Privacy Policy

General Provisions

RNDV logistics JSC, entity code 302561405, entity address: Baltijos pr. 8B, LT- 94180 Klaipėda, (hereinafter referred to as the Company) recognizes that the protection of personal data is important for our customers, suppliers, partners and other persons whose personal data we process (hereinafter referred to as the Data Subjects), and, therefore, is extremely responsible and careful in matters related to the protection of personal data and takes all necessary measures to ensure the security of the privacy of the data subjects.

This Privacy Notice sets out how the Company processes the personal data of data subjects, including what personal data is processed, how it is collected and further processed, how long it is stored, to whom it is provided, what rights data subjects have and where to go to exercise those rights, or any other matters relating to the processing of personal data.

This Privacy Notice is based on the following legislation: 

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR or Regulation).
• Law on the Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as the LPPD).
• Law on Electronic Communications of the Republic of Lithuania. 

How do we collect your data?

How we collect your data depends on the services we provide to you or the nature of our cooperation. 

The Company processes data: 

1. received directly from the Data Subject (you), such as when you send us enquiries or messages to the contacts provided, purchase cars from us and enter into sales contracts, or send us your CV when applying for vacancies; 

2. which are generated when you use the Company’s services, e.g. when you use the Company’s network and services, i.e. when you make a phone call, send an SMS, surf the internet, visit the Company’s website at www.sprintline.eu, send requests via social networks, e.g. Facebook platform, etc;
3. from other sources, e.g., where appropriate, from other institutions or companies, i.e. banks, publicly available registers, credit bureaus (e.g. Creditinfo JSC), insurance companies, employment services, etc;
4. when we receive your personal data from other persons, in accordance with the procedure established by legal acts and/or this Privacy Policy.

For what purposes and what personal data do we process? 

We process your personal data for the following purposes:

Purpose of data collection	Legal basis for data collection	Description of categories of personal data	Data retention periods
Drawing up and executing car sales contracts with customers	Contract performance GDPR Section 6(1)(b)	Name, surname, personal identification number, telephone, place of residence, bank details, ID number, VAT number, email, content of correspondence and information contained therein, driving licence number, image (e.g. photo from a driving licence), car body identification number (VIN), registration number and engine number. Other data collected – entity code, copy of the ID/passport of the manager/client of the legal entity, registration certificate of the legal entity, documents of the legal entity proving that the company is engaged in the automotive trade, a report prepared by Creditinfo JSC.	10 years after conclusion of the contract
Test drive	Contract performance and contract GDPR Section 6(a) and (b)	Name, surname, personal identification number, driving licence number, other information needed to conclude the contract.	10 years
Accounting for customer invoices	Legitimate interest GDPR Section 6(1)(f)	Name, surname, telephone number, home address, bank details, ID number, personal ID number, and email address.	10 years
Order execution analytics	Contract performance GDPR Section 6(1)(b)	Client’s name, legal entity code (name, surname, personal identification number if a natural person), and address.	5 years
Debt administration	Legitimate interest GDPR Section 6(1)(f)	Name, surname, telephone number, address of place of residence, bank details, identity document number, individual activity certificate number, personal identification number, VAT number, and email address.	10 years
Dealing with complaints and enquiries	Legitimate interest GDPR and 6(1)(f)	Contact details, content of the application.	5 years after the reply to the request
Advertising and audience building on social networks	Legitimate interest GDPR and 6(1)(f)	User name, surname, email address, profile picture, gender.	Remains on the social network
Sending newsletters for direct marketing purposes	Consent, Legitimate interest GDPR and 6(1)(a), (f)	Email address, newsletter readership statistics, number of opens, time, date.	Until withdrawal of consent or 3 years
Selection of candidates for vacant posts	Consent, Legitimate interest GDPR and 6(1)(a), (f)	Name, surname, date of birth, education, work experience, contact details, curriculum vitae, date of CV submission, interests, aptitude test results.	1 month after the end of the selection, and if a candidate’s appointment for post-selection data retention is received, 2 years after the end of the selection
Filming of the company’s premises for asset protection, incident prevention and investigation purposes	Legitimate interest GDPR and 6(1)(f)	All the information was obtained by filming the person, without audio recording. Videos are reviewed in the event of incidents, theft or other criminal offences to protect the interests of victims.	14 days, unless the data are used as evidence in incident investigations or pre-trial investigations

Consequences of failure to provide data

You have the right to refuse to provide your personal data, however, the provision of your personal data is necessary and indispensable for the purposes set out in this Privacy Notice and your failure to provide your personal data may result in the Company being unable to fulfil the purposes set out.

