Privacy Policy

GENERAL INFORMATION

Žydintis kaštonas, MB, company code 303364389, registered address J. Tumo-Vaižganto g. 4-3, LT-01108 Vilnius, Lithuania (hereinafter referred to as the Data Controller), establishes the terms and conditions for personal data processing through its website https://chestnut.lt (hereinafter referred to as the Website) in this Privacy Policy. These terms apply every time you visit the Website, regardless of the device you use (computer, mobile phone, tablet, TV, etc.).

It is crucial that you carefully read this Privacy Policy, as by accessing the Website owned by the Data Controller, you agree to the terms described herein. If you do not agree to these terms, please refrain from visiting the Website, using its content, or services.

By submitting your personal data (including data provided directly or indirectly when visiting the Website or using its services), you agree and consent to the Data Controller processing your data for the purposes and procedures outlined in this Privacy Policy, your consent, and applicable legal regulations.

Representative – A person representing the Data Controller’s partners (service providers), whether physical or legal entities.

Data Subject – Refers to a Representative, Interested Person, Client, Job Candidate, Telephone Caller, or any other natural person whose personal data is processed by the Data Controller.

Interested Person – A natural person interested in the services provided by the Data Controller or seeking to contact the Data Controller for other matters.

Job Candidate – A person participating or intending to participate in recruitment processes conducted by the Data Controller.

Client – A person who has entered into an agreement with the Data Controller for service provision.

Telephone Caller – A person contacting the Data Controller via phone for services or other inquiries.

The Data Controller collects personal data in compliance with the applicable requirements of the European Union and the Republic of Lithuania, as well as supervisory authorities’ instructions. All reasonable technical and administrative measures are applied to protect collected data from loss, unauthorized use, or alteration.

Persons under 16 years of age are not permitted to submit personal data via the Data Controller’s Website. If you are under 16 years old, you must obtain parental or legal guardian consent before providing any personal information.

This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and the free movement of such data (General Data Protection Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other EU and Lithuanian laws. The terms used in this Privacy Policy are understood as defined in the General Data Protection Regulation and the Lithuanian Law on Legal Protection of Personal Data.

WHAT INFORMATION DO WE COLLECT ABOUT YOU?

Information provided directly by you.

Information about how you use our Website
If you visit our Website, we may also collect information revealing the specifics of your usage or automatically generate visit statistics.

Information from third-party sources.

We may obtain information about you from public and commercial sources (to the extent permitted by applicable laws) and link it with other information we receive from or about you. We may also receive information from third-party social network services when you connect through accounts such as Facebook.

Other information we collect

We may also collect other information about you, your device, or your use of the Website’s content with your consent.

You may choose not to provide us with certain information; however, this may restrict access to some of the services we offer.

PROCESSING OF PERSONAL DATA FOR INQUIRIES

The Data Controller processes personal data of Interested Persons, including Telephone Callers, to provide services or address other inquiries. Personal data processed include:

Name
Surname
Phone number
Email address

The data of Interested Persons is not shared with third parties.

Personal data is processed based on the consent expressed by submitting personal data (Article 6(1)(a) of the GDPR).

Personal data is also processed on the basis of the Data Controller’s legitimate interest (Article 6(1)(f) of the GDPR).

PROCESSING OF PERSONAL DATA FOR GAMES, PROMOTIONS, AND CONTESTS

The Data Controller may process personal data for the purpose of organizing games, promotions, or contests only with the Data Subject’s consent. The following personal data may be collected:

Name
Surname
Photos
Phone number
Email address

These data are obtained directly from the Data Subjects participating in games, promotions, or contests. The data is not shared with third parties but may be publicly disclosed on the Data Controller’s Website or social media accounts (e.g., Facebook). The published information may include: name, surname (or pseudonym used on social networks), and photos.

Personal data is processed based on the consent provided by submitting personal data (Article 6(1)(a) of the GDPR).

PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES

The Data Controller aims to share only relevant news and other useful information with newsletter recipients, adhering to this Privacy Policy.

The Data Controller processes personal data for direct marketing purposes only with the explicit consent of the Data Subject. The following personal data of Clients and other Data Subjects are processed for direct marketing purposes:

Name;
Surname;
Phone number;
Email address.

After sending a newsletter, the Data Controller may collect statistical data on the Data Subject’s behavior related to the use and content of the newsletter (e.g., whether the newsletter was read, which links were clicked by the Data Subject).

The Data Subject’s email address may also be used to deliver advertisements through Facebook, Google, and other advertising platforms by tailoring ads to the target audience.

Based on the personal data you provide, profiling may be conducted for direct marketing purposes to offer personalized solutions and suggestions. You may withdraw your consent for the automated processing of personal data, including profiling, or object to it at any time (if such methods are applied).

Personal data is collected directly from Data Subjects. The Data Controller may share personal data only with third parties that provide specialized services, such as email delivery or tailoring advertisements on advertising platforms.

The personal data of Clients and other Data Subjects is processed based on consent given by providing personal data and agreeing to its processing for direct marketing purposes (Article 6(1)(a) of the General Data Protection Regulation).

We inform you that the Data Subject has the right to object to or withdraw consent for the processing of their personal data for direct marketing purposes at any time, without providing reasons for their objection:

  • By clicking the “unsubscribe” link at the end of the newsletter or on the website; or
  • By sending an email to info@chestnut.lt or calling +370 682 95377.

Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.

WHAT DO WE DO TO PROTECT YOUR INFORMATION?

Personal data is protected against loss, unauthorized use, and alteration. We have implemented organizational and technical measures to safeguard all information collected for the provision of our services. However, we remind you that while we take appropriate steps to protect your information, no website, online transaction, computer system, or wireless connection is completely secure.

