Atsisiųsti programėlę

Privacy policy

‍

UAB “Telas”, legal entity code 304139032, registered address Mindaugo g. 14B, LT-03225 Vilnius (hereinafter – the Company), in the website www.watalook.lt (hereinafter – the Website) privacy policy (hereinafter – the Privacy Policy) explains how the Company, acting as a Personal Data controller, collects, uses and otherwise processes Personal Data when Data Subjects visit and use the functions of the Website and the Mobile Application, and informs what rights Data Subjects have and how they can exercise them. When processing personal data, the Company is guided by and complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other applicable legal acts regulating personal data protection. If you use the Website and/or the Mobile Application, it means that you have read and familiarised yourself with this Privacy Policy and with the purposes, legal grounds and procedure of Personal Data processing indicated herein.

‍

1. DEFINITIONS

1.1. Website – the internet site www.watalook.lt providing beauty services search, advertising, booking and administration functionalities.

1.2. Mobile Application (App) – the software application of the internet page www.watalook.lt providing beauty services search, advertising, booking and administration functionalities on mobile communication devices.

1.3. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.

1.4. Company (Data Controller) – UAB “Telas”, a private limited liability company established in the Republic of Lithuania, legal entity code 304139032, address – Mindaugo g. 14B, LT-03225 Vilnius.

1.5. Data Subject – a natural person whose data are processed by the Company (Visitors, Service Providers, Registered Visitors and/or other natural persons).

1.6. Person – a natural or legal person or representatives authorised by such persons (representative of a legal person: owner, shareholder, director or other authorised person of the legal entity).

1.7. Visitor – a Person who is not registered on the Website and/or in the Mobile Application and is entitled to view the information published on the Website and/or in the Mobile Application.

1.8. Registered Visitor – a Person who has registered on the Website and/or in the Mobile Application and is entitled to use the beauty services search and booking services.

1.9. Service Provider – a Person who has registered on the Website and/or in the Mobile Application and is entitled to create a Personal Page, advertise the beauty services provided and/or manage his/her Beauty Specialists, as well as use the service administration tools provided in the Website and/or in the Mobile Application.

1.10. Registration Type – the nature of registration on the Website, which determines the scope of the Website services accessible to the Person and which the Person chooses at the time of registration on the Website and/or in the Mobile Application depending on his/her needs.

1.11. Personal Page – the Personal Page created during the Person’s registration on the Website and/or in the Mobile Application, which, depending on the chosen Registration Type, may be intended either for booking beauty services, or for offering beauty services, or for managing one’s Beauty Specialists.

1.12. Beauty Specialist – a person who has registered on the Website and/or in the Mobile Application by choosing the Registration Type “Beauty Specialist” and, on the basis of this registration, has created a Personal Page intended to advertise and offer the beauty services provided.

1.13. Services – beauty services search and booking and beauty services advertising and administration services provided by the Company on the Website and/or in the Mobile Application. For the purposes of this Privacy Policy, the Services provided on the Website and/or in the Mobile Application include all and any actions of the Visitor which he/she may perform on the Website and/or in the Mobile Application, including but not limited to using search functionalities, reading published information and providing and receiving any type of information and/or data.

1.14. Account – the personal account of a Registered Visitor or Service Provider on the Website and/or in the Mobile Application.

1.15. Partners – legal entities with which the Owner of the Page cooperates in providing the Services on the Website.

1.16. Cookie – a small file that is sent to the device used by any Person when visiting the Website and/or the Mobile Application.

1.17. Browser – a program intended to display internet pages in the web or on a personal computer.

1.18. Personal Data – any information relating to a natural person – a Data Subject whose identity is known or can be directly or indirectly identified using such data as personal identification number or one or more factors specific to the physical, physiological, psychological, economic, cultural or social identity of that natural person.

1.19. Privacy Policy – this information document which sets out the main rules for the collection, storage and other processing of Personal Data when using the Website and/or the Mobile Application.

1.20. Administrator – a person responsible for administration of the Website and/or the Mobile Application.

1.21. Internet Protocol (IP) address – a unique number assigned to each computer connected to the internet.

1.22. Other terms used in this Privacy Policy correspond to the concepts used in the GDPR and the concepts and their meaning defined in the Rules of the Website, except where certain concepts are separately defined in this Privacy Policy.

