Privacy Policy
Updated: 2026 - 02 - 19
UAB NORDIKA PREKYBOS SLĖNIS PRIVACY POLICY
GENERAL PROVISIONS
1. UAB “Nordika prekybos slėnis”, legal entity code 303091887 (hereinafter referred to as “NØRDIKA”), protects your privacy, seeks to ensure the security of your personal information and complies with the applicable legislation of the Republic of Lithuania and the European Union regulating the processing of personal data.
2. This privacy policy (hereinafter referred to as the “Privacy Policy”) is intended to provide for the basic measures for the processing of your personal data, the exercise of the data subject’s rights, technical and organisational data security measures, ensuring compliance with and implementation of the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as the “LPPD”), the Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”), as well as with any other laws and regulations on the protection of personal data.
3. This Privacy Policy does not apply to links to third-party websites on the website www.nordika.lt (the “Website”), and we recommend that you consult the privacy policies or rules of those websites separately.
4. By continuing to visit this Website and/or use the information and/or services available on this Website, you acknowledge and confirm that you have read, understood and agree to this Privacy Policy.
CONNECTIONS
5. Data subject – means a natural person whose personal data is processed by NØRDIKA.
6. Personal Data means any information relating to a natural person, the Data Subject, whose identity is known or can be identified, directly or indirectly, by reference to data such as a personal identification number, one or more physical, physiological, psychological, economic, cultural or social characteristics specific to that person.
7. Processing of Personal Data means any act or combination of acts performed on Personal Data, such as collection, recording, accumulation, storage, classification, grouping, aggregation, alteration (addition or correction), provision, disclosure, use, logical and/or arithmetical operations, retrieval, dissemination, destruction, or any other act or set of acts.
8. Customer – means a person who visits NØRDIKOS and/or NØRDIKOS Website and uses the services offered and/or provided by NØRDIKOS.
THE PURPOSES OF PROCESSING YOUR DATA
9. NØRDIKA may process the following personal data about you:
9.1. for direct marketing purposes (sending newsletters), to offer or inform you about services and/or products provided by NØRDIKOS (alone or together with its partners), promotions, discounts, organised events, to congratulate you on national and/or personal holidays, to offer you the opportunity to participate in organised games and competitions. For the purpose of direct marketing, NØRDIKA processes the following data: name, email address, telephone. NØØR Norway also usescookieson the Website for direct marketing purposes.
9.2 For the purposes of administering enquiries, i.e. to respond to your enquiries and/or complaints and to communicate with you by email, in writing, by telephone or in social networks, NØRDIKA processes the data you provide to us, such as your name, surname, email address, address (if the enquiry is sent by post), the content of the correspondence and any other information you provide to us.
9.3 For the purposes of organising competitions or other promotions, NØRDIKA may process your data necessary to participate in the organised competitions. As a general rule, the following data may be collected: your name, surname, email address, telephone number, etc. These data are necessary to contact you in the event of winning a competition and to collect the winnings.
9.4 For security purposes, in order to ensure the safety of you and all visitors, customers, employees and other natural persons and property on NØRDIKA’s premises and grounds, video surveillance is carried out on NØRDIKA’s premises and grounds. The detailed rules on video surveillance are available on the NØRDIKA website.
SOURCES OF PERSONAL DATA
10. NØRDIKA receives and collects personal data from the following sources:
10.1 The data processed for the purpose of direct marketing is obtained directly from the data subject when you register on the NØRDIKA Website (either by filling in the form provided on the NØRDIKA Website or by filling in the paper forms or questionnaires prepared and printed by NØRDIKA) or by contacting NØRDIKA and submitting your personal data for registration. NØRDIKA only processes personal data for direct marketing purposes with your prior consent, i.e. newsletters can only be sent to you with your consent, which you give by entering your data in the newsletter order form on the Website or by filling in paper forms or questionnaires prepared and printed by NØRDIKA. You will always have the opportunity to unsubscribe from newsletters by using the unsubscribe link provided in each newsletter, and consent may also be withdrawn at any time by contacting NØRDIKA in writing at the contact details provided in this Privacy Policy.
