PRIVACY POLICY OF

Private Limited Liability Company “MIDA LT”

Wording of 04.05.2023

  1. What does this Privacy Policy mean?
This Privacy Policy (hereinafter referred to as the Privacy Policy) provides information, how Private Limited Liability Company “MIDA LT” (hereinafter referred to as the Company) processes your personal data received in the following manner: when the Company is engaged in direct marketing; when candidates are selected; in order to assure protection of confidential information and continuity of performance; in order to assure protection of persons and property (video surveillance); in order to carry out the contracts entered by and between the Company and its counterparties – legal entities; when the Company is examining the received requests, complaints, also in relation with judicial and extrajudicial proceedings; when you visit the Company’s website or the Company’s accounts in social media, and when the Company is contacted. Hereinafter all the persons, whose data are processed by the Company shall be referred to as Data Subjects.
  1. About the Company
The Company means Private Limited Liability Company “MIDA LT”, code of legal entity 110433047, registered address at Gamyklos str. 19, Gargždai, LT-96155 Klaipėda district; the data about the Company are collected and stored in the Register of Legal Entities of the Republic of Lithuania. Contact e-mail address for the issues of data protection legal@mida.lt.
  1. What are personal data?
Personal data shall mean any information collected about the Data Subject that could be used to identify the Data Subject and that is stored in an electronical or other manner. Personal data shall include any information, including the Data Subject’s name, surname, and address, collected by the Company about the Data Subjects for the purpose specified in this Privacy Policy or a separate consent of the Data Subject or an agreement with the Company.
  1. Performance of the Company’s contracts with its counterparties legal entities (including organisation of carriage, granting of access to self-service platforms)
In implementation of the contracts with its counterparties legal entities, the Company unavoidably processes personal data of employees of such legal entities or other natural persons engaged in contract performance. The information about personal data processing is provided in the table below:
Purpose of data processing Processed personal data Ground for data processing Term of data processing
Making and performance of contracts with customers/ suppliers – legal entities Name, surname, e-mail address, phone number, communication content, course of order’s execution, date

GDPR Article 6(1)(f) (legitimate interest)

4 years for communication, 10 years after the contract’s expiry, information related to the contract’s performance or contained in the contract
Execution of carriages Driver’s (counterparty’s employee): job title, name, surname, numberplate of the driven vehicle and other information about the vehicle (loading and unloading places and dates), in individual cases – a copy of a personal identity document (passport)

GDPR Article 6(1)(f) (legitimate interest)

10 years after the order’s execution (except for the copy of a personal identity document that is destroyed immediately after the order has been executed)
Granting of access to the corporation’s self-service portals Name, surname, represented company, job title, e-mail address, phone number, information about actions performed in the portal

GDPR Article 6(1)(f) (legitimate interest)

Logging-in data – while the user’s account is active, information about entered data - 10 years after execution of the particular order
Accounting management Name, surname, information about received / provided services and sold goods, other personal data provided in invoices and other accounting documents

GDPR Article 6(1)(c) (legal obligation)

