, Google, Pinterest), the Data Controller receives certain information from this service provider, such as the User's registration and profile information.
3.1.4. Additional Data: with the User's separate consent, the Data Controller also collects and processes additional Data about the User that are not specified in this Privacy Policy.

PRINCIPLES FOR PROCESSING PERSONAL DATA
4.1. The Data Controller undertakes to comply with the following Principles of Processing Personal Data:
4.1.1. The processing is lawful, fair and transparent (principle of lawfulness, fairness and transparency).
4.1.2. The data are collected for specified, clearly defined and legitimate purposes and are not further processed in a manner incompatible with those purposes (purpose limitation principle).
4.1.3. Data are adequate, relevant and only necessary for the purposes for which they are processed (principle of data minimisation).
4.1.4. The data are accurate and kept up to date where necessary; all reasonable steps must be taken to ensure that Personal Data which are not accurate in relation to the purposes for which they are processed are erased or rectified without undue delay (principle of accuracy).
4.1.5. Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed (principle of limitation of retention periods).

4.1.6 The Data shall be processed in such a way as to ensure adequate security of the Personal Data, including protection against unauthorised or unlawful processing of the Data and against accidental loss, destruction or damage (principle of integrity and confidentiality).

PURPOSES OF PROCESSING PERSONAL DATA
5.1. The Personal Data provided by Users is processed for the following purposes:
5.1.1. for the purpose of selling goods and providing services. The Data Controller collects the Users' personal data and uses it for the provision of the services and sale of goods on the Website.
5.1.2. for the purpose of sending the newsletter. The Data Controller sends, with the User's prior consent, notifications of special offers, updates or changes to the Data Controller's products or services.
5.1.3. for contact purposes. To enable the Data Controller to contact and respond to any questions or requests the User may have.

DISCLOSURE OF PERSONAL DATA
6.1. The Data Controller shall ensure that Users' Personal Data will not be sold, provided or otherwise transferred to third parties without lawful basis, nor used for purposes other than those for which they were collected.
6.2. The Data Controller may transfer the User's Personal Data to third parties only:
6.2.1. when it is necessary for the Data Controller to perform the contract concluded with the User and to provide the services properly;
6.2.2. if this transfer of Data is subject to the User's specific consent;
6.2.3. the transfer of the Data is obligatory if requested by law enforcement authorities in accordance with the procedure established by the legislation of the Republic of Lithuania;
6.2.4. in other cases provided for in the Regulation and the legislation of the Republic of Lithuania.

DATA RETENTION PERIODS
7.1. The Data Controller shall store the Users' Personal Data for the period of time specified in the applicable laws and regulations of the Republic of Lithuania and in this Privacy Policy, but no longer than is necessary to achieve the purposes of this Privacy Policy Data processing.
7.2. if the User registers on the Website, but does not make a payment and does not purchase a product offered on the Website, the Data Controller will store the User's Personal Data for a period of no longer than 5 (five) years from the date when the User last logged in to his/her personal account. In this case, 5 (five) calendar days before the expiry of the 5 (five) year period, an enquiry will be sent to the email address provided by the User as to whether the User agrees to the further processing of the Data. If the User expresses his/her disagreement or does not reply within the aforementioned 5 (five) calendar days, the Data Controller will delete all Data relating to the User, including the account in the system.

7.3. After the User has made a payment for the purchase of the goods offered on the Website, from the date of the last order, the Personal Data provided by the User will be stored by the Data Controller for 10 (ten) years, as stipulated in Clause 10.15 of the Order of the Archivist of the Government of the Republic of Lithuania "On the Approval of the Index of the General Terms of Storing of the Documents" of March 9, 2011. In this case, 5 (five) calendar days before the expiry of the 10 (ten) year period, the Data Controller will send an enquiry to the e-mail address provided by the User as to whether the User agrees to the further processing of the Data. If the User expresses his/her disagreement or does not reply within the aforementioned 5 (five) calendar days, the Data Controller will delete all Data relating to the User, including the account in the system.
7.4. If the User contacts the Data Controller and submits his Personal Data by e-mail or by making a reservation on the Website for the purchase of the goods to be purchased, the Data Controller shall keep the Data for a maximum period of 6 (six) months from the date of submission of the Data. Thereafter, all Data shall be automatically and permanently erased.

CUSTOMER RIGHTS
8.1. On the Website, the User has the following rights:
8.1.1. to know what Personal Data is processed and for what purpose;
8.1.2. to have access to their Personal Data and to download it in an easy-to-read format to their computer;
8.1.3. to request the rectification or completion of Personal Data if it is inaccurate or no longer relevant;
8.1.4. request the erasure of Personal Data under one of the conditions set out in section 9.5 of the Privacy Policy (right to be forgotten);
8.1.5. request the Data Controller to restrict the processing of the User's Personal Data under one of the conditions set out in point 8.7 of the Privacy Policy;

8.1.6. lodge a complaint with the State Data Protection Inspectorate regarding the unlawful processing of Personal Data or a breach of the Data Processing;
8.1.7. to object to the processing of Personal Data where such Personal Data is processed or intended to be processed for direct marketing purposes.
8.2. Any requests or instructions relating to the processing of the User's Personal Data may be submitted by the User to the Data Controller in writing at the contact details (email or postal address) specified in this Privacy Policy. Together with the request, the User must provide a document confirming his/her identity or identify himself/herself by permitted means of electronic communication, except in the case of a written request submitted directly, where it is possible to identify the User at the time of the request.
8.3. Upon receipt of such a request or instruction, the Data Controller shall, no later than 30 (thirty) days from the date of the request, provide a response and perform the actions specified in the request or refuse to perform them, stating the reasons for the refusal. If necessary, depending on the complexity and number of requests, the time limit may be extended by a further 2 (two) months. In this case, within 30 (thirty) days of receipt of the request, the Data Controller shall inform the User of such extension, together with the reasons for the delay.