10.2 Data processed for the purposes of administering enquiries is obtained directly from the Data Subject when you contact NØRDIKA by email, telephone, in person or on social networks and transmit your data to NØRDIKA. By providing NØRDIKA with your data, you consent to its processing.
10.3 Data processed for the purposes of organising competitions or other promotions is obtained directly from the Data Subject when you participate in the organised game, i.e. by submitting your data on NØRDIKOS social networks, by email or by filling in the competition flyer. By submitting your data to NØRDIKA, you consent to its processing. If you do not provide the data required for participation in the competition, you will not be able to participate in the competition. In order to ensure the transparency of the competitions, the winners are announced publicly and your consent to the public announcement of the winners is expressed when you agree to participate in the competition.
PROCESSING OF PERSONAL DATA
11. NØRDIKA complies with the principles of fairness, purposefulness and proportionality when processing your personal data and does not accumulate or process excessive data.
12. NØRDIKA, when processing your personal data, complies with the ADTAA and other applicable legislation on the protection of personal data, this Privacy Policy and its own internal regulations.
13. Personal data in NØRDIKOJA is accurate and, where necessary for the processing of personal data, is kept up to date. Personal data shall be corrected and updated as soon as the data subject notifies us of a change.
14. Personal data shall be processed by NØRDIKOJ only by those persons for whom the data is necessary for the performance of their job functions:
- Persons responsible for implementing NØRDIKA’s marketing policy and direct communication with NØRDIKA’s customers.
- Persons responsible for information technology service and support.
- Persons responsible for managing and resolving incidents occurring on NØRDIKOS-managed premises, and for dealing with complaints made by visitors to NØRDIKOS or its website.
DATA SECURITY AND STORAGE PROCEDURES
15. Your Personal Data obtained in accordance with the procedure set out in the Privacy Policy shall be stored in the NØRDIKOS database for a period of no longer than 5 years from the date of receipt of the data or the date of the last update of such data. After the expiry of the retention period, the stored data shall be deleted from the database, except for the data that must be handed over to public archives in the cases prescribed by law.
16. NØRDIKA shall ensure that appropriate organisational and technical measures are in place to protect your personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing. NØRDIKA’s authorised persons or employees shall observe the principle of confidentiality and shall keep secret any information relating to your personal data of which they have become aware in the performance of their duties, unless such information is public pursuant to the provisions of applicable laws or regulations. The confidentiality principle must be respected by staff members even after the termination of their employment.
17. Staff members performing personal data processing functions shall take measures to prevent the accidental or unlawful destruction, alteration, disclosure or any other unlawful processing of personal data by storing media containing personal data properly and securely and avoiding unnecessary copying.
18. The NØRDIKA website has been designed to limit to a minimum the access of public search engines and search engine robots to the personal data stored.
YOUR RIGHTS AND HOW TO EXERCISE THEM
19. You have the following rights:
- the right to know about the processing of your personal data;
- the right of access to your personal data;
- the right to have inaccurate personal data rectified;
- the right to have your personal data erased;
- the right to transfer data;
- other rights of data subjects provided for in the DPAA, GDPR and other legal acts.
20. As the controller of the personal data, NØRDIKA takes all measures necessary to ensure that you can exercise all your rights. Upon your written request, upon presentation of proof of identity, you have the right to have access to the personal data collected and stored about you and how these data are processed. The personal data shall be made available no later than 30 calendar days from the date of your request. You may be charged a fee for searching the data in accordance with the requirements of the legislation of the Republic of Lithuania.
21. Your right to request the rectification, destruction and suspension of the processing of your personal data shall be exercised by submitting a written request to NØRDIKAI by post or email, if the Data Subject can be identified. Upon receipt of such a request, NØRDIKA shall immediately verify the Personal Data and, at your request, correct any incorrect, incomplete or inaccurate Personal Data no later than 30 days from the date of the request.
