1.1. This Privacy policy (hereinafter referred to as the Privacy Policy) determines the basic principles and rules for the processing of personal data when using the website https://viallies.com. Privacy Policy is binding document on Parties.
By confirming the registration form, Order on a website https://viallies.com, the Client irrevocably confirms that he has familiarized himself with the Privacy Policy, general terms and conditions of viallies (hereinafter referred to as the Terms and Conditions), has understood them, and has no comments and/or claims regarding their ambiguity, inaccuracy, incompleteness, unfairness, accepts the Privacy Policy, Terms and Conditions and undertakes to comply with them.
If at least one of the provisions of the Privacy Policy, Terms and Conditions is unacceptable to the person, the person should not register an account on the Website and use the Website, purchase Services.
The Terms and Conditions, Privacy Policy are published in Website
1.2. Definitions used in the Privacy Policy or as prescribed in Terms and Conditions:
Personal data - any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, e-mail, an online identifier (IP address) or to more factors and data.
Data concerning health - personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
Data subject - a natural person (including the Client) whose personal data is processed on the grounds and for the purposes specified in this Privacy Policy.
Processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Recipient - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
The Company/ Controller - company name MB "VX2", company's registration No. 306391085, address of registered office Drobės street 62, LT-45181 Kaunas, Lithuania, e-mail info@viallies.com, phone +370 61 87 0440, register which stores and safeguards the data - Register of Legal Entities of the Republic of Lithuania.
The Client / user of Services - an adult natural or legal person who has registered on Website to use Services.
The Client's Representative - a person who represents the Client during the registration on Website and concluding and executing the Agreement.
The Client's account on Website - personal access of Client through online Website which provides an opportunity to: view data collected during the provision of Services; to correct the Client's personal data, which the Client has entered in the account; add/remove equipment, devices whose operation is compatible with the Services; to summarize the data of Wi-Fi which is used to receive Services; share the Service user's measurement data (their overview/report) with another person; cancel the possibility of another person to view Service user's measurement data (their overview/report) and perform other actions related to the purchased Services.
The Website - https://viallies.com
The Order - a specific order placed by Client on the Website to purchase the Services specified in the order.
Goods - electronic equipment, devices (scales; glucometers; blood pressure machines; pulse oximeters; activity bracelets; video cameras recording exercise, etc.) or other items, sold together with services or separately, depending on the conditions of the specific Order.
Equipment, devices transmit the collected data, which can be seen in the Client's account, via bluetooth and the Internet (wired or wireless).
Services - digital and/or other services specified in the Order are sold and provided together with the goods (as a set).
In all cases, the Services provided under the Agreement are not classified as personal health care services.
Payment card - a credit or debit payment card from which the third party administering the payments will charge the Client for the Services and other payable amounts.
The Client must enter the payment card data in the Client's account.
Applicable law - law of the Republic of Lithuania.
Agreement - the agreement concluded between the Client and the Company for the sale/provision of Services, of Terms and Conditions, present Privacy Policy, the Order for Service and other annexes, amendments and additions to the Agreement are considered an integral part.
Parties - Client and Company.
Party - any of the Parties.
1.3. Personal data of Data subject will be procesed in accordance with Terms and Conditions, Privacy Policy, EU General Data Protection Regulation no. 2016/679 (GDPR) and other legal acts regulating the processing of personal data applicable in the Republic of Lithuania.
1.4. By confirming the registration form, Order on a Website, the Data subject confirms that**he gives explicit consent to the processing of Data concerning health of Data subject p**rovided and collected during the execution of the Agreement (through the equipment, devices purchased under Agreement) by Controller for the purpose of providing the Services specified in the Agreement.
1.5. By entering the data of the recipient of Personal data in the Client's account, the Data Subject confirms that he gives express consent that certain Personal data of the Data subject, which includes Data concerning health (collected using the equipment, devices purchased under the Agreement), would be transferred/shared or access given to this recipient of Personal data.
1.5.1. If the Data subject does not indicate otherwise, it is considered that this data recipient specified by the Data subject is a health care service provider who receives this data for the purpose of providing a health care service.
1.5.2. In any case, by entering the data of the recipient of Personal data in the Client's account, the Data subject confirms that this recipient of Personal data has the right to receive and process the Data subject's Personal data under Article 6, Article 9 of the GDPR or other lawful basis.
1.5.3. Each recipient of data specified by the Data subject shall be considered by the Company as a separate data controller.
