Individual Goda Narijauskaite (“Make Heads Turn”, “we”, “our”, “us”), is the owner of the website www.makeheadsturn.lt (hereinafter referred to as the "Website”). We are committed to protecting the privacy of our customers’ and online users’ (“you”, “your”).
The data controller who processes all of the personal data we process is:
Goda Narijauskaite, individual working under an economic business certificate, located at Tauro street 8-33, 01113 Vilnius, Lithuania, and registered at State Tax Inspectorate in Lithuania with the identification number 56577710.
If you have any questions, please contact our customer experience department at (firstname.lastname@example.org).
2. Personal Data Collected
2.1 Registration or information requests through our website
We process information from visitors to our store and Website, including when you buy products or receive information from us through email or phone with your request for information. We process personal data based on: consent according to art. 6(1)(a) GDPR, contract according to art. 6(1)(b) GDPR, compliance with a legal obligation according to art. 6(1)(c) GDPR and legitimate interests according to art. 6(1)(f) GDPR.
You may contact us at any time through email to request information. If you send us such an email, we may process the personal data and information provided in your email.
We may combine the information you have provided with other information we have processed about you, both online and in-person (including but not limited to your purchase history, your address, custom order details and/or purchase date), along with information that we receive from public information sources and external parties (e.g. Google, Facebook, etc.)
2.2 Automatically generated data
When you use our Website, we may process and register your IP address. Your IP address will be stored in a temporary log file. We may share information regarding your use of our Website with our trusted subsidiaries, affiliates, and partners, as described further in Articles 3.2 and 3.3 below.
3. Purpose of Data Processing
3.1 We process your personal data, as described in Article 2.1, for the following purposes:
to fulfill our obligations to provide you with our Services or products (such as shipping and invoicing) or other requests you may make (such as contacting opticians) (based on contract according to art. 6(1)(b) GDPR);
to contact you regarding follow-up Services (such as communicating the results of nuances of processed custom orders), to answer your questions, and provide requested information or advice (based on consent according to art. 6(1)(a) GDPR);
3.1.1 to secure our business goals (based on legitimate interest according to art. 6(1)(f) GDPR):
for data analysis to improve the efficiency of Services;
for audits to check whether our internal processes function as intended and to comply with legal or contractual requirements;
for fraud and security checks, such as to detect and prevent identity theft or cyberattacks;
for the development of new products and services;
to supplement, improve or change our Website, products, and services;
to identify trends in the use of Services, to get insight on which parts of our Services are most interesting for our users; and
to determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users;
3.1.2 analysis of personal data (e.g. purchase history, custom order details, shipping country and/or city, language) to provide personalized services offers (based on consent and legitimate interest according to art. 6(1)(a) and (f) GDPR):
to understand you better so that we can personalize our interactions with you and provide you with information and/or offers that are tailored to your interests; and
to better understand your preferences so that we can deliver content through the Services that we believe will be relevant and interesting to you.
to send you an email newsletter with offers and information about similar products and Services, only if you have specifically opted in for this. Please note that you can always object to such use, via the ‘unsubscribe’ link in our email newsletters (based on consent according to art. 6(1)(a) GDPR);
to comply with various legal obligations, including tax obligations (based on compliance with a legal obligation according to art. 6(1)(c) GDPR; and
if you respond to an action or contest, we use the information to carry out the action, to announce the prize winner(s), and to measure the response to our marketing campaigns (based on contract according to art. 6(1)(b) GDPR).
3.2 We will only make personal data available to third parties that are involved in the execution of your order (i.e. lens prescription for custom orders). These third parties process personal data according to our instructions and any such use shall be our full responsibility. Any such data made available is recorded, and any such third parties are also made parties to data processing agreements. We do not pass on your personal data to other third parties unless we are legally obliged to do so.
3.3 We use the automatically generated information, as described in Article 2.2, and your company data and personal data, as described in Article 2.1, to conduct aggregated analyses for internal research and statistical and strategic purposes ("Aggregated Information"). This Aggregated Information does not identify you or your company. We use the Aggregated Information to optimize our Website, Services, and products and learn more about the use of our Website and products so we can improve them.