The data shall be stored for the terms set out in the legal acts governing accounting management, and in accordance with the Index of General Storage Terms of Documents
  1. Direct marketing
We can make offers for the Company’s goods or services, send newsletters and other advertising materials, and notify about the Company’s news to the persons, who have given their contact data and expressed the desire to receive information about the Company’s goods and/or services by phone or electronic communication means (e-mail). The Company shall process the following personal data for the purpose of direct marketing: name, surname, phone number, information about made offers (sent e-mails, calls). Your personal data shall be processed for the purpose of direct marketing for 3 years after the consent is given. If you have purchased the Company’s goods and have not expressed an objection to receive the Company’s direct marketing messages (e.g., by ticking a disagreement box in the form of consent with direct marketing), we will e-mail you notices about the goods and services similar to the ones sold or provided to you on the ground of legitimate interest. In such a case, your data will be processed for the purpose of direct marketing for 1 year after purchase of the last item or service. You have the right to object or decline to receive direct marketing notices at any time by contacting us by e-mail address provided in Section 2 or by clicking on the cancellation link sent in each notice. 6. Selection of candidates We collect and process your personal data (name, surname, desired position, work experience (employer, job title, person who could give reference), education, other data provided in CV, questionnaire or cover letter and/or other information you have provided) in the course of your participation in the selection procedure for the purpose of employee screening on the ground of your consent that you express by sending your curriculum vitae and/or cover letter to the Company. If you do not submit a curriculum vitae and/or cover letter, we will not be able to assess your suitability for the offered job. Upon your consent, we will address your current or former employer on the ground of legitimate interest (to select a suitable candidate). You may withdraw your consent at any time or express your disagreement with our referral to your former employer by contacting us by e-mail address provided in Section 2 above. If you do not express your disagreement with your personal data processing by us individually, after the employee selection is over, we oblige to delete and/or destroy your personal data within 3 days after entering into a contract with the selected candidate or making the decision to end the selection, unless an individual consent for storage of the candidate’s personal data for the period specified in the consent is given. We will store your personal data for the period specified in the consent. We will process the data about the person indicated by the candidate (name, surname, e-mail address, phone number, information provided by the person) (current or former employer or person giving recommendation) on the ground of legitimate interest – selection of the candidate. In this case, our legitimate interest means selection of a candidate suitable for the position in question. We will destroy these data after the selection is over.
  1. Protection of the Company’s confidential information and continuity of activities
Aiming at the legitimate interest to ensure protection of the Company’s confidential information and continuity of its performance, the Company may review communication of its employees with counterparties. For these purposes, the Company is processing personal data of its employees and the persons receiving or sending e-mails from/to the employees: e-mail address, name and surname of sender and receiver, date, and content of information contained in the electronic work tools. Such data shall be stored for 4 years.
  1. Protection of property and persons
In order to ensure safety of customers, visitors, employees and other persons within the surveillance field, as well as property of such persons and the Company, to collect evidence about violations, and to defend its rights, the Company is performing video surveillance. Video surveillance is performed on the ground of legitimate interest of these persons and the Company. For the purpose of video surveillance, the Company processes the following personal data: image, movement trajectory, belongings of persons. The data are stored for 14 days after being recorded.
  1. Examination of requests and complaints, settlement of disputes in judicial and extrajudicial proceedings
The Company shall process the following data for the purpose of examination of requests and complaints, and settlement of disputes in judicial and extrajudicial proceedings (in implementation of the legitimate interest to protect its rights and legitimate interests):
Categories of data subjects Processed personal data Ground for data processing Term of data processing
1. Natural persons who file requests, complaints or initiate disputes otherwise, as well as natural persons related to disputes of data controller (in case of a legal entity, employees and other representatives);2. Representatives and employees of state and local authorities, pre-trial investigation institutions and other law enforcement institutions, etc. Name, surname, job title, employer, e-mail address, phone number, content of a claim, complaint or other dispute-related document, provided personal data, and other personal data received during examination of a claim, complaint or another statement.

GDPR Article 6(1)(f) (legitimate interest)