22. Your right to transfer the personal data processed shall be exercised if the personal data are processed by automated means at NØRDIKA. Upon your written request, NØRDIKA shall, within 30 days at the latest, provide you with the personal data in a structured, commonly used and computer-readable format by e-mail, in accordance with your request, or provide a reasoned refusal to transfer the data. At your request and where technically feasible, NØRDIKA shall transmit the personal data directly to the other data controller indicated by you.
23. NØRDIKA shall ensure that all necessary information is provided to you in a clear and understandable manner.
24. NØRDIKA shall notify you without delay, and at the latest within 5 working days, of the rectification or destruction of Personal Data that has or has not been carried out at your request.
25. All your rights as a data subject shall be exercised in accordance with the provisions of the ADTAA, the GDPR and other legal acts.
26. Persons who have provided data shall be liable for false, erroneous or incorrect provision of data in accordance with the procedure provided by the laws of the Republic of Lithuania. NØRDIKA has no obligation to verify and does not verify the veracity or conformity of the data provided by the persons on its own initiative.
TRANSFER OF PERSONAL DATA
27. Personal Data may only be provided to Data Recipients/Processors with whom NØRDIKA has signed appropriate agreements for the transfer/processing of Personal Data and the Data Recipient/Processor ensures adequate protection of the Personal Data transferred. Personal Data may also be transferred to third parties in other cases and in accordance with the procedure provided for in the laws and regulations of the Republic of Lithuania.
28. NØRDIKA does not use, store or disclose sensitive personal information, such as information about health, racial origin, religious beliefs or political opinions, without the Data Subject’s explicit consent, except as required or permitted by law.
USE OF COOKIES
29. In order to improve and ensure the effective use of the Website, please be advised that the use of the Website involves the use of “cookies”, i.e. the collection of information for the purpose of calculating the Website’s traffic (collecting statistical information). The information collected by cookies allows us to improve and provide content on the Website that is relevant to the interests of users, to analyse traffic and to improve our services and customer service.
30. The website uses Google, Inc. (“Google”) provides the web analytics program Google Analytics. Google Analytics uses cookies, which are text files placed on your computer or other device. The website uses Adform and Facebook cookies for marketing purposes, which enable us to provide you with personally tailored promotional material.
31. Most browsers accept cookies by default. However, you can change your browser settings to notify you when a cookie is activated or updated, to select which cookies are allowed and which are not allowed, or to set all cookies to be blocked. Please note that in this case, you may need to manually change some browser options each time you visit the Website and some features of the Website may not work. To learn more about cookies, such as how to manage or delete them, you can visit www.allaboutcookies.org, and you can also read the guidelines of the State Inspectorate for Personal Data at http://ada.lt/images/cms/File/naujienu/slapuk_DS.pdf.
TRANSMISSION OF INFORMATION
32. Requests or questions concerning the processing of personal data addressed to NØRDIKAI should be sent to the e-mail address info@nordika.lt or to the address of UAB “Nordika prekybos slėnis”, Vikingų g. 3, Vilnius.
33. NØRDIKA, upon receipt of your request regarding the processing of your personal data, will provide a response no later than within 30 calendar days from the date of the request.
FINAL PROVISIONS
34. This Privacy Policy shall come into force on 12 June 2018.Any changes to this Privacy Policy will be posted and publicly visible on the Website www.nordika.lt.
35. This Privacy Policy shall be reviewed periodically, but at least once every 2 years or in the event of a change in the legislation governing the processing of personal documents, and updated as necessary.
DESCRIPTION OF THE PROCEDURES FOR VIDEO SURVEILLANCE, MAINTENANCE AND PROVISION OF VIDEO RECORDINGS
I. GENERAL PROVISIONS
1. This Video Surveillance, Supervision and Provision of Video Recordings Procedure (hereinafter referred to as the “Procedure”) regulates the procedure for submitting a notification of video surveillance, the scope of the video surveillance, the procedure for supervision and provision of video recordings, the procedure for granting, deleting and changing access rights and powers to process personal data, the procedure for managing and responding to data breaches and data security violations, and the procedure for exercising the rights of the data subjects and for handling requests of UAB “Nordika Obchodėnis” (“Nordika Trade Valley”).
