The group of companies of UAB Mantinga Group” (legal entity code 305572684, registered office address: Stoties str. 51, LT-68261 Marijampolė, Lithuania, phone No.: +370 343 98 122, e-mail: info@mantinga.lt.) recognizes that the personal data protection is important to our customers, suppliers, partners and other persons whose personal data is processed (hereinafter – data subjects); therefore it takes an extremely responsible and diligent approach to the protection of personal data and takes all necessary measures to ensure the security and privacy of data subjects.
This privacy notice sets out how the Mantinga Group of Companies (hereinafter – Mantinga and/or the Company) processes the personal data of data subjects, including information on what personal data is processed; how it is collected and further processed; how long it is stored; the rights of data subjects; where to apply for their implementation; and other issues related to the processing of personal data.
The privacy notice is prepared in accordance with the following legal acts:
The way we collect your data depends on the services we provide to you or the nature of our cooperation.
Mantinga processes:
|
Purpose of data collection |
Legal basis for data collection |
Description of categories of personal data |
Data retention periods |
|
Conclusion and execution of contracts with customers |
Execution of the contract Clause b of Part 1 of Chapter 6 of BDAR |
Name, surname, telephone number, place of residence, bank details, personal document number, individual activity certificate number, personal identification number, VAT payer number, e-mail, content of correspondence and information contained therein |
10 years after the end of the contract |
|
Execution of export orders |
Execution of the contract Clause b of Part 1 of Chapter 6 of BDAR |
Name, surname, personal identification number (in case of a natural person), telephone number, e-mail, address of the customer or its representative Driver’s name, surname, telephone number, vehicle registration number |
10 years |
|
Execution of orders in Lithuania |
Execution of the contract Clause b of Part 1 of Chapter 6 of BDAR |
Name, surname, personal identification number (in case of a natural person), telephone number, e-mail, address of the customer or its representative |
10 years |
|
Order fulfillment analytics |
Execution of the contract Clause b of Part 1 of Chapter 6 of BDAR |
Customer’s name and code (name, surname, personal identification number (in case of a natural person), address |
5 years |
|
Debt administration |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
Name, surname, telephone number, place of residence, bank details, personal document number, individual activity certificate number, personal identification number, VAT payer number, e-mail |
10years |
|
Accounting for customer invoices |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
Name, surname, telephone number, place of residence, bank details, personal document number, individual activity certificate number, personal identification number, VAT payer number, e-mail |
10 years |
|
Search for suppliers |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
Name, surname, telephone number, address, position, e-mail, photo. |
5 years |
|
Conclusion and executiion of contracts with suppliers of raw materials/services |
Execution of the contract Clause b of Part 1 of Chapter 6 of BDAR |
Name, surname, signature, telephone number, bank details, personal document number, individual activity certificate number, personal identification number, VAT payer number, e-mail, position. |
10 years after the end of the contract |
|
Accounting for suppliers’ invoices |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
Name, surname, telephone number, place of residence, personal document number, individual activity certificate number, personal identification number, VAT payer number, e-mail |
10 years |
|
Supplier risk assessment according to BRC food standard requirements |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
Name, surname, signature, telephone number, e-mail, position |
3 years |
|
Examination of complaints and inquiries |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
Contact details, content of the application |
5 years after reply to the request |
|
Administration of quality call center activities |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
Contact details, content of the application, call metadata |
3 years |
|
Carrying out advertising activities and forming an advertising audience on social networks |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
User name |
Remains on social network |
|
Sending newsletters for direct marketing purposes |
Consent, Legitimate Interest Clauses a, f of Part 1 of Chapter 6 of BDAR |
E-mail address, newsletter readability statistics, number of openings, time, date |
Until withdrawal of consent or 3 years |
|
Organization of lotteries on social networks |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
Name, surname, telephone number, address |
Until the prizes are distributed to the winners, from 1 to 3 months |
|
Selection of candidates for vacancies |
Consent, Legitimate Interest Clauses a, f of Part 1 of Chapter 6 of BDAR |
Name, surname, date of birth, education, marital status, work experience, contact information, curriculum vitae, date of CV submission, hobbies, ability test results |
Until the end of the selection, if consent is given – 2 years after the end of the selection |
|
Filming the Mantinga area for property protection, food safety, workplace incident prevention and investigation purposes |
Legitimate interest Clause f of Part 1 of Chapter 6 of BDAR |
All information is obtained by filming a person, without audio recording |
3 years for a service contract - 3 years after the end of the contract |
| Storing business cards of potential clients after business exhibitions/conferences | Consent GDPR Chapter 6(1)(a) and legitimate interest GDPR Chapter 6(1)(f) | Business cards and contact details - name, job title, work phone number and email | 3 years for a service contract - 3 years after the end of the contract |
Company marketing policy
You receive Mantinga newsletters, offers or other useful information (hereinafter – messages) because you are a business customer or potential customer of Mantinga, or a representative of the said subjects. Based on its legitimate interest in developing and conducting direct marketing, Mantinga handles your contact information (e-mail and business type) in order to send messages.
