Privacy policy

1. General provisions

1.1 The controller of your personal data is UAB “Mersona”, company code: 305020337, contact details are provided at
1.2 We care about the protection and privacy of your personal data, therefore, the present Privacy Policy (hereinafter – the Policy) informs you about the processing of personal data, the rights of the data subject, measures for the implementation of personal data protection and other issues related to the processing of personal data.
1.3 The Company collects personal data that the person provides by email, registered mail, fax, telephone, or using the Company’s website voluntarily.
1.4 All personal data received by the Company is collected, stored and processed in accordance with the requirements set forth by the Law on Personal Data Protection of the Republic of Lithuania, General Data Protection Regulation No 2016/679 of the European Union and other legislation of the Republic of Lithuania regulating the protection of personal data.
1.5 The Company ensures that the level of protection of personal data processed by the Company complies with the requirements of the legislation of the Republic of Lithuania.

2. Definitions

2.1. Definitions used in the document:
2.1.1. Personal data – any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is an identifiable person, in particular by reference to a particular identifier, such as name, personal identification number, location and internet identifier, or to one or more signs of physical, physiological, genetic, mental, economic, cultural or social identity;
2.1.2. Data subject – means a natural person from whom the Company receives and processes personal data;
2.1.3. Data recipient – the person to whom the personal data are provided;
2.1.4. Data provision – disclosure of personal data through transfer or otherwise making them available (except for publication in the media);
2.1.5. Data processing – any action taken on personal data: collection, accumulation, storage, record, classification, grouping, combination, amendment (supplement or correction), provision, publication, use, logical and/or arithmetic operations, search, dissemination, destruction or other action or set of actions;

2.1.6. Automatic data processing – data processing operations carried out in whole or in part by automatic means;
2.1.7. Data processor – legal or natural person (who is not an employee of the data controller), authorized by the data controller to process the personal data. Data controller and/or its appointment procedure may be provided in the laws or other legislation;
2.1.8. Data controller – legal or natural person who determines the purposes and means of the processing of personal data alone or jointly with others. Where the purposes of the data processing are laid down by law or legislation, the controller and/or the procedure for its appointment may be laid down in that law or legislation;
2.1.9. Consent – any voluntary, specific and unambiguous expression of the will of a duly informed data subject in a statement or unequivocal act by which he or she consents to the processing of personal data concerning him or her;

2.1.10. Direct marketing – activities aimed at offering goods and services to persons by post, telephone or other direct means and/or seeking their opinion on the goods or services offered;
2.1.11. Third person – legal or natural person, except the data subject, data controller, data processor and persons directly authorised by the data controller or data processor to process the data;
2.1.12. Other definitions used in the present Policy are understood as they are defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legislation regulating the processing of personal data.

3. What are the principles of personal data processing?

3.1. When processing the personal data, the Company follows these principles:
3.1.1. The Company processes personal data only for the lawful purposes defined in the Policy;
3.1.2. The personal data is processed accurately, fairly and lawfully in accordance with legal requirements;
3.1.3. The Company processes personal data in such a way that personal data is accurate and is constantly updated in the event of a change;
3.1.4. The Company processes personal data only to the extent necessary to achieve the purposes of personal data processing;
3.1.5. The personal data are kept in a form that permits identification of data subjects for no longer than it is necessary for the purposes for which the data were collected and for which they are processed.
3.1.6. The personal data of the data subject may be disclosed only to the Company’s employees with the relevant competence and/or third parties who have been hired by the Company to provide the service, and only in cases when it is necessary to provide the service.
3.2. The Company respects the privacy of the Data Subject and undertakes to comply with the data protection principles of the Data Subject set out in the present Policy at all times.

4. What are the data processing purposes?

4.1. Personal data is processed and used depending on the purposes for which the Data Subject provided it to the Company or for other purposes approved by the Data Subject.
4.2. Purposes of the personal data use of the Data Subject:
4.2.1. The processing and administration of the purchase (order) of services performed by the Data Subject;
4.2.2. The identification of the Data Subject in the Company’s information systems;
4.2.3. The identification of the Data Subject by logging in to account on the Company’s website (when the Company provides such an option);
4.2.4. The issuance and submission of purchased (ordered) service coupons, confirmations, invoices and other financial documents;
4.2.5. The settlement of issues related to the performance of the contract;
4.2.6. The contacting of Data Subject if the conditions of the goods or services purchased by the Data Subject change;
4.2.7. The fulfilment of other contractual obligations;
4.2.8. The direct marketing purposes;
4.2.9. The security, health, administrative, crime prevention disclosure and legal purposes;
4.2.10. The business analytics and general research that improves the quality of goods or services;
4.2.11. The contacting of Data Subject for the purpose of receiving customer feedback on the purchased services;
4.2.12. The person assessment for the position, contact with the respective candidate, etc.;
4.2.13. The audit.
4.3. By voluntarily submitting his/her personal data to the Company, the Data Subject confirms and voluntarily agrees that the Company can manage and process the personal data of the Data Subject in accordance with the present Policy, applicable laws and other regulatory enactments.
4.4. The Company undertakes do not disclose personal data information to third parties without the consent of the Data Subject, except for ensuring the proper performance of the contract or other services related to the proper performance of the services ordered by the Data Subject. The Company may also transfer the personal data of the Data Subject to third parties acting on behalf of the Company as Data Processors. The personal data may be provided only to the Data Processors with whom the Company has signed the relevant Data Processing agreements. The Data Subject is deemed to be informed about it, agrees to it and the Company does not accept liability for damage arising from the use of the Data Subject’s data by third parties to the extent permitted by law. In all other cases, the personal data of the Data Subject may be disclosed to third parties only in accordance with the procedure provided for by the legislation of the Republic of Lithuania.

