PRIVACY AND COOKIES POLICY
Privacy and Cookies Policy
U-Hearts Foundation (hereinafter “Foundation” or “we”) respects your privacy and is committed to protect it through compliance with this privacy and cookies policy (hereinafter referred to as “Privacy policy”). In this Privacy policy we will inform you about how we process cookies and your personal data. We commit ourselves to be transparent with you by providing clear information about what personal data we process, about the purpose of the processing, the retention period of the personal data as well as the legal basis for the processing and other information that we are required to provide pursuant to applicable legislation.
We process your personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as the GDPR), other applicable legal acts in the field of personal data protection as well as this Privacy Policy.
I. Definitions
The following terms are defined as follows in this Privacy Policy:
We, or the Foundation, shall mean U-Hearts, foundation established and operating in accordance with laws of the Republic of Lithuania, legal entity code 306035580, registered office address Latvių g. 38A-12, LT-08113 Vilnius, Republic of Lithuania, data about the foundation collected and stored in the Register of Legal Entities of the Republic of Lithuania.
Website shall mean the website accessible at www.u-hearts.com.
Other terms shall have the meanings assigned to them and defined in the GDPR.
II. Your personal data we are processing.
If you visit our Website, contact us via email or phone or visit our Foundation, we can collect your personal data:
For purpose of donation – donor name, surname, email, phone number, donation. These data are managed by seeking to implement the contract of which party you are, i.e., by seeking to ensure that your donation would be allocated to the project on the basis with your consent. These data are kept for 2 years after the day, when the donation was made.
For purposes of donors list publication on the Website – donor name, surname. These data are managed on the basis with your consent and kept as long as appropriate project is active, but no longer than for 2 years after the day, when your donation was made for a particular Project.
Any other your personal data, which could be submitted by you to us at any time, when you communicate with us – by writing an email, writing or calling or coming to the place. These data are managed with data subject consent and kept for 2 years.
2.4. Website administration, support, improvement.
Legal Basis for the processing personal data – our legitimate interest, your consent.
We process data when you visit and browse our Website, for the purpose of collecting statistical data and improving the quality of Services and visitor experience.
Duration of data processing:
See Chapter X (Cookies).
2.5. Customer service – inquiries, requests, complaints.
Legal Basis for the processing personal data – our legitimate interest, your consent.
If you contact us by phone or in writing (by e-mail or otherwise), we will store the fact of you contacting us and the information provided, including personal data, so that we can properly examine your request and/or respond to your question, request or complaint.
Duration of data processing:
Complaints, claims, written requests related to the donations and/or which may be related to disputes, shall be stored no longer than for 2 years after the donation was made.
III. Legal Basis for the processing personal data – legal obligations and requirements of legal acts.
Purpose for the processing: we process your personal data for the compliance with legal obligations to which we are a subject.
- accounting, taxes, other public obligations;
- protection of consumer rights;
- product safety;
- information security;
- other areas relevant for us.
Duration of data processing:
We will process your data the period that is provided in the legal (e.g. a period of 10 years is set for accounting documents, invoices, etc.). The periods of storage, archiving and management of documents of the foundation apply and are set according to effective legal acts, in compliance with requirements of the Index of the General Document Storage Periods, as approved by the Chief Archivist of Lithuania, and other documents and/or recommendations.
IV. From what sources do we obtain your personal data?
We receive almost all of your personal data from you: when you register on the Website or use the Website, make a donation and in other cases, also as explained in more detail in this Privacy Policy.
V. Do we share your data with others?
The Foundation has involved various service providers (e.g. providers of server hosting, data centres, cloud computing, support, IT, payment, identity verification, audit, accounting, legal, tax advisory services, administration of damages, analytics, e-mail, SMS messaging, customer service, call centre and other services).
If necessary and legally justified, we also provide your data to service providers that are separate data controllers or data processors, also to competent authorities, institutions, organisations, also other data controllers who are entitled to receive information in accordance with applicable legal acts and/or our legitimate interests.
With your consent, your data may be disclosed to persons you have indicated.
VI. HOW LONG DO WE STORE YOUR PERSONAL DATA?
Personal data specified in this Privacy Policy shall be stored and otherwise processed for no longer than the period specified in to each relevant data processing basis and for no longer than necessary to achieve the purposes for which the data were collected.
In those cases when the data storage period is not indicated in this Privacy Policy, your data will be stored no longer than necessary for achievement of the purposes, for which the data were collected, or for a period set by legal acts.
After the end of your data processing and storage period set in this Privacy Policy, we destroy your data or anonymise them irreversibly and reliably as soon as possible, within a period reasonably necessary for performance of such an action.