You can unsubscribe from these messages at any time by clicking on “Unsubscribe from the list”.
After we send you messages, we receive statistical information about whether you have opened the email in which the message has been sent. We track such statistical information based on our legitimate interest in evaluating the effectiveness of the communications we send and, in doing so, improving our communications.
Your data may be viewed by our direct marketing staff and our partners indicated below (e-mail messaging service provider; message readout tracking service provider; partners responsible for conducting direct marketing) to the extent necessary to provide the relevant services.
We always keep your data secure and require all our partners and service providers to guarantee this security.
You have the right to refuse to provide your personal data, but the provision of your personal data is necessary and indispensable for the purposes set out in this Privacy Notice; therefore, if you do not provide your personal data, the Company may not be able to achieve the listed purposes.
Mantinga may share personal data of employees, suppliers or customers within a group of companies for purposes of internal administration, performance of contracts or fulfillment of obligations only in cases where this is lawful and justified by the lawful processing of personal data and the principles of lawful personal data processing.
Mantinga uses only those data processors who ensure compliance with the BDAR and the same level of security of personal data as set out in Mantinga’s personal data policy.
Here is a list of categories of data recipients used by Mantinga:
Some of our selected partners (e-mail messaging service provider; message readability tracking service provider; partners responsible for direct marketing, social networking platform providers) are U.S. companies that may also process your data as general data controllers. These companies are committed to the principles of security and lawfulness in the processing of personal data, which ensure that the service provider complies with EU privacy standards.
We also recommend that you read the privacy notices provided by our partners:
Privacy notices of social network administrators:
Facebook: https://lt-lt.facebook.com/privacy/explanation;
Facebook cookie policy: https://lt-lt.facebook.com/policies/cookies/;
Instagram data policy: https://help.instagram.com/155833707900388;
Linkedin: https://www.linkedin.com/legal/privacy-policy;
Privacy notices of providers of messaging and statistics tracking services:
UAB “MailerLite”: https://academy.mailerlite.com/pages/privacy?_ga=2.67791697.1925490008.1648720551-716968670.1648720551.
Google Analytics: https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20160909.html
“Google Inc.” also has contractual obligations to ensure privacy. You can read about it here: https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20160909.html.
Mantinga has implemented appropriate technical and organizational measures to ensure an appropriate level of security in the processing of data. When selecting and implementing appropriate technical and organizational measures to ensure the security of data processing, the company follows the guidelines of ENISA, good information security practices, guidelines and recommendations prepared by VDAI.
In accordance with the provisions of the BDAR, you, as a data subject, can exercise the following rights:
1. Right of access to personal data. I. e. to make a request for information on whether your personal data is being processed, and if personal data is being processed, you have the right to access your personal data being processed.
2. Right to rectify personal data. I. e. to make a request for correction of your personal data if you find that the personal data we process is incorrect, incomplete or inaccurate.
3. Right to delete data (the right to be “forgotten”). I. e. to request deletion of your personal data if you believe that your data is being processed illegally or fraudulently.
