Privacy Policy

Information and Data Security Policy

1. Purpose and Scope
1.1. This policy defines how UAB “Vairoma” ensures the security of customer, partner, and internal company data.
1.2. The policy applies to all data processed:

  • On the company’s website;

  • During orders and communication (by phone, email);

  • In internal company operations (warehouse, administration, accounting).

2. Data Security Principles
UAB “Vairoma” follows these data protection principles:

  • Minimization – only the necessary amount of data is collected;

  • Accuracy – data is regularly updated and corrected;

  • Limitation – data is stored only as long as necessary;

  • Accountability – each data processing process is assigned to authorized personnel;

  • Transparency – customers are provided with clear information about data processing.

3. Personal Data Security
3.1. All customer data (e.g., name, surname, contact information, purchase details) is processed in compliance with GDPR (EU 2016/679).
3.2. Data:

  • Is not shared with third parties without legal basis;

  • Is accessible only to authorized employees;

  • Is stored in encrypted emails, accounting software, or secure devices.

3.3. Protection of databases and communication is ensured by using:

  • Password-protected devices;

  • Updated antivirus software;

  • Regular data backups.

4. E-commerce Security
4.1. The website (if used) ensures secure communication via SSL/TLS certificate, protecting data submitted by the client.
4.2. Payments are processed through secure partner channels (e.g., bank transfers or trusted payment providers).
4.3. Customer data is used solely for order fulfillment, warranty handling, or legal obligations – and never shared without consent.

5. Physical Security Measures
5.1. The company premises (warehouse, workshops) are:

  • Monitored by video cameras (if available);

  • Locked, restricting access to unauthorized individuals;

  • Equipment (computers, devices) is accessible only to authorized staff.

6. Incident Management
6.1. In the event of a security incident (e.g., data breach, system compromise), the company will:

  • Immediately suspend possible data processing;

  • Conduct an internal investigation;

  • If necessary – notify the State Data Protection Inspectorate and affected individuals within 72 hours.

7. Employee Responsibility
7.1. All employees with access to customer or company data must sign a confidentiality agreement and be trained in secure data handling.

8. Customer Rights
8.1. Customers have the right to:

  • Know what data is collected about them;

  • Request correction or deletion of their data;

  • Object to the use of their data for marketing purposes;

  • Submit a complaint to the data protection authority.

9. Policy Review
9.1. This security policy is reviewed once a year or upon legal/technical changes.

Security Contact Information
Company: UAB “Vairoma”
Address: Vandžiogalos pl. 106B, Domeikavos k., Kauno r.
Phone: +37061144900
Email: info@vairoma.lt