1 year after final court judgment or dispute resolution in extrajudicial proceedings
  1. Internal administration of the Company (implementation of shareholders’ rights)
The Company may transmit any personal data (recorded in the documents submitted to the shareholder) for the purpose of internal administration (upon request of the shareholder to implement the right to access). Transmission shall be performed in implementation of the legal obligation imposed on the Company (GDPR Article 6(1)(c)). At present, the only shareholder of the company is the company incorporated in the Russian Federation, ООО Завод "Шинглас" (Factor Shinglas Ltd). The transmission shall be performed under the standard conditions of contracts approved by the decision of the European Commission, with which or with main provisions whereof you may get acquainted by contacting us using the Company’s contacts provided herein.
  1. Contact us
There are several methods, how to contact the Company: by phone, e-mail, via the Company’s accounts in social media. We receive, review and reply to all the messages ourselves. If you contact us, we will be able to process the data you have provided to us, i.e., e-mail address, phone number, name and surname (if indicated), user name (if an inquiry is sent via the accounts in social media), employer (if stated in the e-mail), dates, time and content of the sent and received messages. Such data will be processed in order to answer to the questions you are interested in and to analyse your proposals. If you do not provide your contact data, it will be impossible to contact you. It is also possible to contact the Company using the inquiry form available on its website. Here you will be asked to give your name, surname, phone number, e-mail address, and an employer (only when the inquiry is made in the name and for the interests of the employer) and to state your question (the text of your message to the Company). In addition to this information, we will also process date and time of your inquiries. We shall process your personal data on the ground of your consent (GDPR Article 6(1)(d)(a)). The communication shall be store for 1 year after receipt of the message, save for the information, for storage of which other terms are set out in the Privacy Policy or legal acts. All the personal data provided in the course of communication with us shall be used only for the above purposes, as well as to review the messages, to administer and manage communication flows, and to answer to your inquiries. We oblige not to use your personal data without your explicit consent in any publications in such a manner as to make it possible to identify you. We would like to note that we may need to reach you by phone, e-mail or mail. You are requested to notify us about changes in your personal data. We may transmit your personal data received through the inquiries on our website to our partners (distributors) if you give such consent at the time of inquiry (GDPR Article 6(1)(d)(a)). The Company is oriented to the wholesale customers, so in the cases when the inquiry is related to small quantity of the needed goods, we would like to transmit your inquiry to our partners, who would contact you in response to your inquiry. We provide the list of our partners, to whom your personal data may be transmitted:
PARTNERS IN LITHUANIA PARTNERS IN LATVIA PARTNERS IN ESTONIA
UAB “Kesko Senukai Lithuania“https://www.senukai.lt/ SIA "Kompānija Avotiņi"https://www.avotini.lv/ AS Malekohttps://www.maleko.ee/
UAB “Jungtinis tiekimas“https://www.jts.lt/ SIA “IĻĢUCIEMS”https://ilguciems.lv/ MT Grupp OÜhttps://www.mtgrupp.ee/
Mimeta, UABhttps://mimeta.lt/ SIA “LEBENS” https://www.lebens.lv/lv/

Karl Bilder OÜ

https://karlbilder.ee/

UAB “Bocas ir Ko“https://www.bocas.lt/ SIA “LATROOF LTD”, https://www.latroof.lv/