The Data Controller applies various personal data retention periods in accordance with legal requirements and considering the purposes of personal data processing.

Personal Data Retention Periods:

Purpose of Personal Data Processing

Retention Period

Processing personal data of Data Subjects for inquiry fulfillment purposes

1 year from the date of inquiry completion, unless the Data Subject contacts the Data Controller regarding the purchase of goods or services, in which case a general 10-year term applies.

Processing personal data of Data Subjects for the organization of games, promotions, or contests

1 year from the date of contest completion

Processing personal data of Data Subjects for direct marketing purposes

5 years from the date of consent, unless the Data Subject requests to extend this period.

 

 

Exceptions to retention periods may be made if they do not violate the rights of Data Subjects, comply with legal requirements, and are properly documented.

Upon expiration of the specified retention periods, if not extended, the data will be destroyed in a manner that prevents its reconstruction.

YOUR RIGHTS

A data subject whose data is processed by the Data Controller has the following rights:

  • To be informed about the processing of their data (right to know);
  • To access their data and information on how it is processed (right to access);
  • To request correction or, considering the purposes of processing, supplementation of incomplete personal data (right to rectification);
  • To request erasure of their data or to suspend the processing of their data (except for storage) (right to erasure and the right “to be forgotten”);
  • To request restriction of personal data processing on legitimate grounds (right to restrict processing);
  • To data portability, when the data subject has provided their personal data to the Data Controller in a structured, commonly used, and machine-readable format (right to data portability);
  • To object to the processing of personal data, particularly for direct marketing purposes, including profiling to the extent that it relates to such direct marketing;
  • To file a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.

If you no longer wish your personal data to be processed for direct marketing purposes, you can send an email to info@chestnut.lt or call +370 682 95377, stating your objection to the processing of your personal data for direct marketing purposes without providing a reason.

Any request or instruction related to the processing of personal data may be submitted to the Data Controller in writing using one of the following methods:

  • In person at J. Tumo-Vaižganto g. 4, LT-01108 Vilnius;
  • By post to J. Tumo-Vaižganto g. 4, LT-01108 Vilnius;
  • By email to info@chestnut.lt.

Upon receiving such a request or instruction, the Data Controller will respond and carry out the requested actions or refuse to do so within one month of the date of the request. If necessary, this period may be extended by an additional two months, considering the complexity and number of requests. In such cases, the Data Controller will inform the data subject about the extension within one month of receiving the request, providing the reasons for the delay.

The Data Controller may deny data subjects the ability to exercise the above-listed rights, except the right to object to direct marketing, in cases where it is necessary to ensure the prevention, investigation, and detection of crimes or breaches of professional or service ethics, as well as to protect the rights and freedoms of the data subject, the Data Controller, or other persons.

THIRD-PARTY WEBSITES, SERVICES, AND PRODUCTS ON OUR WEBSITE

The Data Controller’s website may include third-party advertisements, banners, links to their websites, and services that are not controlled by the Data Controller, such as a link to the Data Controller’s Facebook profile. The Data Controller is not responsible for the security and privacy of information collected by third parties. You should review the privacy policies applicable to the third-party websites and services you use.

If you provide your data via Facebook, it is understood that you agree to be contacted by the provided phone number or email address to receive service offers.

COOKIES

When you visit the Data Controller’s website, we aim to provide content and features tailored to your needs. To achieve this, cookies are required. Cookies are small pieces of information automatically created while browsing a website and stored on your computer or other device. They help the Data Controller recognize you as a previous visitor to the website, save your browsing history, and customize content accordingly. Cookies also ensure the smooth functioning of websites, allow tracking of website visit duration and frequency, and collect statistical information about the number of website visitors.

Descriptions of Cookies Used on Our Website

Cookie Name Description/Purpose Creation Time Expiration Time Data Used
_ga Used in Google Analytics to distinguish website visitors and track their behavior on the site for statistical purposes. First visit to the site 2 years A unique identifier (ID) assigned to each user anonymously.
_ga_XZZRKNHY70 Used in Google Analytics to track sessions and analyze website usage. It helps collect information about page views and user behavior. First visit to the site 2 years Information about session ID and user behavior on the website.
wp-wpml_current_language Used in the WPML plugin to remember the user’s selected website language. Visit to the site or language change 1 day Information about the user’s selected language (e.g., “lt”, “en”).
moove_gdpr_popup Used to remember the user’s consent for cookie usage and their selected cookie preferences. Upon the user’s first visit to the website 1 year Information about the user’s consent for cookie usage and selected settings

How to Manage and Delete Cookies

When you use a browser to access our content, you can configure it to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so if you are unsure how to change your cookie settings, check the help menu of your browser. Your device’s operating system may also have additional cookie controls.

If you do not want cookies to collect information, use the simple procedure available in most browsers that allows you to decline cookie usage. For more details on how to manage cookies, visit: http://www.allaboutcookies.org/manage-cookies/.

Please note that in some cases, deleting cookies may slow down your browsing experience, limit certain website functions, or block access to the website.

Our website may contain links to other individuals’, companies’, or organizations’ websites. Please note that the Data Controller is not responsible for the content of such websites or their privacy practices. If you follow a link from the Data Controller’s website to another website, you should review the Privacy Policy of that website separately.

FINAL PROVISIONS

Amendments or changes to the Privacy Policy take effect from the date they are published on the Website.

If, after amendments or changes to the Privacy Policy, the Data Subject continues to use the Website and/or the services provided by the Data Controller, it is considered that the Data Subject does not object to such amendments or changes.

CONTACT US

If you have any questions regarding the information provided in this Privacy Policy, please feel free to contact us at info@chestnut.lt.