PRIVACY POLICY OF UAB “SELTEKA”
1. INTRODUCTION
1.1. We respect the privacy of every visitor to our website and are committed to the fair and lawful processing and protection of your personal data.
1.2. The controller of your personal data is UAB “Selteka”, a manufacturer of professional original electronic equipment (OEM) and a provider of electronics manufacturing services (EMC) such as assembly of electronic equipment, the company identifier: 134937372, registered business address: Draugystės g. 19, LT-51230 Kaunas, Lithuania (the “Company”), which is registered in the procedure established by law and which adheres to the applicable legal acts of the Republic of Lithuania and the European Union regulating the processing of personal data.
1.3. The services provided by the Company include, but are not limited to manufacturing of original electronic products, electronics assembly services, and any other services in the field of electronics that the Company provides or may provide in the future (the “Services”).
1.4. This privacy policy (the “Privacy Policy”) is intended for persons (both natural and legal persons) using the Services of UAB “Selteka”, providing services to UAB “Selteka”, or those who have consented to receive marketing materials, and for candidates participating in recruitment (selection) processes. Data may also be collected on the website http://www.selteka.eu/ and www.biownlight.com (the “Websites”) and when using any of its services.
1.5. This Privacy Policy is the Company’s way to inform you about the basic principles of personal data processing and exercising of data subject rights. Additional information may be provided in purchase and sale, service and other contracts.
1.6. By providing us with your personal data, using our Services or browsing the Website, you confirm that you have read this Privacy Policy and are aware of the processing of your data.
2. DEFINITIONS
2.1. Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a personal identification number, location data and an online identifier, or to one or more factors specific to the natural person's physical, physiological, genetic, mental, economic, cultural or social identity.
2.2. Data controller means the legal person which determines the purposes and means of data processing (UAB “Selteka”).
2.3. Data subjects means the persons who use the Services of UAB “Selteka”, provide services to UAB “Selteka”, also those who have agreed to receive marketing materials, and candidates participating in recruitment (selection) processes.
2.4. Data Protection Officer means the person appointed to oversee the organisation’s compliance with the requirements of personal data protection legislation, to advise the data controller or data processor and to interact with the supervisory authority and data subjects.
2.5. Request – a request from a data subject for the exercise of his or her rights.
2.6. Regulation means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
3. PRINCIPLES OF DATA PROCESSING
3.1. The Company processes personal data in accordance with the Regulation, the Law of the Republic of Lithuania on Legal Protection of Personal Data and other legal acts regulating personal data processing.
3.2. The scope of personal data processed depends on the Services ordered or used and the information provided by the Website visitor when ordering and/or using the Company’s Services, visiting or registering on the Website.
3.3. The Company is guided by, among others, the following basic principles of data processing:
3.3.1. personal data are collected only for clearly defined and legitimate purposes;
3.3.2. personal data are processed only lawfully and fairly;
3.3.3. personal data are kept up to date;
3.3.4. personal data are stored securely and for no longer than required by the stated purposes of data processing or by law;
3.3.5. personal data are processed only by those employees of the Company who are authorised to do so based on their job functions
3.4. The data is processing by the Company only given one or more of the following criteria for lawful processing: (i) to ensure provision of the Services under a contract (i.e., to perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract); (ii) with the consent of the data subject; (iii) where the processing is necessary for compliance with a legal obligation to which the Company is subject; (iv) where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company; or (v) where the processing of personal data is necessary for the purposes of the legitimate interests of the Company or a third party.
3.5. It is the responsibility of the Company’s customer or potential customer to ensure that the personal data provided to the Company is accurate, correct and complete. If the personal data provided by him/her changes, he/she must inform the Company immediately. The Company will not be liable for any damage caused to a person and/or third parties as a result of the Company’s customer or potential customer providing incorrect and/or incomplete personal data or failing to request the data to be updated and/or amended in the event of a change.