‍

2. GENERAL PROVISIONS

2.1. This Privacy Policy sets out the main rules for the collection, storage and other processing of Personal Data and other information important to the Data Subject when the Data Subject uses the Website and the Mobile Application and the Services provided on the Website and in the Mobile Application.

2.2. This Privacy Policy is intended to inform and familiarise Data Subjects with the Personal Data processing carried out by the Company and regulates the main principles and procedure for the collection, storage and other processing of Personal Data on the Website and in the Mobile Application.

2.3. Data Subjects may familiarise themselves with this Privacy Policy at any time on the Website and in the Mobile Application, and may also at any time download and print this document directly from the Website and the Mobile Application.

2.4. This Privacy Policy applies in all cases where the Company receives Personal Data because the Data Subject visits the Website and/or the Mobile Application and/or uses the Services of the Website and/or the Mobile Application.

2.5. In addition to this Privacy Policy, the collection, processing and storage of Personal Data carried out on the Website and in the Mobile Application is determined by the GDPR, the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania and other directly applicable legal acts regulating personal data protection.

‍

3. THE COMPANY AND THE SERVICE PROVIDER

‍

3.1. The Company hereby informs that, for the purpose of ensuring compliance with the GDPR and other data protection legislation:

3.1.1. The Company is the data controller of the personal data of Visitors, Registered Visitors and the Service Provider;

3.1.2. The Service Provider is the data controller of the Personal Data of the Service Provider’s clients who order the services of the Service Provider, and the Company is the personal data processor;

3.1.3. In certain cases, the Service Provider and the Company act as independent Personal Data controllers in relation to the clients of the Service Provider (e.g., when individual advertising or other marketing messages of the Company or the Service Provider are sent, etc.).

3.2. In cases where the Company and the Service Provider act as independent Personal Data controllers, each party must independently ensure that the processing of Personal Data it controls complies with the GDPR and other legal acts regulating data protection.

3.3. The Service Provider undertakes to notify the Company without delay, but no later than within 24 hours after the Service Provider becomes aware of any accidental or intentional damage, alteration, destruction, unauthorised disclosure, loss, misuse, theft or other security incident of any personal data of any client of the Company. The Service Provider undertakes to cooperate with the Company and make maximum efforts to investigate, remedy and reduce the consequences of the security incident involving client personal data and to fulfil all obligations established in the GDPR and other data protection legislation towards clients and the supervisory authority.

‍

4. PRINCIPLES OF PERSONAL DATA PROCESSING

4.1. When collecting, storing and otherwise processing Personal Data and other information related to the Data Subject, the Company follows the following principles of Personal Data processing:

4.1.1. Principle of lawfulness, fairness and transparency. Personal Data are processed lawfully, fairly and in a transparent manner. The Company will process Personal Data lawfully, i.e. only in cases where Personal Data are processed on the basis of a legal ground established in the GDPR, for example:

4.1.1.1. The Data Subject gives consent to the processing of his/her Personal Data, or where it can be inferred that the Data Subject has agreed to the use of his/her Personal Data for a specific purpose (e.g., entered an email address in order to receive the Company’s newsletter, participated in surveys, submitted enquiries to the Company by email or otherwise);

4.1.1.2. A contract is concluded or performed where the Data Subject is one of the parties;

4.1.1.3. Personal Data must be processed for the purposes of the legitimate interests pursued by the Company or by a third party to whom the Personal Data of the Data Subject are disclosed, unless the interests of the Data Subject are overriding.

4.1.2. Principle of purpose limitation. Personal Data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

4.1.3. Principle of data minimisation. Personal Data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

4.1.4. Principle of accuracy. Personal Data are accurate and, where necessary, kept up to date.

4.1.5. Principle of storage limitation. Personal Data are kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed.

4.1.6. Principle of integrity and confidentiality. Personal Data are processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

4.2. All information about the processed Personal Data is confidential.

‍

5. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING

5.1. The Company will process the Personal Data of Data Subjects on the basis of the following legal grounds:

5.1.1. conclusion, performance, amendment and administration of a contract (Article 6(1)(b) GDPR);

5.1.2. fulfilment of legal obligations and legal requirements applicable to the Company (Article 6(1)(c) GDPR);

5.1.3. pursuit of the Company’s legitimate interest (Article 6(1)(f) GDPR);

5.1.4. implementation of the Data Subject’s consent (Article 6(1)(a) GDPR).

