The data controller is MV GROUP Production AB, legal entity code 132082782, registered office at Aukštaičių Street 7, Vilnius, Lithuania.
PRINCIPLES OF PERSONAL DATA PROCESSING
The Data Controller processes personal data by the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”) of the European Union, the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating personal data processing.
The Data Controller is guided by the following basic principles of data processing:
personal data shall be processed lawfully, fairly and in a transparent manner (principle of lawfulness, fairness and transparency);
personal data are collected for specified, explicit and legitimate purposes (purpose limitation principle);
the personal data processed must be adequate, relevant and only necessary for the purposes for which they are processed (principle of data minimisation);
personal data are kept up to date (principle of accuracy);
personal data shall be kept securely and for no longer than required by the stated purposes of the processing or by law (principle of limitation of storage period);
personal data are processed only by employees of the Data Controller who are authorised to do so by their job functions or by processors who provide services to the Data Controller and process personal data on behalf of the Data Controller and for the benefit of the Data Controller or the data subject (integrity and confidentiality principle);
The Data Controller is responsible for ensuring compliance with the abovementioned regulations (principle of accountability).
SOURCES OF PERSONAL DATA
Personal data may be obtained directly from the data subject (e.g. when using the Company’s services).
Personal data may also be obtained from third parties (e.g. the Company’s personal data processors).
Personal data may be obtained when the data subject visits the Website (when cookies used on the Website are placed on the data subject’s terminal device).
CATEGORIES OF PERSONAL DATA, PURPOSES OF PROCESSING, LEGAL GROUNDS AND RETENTION PERIODS
Purpose of the processing of personal data
Personal data processed
Data retention period
Provision of tasting-related services
Name, email address, telephone number, information on preferences related to the services
Performance of the contract
1 (one) year after the provision of the service
To ensure compliance with the legal requirements for food and beverage safety and control, as well as with the requirements for compliance with ISO 9001, ISO 22000 and the conditions laid down in the technical specification ISO/TS 22002-1
Name, surname, signature and e-mail address (when registering for the tasting via the website)
Compliance with the statutory requirements
As long as it is necessary to achieve this objective
Recruitment of staff
Name, surname, contact details (e-mail address, telephone number), the position of interest, and other details in the CV
The legitimate interest of the controller in carrying out the selection of staff and the legitimate interest of the data subject in participating in the selection for the position concerned (Article 6(1)(f) of the GDPR).
The personal data shall be deleted after the selection for the relevant position has been completed.
PROVISION OF PERSONAL DATA
The Data Controller undertakes to respect the duty of confidentiality towards data subjects. Personal data may be disclosed to third parties only if necessary for the conclusion and performance of a contract for the benefit of the data subject or other legitimate reasons.
The Data Controller may provide your personal data:
other companies belonging to the MV GROUP group of companies when they perform functions necessary for the fulfilment of the relevant purpose;
State bodies and institutions, other persons performing functions assigned to them by law (e.g., law enforcement authorities, bailiffs, notaries, tax administration, supervisory authorities, officers carrying out financial crime investigation activities);
Statutory auditors, legal and financial advisors;
Other persons involved in the provision of services data processors.
Data may be processed by data processors providing accounting, website hosting, data centre and/or server rental, IT maintenance, external audit, security, and other services to the Company.
Processors shall have the right to process personal data only on the instructions of the Company and only to the extent necessary for the proper performance of their obligations under the Contract. The Company shall seek confirmation from the processors that the processors have also implemented appropriate organisational and technical security measures and will maintain the confidentiality of personal data.
RIGHTS OF THE DATA SUBJECT AND THEIR EXERCISE
You have the following rights:
- obtain information about your personal data, where and how the personal data has been collected, and on what basis it is processed;
- request the controller to rectify your personal data, suspend processing or erase it if it is incorrect, incomplete, or inaccurate, or if it is no longer necessary for the purposes for which it was collected. In this case, you must submit a request, after which the Data Controller will verify the information provided and take the necessary action;
- request the controller to erase the personal data or to suspend the processing of such personal data, except for storage, if after having access to your personal data, you discover that the personal data are being processed unlawfully or fraudulently;
- object to the processing of your personal data where the processing is carried out or intended to be carried out for a legitimate interest pursued by the controller or by a third party to whom the personal data are provided;
- withdraw your consent to processing your personal data at any time.
You can exercise your rights as a data subject by contacting the Company’s Data Protection Officer by e-mail at firstname.lastname@example.org.
The data subject has the right to contact the State Data Protection Inspectorate (https://vdai.lrv.lt/), responsible for supervising and controlling the legislation governing personal data protection.