4. COLLECTED AND USED PERSONAL DATA, ITS SOURCES
4.1. Personal data may be obtained directly from the data subject who provides it when filling in a request form on the Website, sending his/her curriculum vitae (CV) or otherwise contacting the Company; from the customer’s activities, from the Company’s personal data processors or other external sources. Data may also be obtained from publicly available sources such as company websites.
4.2. Data may be generated when a person uses the Services, for example, by making a phone call, sending a text message, sending an email, ordering the Services, visiting the Website, agreeing to receive newsletters and other information, or completing an enquiry form.
4.3. The following main categories of personal data may be processed, but are not limited to: the name, surname, workplace, job title, mobile phone number, email address, signature, IP address, website browsing history and date, and other information necessary for the provision of the Services, the maintenance of the relationship, billing and contract administration, and the submission of legal claims.
5. PURPOSES AND LEGAL BASIS OF DATA PROCESSING, CATEGORIES OF PERSONAL DATA AND RETENTION PERIODS
5.1. For the purpose of providing the Services and maintaining business relations, the following personal data of employees or other contact persons of business partners, suppliers, customers and other persons, as well as of customers who have contacted the Company and who wish to receive, order or reserve its Services is processed: the name, surname, workplace, job title, e-mail address, telephone number, address, service or product, individual activity certificate data.
Legal basis: the legitimate interest of the data controller in providing services and maintaining business relations (Article 6(1)(f) of the GDPR), performance of contractual obligations (Article 6(1)(b) of the GDPR).
Personal data retention period: the data is kept for the duration of the contract and for 10 years after the end of the contract.
Recipients of personal data: the State Tax Inspectorate, if provision of personal data is mandatory in the manner prescribed by law.
Sources of personal data: the data subject, business partners and customers.
5.2. For the purpose of delivery of products, the following personal data of the customer’s employees or other contact persons is processed: the name, surname, address, other contact data.
Legal basis: the legitimate interest of the data controller to deliver its products (Article 6(1)(f) of the GDPR).
Personal data retention period: personal data is kept for the duration of the contract and for 10 years after the end of the contract.
Recipients of personal data: transport and logistics companies, also the State Tax Inspectorate, if provision of personal data is mandatory in the manner prescribed by law.
Sources of personal data: customers.
5.3. For the purpose of business reporting, the following personal data of employees, the representatives of buyers and sellers is processed: the name, surname, job title, employee category.
Legal basis: the legitimate interest of the data controller to analyse the effectiveness of the activity, to ensure its development, to analyse statistics (Article 6(1)(f) GDPR).
Personal data retention period: 5 years.
Sources of personal data: the data subject, business partners and customers.
5.4. For the purpose of contract management, the following personal data of the persons responsible for performance of the contract, and the signatories to the contract are processed: the name, surname, job title, contact details, mandate, signature.
Legal basis: performance of contractual obligations (Article 6(1)(b) of the GDPR), legitimate interest of the data controller in managing its contracts (Article 6(1)(f) of the GDPR).
Personal data retention period: personal data is kept for the duration of the contract and for 10 years after the end of the contract.
Sources of personal data: the data subject, customers and partners.
5.5. For the purpose of bookkeeping, the following personal data of buyers, sellers, suppliers (natural persons) are processed: the name, surname, personal identification number, VAT number, address, e-mail address, as well as personal data of representatives of buyers, sellers, suppliers (legal persons): the name, surname, address, e-mail address, telephone number.
Legal basis: performance of contractual obligations (Article 6(1)(b) of the GDPR), legitimate interest of the data controller in keeping accounting records (Article 6(1)(f) of the GDPR).
Personal data retention period: is kept for the duration of the contract and for 10 years after the end of the contract.
Sources of personal data: the data subject, customers and partners.
Recipients of personal data: the State Tax Inspectorate, if provision of personal data is mandatory in the manner prescribed by law.