5.2. To the extent and under the conditions provided for in applicable legislation, one or more of the above legal grounds may apply to the processing of Personal Data of Data Subjects.

‍

6. PURPOSES OF PERSONAL DATA PROCESSING

6.1. The Personal Data that the Company collects about the Data Subject depend on the Services of the Website and/or the Mobile Application ordered or used by the Data Subject and on which Personal Data the Data Subject provides to the Company when using the Services of the Website and/or the Mobile Application and/or when registering on the Website or in the Mobile Application.

6.2. The Company processes the Personal Data of Data Subjects for the following purposes:

6.2.1. For the purpose of registration on the Website and use of the services provided on the Website:

6.2.1.1. Categories of data – User’s first name; surname; telephone number; email address; password. Service Provider’s online booking function (status – on/off); booking via “Facebook” function (status – on/off); booking via “Instagram” function (status – on/off); profile name and type; services and categories; address (street, house number, city) and amenities; working hours; profile photo; work gallery; description; social media profiles and links to them; bookings; past bookings; client contact details (first name, surname, telephone number, email address, photos, date of birth (optional)); payment methods (electronic payments; payments on site); payouts; past payouts; receipts; messages; reviews; subscription invoices; device information and settings (e.g. language and time zone), operating system, browser type and version.

6.2.1.2. Legal ground for data processing – conclusion, performance, amendment and administration of a contract (Article 6(1)(b) GDPR).

6.2.1.3. Data processing period – if the contract for the provision of Services was terminated without using the Company’s Services – throughout the entire term of the Service Agreement and no longer than 3 months after its expiry. In all other cases – throughout the term of the Service Agreement and no longer than 5 years after its expiry.

6.2.1.4. We obtain the data from – directly from Data Subjects.

6.2.1.5. We provide or transfer the data to – Data processors: marketing and sales service providers; communication systems service providers; server service providers.

6.2.2. For the purpose of registration in the Mobile Application and use of the services provided in the Mobile Application:

6.2.2.1. Categories of data – User’s first name; surname; telephone number; email address; password. Service Provider’s online booking function (status – on/off); booking via “Facebook” function (status – on/off); booking via “Instagram” function (status – on/off); profile name and type; services and categories; address (street, house number, city) and amenities; working hours; profile photo; work gallery; description; social media profiles and links to them; bookings; past bookings; client contact details (first name, surname, telephone number, email address, photos, date of birth (optional)); payment methods (electronic payments; payments on site); payouts; past payouts; receipts; messages; reviews; subscription invoices; device information and settings (e.g. language and time zone), operating system, Mobile Application version.

6.2.2.2. Legal ground for data processing – conclusion, performance, amendment and administration of a contract (Article 6(1)(b) GDPR); Data Subject’s consent to the processing of personal data (Article 6(1)(a) GDPR).

6.2.2.3. Data processing period – if the contract for the provision of Services was terminated without using the Company’s Services – throughout the entire term of the Service Agreement and no longer than 3 months after its expiry. In all other cases – throughout the term of the Service Agreement and no longer than 5 years after its expiry.

6.2.2.4. We obtain the data from – directly from Data Subjects. Information such as the Service Provider’s client contacts (first name, surname, telephone number) or photos for the work gallery or the client profile is obtained from the Service Provider’s device. The Mobile Application receives this information only if the Service Provider actively agrees to upload it to the Mobile Application and selects the contacts and photos to be uploaded to his/her profile.

6.2.2.5. We provide or transfer the data to – Data processors: marketing and sales service providers; communication systems service providers; server service providers.

6.2.3. For the purpose of supplementing the personal profile created on the Website:

6.2.3.1. Categories of data – Registered Visitor’s city; country; list of favourite specialists; completed payments (date, ID, amount, information, status, actions); history of completed payments; payment card details (first name, surname, card number, card expiry date, CVV number); reviews submitted; password; device information and settings (e.g. language and time zone); operating system; browser type and version.