4. Right to restrict data processing. I. e. to make a request to restrict (suspend) the processing of your personal data, except for storage – in case, for example, you request the rectification of your personal data (while the accuracy of personal data is checked and/or corrected), it is established that personal data is being processed unlawfully and you do not consent to the deletion of the data, you have objected to the processing of your personal data, etc.
5. Right to data transfer. I. e. to make a request to transfer your personal data, which is processed by automated means, to you and/or another data controller in a structured, commonly used and computer-readable format.
6. Right to object to data processing. I. e. to object to the processing of personal data where the data are processed on a legal basis of legitimate interest or in the public interest.
7. The right to claim that you are excluded from a decision based solely on automated data processing, including profiling, which has legal consequences for you or which has a significant effect on you in a similar way;
8. The right to withdraw your consent given to us on the processing of personal data at any time, i. e. you can unsubscribe from direct marketing messages at any time by clicking the option “Unsubscribe from the list”.
9. You have the right to refuse to provide your personal data, but the provision of your personal data is necessary and required for the purposes set out in this privacy notice, and Mantinga may not be able to achieve the purposes listed if you do not provide your personal data.
You can exercise your rights:
The request must be legible, signed, contain the name, surname, place of residence and other details of the data subject in the preferred form of communication, information on which of the data subject’s rights and to what extent the data subject wishes to exercise.
In exceptional cases, in case of suspicion of the identity of the data subject, we reserve the right to request additional information to help us verify the identity of the person requesting it, e.g. to answer additional questions related to our cooperation, to submit notarized documents, etc.
We will provide a response to your request no later than within 30 (thirty) calendar days from the date of receipt of the request. In exceptional cases requiring additional time, we will have the right, after notifying you, to extend the deadline for submitting the requested data or processing other requirements specified in your request to 60 (sixty) calendar days from the date of your request.
Mantinga has the right to refuse to process the data subject’s request if it finds that the requests are manifestly unfounded or disproportionate, in particular because of their repetitive content.
If the solution cannot be found together, you have the right to apply to the State Data Protection Inspectorate (www.vdai.lrv.lt), which is responsible for the supervision and control of legal acts regulating the protection of personal data.
If you have any questions about the information contained in this privacy statement or the protection of your personal data and the exercise of your rights in Mantinga, including notices of personal data breaches, please contact the Mantinga Data Protection Officer in any way convenient for you:
A cookie is a small text file stored by a website in the browser of your computer or mobile device when you visit that website. This allows the website to “remember” your actions and options (such as registration name, language, font size, and other display options) for a period of time so that you do not have to re-enter them each time you visit the site or browse its various pages.
The information collected by cookies allows us to make your browsing more convenient, and to learn more about the behavior of website users, analyze trends and improve the website.
List of cookies used on the website:
|
Name of the cookie |
Owner |
Nature of the cookie |
Expiry date |
Purpose of data processing |
|
_gid |
.mantinga.lt |
analytical |
24 hours |
Logs a unique ID number used to generate statistics about how a visitor browses a website. Used by Google Analytics. |
|
_gat |
.mantinga.lt |
sessions |
10 min. |
Query cookie used by the Google Analytics traffic analysis tool |
|
_ga |
.mantinga.lt |
analytical |
2 hours |
Logs a unique ID number used to generate statistics about how a visitor browses a website. Used by Google Analytics |
|
vuid |
.vimeo.com |
functional |
2 years |
Page functionality |
|
lu |
facebook.com |
promotional |
7981 years |
Controls the user login process |
|
laravel_session |
.mantinga.lt |
sessions |
2 hours |
Session identification |
Here is a list of tags used on the page:
|
Source URL |
Owner |
Type |
Expiry date |
|
file://connect.facebook.net/en_US/sdk.js%23xfbml=1&version=v2.5&appId=591835847632003 |
CONNECT.FACEBOOK.NET |
Script |
24 hours |
|
Script |
24 hours |
||
|
Script |
24 hours |
||
|
https://staticxx.facebook.com/connect/xd_arbiter/r/j-GHT1gpo6-.js |
STATICXX.FACEBOOK.COM |
lframe |
24 hours |