Your personal data can be stored for a period longer than indicated in this Privacy Policy only when:
that is necessary in order that we could defend ourselves from existing or threatening demands, claims or legal actions and exercise our rights;
this is necessary for ensuring the functioning, resilience, integrity of backup copies, information systems, traceability of operations, statistical and other similar purposes;
there are other grounds provided for in legal acts.
VII. Your rights.
7.1. The right to access data processed and the right to obtain a copy of personal data
You have the right obtain a confirmation from us as to whether or not we process your personal data and, when we do, access the personal data. That’s why we inform you in advance about our processing activities via this Privacy policy. If you have any questions, or would you like to learn more about what information we process from you, you are always welcome to contact us and we will provide you with further information.
7.2. Right to rectification of personal data
In case of changes in data presented by you to us (surname, e-mail address, telephone number) or in case you think that the information processed by us about you is inaccurate or incorrect, you have the right to demand to modify, amend or correct such information.
7.3. Right to withdraw the consent
In case where we process your data on the basis of your consent, you have the right to withdraw your consent at any time and data processing based on your consent will stop.
For example, you can withdraw your consent to receive offers at any time.
you have the right to withdraw consent at any time in the following ways:
by e-mail: info@u-hearts.com
7.4. Right to object to data processing, when processing is based on legitimate interests.
You have the right to object to personal data processing, when personal data is processed based on our legitimate interests. In the event that we send you general offers and information on the basis of our legitimate interest, you have the right to opt out of general offers at any time:
by e-mail: info@u-hearts.com
7.5. Right to erasure (right to be forgotten).
When there are certain circumstances indicated in legal acts on personal data protection (e.g. when the basis for data processing has disappeared, etc.), you have the right to request that we erase your personal data. In order to exercise this right, please contact us in the ways indicated in Privacy policy.
If you provide us with the request to erase all or some of your data and express your wish “to be forgotten”, we will no longer process those data of yours which will no longer be necessary for the purposes for which they were collected or otherwise processed. After you have exercised the right “to be forgotten”, your personal data will be further processed for the following main purposes and on the following main grounds (the list is non-exhaustive):
for the purposes of meeting accounting, tax requirements, personal data will be further processed according to Article 6(1)(c) of the GDPR (data processing is necessary to fulfil the legal obligation imposed on the data controller);
in order to manage customers’ complaints and other requests and inquiries, personal data will be processed according to Article 6(1)(b) of the GDPR (it is necessary to process data in order to fulfil the contract, a party to which the data subject is);
in case of disputes, in order to pursue our other legal claims and protect our rights, data will be further processed according to Article 6(1)(f) of the GDPR (data processing is necessary in pursuance of legitimate interests of the data controller or a third party).
7.6. Right to restriction of data processing.
When there are certain circumstances indicated in personal data protection legal acts (when personal data is processed unlawfully, when you challenge data accuracy, you stated an objection to data processing on the basis of our legitimate interest, etc.), you also have the right to restrict your data processing.
7.7. Right to data portability
You will be able to exercise this right in cases where we process your personal data by automated means (computers, etc.) and the legal basis for the processing of personal data is:
Your consent;
performance of the contract or actions taken at your request prior to the conclusion of the contract.
At your request and if it’s technically possible, we will transfer the data directly to another data controller specified by you.
7.8. Right to complain
If you think that we process your data in breach of requirements of personal data protection legal acts, we always ask that you contact us directly at first.
If you are not satisfied with a problem solution we suggest or if, in your opinion, we are not taking actions that must be taken in order to satisfy your request, you will have the right to lodge a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, LT-10312 Vilnius, e-mail ada@ada.lt).
VIII. Examination procedure of requests
In order to protect our customers’ data from illegal disclosure, upon receipt of your request to present data or implement other rights of yours, we will have to verify your identity.
In order to verify your identity, we may ask you to indicate relevant data (e.g. name, date of birth, e-mail address or telephone number). In performance of this verification, we may also send a control notification at the last contact (SMS or e-mail), asking to take an authorisation action, we may also request additional documents or data. If the verification procedure fails, we will be forced to state that you are not the data subject of the requested data and we will have to reject your request.
Upon receipt of your request regarding implementation of any right of yours and having successfully performed the above-indicated verification procedure, we undertake without undue delay, but in any case no later than within one month after receipt of your request and completion of the verification procedure, to give you information about actions we took with regard to your request. With regard to complexity and number of requests, we have the right to extent the period of one month for two more months, informing you about it before the end of the first month and indicating reasons for such an extension.
If your request is submitted electronically, we will give the answer to you electronically, too, unless it is impossible (e.g. due to a particularly large scope of information) or when you request to answer you in some other way.