6.2.3.2. Legal ground for data processing – Data Subject’s consent to the processing of personal data (Article 6(1)(a) GDPR).

6.2.3.3. Data processing period – data processed on the basis of consent are processed as long as the Data Subject’s consent is valid, but no longer than 2 (two) years.

6.2.3.4. We obtain the data from – directly from Data Subjects.

6.2.3.5. We provide or transfer the data to – Data processors: marketing and sales service providers; communication systems service providers; server service providers.

6.2.4. For the purpose of supplementing the personal profile created in the Mobile Application:

6.2.4.1. Categories of data – Registered Visitor’s city; country; list of favourite specialists; completed payments (date, ID, amount, information, status, actions); history of completed payments; payment card details (first name, surname, card number, card expiry date, CVV number); reviews submitted; password; device information and settings (e.g. language and time zone); operating system; Mobile Application version.

6.2.4.2. Legal ground for data processing – Data Subject’s consent to the processing of personal data (Article 6(1)(a) GDPR).

6.2.4.3. Data processing period – data processed on the basis of consent are processed as long as the Data Subject’s consent is valid, but no longer than 2 (two) years.

6.2.4.4. We obtain the data from – directly from Data Subjects.

6.2.4.5. We provide or transfer the data to – Data processors: marketing and sales service providers; communication systems service providers; server service providers; payment processing service providers.

6.2.5. For the purpose of sending notifications, offers and information by email, SMS and push notifications:

6.2.5.1. Categories of data – first name; surname; email address; telephone number; user ID; city; country; category of services provided.

6.2.5.2. Legal ground for data processing – Data Subject’s consent to the processing of personal data (Article 6(1)(a) GDPR); Company’s legitimate interest (Article 6(1)(f) GDPR; Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector).

6.2.5.3. Data processing period – data processed on the basis of consent are processed as long as the Data Subject’s consent is valid, but no longer than 2 (two) years.

6.2.5.4. We obtain the data from – directly from Data Subjects.

6.2.5.5. We provide or transfer the data to – Data processors: marketing and sales service providers; communication systems service providers; server service providers.

6.2.6. For the purpose of management and administration of the Company’s social network accounts (Facebook, Instagram, LinkedIn):

6.2.6.1. Categories of data – social network account name; person’s photo; person’s reactions to the content generated by the Company (likes, comments, shares).

6.2.6.2. Legal ground for data processing – Data Subject’s consent to the processing of personal data (Article 6(1)(a) GDPR); Company’s legitimate interest to manage its social network profiles (Article 6(1)(f) GDPR).

6.2.6.3. Data processing period – personal data are processed as long as the Company’s or the Data Subject’s social network account exists, unless the Data Subject expresses a wish to have his/her data stored on the Company’s social network accounts deleted earlier.

6.2.6.4. We obtain the data from – directly from Data Subjects.

6.2.6.5. We provide or transfer the data to – social network operators (Facebook, Instagram); search engine operators (Google).

6.2.7. For the purpose of handling enquiries (for the administration of requests, enquiries, complaints or other communication of interested persons with the Company):

6.2.7.1. Categories of data – first name; surname; email address; telephone number; content of the request, enquiry, complaint or other message; date and time of the contact with the Company.

6.2.7.2. Legal ground for data processing – Data Subject’s consent to the processing of personal data (Article 6(1)(a) GDPR).

6.2.7.3. Data processing period – personal data are processed as long as the Data Subject’s consent is valid, but no longer than 2 (two) years.

6.2.7.4. We obtain the data from – directly from Data Subjects.

6.2.7.5. We provide or transfer the data to – Data processors: communication systems service providers; server service providers.

6.2.8. For the purpose of ensuring the functionality of the Website and the Mobile Application, administration of the Website and the Mobile Application, and diagnosing potential malfunctions, as well as for statistical analysis:

6.2.8.1. Categories of data – data generated using communication means and the Services of the Website and the Mobile Application, including but not limited to traffic data – date, time and duration of the connection, IP address used by the internet user at the time of connection, server log files, etc. Data on the use of services, including but not limited to data collected using internet browsers, such as MAC address, type of computer or mobile device, screen resolution, operating system, Mobile Application version, etc.; as well as data collected using Cookies, pixel tags, web beacons and similar technologies related to browsing on the internet.