5.6. For the purposes of selection and recruitment, the following personal data of potential employees are processed: the name, surname, CV, cover letter, contact details.
Legal basis: performance of contractual obligations (Article 6(1)(b) GDPR), consent (Article 6(1)(a) GDPR).
Personal data retention period: the personal data processed on the basis of consent is stored for 1 year after consent is given. If you do not express your individual consent to the processing of your personal data after the end of the recruitment process, we undertake to delete and/or destroy your personal data within 5 working days after the successful candidate has signed a contract of employment or a decision has been taken not to offer the job. You may withdraw your consent at any time by clearly and unambiguously expressing your will in writing by contacting the Company.
Sources of personal data: the data subject, job boards (e.g., CV bank), the Employment Service under the Ministry of Social Security and Labour of the Republic of Lithuania, social media networks.
5.7. For the purpose of audits, all personal data processed by the Company may be processed and provided.
Legal basis: the legitimate interest of the data controller in carrying out the audit (Article 6(1)(f) GDPR).
Personal data retention period: audit reports are kept for 10 years.
Sources of personal data: the data subject.
Recipients of personal data: firms providing audit services.
5.8. For the purpose of promoting the company’s visibility (social media management), personal data of visitors and followers of Facebook, Instagram and LinkedIn social media networks are processed: the visitor’s profile.
Legal basis: legitimate interest of the data controller to promote awareness (Article 6(1)(f) of the GDPR), consent (Article 6(1)(a) of the GDPR).
Personal data retention period: information on the personal data retention periods is provided in the privacy policy of the social media networks.
Sources of personal data: the data subject, social media networks.
5.9. For the purposes of shareholder accounting and reporting, and administration of the ultimate beneficiary owners, the following personal data of shareholders are processed: the name, surname, personal identification number, residential address, date of appointment, contact details, number of shares held.
Legal basis: compliance with statutory requirements (Article 6(1)(c) of the GDPR), the legitimate interests of the data controller in the keeping shareholder accounting and reporting (Article 6(1)(f) of the GDPR).
Personal data retention period: 10 years from the date on which the data subject ceases to be a shareholder or beneficiary of the Company.
Recipients of personal data: the State enterprise the Centre of Registers (JADIS, JANGIS).
5.10. For the purpose of handling enquiries, the following personal data of the enquirer is processed: the name, surname, e-mail address, telephone number, comment.
Legal basis: the data controller is subject to a legal obligation (Article 6(1)(c) of the GDPR).
Personal data retention period: 12 months from the date of the response to the enquiry.
Sources of personal data: the data subject.
5.11. For the purpose of video surveillance to ensure the protection of the property and property rights of the Company, its employees and customers, internal order, a safe environment, the quality of the Services provided by the Company, the control of the work quality within the Company, the prevention of criminal offences and for the purpose of investigations, the following personal data of the persons entering the field of the video cameras are processed: the image of the person, the video recording without sound, the time and date of the recording, the number of the vehicle that enters the territory.
Legal basis: the legitimate interest of the data controller in ensuring security, internal order, a secure environment, quality of Services and its control (Article 6(1)(f) of the GDPR).
Personal data retention period: 30 calendar days. Where there are reasonable grounds to believe that the CCTV footage captures the commission of a crime or other unlawful acts, the necessary video data (certain episodes) are transferred to secure media and kept for as long as there is an objective need for them.
Sources of personal data: video cameras.
5.12. For the purpose of recording personal data breaches, the following personal data of the persons who have recorded/reported the breach are processed: the name, surname. Any personal data of the affected persons related to the investigation of the breach are also processed for this purpose.
Legal basis: the data controller’s lawful right to record personal data breaches (Article 6(1)(f) of the GDPR).
Personal data retention period: 10 years from the date of recording the breach.
Sources of personal data: persons who reported the breach.
Recipients of personal data: the State Data Protection Inspectorate (in the event of a serious breach).