2.1. Controller collects and processes the following Personal data of Data subjects:
2.1.1. basic information when registering on the Website - first name, last name, user name, gender, birth date, svorį, e-mail, phone, other Personal data provided by the Data subject;
2.1.2. data related to registration on the Website - consent information when registering on the Website and providing Personal data; information on consent or refusal to accept newsletter/offers (what constitutes consent or refusal to process personal data for the purposes of direct marketing) and related records;
2.1.3. data on the Use of Website - data collected through the use of cookies in connection with Internet browsing, information on consent or refusal to use cookies, etc;
2.1.4. data related to the provision of Services- first name, last name, (delivery) address, e-mail, phone, Payment card data, purchase history, payment information, information on usage of equipment, devices (purchased under Agreement) which transmit the collected data, data collected through these equipment, devices (purchased under Agreement), other Personal data provided by the Data subject.
2.1.4.1.Data collected through these equipment, devices (purchased under Agreement) shall includeData concerning health of Data subject.
2.2. Controller collects and processes Personal data on the grounds defined in legal acts indicated in clause 1.3. of Privacy Policy and for these porposes:
2.2.1. to conclude and perform a Agreement to which the Data subject is a party or to take action before concluding the Agreement (Article 6 (1) (b) GDPR);
2.2.2. to fulfill the legal obligation applicable to the Controller (Article 6 (1) (c) GDPR), including: handling of claims, submission of data to public authorities in accordance with legal requirements;
2.2.3. on the legitimate interests of the Controller (Article 6 (1) (f) GDPR), including servicing the Client's account on Website in the event of complaints, requests, disputes, claims against the Controller and in order to protect the Controller's violated rights and legitimate interests; for the purpose of performance analysis, etc.'
2.2.4. with the consent of the Data subject (Article 6 (1) (a) GDPR) - when Data subject registers on the Website and providing Personal data; when, for the purposes of direct marketing, Data subject agrees to receive the newsletter / offers, for use of cookies; etc. The content of the Data subject's consent will indicate the purpose of the processing of Personal data each time;
2.2.5. with the consent of the Data subject (Article 9 (2) (a) GDPR) - when Personal data related to the Health of the Data subject is processed.
The Data subject may revoke the consent to the processing of Personal data at any time by contacting the Company in accordance with the procedure and contact addresses specified in this Privacy Policy.
2.3. The provision of Personal data by the Data subject is voluntary and not a legal requirement. However, the provision of the specified Personal data may be a requirement that must be met in order for the Data Subject to register on the Website or enter into Agreement. Therefore, without providing the specified Personal data of the Data subject, it would be impossible for the Data subject to register on the Website and use it, to enter into Agreement.
2.4. Personal data is stored by Controller:
2.4.1. The Controller shall store the Personal data submitted for the conclusion and implementation of the Agreement for the entire period of performance of the Agreement, but no longer than 10 years from the moment of performance of the Agreement;
2.4.2. The consents provided by the Data subject will be stored for the duration of the consents;
2.4.3. data on the Use of Website - no longer than 2 years;
2.4.4. data related to the provision of Services -no longer than 5 years following the end of provision of Services under Agreement.
2.4.5. other data shall be stored by the Controller for at least the storage period specified in the legal acts of the Republic of Lithuania or to the extent necessary to fulfil the obligations set forth in the legal acts of the Republic of Lithuania, including to the storage of documents or in the legitimate interests of the Data Controller or to the extent necessary for the purposes for which such Personal data was collected.
2.5. In the event of a transfer of Personal data to third countries, this will be done in accordance with the requirements of the GDPR.
2.6. Subject to the processing of Personal data for the above purposes and grounds, Personal data may be disclosed to public authorities or bodies carrying out public tasks (to the extent required by law) as well as to the following recipients or categories of recipients to the extent necessary to achieve the above purposes:
2.6.1. for entities involved in Agreement performance processes, including the provision of delivery of goods, payment services, electronic services;
2.6.2. entities providing marketing and marketing services;
2.6.3. entities servicing the Company's information systems, entities providing Website content management tools or Website hosting services;
2.6.4. entities providing consulting, auditing and accounting services to the Company.
2.7. The Controller shall also provide Personal data to those entities in respect of which the Data subject has given consent to provide Personal data.
2.8. In each case, the Controller shall provide the recipients with only as much Personal data as is necessary to execute a specific order/mandate or provide a specific service.