Bestor Grupp AS

https://bestor.ee/

UAB “Bikuvos prekyba“https://bikuva.lt/ SIA “P&N Market”http://pnmarket.lv/ OPTIMERA ESTONIA AShttps://www.ehituseabc.ee/
Kečas UABhttps://www.kecas.lt/ AS Kesko Senukai Latviahttps://www.ksenukai.lv/ Decora AShttps://www.decora.ee/
UAB “Bauen“https://www.bauen.lt/ AS DIĀNAhttps://diana.lv/lv/ PUUMARKET AShttps://puumarket.ee/
AB Lytagrahttps://lytagra.lt/ EHOMER OÜhttps://www.ehomer.ee/
UAB “Žilevana“, http://zilevana.lt/ Espak Narva AShttps://espak.ee/
UAB "Nord Profil", https://stogodanguprekyba.lt/ AS Kesko Senukai Estoniawww.k-rauta.ee
UAB “Ermitažas“, https://www.ermitazas.lt/
UAB Vedrana, https://www.vedrana.lt/
Private Limited Liability Company “Gausoja“, https://www.gausoja.lt/
MB “KLP Stogai“, https://klpstogai.lt/
UAB “Klaipėdos Lytagra“https://lytagra.lt/
  1. Website and cookies
It is possible to download personal data on the website in an electronic manner. We would like to note that the downloaded data cannot violate rights or interests of third persons. The person who has downloaded the data shall be held liable for such violations. We use cookies on the website. Cookies are small files made from letters and digits saved in the browser of your device (e.g., computer, mobile phone, tablets) (e.g., Google Chrome, Microsoft Edge, Firefox, etc.) or in the hard disk of your computer. Other similar technologies, for example, pixel tags are also called cookies in this Privacy Policy. We use different cookies for different purposes. The cookies help us to distinguish you from other website’s users, hence, assuring more pleasant experience of website’s use and allowing to make improvements on the website. You may choose whether to accept the cookies. If you do not agree with saving of the cookies into a browser of your computer or another device or into a hard disk of your computer, you may mark this on the cookie bar, change settings of the used browser, or turn the cookies off (all together or in groups). The majority of browsers allow declining all the cookies, while other browsers provide the possibility to decline only cookies of third parties. Thus, you may use these options. However, you should remember that blockage of all cookies will have negative impact on the website’s use, and you will not be able to use all the services provided on the website. More detailed information is available at AllAboutCookies.org or www.google.com/privacy_ads.html. We may use the types of cookies described below; however, the detailed and updated list of used cookies is available HERE : Strictly necessary cookies These cookies are essential for our website’s operation. The ground for use of these cookies is Article 73(4) of the Law on Electronic Communications of the Republic of Lithuania. These cookies are necessary for operation of the website and cannot be turned off. These could be cookies that allow you to log in and access protected zones of our website, for example. Analytical and/or performance cookies These cookies allow us to recognise and count the website’s users and to observe their movements within the website. It helps us to improve the website’s operation, for example, to ensure that the users could find easily what they are looking for. The ground for processing of data collected by these cookies is your consent. Functional cookies These cookies are used to recognise you on return to our website so that we would be able to adjust the presented content to your needs and to memorise the information relevant for you. The ground for processing of data collected by these cookies is your consent. Commercial cookies We use own and third-party cookies so that we would demonstrate personalised advertising on own and other websites. This is called “repeated marketing” that is based on the browsing actions, for example, the goods you were looking for or the goods you viewed.
  1. Social media means
The information provided by social media means (including notifications, use of like and follow and other communication) is controlled by the social network’s manager. There are references to our accounts in social media (hereinafter referred to as the Social Accounts) on our website. At present we are administering the following accounts in social networks:
  • account midalietuva in social network Facebook;
  • account midalatvija in social network Facebook;
  • account ą midaeesti in social network Facebook;
  • account (channel) midalt in social network LinkedIn.
We are processing the information provided in our accounts for the purpose of account administration on the ground of your consent. When you visit the Social Accounts, the administrators of social networks save cookies in your device, and they collect personal data. The cookies are saved if you are a registered user of social networks and also when you do not have an account in the respective social network. We do not have access to the collected data and can receive only statistical information on attendance on the Social Accounts from administrators of social networks. In order to receive more comprehensive information about your personal data processed for the purpose of administration of the Social Accounts, you should get familiar with privacy/cookie policies of Facebook and Google (regarding personal data used by Youtube).
  1. Receiving and disclosure of the data