2. Purpose of the processing of video data – video surveillance is carried out on NØRDIKOS premises and grounds to ensure the security of NØRDIKOS employees, tenants and their employees, customers and the premises and the property and documents therein.
3. The description has been drawn up in accordance with:
3.1. the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as “LPPD”);
3.2. the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”);
3.3. other legal acts of the Republic of Lithuania regulating the safe management of personal data and the lawfulness of their processing.
4. Terms used in the description:
4.1. Data Controller – the controller of the video data obtained by means of video surveillance is UAB “Nordika prekybos slėnis”, legal entity code 303091887, registered office address: – Vikingų g. 3, Vilnius.
4.2 Data Processor – a third party processing personal data on behalf of the Data Controller.
4.3 Data Subject – means a natural person whose personal data is processed by NØRDIKA.
4.4 Other terms used in this Description shall have the meaning as defined in the ADTAA and other legal acts.
II. PROCEDURE AND SCOPE OF VIDEO SURVEILLANCE
5. A person appointed by the Director of NØRDIKOS (hereinafter referred to as the “Responsible Person”) shall be responsible for the maintenance of the CCTV system within the territory and premises of NØRDIKOS.
6. 50 CCTV cameras are installed in NØRDIKA’s grounds and premises. Video surveillance is ongoing:
6.1. in the following area: around the perimeter of the building (by the ramps), in the parking lots at Vikingų str. 3, Vilnius.
6.2. in the following areas: in the aisles (corridors) of the shopping centre, at the entrances to the shopping centre, at Vikingų str. 3, Vilnius.
7. The following information shall be clearly and appropriately displayed in NØRDIKA’s premises and in the area where video surveillance is carried out:
7.1. a video surveillance sign with the words: “CCTV area”;
7.2. contact information: ‘UAB “Nordika prekybos slėnis”, company code 303091887, Address Vikingų g. 3, Vilnius’;
8. Video surveillance shall not be carried out over more of NØRDIKA’s premises and territory than is necessary to ensure the security of persons working at NØRDIKA, its customers and the premises and territory, and the property and documents contained therein.
9. Indoor video surveillance is indicated by notices on the doors when entering the monitored premises (i.e. when entering the surveillance area).
10. Video surveillance is prohibited in NØRDIKOS premises where the data subject has a reasonable expectation of absolute privacy and where such surveillance would be degrading to human dignity (e.g. toilets, etc.).
III. PROCEDURE FOR GRANTING, DELETING AND AMENDING ACCESS RIGHTS AND AUTHORISATIONS TO PROCESS PERSONAL DATA
11. Employees and/or Data Processors may only process personal data after they have been granted access rights.
12. Access rights to personal data shall be granted to those persons who need the personal data to perform their functions.
13. Access rights shall only be granted, modified or revoked by order of the Director of NØRDIKOS or the Responsible Person, which shall specify: the name, title and access rights to be granted or revoked.
14. Access rights may be granted to a person upon signed acknowledgement of this Schedule and information on how to properly comply with the requirements for the processing of personal data.
15. Upon termination of the employment or other contractual relationship, access rights shall be terminated.
IV. VIDEO SURVEILLANCE PROCEDURES
16. The retention period for image data on digital media is between 14 and 60 calendar days.
17. The responsible persons referred to in point 8 of the Description shall ensure that, after the expiry of the retention period of the image data, the image data are automatically overwritten, thereby erasing the oldest period of data.
18. The responsible person shall ensure that unauthorised persons do not have access to the personal video data being processed: all video surveillance management devices shall be locked in separate rooms, and the manufacturer’s standard logins and passwords shall be changed. Access to the premises where the video surveillance management equipment is located is granted to the persons responsible for the maintenance of the video surveillance system (hereinafter referred to as “Employees”) or to the designated Data Processors authorised by the Director of NØRDIKOS or by order of the Responsible Person.
