UAB “Gaschema” (hereinafter referred to as the “Company”) strives to protect individuals’ privacy and respect their rights. This privacy policy clearly and transparently presents the principles of information collection and use applied by the Company and its website, as well as other relevant information about the Company’s provisions and principles ensuring personal data protection. The Company emphasizes that this policy does not apply when individuals browse other companies’ websites or use third-party services while connected through the Company’s network.
When processing personal data, the Company follows the General Data Protection Regulation (EU) 2016/679, the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, and other applicable legal requirements.
This Privacy Policy applies to the protection of personal data concerning individuals, including future employees, participants in procurement tenders organized by the Company (including potential, former, and current participants), individuals present on the Company’s premises and/or territory, visitors to the Company’s website www.gaschema.lt, and other interested parties (hereinafter referred to as “Individuals” or “Data Subjects”).
The data controller is UAB “Gaschema,” registered at Jonalaukio k. 1, Jonavos m. seniūnija, Jonavos r. savivaldybė, email: info@gaschema.lt.
I. Data Processing Activities
1. The Company may collect and process the following categories of personal data for the following purposes and on the following legal bases:
1.1. Recruitment and Selection of Personnel (Candidates for Job Vacancies in the Company)
1.1.1. The following personal data may be processed for this purpose: identification data, contact details, information provided in the CV, cover letter, and accompanying documents, photograph (if voluntarily submitted by the candidate), and other data related to the recruitment process.
1.1.2. The Company processes this data based on its legitimate interest in finding and hiring candidates with the necessary qualifications, skills, and attributes.
1.1.3. Personal data processed for this purpose will be stored for no longer than 3 months from the moment the candidate is informed that they will not be hired. If the job posting specifies that only selected candidates will be notified, data will be stored for 3 months from the end of the recruitment process. This period may be extended if the data is required as evidence or an information source in pre-trial or other investigations, including investigations conducted by the State Data Protection Inspectorate, civil, administrative, or criminal cases, or other legally mandated circumstances. In such cases, personal data will be retained as long as necessary and deleted immediately once no longer required.
1.2. Selection of Participants for the Company’s Procurement Tenders
1.2.1. The following personal data may be processed for this purpose: identification data, contact details, bank account details, debt information (obtained from the State Enterprise Centre of Registers, the State Tax Inspectorate, and Sodra), contact person details, data in certificates and other documents verifying specific qualifications, and other information provided by the participant.
1.2.2. The Company processes this data based on its legitimate interest in selecting suppliers of goods, services, and works for the Company and/or its subsidiaries.
1.2.3. Personal data collected for this purpose will be stored for no longer than 5 years from the end of the procurement tender. This period may be extended if the data is required as evidence or an information source in pre-trial or other investigations, including investigations conducted by the State Data Protection Inspectorate, civil, administrative, or criminal cases, or other legally mandated circumstances. In such cases, personal data will be retained as long as necessary and deleted immediately once no longer required.
1.3. Responding to Individuals and Providing Information
1.3.1. If individuals submit an inquiry or complaint using the contact details provided on the Company’s website—via email, phone, or registered mail—the Company processes the following personal data to properly respond: identification data, contact details, correspondence (if it contains personally identifiable information), and related personal data.
1.3.2. The Company processes this data based on its legitimate interest in responding to individuals’ inquiries and complaints.
1.3.3. Personal data collected for this purpose will be stored for no longer than 3 years. This period may be extended if the data is required as evidence or an information source in pre-trial or other investigations, including investigations conducted by the State Data Protection Inspectorate, civil, administrative, or criminal cases, or other legally mandated circumstances. In such cases, personal data will be retained as long as necessary and deleted immediately once no longer required.
1.3.4. The Company uses individuals’ data solely to properly and objectively review inquiries, provide necessary information, respond to questions, resolve requests or complaints, and offer consultations. The Company may also analyze inquiries to improve its operations and the quality of services provided, taking into account individuals’ feedback and suggestions.
1.3.5. The Company does not publicly disclose its correspondence with individuals. However, if an inquiry or complaint is submitted through public comment sections on websites or social media platforms, the Company reserves the right to respond publicly in the same format as the inquiry was received.
1.4. Objective of Ensuring Company Property and Personal Security, and Accident Prevention:
1.4.1. For this purpose, video surveillance is conducted within the Company’s premises and territory, covering employees, visitors, and any individuals entering the monitored areas.