5. What personal data we process?

5.1. Personal information collected by the Company: name, surname, code, telephone number, email address of the data subject, name of the company on whose behalf he/she acts, information on the goods and services acquired by the data subject (their quantities, purchase dates, prices of acquired services, purchase history), the login name and password of the Data Subject in encrypted form on the Company’s website (if the Company provides such an option). The Company’s website may collect certain information about the Data Subject’s visit, for instance: internet protocol address (IP) through which the Data Subject accesses the Internet; date and time of the Data Subject’s visit to the Company’s website; other websites that the Data Subject visits while on the Company’s website; used browser; information about the Data Subject’s computer operating system; mobile application versions; language settings, etc.

If the Data Subject uses a mobile device, data may also be collected to identify the type of mobile device, the settings of the device, and the geographical (longitude and latitude) coordinates. This information is used to improve the Company’s website, analyse trends, improve products and services and administer the Company’s website. The Data Subject provides this data voluntarily by using the services provided by the Company, becoming a registered user of the Company’s website or visiting the Company’s website.
5.2. The personal data information collected by the Company may be any personal data information not specified above in the present Clause, but voluntarily provided to the Company by the data subject or otherwise received and lawfully processed by the Company.

6. What are the rights of the personal data subject?

6.1. Data subject rights and their implementation means:
6.1.1. to be aware of the collection of his/her personal data. The Data Subject has the right to access his or her personal data;
6.1.2. to access his/her personal data and know how they are processed. The Data Subject has the right to apply to the Company with a request to provide information what his / her personal data is processed and for what purpose;
6.1.3. to require the rectification or destruction of his/her personal data or the suspension of the processing of his/her personal domains;
6.1.4. to obtain his/her provided data in a readable structured form, if it meets the criteria defined by law;
6.1.5. the Data Subject has the right to refuse the data processing when the optional data are processed. If the Data is processed for direct marketing purposes, the Data Subject may object to such Processing (the right to object). Upon receipt of a request to terminate the processing of optional personal data, the Company must immediately terminate such processing, unless it is contrary to the requirements of legislation, and inform the person thereof;
6.1.6. to revoke any consent given by the Data Subject when registering or using the services provided by the Company at any time. Such revocation will not affect the lawfulness of the Data Processing carried out prior to the revocation and based on the consent given;
6.1.7. to refuse the provision of personal data;
6.1.8. to file a complaint to the supervisory authority if the rights of the Data Subject are violated;

7. What are cookies and what they are used for?

7.1. The Company’s website uses data analysis management tools – cookies.
7.2. By using the Company’s website, the Data Subject agrees to the storage of cookies of the Website in the Data Subject’s computer (device).
7.3. The cookies are small amounts of data that a website places on the Data Subject’s computer. Websites have no memory. When the Data Subject browses different web pages, the Data Subject will not be recognized as the same user. The cookies allow the website to recognize the Data Subject’s browser. The main purpose of cookies is to remember the Data Subject’s preferences, for instance, the preferred language of the website. The cookies also help to identify the Data Subject when returning to the same website. They help to adapt the website to personal needs.

The cookies cannot be used to run programs or transfer viruses to the computer. The cookies are intended for the Data Subject only and can only be read by the web server of the domain that sent the cookie to the Data Subject. One of the main purposes of cookies is to provide a convenient function and save the Data Subject’s time.

For instance, If the Data Subject uses the website for personal needs or browses the website, cookies will help the website to remember specific information later. This makes it easier to present relevant content, navigate the website easier, etc. Upon returning to the website, the Data Subject can find his/her previously provided information, thus facilitating the use of the already adapted functions of the website.

7.4. The processing of data with the help of cookies does not allow the direct or indirect identification of the user.
7.5. These types of cookies may be used in the Company’s website:
7.6. Technical cookies: with their help the Company strives to provide an advanced and easy-to-use website that automatically adapts to visitors’ wishes and needs.
7.7. Functional cookies: they make it possible to remember the choices made by the Data Subject and to use the website effectively.
7.8. Analytical cookies: they help to understand how the Company’s visitors use the Company’s website, discover the weak and strong parts of the website, as well as optimize the work of the website.
7.9. Commercial cookies: the Company uses these cookies to place the Company’s advertisements on other websites.
7.10. Each time the Data Subject visits the Company’s website, he/she may accept or refuse the use of cookies, but in the latter case the Company cannot guarantee the quality of the website browsing. Most internet browsers accept cookies automatically, but if the Data Subject wishes, the browser can be easily modified do not accept them.

Therefore, The Data Subject has the possibility to delete some or all cookies from his/her computer at any time or to block them by using a web browser on his/her computer. If cookies are blocked, some parts of the Company’s website may not function or function properly for the Data Subject due to technical reasons.
7.11. No personal data of the customer is collected through cookies.
7.12. No information is provided to any third parties during the storage of the necessary cookies.

8. Third party websites

8.1 The Company is not liable for ensuring the Customer’s privacy on third party websites, even in cases where the Customer accesses third party websites using the links on this website. The Company recommends reading the privacy terms of each non-Company website.

9. Assurance of information security

9.1 The Company’s goal is to ensure the highest possible security of all information received from the Customer and from public data files. The Company uses appropriate legal, administrative, technical and physical security measures to protect this information from unauthorized access, use, copying, accidental or unlawful destruction, alteration, or disclosure, as well as from any other unlawful processing.

10. Final provisions

10.1 The law of the Republic of Lithuania applies to the provisions of the present Privacy Policy. All disputes arising out of the present Privacy Policy provisions will be settled through negotiations. If the parties fail to agree, they will be settled at the courts of the Republic of Lithuania.
The definition “this website“ in the provisions of the present Privacy Policy is the reference to