V. PROCEDURES FOR MANAGING AND RESPONDING TO DATA BREACHES
19. If the responsible person or another NØRDIKOS Employee becomes aware that personal data processed by him/her have been accessed or are about to be accessed by persons who do not have the right to process the personal data processed, he/she shall:
19.1. immediately take all feasible measures to terminate the unauthorised access to the personal data being processed;
19.2. immediately inform the Responsible Person or the Director of NØRDIKOS thereof.
20. If it appears that personal data being processed have become accessible to persons who are not authorised to process personal data, the Employee or Data Processor shall immediately inform the Responsible Person, who shall record the incident in the “Security Incident Log”.
21. In the event of loss of personal data due to force majeure, the person(s) responsible for the maintenance and servicing of the equipment in which the personal data are stored and processed shall take measures to recover the lost personal data as soon as technically feasible.
VI. PROCEDURE FOR THE EXERCISE OF THE DATA SUBJECT’S RIGHTS
22. Data subjects have the following rights:
22.1. the right to know (be informed) about the processing of their personal data by NØRDIKOJ;
22.2. the right to have access to their personal data processed by NØRDIKOJA and how they are processed;
22.3. the right to have his/her personal data rectified, destroyed or to have his/her personal data processed, except for storage, suspended where the processing is not in accordance with the provisions of the GDPR and the legislation;
22.4. the right to object to the processing of their personal data where such personal data are processed in the cases set out in Article 5(1)(5) and (6) of the GDPR.
23. The right of data subjects provided for in sub-paragraph 22.1 of the Description shall be exercised by providing data subjects with information about the processing of their personal data:
23.1. on the NØRDIKOS website www.nordika.lt;
23.2. by affixing information stickers on video surveillance in the territory of NØRDIKOS;
23.3. during communication with the data subject in the manner in which the data subject contacts Nordika Trade Valley UAB, unless the data subject already has such information or the laws and regulations specify the procedure for collecting and providing such data and the recipients of the data.
24. In order to exercise their rights provided for in sub-paragraphs 22.2-22.4 of the Description, Data Subjects shall submit a written request (hereinafter referred to as the Request) to NØRDIKAI in person, by post, by courier or by e-mail.
25. In accordance with the DPAA and this Regulation, the data subject must be given the right to view the video recordings.
26. At the request of the Data Subject, photographs of the video recording may be provided, or a video recording may be provided on the media provided by the Data Subject (i.e. the Applicant) or on the media of NØRDIKOS, if such a recording is stored.
27. When submitting a Request, the data subject must confirm his or her identity, i.e. provide a personal identification document. If the Request is submitted by post or e-mail, a copy of the personal identification document certified in accordance with the procedure established by the legislation of the Republic of Lithuania, if the Request is submitted through a representative, a copy of the personal identification document certified in accordance with the procedure established by the legislation of the Republic of Lithuania, together with a copy of the document confirming the representation (or a copy of the power of attorney certified in accordance with the procedure established by the legislation of the Republic of Lithuania).
28. Upon receipt of a Data Subject’s Request for Video Recording and if it is established that the video recording includes third parties other than the Data Subject, the Data Controller shall provide the video recording to a person authorised by the Processor, who shall use software to depersonalize (obscure) the third parties visible in the video recording.
29. Video recordings may be allowed to be viewed and, if necessary, handed over to law enforcement authorities. In the case of such a one-off submission, the Data Subject’s Request must be made in accordance with Article 6 of the Law on the Legal Protection of Personal Data.
30. Video viewing must take place indoors. The following shall be entitled to attend the screening:
30.1. the data subject;
30.2. a responsible employee of NØRDIKOS and/or a representative of the data processor;
30.3. representatives of law enforcement authorities.