Video Surveillance Locations:
| Address | Monitored Areas |
| UAB “Gaschema”, Jonalaukio k. 1, Jonava Municipality | Buildings K-310, K-312, K-364 warehouse, and surrounding territory |
| UAB “Gaschema”, Elektrėnų g. 9D, Kaunas | Warehouse and surrounding territory |
| UAB “Gaschema”, Šilutės plentas 109, Klaipėda | Warehouse and surrounding territory |
1.4.2. Video data is processed through the following means:
- Real-time monitoring
- Video recording
- Backup storage of video footage
1.4.3. The Company processes this data based on the legitimate interest of protecting its property, employees, customers, and other individuals, and preventing accidents due to hazardous activities on the premises.
1.4.4. Recorded video data is stored for up to 30 calendar days and then automatically deleted. If required as evidence in legal or investigative proceedings, the data may be retained as necessary and deleted once no longer needed.
1.5. Objective of Contracting and Executing Agreements with Third Parties:
1.5.1. For this purpose, the following data of contract counterparties’ representatives, employees, and agents is processed:
- Name, surname, personal identification number or date of birth
- Signature, work email, and phone number
- Employer details and other necessary personal data related to contract execution
1.5.2. The Company processes this data based on its legitimate interest in managing potential risks, communication, and maintaining business relationships.
1.5.3. Data is retained for up to 10 years after contract termination, with possible extensions if required for legal proceedings.
1.6. Objective of Implementing International Sanctions and Restrictive Measures:
1.6.1. The Company processes data of clients, suppliers, partners, shareholders, and ultimate beneficial owners to verify that they are not subject to EU sanctions. Processed data includes:
- Identification data (name, surname, date of birth)
- Direct or indirect links to sanctioned entities
- Shareholding details and control mechanisms
- Other relevant information from sanction lists
1.6.2. This processing is based on the Company’s legal obligations under Lithuanian law.
1.6.3. Data is stored as long as sanctions apply but no longer than 10 years, with possible extensions for legal proceedings.
1.7. Objective of Managing Information on Violations:
1.7.1. The Company processes personal data of employees (current and former) and other individuals reported in connection with violations. Data includes:
- Whistleblower’s identity (name, surname, ID number, workplace, position, contact details, signature)
- Information on the violation and involved persons
- Witness data and any other information provided in the report
1.7.2. This processing is based on legal obligations under Lithuanian whistleblower protection laws.
1.7.3. Data is stored for up to 5 years from the last decision on the violation, with possible extensions for legal proceedings.
1.8. Purpose of Proper Functioning and Administration of the Company’s Website and E-Store(s):
1.8.1. For this purpose, the data of individuals visiting the Company’s website/e-store(s) is processed: IP address used to access the Company’s website and use the Company’s e-store(s)/products; user identification data (name, surname, email), which is used to log in to the e-store(s).
1.8.2. The Company processes this data based on its legitimate interest in ensuring the smooth and proper operation of the Company’s website and/or e-store(s) for user access and convenient usage.
1.8.3. The data processed for this purpose is stored for as long as the individual uses the service and for 3 years from the date of the last purchase transaction. These terms may be extended if personal data is used or may be used as evidence or an information source in a pre-trial or other investigation, including an investigation conducted by the State Data Protection Inspectorate, a civil, administrative, or criminal case, or in other cases established by law. In such cases, personal data may be stored for as long as necessary for these data processing purposes and will be destroyed immediately when no longer needed.
1.9. Administration of the Company’s Social Media Accounts:
The Company, when administering its accounts on social networks Facebook, Instagram (Meta), and LinkedIn, acts as a joint data controller together with these platforms to the extent publicly disclosed by these social networks. The Company has no ability to influence the data processing actions carried out by these social networks. Information on data processing and privacy principles conducted on social media can be found in the privacy notices (privacy policies) of these social networks.
1.10. Direct Marketing (Sending Newsletters and Offers):
1.10.1. The Company processes and uses personal data for direct marketing purposes only if the individual has given their consent. Consent to receive beneficial direct marketing offers can be confirmed when registering in the Customer Self-Service and/or on the website (as well as in registration forms created by the Company, contracts). The personal data specified in the consent will be used for automated decision-making, i.e., profiling will be carried out. When providing offers to clients, the Company may use automated analysis of personal data – the Company may group and analyse client data based on the data provided regarding relevant product categories. The profiling actions carried out by the Company do not have any legal or other significant impact on data subjects.
1.10.2. The following personal data is processed for direct marketing purposes: name, surname, email address, phone number, residential address, information about product categories relevant to clients.