6.2.8.2. Legal ground for data processing – Data Subject’s consent to the processing of personal data (Article 6(1)(a) GDPR); legitimate interest of the Company to analyse data in order to administer and improve the operation of the Website and to improve the Company’s activities (Article 6(1)(f) GDPR).

6.2.8.3. Data processing period – personal data are processed as long as the Data Subject’s consent is valid, but no longer than 2 (two) years.

6.2.8.4. We obtain the data from – directly from Data Subjects.

6.2.8.5. We provide or transfer the data to – Data processors: communication systems service providers; server service providers; IT service providers.

6.2.9. For the purpose of recording incoming and outgoing telephone conversations to ensure quality service and objectivity of request/complaint handling:

6.2.9.1. Categories of data – recording of the telephone conversation; content of the telephone conversation; time of the start of the telephone call; duration of the conversation; waiting time of the call; telephone number of the caller; telephone number of the answering person.

6.2.9.2. Legal ground for data processing – Company’s legitimate interest (Article 6(1)(f) GDPR).

6.2.9.3. Data processing period – personal data are stored no longer than 1 year. Upon expiry of the specified data storage period, the conversation recordings will be automatically deleted.

6.2.9.4. We obtain the data from – directly from Data Subjects.

6.2.9.5. We provide or transfer the data to – Data processors: communication systems service providers.

6.2.10. For the purpose of carrying out communication of the Company’s Partners with Data Subjects and sending gifts to Data Subjects:

6.2.10.1. Categories of data – first name; work address; telephone number; email address; main category of services provided.

6.2.10.2. Legal ground for data processing – Data Subject’s consent to the processing of personal data (Article 6(1)(a) GDPR).

6.2.10.3. Data processing period – personal data are processed as long as the Data Subject’s consent is valid, but no longer than 2 (two) years.

6.2.10.4. We obtain the data from – directly from Data Subjects.

6.2.10.5. We provide or transfer the data to – the Company’s Partners; Data processors: server service providers.

6.2.11. For the purpose of administration of the income of Service Providers received by using the payment infrastructure provided by the Company through the Website and the Mobile Application and for the purpose of transferring information to the State Tax Inspectorate:

6.2.11.1. Categories of data – Service Provider’s first name, surname, date of birth / individual activity certificate number or company name and code; address; taxpayer and VAT payer code (if such is granted); country of residence; bank account number to which the remuneration for the services or goods provided has been paid or credited.

6.2.11.2. Legal ground for data processing – fulfilment of a legal obligation (Article 6(1)(c) GDPR).

6.2.11.3. Data processing period – Personal Data are processed as long as the Service Provider uses the services of the Website and the Mobile Application and for 5 (five) years from the end of the calendar year in which the use of the services was discontinued.

6.2.11.4. We obtain the data from – directly from Data Subjects.

6.2.11.5. We provide or transfer the data to – State Tax Inspectorate; Data processors: server service providers and accounting service providers.

6.2.11.6. If your personal data are transferred to the State Tax Inspectorate, we will inform you about it. This statutory obligation does not apply to Service Providers who, using the payment infrastructure provided by the Company through the Website and the Mobile Application, received income (payments) less than 30 times and the remuneration for that did not exceed EUR 2,000 per calendar year.

6.3. The Company collects, stores and otherwise processes the Personal Data of the Data Subject which the Data Subject provides and/or the Company receives in the cases specified in Clause 6.2 of this Privacy Policy to the extent and for the purposes specified in this Privacy Policy.

6.4. Personal Data may be stored for longer periods than those specified in Clause 6.2 of this Privacy Policy if there is a reasonable ground to believe that the Personal Data may be required for the investigation of a criminal offence or other incident or other event that caused damage to the Company. In such a case, Personal Data are stored until the relevant decision of the law enforcement authorities or the court related to the criminal offence or another decision or conclusion of the persons investigating (examining) the incident or other persons investigating (examining) the event that caused damage to the Company is adopted.