We receive your data from you, your devices, our employees and counterparties of the contracts. We may disclose your information to our employees, agents, and service providers (such as companies carrying out debt administration or recovery, persons or subcontractors providing marketing services and IT services), if it is reasonably needed for the purposes specified in this Privacy Policy. IT infrastructure is provided to the Company by a parent enterprise incorporated in the Russian Federation, ООО “ТехноНИКОЛЬ - Строительные Системы” (TechnoNICOL – Construction Systems Ltd) that is operating as a data processor. We have a data processing agreement with ООО "ТехноНИКОЛЬ - Строительные Системы" made under the standard conditions of contracts approved by the European Commission. You may get acquainted with these conditions by contacting us using the Company’s contacts provided herein. We inform that certain data about your visits to the website collected by the cookies, as described in the section “Website and cookies” of this Privacy Policy for the purpose of analysis and repeated marketing may be transmitted or made available for the entities operating in the European Economic Area and beyond (e.g., when we are using Google Analytics service, such entity is a company operating in the United States of America). We remind that smaller protection could be applied on personal data in the non-EU and/or non-EEA states than in the EU and/or EEA states. In such a case, contractual safeguards shall be applied (based on the standard conditions of contracts for transmission of personal data beyond the EEA approved by the decisions of the European Commission). If you need more information about the measures used to protect the personal data transmitted beyond the EEA (including the information, how to get a copy or to view these safeguards), you should contact the Company using the contacts provided herein. Besides, we can disclose information about you:
  • if required so by laws;
  • in order to protect our rights and interests (including presentation of your data to third persons for the purpose of recovery of your debts to us);
  • if it is intended to sell a part of the Company’s business or assets, your personal data could be disclosed to the potential purchaser of the business or its part;
  • when the Company’s business or a substantial part of its assets is sold to third persons.
Unless provided so in this Privacy Policy, we do not transmit your personal data to any third parties. The list of recipients or categories of recipients provided in the Privacy Policy may differ, so, if you want to be informed about any changes of recipients of your personal data, you should inform us thereof by writing to the e-mail address given in this Privacy Policy, stating the following in the text of the letter “I want to receive information about changes of recipients of my personal data, name, surname .”
  1. Safety of your personal data
Your personal data shall be processed in accordance with the requirements of the General Data Protection Regulation, Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts. When processing your personal data, we implement the organisational and technical measures that ensure protection of personal data from accidental or unlawful destruction, modification, disclosure, and any unlawful processing.
  1. Your rights
In this section, we provide information about your rights related to personal data processing we are performing and about the cases when you can use these rights. If you need more information about your rights or want to use them, contact us by the e-mail address provided in this Privacy Policy. The Company will inform you about the actions undertaken after receipt of your request to implement the rights without unreasonable delay and, in any case, not later than within 1 (one) month after receipt of the request. Depending on the request’s complexity and number of received requests, the aforementioned term could be extended for 2 (two) more months. In such a case, we will inform you about extension of the term and its reasons within 1 (one) month after receipt of the respective request. The Company can refuse to implement your rights only in the cases defined in the legal acts.
    1. The right to access own personal data
We want you to understand completely how we are using your personal data and not to cause any inconveniences to you thereby. You may contact us at any time and ask whether we are processing certain personal data. If we store or use your personal data in any other manner, you have the right to access them. If you want to access the data, you have to submit a written application to the e-mail address provided herein, confirm your identity and comply with the principles of reasonability and fairness when submitting such an application.
    1. Right to withdraw the consent
If you have given an explicit consent to process your personal data, you can withdraw it at any time.
    1. Additional rights
Below, we provide information about your additional rights that you may implement in accordance with the procedure described below.
  1. you have the right to ask to rectify any inaccuracies of your personal data. In such a case, we may ask you to verify the rectified information;
  2. you have the right to ask to erase your personal data. This right is implemented in the cases described in Article 17 of the General Data Protection Regulation (EU) 2016/679;
  3. you have the right to ask to restrict processing of your personal data or not to process them:
  • during the period necessary to make sure about accuracy of your personal data when you file claims regarding accuracy of the data;
  • when collection, storage and use of your personal data by us is unlawful, but you decide not to ask to erase the data;
  • when we do not need your personal data ant more, but you need them to establish, execute or defend some legal demand;
  • during the period necessary to determine that our legitimate grounds to process your personal data override those of yours, if you have used the right to object to personal data processing.;
  1. you have the right to portability of the data processed by automated measures and received after you had given a consent or for the purpose of the contract’s conclusion. If you use this right, we will transmit the copy of the data you have provided upon your request;
  2. you have the right to object to use of your personal data by us in the procedure set out in Article 21 of GDPR. You have the right not to agree with processing of your personal data on the ground of legitimate interest (the ground of processing is stated by each purpose of personal data processing provided above) or for the purpose of direct marketing.