6. COOKIES
6.1. For the purpose of improving the Websites, making marketing campaigns more relevant, analysing statistics for quality improvement (use of cookies), the data of the computers and visits of visitors to the websites www.selteka.eu and www.biownlight.com are processed, as well as the IP address, the browsing history, date, and time.
Legal basis: in the case of essential cookies, the data controller’s legitimate interests relating to the operation of the website (Article 6(1)(f) of the GDPR), consent (Article 6(1)(a) of the GDPR).
Personal data retention period: personal data retention periods are specified in the "Cookies Used on the Website" section of this Privacy Policy.
Source of personal data: the data subject.
6.2. Cookies are small files made up of letters and numbers that we place on your browser or on the hard drive of your computer with your consent. When you visit the http://www.selteka.eu/ Website, we aim to tailor the information and features of the Website to you. Cookies help us to recognise you as a previous visitor to the Website, to store your visit history and to tailor the content accordingly. Cookies also help to ensure the smooth operation of the Website, to monitor the duration and frequency of visits to the Website and to collect statistical information about the number of visitors to the Website.
6.3. By analysing this data, we can improve the Website and make it more user-friendly for you. When you visit the website, you can indicate whether you accept the use of cookies. If you do not agree to the placement of cookies on your computer or other device, you can withdraw your consent to the use of cookies at any time at by changing your preferences and deleting the cookies you have placed. We use different cookies for different purposes. You can refuse the use of cookies in your browser or Website settings, but this may restrict your access to all the services provided on the Website.
6.4. We generally use the information collected through cookies for the following purposes:
6.4.1. For the use of functional cookies and the provision of services. Cookies are essential for the operation of our Website and electronic services and ensure a smooth user experience. For example, if the user so requests, he/she does not need to enter his/her name, password or any other data each time he/she logs in.
6.4.2. For service development. By monitoring the use of cookies, we can improve the performance of our Website and electronic services. We receive information such as which parts of our Website are most popular, which websites users access from our Website, from which websites they access our Website, and how long users spend on our Website.
6.4.3. For use in analysis. We use cookies to compile statistical data about the number of visitors to our Website and the use of our online services and to evaluate the effectiveness of advertising. We may collect information, for example, from emails and newsletters sent for marketing purposes, in order to find out whether emails have been opened and whether they have prompted users to take any action, for example, whether a user has clicked on a link in an email to our Website.
6.4.4. For targeted marketing. Through the use of cookies, we may also collect information in order to provide browser-specific advertising or content by creating different target groups.
6.5. Cookies Used on the Website
7. TRANSFER OF PERSONAL DATA
7.1. The Company does not disclose the processed data to third parties without the prior consent of the person (data subject), except on the grounds of a legitimate interest or in the procedure prescribed by law.
7.2. The Company is not responsible for the processing of personal data through third-party websites. For your convenience and information, the Company’s Website may contain links to other websites. The Company is not responsible for the privacy practices, content and operation of third party websites, even if you access them through links on our Website, as they are not under the Company's supervision or control. The Company recommends that you read the privacy statements of each website separately.
7.3. In addition to the recipients listed above, we may transfer your personal data to the following persons, taking into account the basis for the provision of the data and having ensured the security of the data transferred:
7.3.1. to state authorities, law enforcement agencies and other persons in the procedure established by the legislation of the Republic of Lithuania, or where the provision of data is necessary for the purpose of asserting, exercising or defending the Company's legal claims;
7.3.2. to auditors, other consultants, notary offices, judicial officer (bailiff) offices;
7.3.3. public authorities and agencies;
7.3.4. in the case of a dispute, to the people who provide us with legal services, lawyers;
7.3.5. to IT maintenance providers;
7.3.6. to data processors.
7.4. The Company may engage the data processors who will process personal data in accordance with the Company’s instructions and to the extent specified by the Company, to the extent necessary to achieve the purposes of the data processing. When using data processors, we aim to ensure that the data processors have also implemented appropriate organisational and technical security measures and maintain the confidentiality of personal data.