Who do we provide your data to?

For the processing of data, the Company only uses data processors that ensure compliance with the GDPR and the same level of security of personal data as set out in the Company’s Personal Data Policy. 

Here is a list of the categories of data recipients used by the Company:

1. To companies within the Company’s group of companies, insofar as this does not conflict with the requirements of mandatory legislation applicable to us.

2. To our professional advisers and auditors.
3. To banks.
4. To law enforcement authorities or medical institutions in the event of an unfortunate incident (e.g. accident), upon their request or on the Company’s initiative, if compensation is required or if there is a suspicion that a criminal offence has been committed, as well as courts and other dispute resolution authorities, tax authorities.
5. To bailiffs, providers of legal and/or debt recovery services, assignees of debt; managers of joint debtor files.
6. To companies providing data centre, hosting, cloud, website administration and related services, companies developing, delivering, supporting and developing software, companies providing IT infrastructure services, companies providing communication services.
7. To companies providing advertising and marketing services.
8. To companies providing archiving, physical and/or electronic security, asset management and/or other business services; 
9. To other third parties in connection with the sale, merger, acquisition or reorganisation of all or part of our business or similar changes.
10. In accordance with the procedures provided for by law, for public authorities: the State Tax Inspectorate, the Centre of Registers, the Board of the State Social Insurance Fund (Sodra), the Employment Service, etc.

Transfer of data to third countries

We recommend that you also read the privacy notices provided by our partners:

Privacy notices from social network administrators: 

Facebook: https://lt-lt.facebook.com/privacy/explanation; 

Facebook Cookie Policy: https://lt-lt.facebook.com/policies/cookies/;

Linkedin: https://www.linkedin.com/legal/privacy-policy.

How do we protect your data?

In order to ensure a level of security appropriate to the risks involved in the processing of data, the Company has put in place appropriate technical and organisational measures. The Company follows ENISA guidelines, good information security practices, guidelines and recommendations issued by the DPAI when selecting and implementing appropriate technical and organisational measures to ensure the security of data processing.  

What rights do you have?

In accordance with the GDPR, you as a data subject may exercise the following rights: 

1. Right of access to personal data. This means requesting information on whether your personal data is being processed and, if your personal data is being processed, the right of access to your personal data.

2. Right to rectification of personal data. This means that you can request the rectification of your personal data if you find that the personal data, we process is incorrect, incomplete or inaccurate.

3. The right to erasure (‘right to be forgotten’). This means that you can request the erasure of your personal data if you believe that your data is being processed unlawfully or fraudulently.

4. Right to restrict processing. i.e. to request restriction (suspension) of the processing of your personal data, except for storage – in case, e.g., you request correction of your personal data (pending the verification of the accuracy of the personal data and/or its correction), it is found that the personal data are being processed unlawfully and you do not consent to the deletion of the data, you have expressed your disagreement with the processing of your personal data etc. 

5. Right to data portability. That is, to request the transfer of your personal data processed by automated means to you and/or to another controller in a structured, commonly used and computer readable format.

6. Right to object to data processing. That is, to object to the processing of personal data where the data is processed on the basis of a legitimate interest of the Company or on the basis of a legal ground of public interest. 

7. The right to request that you are not subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for you or similarly significantly affects you.

8. The right to withdraw the consent given to us at any time for the processing of personal data.

9. You have the right to refuse to provide your personal data, however, the provision of your personal data is necessary and indispensable for the purposes set out in this privacy notice and your failure to provide your personal data may result in the Company being unable to fulfil the purposes set out.

How can you exercise your rights?

You can exercise your rights: 

1. By sending us a free-form application to info@sprintline.eu.  The request must be signed with a valid e-signature or be accompanied by a notarised copy of your identity document so that we can verify your identity. 
2. By sending the request by registered mail to Baltijos pr. 8B, LT- 94180 Klaipėda, indicating that the letter is addressed to the Data Protection Officer. The request must be signed. A copy of your identity document certified by a notary public must be attached to the request. 