    1. The right to request more information
We hope that you will understand that it is very difficult to discuss all the possible methods of personal data collection and use. We endeavour at presenting as clear and thorough information as possible and we oblige to update this Privacy Policy when the process of use of personal data changes. However, if you have any questions about use of your personal data, we will be happy to answer them or we will provide all the additional information that we are entitled to disclose. If you have any specific questions or you have not understood the provided information, you are welcome to contact us.
  1. Complaints
If you believe that your rights of the Data Subject have been and/or could be violated, you should contact us immediately using the e-mail address provided herein. We guarantee that upon receipt of your complaint, we will contact you within the reasonable period and inform you about the course and later, about the outcome of the complaint’s examination. If you are not satisfied with the investigation’s outcomes, you may appeal to the supervisory authority – the State Data Protection Inspectorate (www.vdai.lrv.lt).
  1. Responsibility
You are responsible for confidentiality of the provided data, their accuracy, correctness and completeness. If the provided data change, you should notify us thereof by e-mail without delay. We shall never be liable for any damage caused to you because you have provided incorrect or incomplete personal data or because you have not notified us about their changes.
  1. Amendments of the Privacy Policy
We can update or amend this Privacy Policy at any time. If you want to receive an updated Privacy Policy, you should notify us in writing to the e-mail address provided in Section 2 above. Cookie’s name
Purpose/aim of data processing Creation moment Expiry term Character of the cookie (necessary, analytical, functional, commercial) Used data Reference to the third party’s privacy policy
ga - Google Analytics To collect information about the website’s attendance Immediately after the website is opened 2 years Analytical Persistent identity data, such as customer’s personal ID, user’s personal ID and IP address link
_gat - Google Analytics To regulate number of inquiries Immediately after the website is opened 10 min. Analytical Persistent identity data, such as customer’s personal ID, user’s personal ID and IP address link
gid_Google Analytics For observation, in order to distinguish users Immediately after the website is opened 24 months Analytical Persistent identity data, such as customer’s personal ID, user’s personal ID and IP address link
_utma - Google analytics To collect statistical information about the website’s attendance Immediately after the website is opened 2 years Analytical Persistent identity data, such as customer’s personal ID, user’s personal ID and IP address link
_utmz - Google analytics To collect statistical information about the website’s attendance Immediately after the website is opened 6 months Analytical Persistent identity data, such as customer’s personal ID, user’s personal ID and IP address link
_hjSession{site_id} To recognise a user and to make sure that the later inquiries in the session window would be attributed to the same session Immediately after the website is opened 30 min. Analytical Device’s IP address, size of the device’s screen, type of device, browser’s information, geographical location (only country), priority language of the website link
PHPSESSID To realise website’s functionality (to identify the user’s session on the website and to recognise the user) Immediately after the website is opened Until the browser’s window is closed Functional Unique session ID
BX_USER_ID To identify a unique user not signed in to the website Immediately after the website is opened 10 years Functional Unique session ID link
_GRECAPTCHA This cookie is used to distinguish humans from automatic systems Immediately after the website is opened Until the browser’s window is closed Functional IP address. Downloaded resources, including styles and images. Information about the user’s Google account. Behaviour, e.g., browsing on the website, mouse’s movement, clicking of links, time spent on completion of forms and writing of templates. link
Other used tools/services
Google Tag manager When this tool is used, no cookies are used, and no personal data are saved. Google Tag Manager activates other tags that collect data, if necessary. More information at link.
Meta Pixel Used for repeated marketing, i.e., in order to be able to contact you again in 180 days and show advertisements according to your hobbies when you re-visit social network Facebook or other websites that are also using this tool. This tool uses the HTTP headers, specific points, button clicking, optional values and names of form’s fields and these data are saved for 180 days. More information on functioning of Meta Pixel is available at link ir link.
Linkedin Insight Tag LinkedIn Insight Tag allows collecting data about visits of LinkedIn members on the website, including URL, transmission URL, IP address, characteristics of the device and browser, and time tag. IP addresses are shortened or mixed (when used to access LinkedIn members in all devices), while the direct identifiers of persons are removed within seven days so that the data would be named by a pseudonym. The remaining pseudonymised data are deleted within 180 days. This tool is used for reports and warnings (that do not identify LinkedIn members) about the website’s audience and productivity of ads. Besides, this tool allows demonstrating personalised LinkedIn ads on the website, using these data, but without identification of the member in question. LinkedIn uses the data that do not identify the members to improve the ad’s conformity and access the members in various devices. LinkedIn members can control the use of their personal data for advertising in LinkedIn settings. More information on functioning of Linkedin Insight Tag is available at link.