We have the right to refuse to satisfy your request by our reasoned written response under the conditions and grounds provided for in legal acts. We will provide you with information free of charge, however, if the requests are manifestly unfounded or disproportionate, in particular because of their repetitive content, we may require a reasonable fee to cover administrative costs or may refuse to act upon your request.
IX. Protection of personal data
Your personal data will be managed by following the European Union General Data Protection Regulation, the Republic of Lithuania Law on Legal Protection of Personal Data and set requirements of other legal acts.
We use a variety of technical and organizational security measures to protect your personal data. Your personal data are stored safely and are only accessible to a limited number of persons.
X. Cookies
The Website www.u-hearts.com uses cookies. Our website uses cookies to collect statistical data and to remember what you have done while browsing and to collect this information for the purpose of improving our performance and personalized advertising. You may accept the use of all or only certain cookies.
Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. You can at any time change or withdraw your consent on our website.
Cookies Necessary for the Functioning of the Website/Svetainės veikimui būtini slapukai:
Name/pavadinimas
Function/paskirtis
Duration/galiojimas
_ab
Used in connection with access to admin.
2y
_secure_session_id
Used in connection with navigation through a storefront.
24h
_shopify_country
Used in connection with checkout.
session
_shopify_m
Used for managing customer privacy settings.
1y
_shopify_tm
Used for managing customer privacy settings.
30min
_shopify_tw
Used for managing customer privacy settings.
2w
_storefront_u
Used to facilitate updating customer account information.
1min
_tracking_consent
Tracking preferences.
1y
c
Used in connection with checkout.
1y
cart
Used in connection with shopping cart.
2w
cart_currency
Used in connection with shopping cart.
2w
cart_sig
Used in connection with checkout.
2w
cart_ts
Used in connection with checkout.
2w
cart_ver
Used in connection with shopping cart.
2w
checkout
Used in connection with checkout.
4w
checkout_token
Used in connection with checkout.
1y
dynamic_checkout_shown_on_cart
Used in connection with checkout.
30min
hide_shopify_pay_for_checkout
Used in connection with checkout.
session
keep_alive
Used in connection with buyer localization.
2w
master_device_id
Used in connection with merchant login.
2y
previous_step
Used in connection with checkout.
1y
remember_me
Used in connection with checkout.
1y
secure_customer_sig
Used in connection with customer login.
20y
shopify_pay
Used in connection with checkout.
1y
shopify_pay_redirect
Used in connection with checkout.
30 minutes, 3w or 1y depending on value
storefront_digest
Used in connection with customer login.
2y
tracked_start_checkout
Used in connection with checkout.
1y
Reporting and Analytics/ Ataskaitų teikimas ir analizė
Name
Function
Duration
_landing_page
Track landing pages.
2w
_orig_referrer
Track landing pages.
2w
Cookies Necessary for the Functioning of the Sites/Svetainės veikimui būtini slapukai:
Third Party/Trečiosios šalys
Description/Paskirtis
Privacy Policy/Privatumo politika
Cloudflare
Shopify uses Cloudflare Network as a Service for edge routing.
https://www.cloudflare.com/privacypolicy/
Reporting & Analytics
Third Party/Trečiosios šalys
Description/Paskirtis
Privacy Policy/Privatumo politika
Facebook Pixel
We use Facebook Pixel to help measure how users interact with our websites.
https://www.facebook.com/privacy/explanation
Google Analytics
We use Google Analytics to help measure how users interact with our websites.
https://policies.google.com/privacy
Google Tag Manager
We use Google Tag Manager to help manage analytics vendors.
https://policies.google.com/privacy
Hotjar
We use Hotjar to help measure how users interact with our websites.
https://www.hotjar.com/legal/policies/privacy
Advertising/Rinkodaros
Third Party/Trečiosios šalys
Description/Paskirtis
Privacy Policy/Privatumo politika
Facebook Custom Audiences
We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites.
https://www.facebook.com/policy.php
We use Google Ads to deliver targeted advertisements to individuals who visit our websites.
https://policies.google.com/privacy
Social Media & Content/ Socialinė žiniasklaida ir turinys
Third Party/Trečiosios šalys
Description/Paskirtis
Privacy Policy/Privatumo politika
Facebook Connect
We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform.
https://www.facebook.com/policy.php
XI. Contacts
If you have any questions about the processing of your personal data, any requests, or if you would like to give us feed-back, please contact:
U-Hearts, foundation established and operating in accordance with laws of the Republic of Lithuania, legal entity code 306035580, registered office address Latvių g. 38A-12, LT-08113 Vilnius, Republic of Lithuania, email address: info@u-hearts.com.
XII. Final provisions
Privacy policy shall enter into force from 28th of March, 2022. We shall have the right to change the Privacy policy, publishing such changes at the website www.u-hearts.com.