The request must be legible, signed, contain the name, surname, place of residence and other particulars of the data subject in the form of the communication requested, and must indicate which of the data subject’s rights the data subject wishes to exercise and to what extent. 

In exceptional cases, if we have doubts about the identity of the data subject, we reserve the right to request additional information to help us verify the identity of the applicant, e. g. to answer additional questions regarding our cooperation, to provide notarised documents, etc. 

We will respond to your request no later than 30 (thirty) calendar days from the date of receipt of your request. In exceptional cases requiring additional time, we shall have the right to extend the time limit for the provision of the requested data or for the processing of other requirements set out in your request by up to 60 (sixty) calendar days from the date of your request, upon notice to you.

The Company shall have the right to refuse to process a request from a data subject if it finds that the requests are manifestly unfounded or disproportionate, in particular because of their repetitive content.

If you cannot find a solution together, you have the right to contact the State Data Protection Inspectorate (www.vdai.lrv.lt), which is responsible for supervising and controlling legislation on the protection of personal data.

Where can you go for questions related to personal data?

If you have any questions regarding the information contained in this Privacy Notice or the protection of your personal data and the exercise of your rights by the Company, including notifications of personal data breaches, please contact the Company’s Data Protection Officer in any way that is convenient for you:

• Email: info@sprintline.eu.
• Telephone +370 46 397777.
• In writing to Baltijos pr. 8B, LT- 94180 Klaipėda.

Which cookies do we use and how?

The Company collects information about you through the use of cookies and similar technologies. Cookies are small files that are temporarily stored on your device’s hard drive and allow us to recognise you on subsequent visits to the Website, save your browsing history, preferences, customise content, speed up searches on the Website, make the Website more user-friendly and friendly, and provide a more efficient and reliable Website environment. Cookies are a common practice on websites that make it easier to use the website. 

The information collected by cookies enables the Company to provide you with a more user-friendly browsing experience, to learn more about the behaviour of website users, to analyse trends and to improve the website.

List of cookies used on the website:

We may collect the following information through cookies: the IP address, the type of web browser used, the number of visits to the Website, the pages viewed on the Website, the amount of time spent on the Website, demographic data and, if you have come to the Website from a third-party website, the URL link of the page.

We use the information we receive from cookies for the following purposes:

 (a) to ensure the functionality of the Website (e.g. to enable you to use the Website’s personalisation);

 (b) to improve and develop the Website to better meet your needs;

 (c) for the development of services and analysis of the use of the Website;

 (d) targeted marketing guidance.

We may, without prejudice to the law, combine information obtained through the use of cookies with information obtained about you by other means (e.g. combining information about your use of the Website with personal data that you have provided).

The following cookies may be used on the Website:

(a) technical cookies – these are cookies that are necessary for the operation of the Website.

(b) Functional cookies – these are cookies that, although not essential to the operation of the Website, significantly improve its performance, quality and user experience.

c) Analytical cookies – these are cookies that are used to compile a statistical analysis of the navigation methods of visitors to the Website; the data collected by these cookies is used anonymously.

(d) Targeting or advertising cookies – cookies that are used to show you offers or other information that may be of interest to you.

(e) Social network cookies – these are cookies that are necessary for you to use the Website information in your social profile account.

You can give your consent to the use of cookies by clicking ‘I agree’ on the link (bar) about cookies on the Website.

You can revoke your permission to use cookies at any time. You can do this by changing the settings on your web browser so that it does not accept cookies. How you do this depends on the operating system and web browser you are using. For detailed information on cookies, their use and how to refuse them, please visit http://AllAboutCookies.org or http://google.com/privacy_ads.html.

In some cases, in particular the disabling of technical and functional cookies, the refusal to accept cookies or their deletion may slow down the speed of your browsing on the Internet, restrict the functioning of certain functions of the Website, or block access to the Website.

External websites

The Website may contain links to external websites, such as those of our business partners or websites advertising our services and/or goods. If you follow such links to any of these websites, please note that these websites and the services available through them have their own separate privacy policies and we do not accept any responsibility or liability for these policies or for the personal data, such as contact or location data, collected on these websites or through these services. Please review these policies before submitting personal data to these websites or using any services.

How will the privacy policy be amended?

Any amendment to the Privacy Policy will be posted on the website. We will notify you of any changes as necessary. New terms of the Privacy Policy may also be posted on the Websites and you may need to read and agree to them in order to continue using the Websites and/or our services.