8.4. The data subject shall have the right to obtain confirmation from the controller as to whether or not personal data relating to him or her are being processed and, if such personal data are being processed, to have access to the personal data and to the following information:
8.4.1. the purposes of the processing;
8.4.2. the categories of Personal Data concerned;
8.4.3. the Data Recipients or categories of Data Recipients to whom the Personal Data have been or will be disclosed, in particular Data Recipients in third countries or international organisations;
8.4.4. where possible, the envisaged period of retention of the Personal Data or, if not possible, the criteria used to determine that period;
8.4.5. the right to request the Data Controller to rectify or erase the Personal Data or to restrict or object to the processing of Personal Data relating to the Data Subject;
8.4.6. the right to lodge a complaint with a supervisory authority;
8.4.7. where the Personal Data is not collected from the data subject, all available information about its sources.
8.5. In the event of a request by a User for erasure of his/her Data, the Data Controller undertakes to erase the Personal Data without undue delay, provided that this can be justified on one of the following grounds:

8.5.1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
8.5.2. the User withdraws the Consent on which the processing of the Personal Data is based and there is no other legal basis for processing the Personal Data;
8.5.3. the User does not consent to the processing of the Personal Data on the basis of a legitimate interest of the Data Controller and the Data Controller does not establish overriding legitimate grounds to continue processing the Personal Data;
8.5.4. the Personal Data has been processed unlawfully;
8.5.5. the Personal Data must be erased in accordance with a legal obligation under European Union or Republic of Lithuania law.
8.6. In response to a User's request to exercise the right to be forgotten, the Data Controller undertakes to respond in detail, providing a justification and/or explanation as to why it is not possible to exercise such right where there is an overriding legitimate interest, or, where possible, the manner in which the exercise of the right should be carried out.
8.7. The User has the right to request the Data Controller to restrict the processing of his Personal Data under one of the following conditions:

8.7.1. the User shall contest the accuracy of the Personal Data for such period of time as the Data Controller may verify the accuracy of the Personal Data;
8.7.2. the processing of the Personal Data is unlawful and the User does not consent to the erasure of the Personal Data and instead requests the restriction of its use;
8.7.3. the Data Controller no longer needs the Personal Data for the purposes set out in this Privacy Policy, but the User needs it to assert, exercise or defend legal claims;

8.7.4. the User has objected to the processing of Personal Data on the basis of the legitimate interest of the Data Controller, pending verification that the Data Controller's legitimate reasons override the User's reasons.
8.8. The Data Controller reserves the right to refuse requests from the User, with the exception of requests to opt-out of receiving direct marketing offers and to refer to an out-of-court dispute resolution body where necessary to ensure:
8.8.1. the fulfilment of legal obligations imposed on the Data Controller;
8.8.2. public order or the prevention of criminal offences;
8.8.3. the protection of the rights and freedoms of consumers or other persons; or
8.8.4. in other cases specified by the laws of the Republic of Lithuania or the Regulation.
8.9. All answers shall be provided to the User in a concise, transparent, comprehensible and easily accessible form in clear and plain language. The Data Controller shall provide a copy of the processed Personal Data free of charge in electronic or paper format at the User's choice, and upon the User's repeated request, the Data Controller may charge a reasonable fee, determined in accordance with the administrative costs of preparing such copy, not exceeding 50 (fifty) Euros.
8.10. If the User notices unlawful processing of his Data or if a dispute arises with the Data Controller, he shall have the right at any time to apply to the out-of-court dispute resolution authority in Lithuania, the State Data Protection Inspectorate, in accordance with the procedure set out in its website, which is accessible here.

CHANGES TO THE PRIVACY POLICY
9.1. The Data Controller may, at its sole discretion, change this Privacy Policy. The Data Controller recommends that Users visit the Website regularly to find the most recent version of the Privacy Policy.
9.2. The Data Controller may notify the User of material changes to the Privacy Policy by contacting the contact information provided by the User. The Data Controller may also take additional steps to the extent required by applicable law, including the right to obtain the User's consent to material changes. The Controller shall be the sole judge of whether a change is considered material. Changes to this Privacy Policy shall be effective as of the "last updated" date indicated. Continued use of the Website after any changes have been made shall constitute User's acceptance of such changes.

CONTACT INFORMATION
All documents and questions related to this Privacy Policy can be sent to the following contacts:
By post - Muitinės g. 9 - 2, Kaunas, Lithuania.
By e-mail - hello@bohemehouse.lt

COOKIES

Cookies are used when a customer visits shop.bohemehouse.lt/. These are small pieces of information stored in your web browser that help to identify you as a previous visitor to the website, to save your visit history and to tailor the content of the website accordingly. Cookies also help to ensure the smooth operation of the website and the e-marketplace, and allow us to monitor the duration and frequency of visits to this website and to collect statistical information about the number of visitors to this website. By analysing this data, we can make improvements to make it more user-friendly for your use.
Cookies used by the Seller do not independently identify a specific person. The data collected by cookies relates more to the use of a particular computer than to a particular Internet user, but you can refuse the use of cookies by selecting certain settings in your browser. However, please note that in this case you may not be able to use the full functionality of the website. Below is a list of cookies.