3.1. Pursuant to these provisions, each Data subject whose Personal data is processed by the Controller has the right:
3.1.1. require access to your Personal data, i. e. obtain information on the purposes of the processing of Personal data, the period of storage, the recipients of the data, the sources of the Personal data, and information on how and in what cases the Data subject may exercise the right to rectify or delete Personal data or restrict or object to such processing;
3.1.2. require correction of Personal data if the data is inaccurate and / or incomplete;
3.1.3. require the erasure of Personal data ("right to be forgotten") or restrict (with the exception of storage) the processing of Personal data where the accuracy of the data is contested, where the processing of Personal data is unlawful, no longer required by the Controller for processing, however, Personal data is required by the Data Subject for the purpose of making, enforcing or defending legal claims, or when the Data subject expresses his or her refusal to process Personal data;
3.1.4. in the event that the Personal data of the Data subject is processed in the legitimate interest of the Controller, the Data subject shall have the right to object to the processing of his Personal data for specific reasons related to him. In this case, the Controller undertakes to stop processing such Personal data of the Data subject, unless the Controller processes such Personal data for legitimate reasons beyond the interests of the Data subject and the reasons for non-consent to the processing of Personal data; or to make or defend legal claims.
3.1.5. withdraw consent of Data subject at any time;
3.1.6. require the provision (transfer) of his Personal data if the Personal data has been provided in a structured, commonly used and computer-readable format and is processed by automated means. Subject to the conditions set out above, the Data subject has the right to request that his Personal data be transferred to another controller when this is technically possible (right to data portability);
3.1.7. submit a complaint to the competent supervisory authority (in the Republic of Lithuania - Valstybinė duomenų apsaugos inspekcija, address L.Sapiegos g. 17, Vilnius, phone 8 5 271 2804, e-mail info@viallies.com);
3.1.8. other rights provided in the applicable legal acts.
3.2. The rights of the Data subject (except for those discussed in clause 3.1.7) shall be exercised by submitting a written request to the Company, sending a letter by post or e-mail to the address indicated above, provided that his identity is properly identified by electronic means.
4.1. If the Data subject has agreed to receive the Company's newsletter / offers on the Website by e-mail - name, surname, e-mail of the Data subject will be used to send the newsletter / offers.
4.2. Newsletter / offers are sent from the Company.
5.1. Website uses cookies. Cookies are small information files downloaded (with consent of Data subject) to device (e.g. computer, mobile phone) when the Data Subject browses the Website and collect information about the Data subject's browsing.
5.2. The first time you visit the Website, the cookies are transferred to the Data subject's device and later used to distinguish them from other devices, they ensure more convenient use of the Website and allow us to improve the Website. This is a common practice for browsing websites, making it easier to browse a website you've already visited and easier to access published information.
5.3. To prevent the processing of Personal data with the help of cookies, you can change the settings of your Internet browser so that cookies are not accepted, or delete stored cookies.
5.4. You can change your cookie settings at any time in your browser. All browsers have the ability to delete cookies. Removing or blocking the use of cookies may affect the operation of the Website and some of its functionalities, as well as the use of the services available on the Website.
6.1. This Privacy Policy shall be construed, interpreted, and implemented in compliance with the laws of the Republic of Lithuania.
6.2. This Privacy Policy is drawn up in accordance with the GDPR, the Law on the Legal Protection of Personal data of the Republic of Lithuania and other legal acts regulating the processing of Personal data applicable in the Republic of Lithuania.
6.3. Every dispute, disagreement or claim arising from these Privacy Policy or related to them and the violation or validity of the Privacy Policy shall be resolved through negotiations, in the event of failure to reach an agreement, shall be finally resolved in a court of the Republic of Lithuania in accordance with the valid laws of the Republic of Lithuania.
6.4..This Privacy Policy is written in the Lithuanian and English languages.
6.5. This Privacy Policy is approved by the Company and is valid from 2024.
Relations that are not regulated by present Privacy Policy or are partially regulated by them are regulated in accordance with the the legal acts of the Republic of Lithuania.
6.6. The Company may unilaterally amend present Privacy Policy at any time, notifying the Client by e-mail. The Company publishes current version of the Privacy Policy on Website.
If the amended Privacy Policy is not acceptable to the Client, the Client has the right to terminate the Agreement concluded with the Company in accordance with the procedure discussed in Terms and Conditions.
By continuing to access or use the Services after Company has provided Client with notice of a amendment of Privacy Policy, Client agrees to be bound by the modified Privacy Policy.