‍

7. TRANSFER OF PERSONAL DATA

7.1. The Company informs that it does not transfer for remuneration or free of charge or otherwise disclose the Personal Data of the Data Subject to third parties, except in the following cases:

7.1.1. where there is a request and/or consent of the Data Subject;

7.1.2. to the Company’s Partners or other authorised third parties (Data processors) who process the Personal Data of Data Subjects on behalf of the Company and for the purposes determined by the Company and specified in this Privacy Policy, i.e. server service providers, Administrators of the Website or the Mobile Application, postal delivery companies, etc.;

7.1.3. to law enforcement and/or public order authorities, institutions and/or other Personal Data recipients to whom data must be transferred in accordance with legal requirements.

7.2. Where the Data Subject makes an advance payment via the Website or the Mobile Application, the Company transfers the payment data to a third party providing the payment service to the Company – Stripe Payments Europe Limited. The data transferred are as follows: first name; surname; address; telephone number; email address; payment card details (card number, CVC, card expiry date). The Company receives from Stripe Payments Europe Limited only the following data related to the payment: information about the payment received – identity data of the person who made the payment; payment date; link to the generated electronic invoice. The Company informs that the data processing carried out by Stripe Payments Europe Limited is subject to the Stripe Inc. privacy policy.

7.3. The Company informs that when linking the Service Provider’s account with the social networks “Facebook” or “Instagram”, the processing of Personal Data is also subject to the privacy policy of the social network “Facebook” of Meta Platforms Ireland Limited and the privacy policy of the social network “Instagram”, which describe in detail how the Personal Data of Data Subjects are processed.

7.4. When transferring Personal Data in the case referred to in Clause 7.1.2 of this Privacy Policy, the Company requires that the Personal Data of Data Subjects be processed by the authorised third parties strictly in accordance with the instructions given by the Company, for the purposes determined by the Company and on the basis of this Privacy Policy, the laws on the legal protection of personal data and the data processing agreements concluded between the Company and the authorised third parties.

7.5. In order to achieve a legitimate purpose and on a legitimate ground, the Company may transfer the Personal Data of Data Subjects to entities located outside the European Economic Area (EEA) (for example, if the Company’s Data processors or Personal Data recipients are established outside the EEA). In cases where Personal Data are transferred from the EEA to countries which the European Commission does not recognise as providing an adequate level of protection of personal data, the Company takes all appropriate measures to protect the Personal Data of the Data Subject (e.g. bases the transfer of personal data on the standard contractual clauses for data transfers approved by the European Commission).

‍

8. RIGHTS OF DATA SUBJECTS AND THEIR EXERCISE

8.1. Data Subjects whose Personal Data are processed by the Company have the following rights:

8.1.1. Right to be informed about the processing of Personal Data carried out by the Company – to obtain information about the Personal Data being processed, their sources, purposes of processing, legal grounds, storage period, recipients, etc.;

8.1.2. Right of access to the Personal Data processed by the Company and to obtain a copy thereof;

8.1.3. Right to request rectification of inaccurate or incomplete Personal Data processed by the Company;

8.1.4. Right to request erasure of Personal Data where they are no longer necessary in relation to the purposes for which they were collected, consent is withdrawn, the data are processed unlawfully or there is a legal obligation to erase the data;

8.1.5. Right to request restriction of processing where the accuracy is contested, processing is unlawful, the data are no longer needed by the Company but are required by the Data Subject for the establishment, exercise or defence of legal claims, or where the Data Subject has objected to processing;

8.1.6. Right to object to the processing of data for direct marketing purposes or on grounds relating to legitimate interest;

8.1.7. Right to data portability – to receive Personal Data provided to the Company or to request that they be transmitted to another data controller where processing is based on consent or contract and is carried out by automated means;

8.1.8. Right to lodge a complaint with the State Data Protection Inspectorate if it is considered that rights have been infringed.

8.2. The Data Subject may contact the Company regarding the exercise of his/her rights by email at hello@watalook.com. Before implementing the right(s) of the Data Subject, the Company has the right to ask the Data Subject to provide evidence confirming his/her identity.

8.3. The exercise of the above rights may depend on specific conditions laid down in legislation, therefore the Company, where it has grounds to do so, may refuse to grant a specific request on a reasoned basis.