VII. COMMUNICATION OF INFORMATION
31. Requests addressed to NØRDIKAI regarding the processing of personal data should be sent to the e-mail address info@nordika.lt or to the address of UAB “Nordika prekybos slėnis”, Vikingų str. 3, Vilnius.
VIII. PROCEDURE FOR HANDLING REQUESTS FROM DATA SUBJECTS
32. As the controller of the personal data, NØRDIKA shall take all measures necessary to ensure that the data subject has the possibility to exercise all his or her rights. The data subject shall have the right, upon written request and on production of a document proving his or her identity, to access the personal data collected and stored concerning him or her and how such data are processed. The personal data shall be made available no later than 30 calendar days from the date of the request. A fee may be charged for the retrieval of the data, in accordance with the requirements of the legislation of the Republic of Lithuania.
33. The right of the Data Subject to request the rectification, destruction and suspension of the processing of his/her personal data shall be exercised by submitting a written request to NØRDIKAI by post or e-mail, if the Data Subject can be identified. Upon receipt of such a request, NØRDIKA shall immediately verify the personal data and, at the request of the Data Subject, correct any incorrect, incomplete or inaccurate personal data no later than 30 days from the date of the request.
34. The right of the data subject to transfer the personal data processed shall be exercised if the personal data are processed by automated means at NØRDIKOJ. Upon written request by the data subject, NØRDIKA shall, at the latest within 30 days, provide the data subject with the personal data in a structured, commonly used and computer-readable format, on a physical medium or by electronic mail, in accordance with the data subject’s wishes, or shall provide a reasoned refusal to transfer the data, or shall provide a reasoned refusal to do so. At the request of the data subject, and where technically feasible, NØRDIKA shall transmit the personal data directly to the other controller indicated by the data subject.
35. NØRDIKA shall promptly inform the data subject, at the latest within 5 working days, of the rectification or destruction of the Personal Data, whether or not carried out at his/her request.
36. The request may be refused in cases provided for by law, where it is necessary to ensure:
36.1. national security or defence;
36.2. public order, prevention, investigation, detection or prosecution of criminal offences;
36.3. important economic or financial interests of the State;
36.4. the prevention, investigation and detection of breaches of official or professional ethics;
36.5. the protection of the rights and freedoms of the data subject or other persons.
37. NØRDIKA, when refusing to comply with the data subject’s request to exercise the rights set out in sub-paragraphs 22.1-22.4 of the Description, shall provide the data subject with the grounds for such refusal and shall indicate the procedure for appealing against the refusal to provide information.
38. The data subject shall have the right to complain against the actions (inaction) of NØRDIKOS to the State Data Protection Inspectorate.
39. When exercising the rights of the data subject, NØRDIKA must ensure that the right to privacy of others is not infringed.
Tvarkyti sutikimą
Funkcinis Always active
Techninė saugykla arba prieiga yra griežtai būtina siekiant teisėto tikslo – sudaryti sąlygas naudotis konkrečia paslauga, kurios aiškiai paprašė abonentas arba naudotojas, arba tik tam, kad būtų galima perduoti ryšį elektroninių ryšių tinklu.
Parinktys
Techninė saugykla arba prieiga yra būtina teisėtam tikslui išsaugoti nuostatas, kurių neprašo abonentas ar vartotojas.
Statistika
Techninė saugykla arba prieiga, kuri naudojama tik statistiniais tikslais.
Techninė saugykla arba prieiga, kuri naudojama tik anoniminiais statistikos tikslais. Be teismo šaukimo, jūsų interneto paslaugų teikėjo savanoriško įsipareigojimo ar papildomų įrašų iš trečiosios šalies, vien šiuo tikslu saugoma ar gauta informacija paprastai negali būti naudojama jūsų tapatybei nustatyti.
Rinkodara
Techninė saugykla arba prieiga reikalinga norint sukurti naudotojo profilius reklamai siųsti arba sekti vartotoją svetainėje ar keliose svetainėse panašiais rinkodaros tikslais.