4. Use by Minors
5. Data Retention
5.1 We shall process the personal data for a period of two (2) years after your last order, or for as long as legally required or necessary and allowed for the purpose(s) for which it was obtained. Immediately after these periods, we will destroy the personal data and/or anonymize them.
5.2 The criteria used to determine our retention periods include, but may not be limited to: (i) the duration of our ongoing relationship with you and the Services we offer you; (ii) whether or not we are subject to any legal obligation(s); and (iii) any other legal necessity (such as applicable limitation period(s), litigation, or internal or external investigations).
5.3 Notwithstanding Article 5.1, we may process the personal data for a longer period (i) if you ask us to retain data for another two (2) year period, (ii) in order to comply with statutory retention periods (such as those required by tax legislation), or (iii) in order to prove compliance with applicable statutory obligations (such as the GDPR or email marketing legislation).
5.4 If you request deletion of your personal information by contacting us through the process described in Article 8, all of your personal information processed through our Website shall be deleted, as required by applicable law, unless we are obligated to retain such information, whether by law, to complete the transaction for which the information was processed, or for internal use.
6. Data Protection
Any personal information we process is treated as confidential. As such, we shall take appropriate technical and organizational measures to safeguard and protect the personal data against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access or against any other unlawful or unauthorized processing of such personal data. These measures guarantee an appropriate level of security given the risks related to processing and the nature of the data. For example, we use Security Socket Layer encryptions during your order process and completion of our registration form.
7. Sharing the Personal Data
7.1 Without prejudice to Articles 3, 7.1, and 7.2, we don’t transfer any personal information or personal data to any third party without your explicit permission, unless we are obliged to do so under applicable legislation or by order of the competent supervisory authority.
7.2 However, please note that we may transfer your personal data and the information to our local retail stores, as set out in Article 3.2.
8. Your Rights
8.1 You have the right to obtain our confirmation as to whether or not we process your personal data, on request. You are also entitled to send our customer experience department (email@example.com) a request to receive such information. Furthermore, you are entitled to send our customer experience department at firstname.lastname@example.org a request to access, receive, transfer, rectify, erase or completely withdraw your consent for processing your personal data. We will process your request immediately and in accordance with the GDPR and we will send you a response without undue delay, at least within one month after the receipt of your written request.
8.2 You are entitled to object to our processing of your personal data at any time. Upon any such objection, we shall no longer process your personal data, unless we demonstrate 1) compelling legitimate grounds for the processing which override your interests, rights and freedoms, or 2) to establish, exercise, or defend any legal claim(s). We will send you a response without undue delay, not to exceed one month after the receipt of your written request.
8.3 If you have any complaints regarding our data processing or your previous requests, you can contact our customer experience department at email@example.com. You also have the right to file a complaint with the relevant Data Protection Authority.
8.4 If you have any further questions or comments, please contact our customer experience department at firstname.lastname@example.org.
9. Cross-border Transfer
9.1 Because Goda’s Narijauskaite’s individual economic activity is a global business activity, your personal data may be stored and processed in every country where we have facilities or service providers. By using our Services or by giving us permission (where required by law), you hereby agree that your information may be transferred to countries other than the country where you live, where other data protection laws may apply than in your own country. Appropriate contractual and other measures have been taken to protect personal data when sent to our subsidiaries or third parties in other countries.
9.2 Some countries outside the European Economic Area (EEA) are recognized by the European Commission as countries where an appropriate level of data protection applies according to the EEA standards (the full list of these countries is available here). For transfers from the EEA to countries that in the opinion of the European Commission do not offer sufficient protection, we have ensured that adequate measures have been taken, among other things by ensuring that the recipient is bound to EU standard data protection provisions, EU-US Privacy Shield certification, or an EU-approved code of conduct or certification to protect your personal data.
10. Third-party Websites
Vilnius, Lithuania, August 2020