8.4. Replies to requests of Data Subjects are provided without delay, but not later than within 30 calendar days from the date of receipt of the request. This period may, if necessary, be extended by a further two months taking into account the complexity and number of the requests. The Data Subject shall be informed of any such extension within 1 month of receipt of the request. Data are provided free of charge, except where the requests are manifestly unfounded, repetitive or excessive – in such cases the Company may charge a reasonable fee.

‍

9. DIRECT MARKETING MESSAGES

9.1. The Company has the right to process the Personal Data of Data Subjects for direct marketing purposes having obtained the prior consent of the Data Subject. The Data Subject may withdraw his/her consent at any time by contacting by email hello@watalook.com and/or by using the unsubscribe link provided in each message.

9.2. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal of consent.

9.3. The Company may also use the Personal Data of the Data Subject for the marketing of its similar services on the basis of legitimate interest and subject to the conditions laid down in legislation. The Data Subject may object to or later refuse such processing in advance by contacting by email hello@watalook.com and/or by using the unsubscribe link in the message.

‍

10. PROFILING

10.1. The Company may use the Personal Data of the Data Subject for profiling only after obtaining the prior written consent of the Data Subject.

10.2. When processing the Personal Data of the Data Subject for the purposes specified in this Privacy Policy, the Company does not use automated decision-making, including profiling, which would produce legal effects concerning the Data Subject or similarly significantly affect him/her.

10.3. With the consent of the Data Subject, the Company may process Personal Data automatically in order to assign the Data Subject to a certain category of clients and provide individual offers. In such a case, the Data Subject has the right to request human intervention, to express his/her opinion or to object to such assignment.

‍

11. PERSONAL DATA PROTECTION

11.1. In order to ensure the protection of Personal Data, the Company implements organisational and technical measures that help protect Personal Data from accidental or unlawful destruction, alteration, disclosure or other unlawful processing, including:

11.1.1. administrative measures (establishing procedures for the secure handling of documents and computer data and their archives, familiarising employees with Personal Data protection, etc.);

11.1.2. technical and software protection (administration of servers, information systems and databases, maintenance of workplaces and premises, protection against viruses, etc.);

11.1.3. protection of communications and computer networks (filtering data and programs, firewalls, etc.).

11.2. The Company makes every effort to ensure that the Personal Data of Data Subjects are protected from loss, unauthorised use and alteration.

11.3. Despite the Company’s actions, the Data Subject must ensure confidentiality of his/her login data and other Personal Data necessary for using the Services and:

11.3.1. is personally responsible for damage if he/she provides incorrect or incomplete Personal Data or fails to update them in due time;

11.3.2. undertakes not to disclose his/her login data to third parties and to ensure that third parties do not use his/her Account;

11.3.3. is responsible for the actions of third parties if they are carried out using his/her login data.

‍

12. COOKIES

The Company informs that Cookies are used on the Website. More information about Cookies is provided in the Company’s Cookie Policy, which forms an integral part of this Privacy Policy.

‍

13. RIGHT TO LODGE A COMPLAINT

Data Subjects who believe that their rights have been infringed may contact the Company by email hello@watalook.com or lodge a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, LT-10312 Vilnius, email ada@ada.lt).

‍

14. CONTACT DETAILS

14.1. The Data Controller that processes the Personal Data specified in this Privacy Policy when you use the Company’s Website and/or Services is:

UAB “Telas”
Legal entity code 304139032
Address: Mindaugo g. 14B, LT-03225 Vilnius

14.2. For questions and additional information related to this Privacy Policy, the Data Subject may contact:

Email: hello@watalook.com
Tel.: +370 682 67381

‍

15. VALIDITY AND AMENDMENTS OF THE PRIVACY POLICY

15.1. The Privacy Policy is a continuously updated document, therefore the Company has the right to update or amend it at any time. Data Subjects will be informed about amendments on the Website, and Registered Visitors and Service Providers – by a notice of the Company sent to their email addresses provided at the time of registration.

15.2. Amendments or supplements to the Privacy Policy enter into force from the date of their publication, i.e. from the date they are posted on the Website.

This Privacy Policy is effective from 2025.