7.5. With your consent, we may also provide personal data to other recipients. If we disclose your personal data to other groups of data recipients than those specified in this Privacy Policy, we will inform you of this no later than the time of the first disclosure, unless we have already provided you with such information previously
8. DATA PROCESSING IN SOCIAL MEDIA NETWORKS
8.1. The company has set up and manages a social media account(s) (on LinkedIn, Facebook, Instagram). All information that you provide on the social media (including messages, use of the “Like” and “Follow” thumbnails and other communications) or that is obtained when you visit the Company’s accounts (including the information obtained through the use of cookies used by the social media tool) or when you read the Company’s posts on the social media network, is under the control of the operators of the social media network. We therefore recommend that you read the privacy notices of the social media network operators and contact them directly regarding their use of your personal data.
8.2. As the administrator of the Company’s social media accounts, the Company selects the appropriate settings based on its target audience and its performance management and promotion objectives. Though enabling the Company to create and administer the Company’s social media account, the operator of the social media network may restrict the Company’s ability to modify certain, essential settings, and as such, the Company may not be able to influence what information the social network managers will collect about you after the Company has created its social media network account.
8.3. All such settings, whether selected by the Company or set by the social media network operator, may affect the processing of your personal data when using social media networks, visiting the Company’s account or reading the Company’s posts on the social media network. Even if you only look at the Company’s posts on social media, the social media network operator may receive certain personal information, such as which terminal device you are using and your IP address.
9. DATA SUBJECT RIGHTS
9.1. Every data subject has the following rights:
9.1.1. the right to know (be informed) about the processing of his / her personal data;
9.1.2. the right to access the personal data being processed and to learn how they are processed, i.e., to be informed about the period of retention of personal data, the technical and organisational measures in place to ensure the security of the data, to be informed about the sources and nature of the personal data collected, the purposes for which they are processed, and the purposes for which they are disclosed and to what recipients;
9.1.3. the right to have their personal data rectified, erased or to suspend, except for storage, the processing of their personal data where the processing is not in accordance with the provisions of law;
9.1.4. the right to object to the processing of their personal data, unless the processing is carried out for legitimate interest pursued by the data controller or by a third party to whom the personal data are submitted and the interests of the data subject are not overriding;
9.1.5. the right to request the restriction of the processing of personal data;
9.1.6. the right to have personal data provided by him or her, if processed on the basis of his or her consent or on the basis of a contract, and if processed by automated means, be transmitted by the data controller to another data controller, if this is technically feasible (data portability);
9.1.7. the right to lodge a complaint with the State Data Protection Inspectorate in relation to the processing of personal data;
9.1.8. the right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on consent prior to the withdrawal of consent;
9.1.9. the right to withdraw your consent to the processing of personal data for direct marketing purposes at any time.
9.2. A data subject who has presented a document proving his or her identity or who has provided proof of his or her identity in the manner prescribed by law or by means of electronic communications which permit the proper authentication of the person concerned may submit a written request in person, by post, by courier or by e-mail, requesting to exercise his or her rights. Upon receipt of the data subject’s request, the Company will provide a response no later than within 30 calendar days after receipt of the data subject's request.
9.3. In the event of failure to resolve a matter with the Company, the customer has the right to contact the State Data Protection Inspectorate.
9.4. You can submit your request by phone (0-37 312895), by e-mail (info@selteka.eu), or by visiting the Company at Draugystės g. 19, LT-51230 Kaunas.
10. PRIVACY POLICY CHANGE
10.1. The Company reserves the right to change the Privacy Policy at any time and such changes are effective as of the date of their posting on the website http://www.selteka.eu/ and www.biownlight.com. Persons intending to use the Services provided by the Company are advised to always consult the most recent version of the Privacy Policy.
APPROVED by UAB Selteka Director's order no. V-002, 12th February, 2025