1.10.3. The personal data specified in point 1.10.2. is collected and processed based on consent. Individuals who wish to receive newsletters/offers provide their consent, specifying their contact details depending on what information and through which method they prefer to receive it.
1.10.4. The storage period for personal data processed for direct marketing purposes is 5 years. This period may be extended if personal data is used or may be used as evidence or an information source in a pre-trial or other investigation, including an investigation conducted by the State Data Protection Inspectorate, a civil, administrative, or criminal case, or in other cases established by law. In such cases, personal data may be stored for as long as necessary for these data processing purposes and will be destroyed immediately when no longer needed.
1.10.5. The data subject has the right to object or withdraw their consent for the processing of their personal data for direct marketing purposes, including profiling, as far as it relates to such direct marketing, at any time without providing reasons:
1.10.5.1. By clicking the “unsubscribe” link at the end of the newsletter and/or on the website (if such a technical possibility is provided);
1.10.5.2. By writing an email to info@gaschema.lt or calling +370 349 56845;
1.10.5.3. By logging into their account on the Company’s website in the “Gaschema Customer Self-Service” section to withdraw their consent;
1.10.5.4. Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.
1.11. Purpose of Determining Lottery/Game Winners:
1.11.1. The Company processes and uses personal data for the purpose of determining lottery/game winners only if individuals participate in organized lotteries/games and have given their consent in accordance with the Lottery/Game Rules.
1.11.2. By participating in lotteries/games, individuals provide the Company with the following data: name, email address, and phone number.
1.11.3. The Company uses the personal data provided by individuals for the purpose of determining the lottery/game winner, as well as for contacting the winners, including responding to received inquiries and comments.
1.11.4. The Company processes personal data on the legal basis of consent.
1.11.5. The Company processes and stores data necessary for the organization and execution of the lottery/game for as long as individuals participate in such a lottery/game and for 1 month from the end of the lottery/game period. The Company stores the personal data of the lottery/game winner for 3 years. This period may be extended if personal data is used or may be used as evidence or an information source in a pre-trial or other investigation, including an investigation conducted by the State Data Protection Inspectorate, a civil, administrative, or criminal case, or in other cases established by law. In such cases, personal data may be stored for as long as necessary for these data processing purposes and will be destroyed immediately when no longer needed.
1.11.6. Individuals have the right to withdraw their consent to participate in the lottery/game at any time by writing an email to info@gaschema.lt or calling +370 349 56845.
1.11.7. Withdrawal of consent does not affect the lawfulness of personal data processing based on consent before its withdrawal.
1.12. Purpose of Data Processing Related to the Conclusion and Execution of the Contract in Gaschema’s Customer Self-Service
1.12.1. A data subject wishing to use Gaschema’s customer self-service (hereinafter referred to as the “Customer Self-Service”) must review the Self-Service Rules, this Privacy Policy, and express consent in writing or electronically to receive information via the Customer Self-Service. If the customer does not review the aforementioned documents and does not provide consent, they cannot create an account in the Customer Self-Service. Once the customer has reviewed these documents, a Customer Self-Service account is created for the data subject, where information and relevant documents such as orders, remaining deposit balance, contracts, payment history, debts, and similar data are provided. These personal data are processed based on consent when creating an account (registering). The company informs that the following personal data are collected and processed in the Customer Self-Service:
- Name, surname, phone number, contact information, including user login credentials, email addresses, residential address, correspondence address, phone number;
- Financial data such as bank account numbers, banking details, and other information indicated in contracts and VAT invoices that the company has the right to process based on contract execution and legal obligations applicable to the company.
1.12.2. Information in the Customer Self-Service may be provided by the customer themselves or by a representative of the customer’s (legal entity’s) company or organization who has access to the Customer Self-Service. The customer is responsible for all information entered under their name, ensuring its accuracy and relevance. The customer is also responsible for updating and maintaining accurate information.
1.12.3. If access to the Customer Self-Service is granted to multiple users, some personal data entered in the Customer Self-Service may be accessible to the system administrator(s) of the organization(s) and other individuals specified by the customer at the time of product purchase. The company is not responsible for the internal organizational processes of customers, as this is outside the scope of this policy.
1.12.4. As with any other cloud computing service provider, the company collects data related to the creation and administration of customer accounts to ensure the proper functioning and lawful access to the Customer Self-Service. This includes:
- IP address used to connect to the company’s website and services;
- Information about the type and version of the web browser;
- Technical details such as operating system, device information (where possible, including identification number and configuration details), language preferences, country settings, and visited URLs;
- User login credentials and passwords, search queries performed in our product(s) or website(s);
- Data usage information, e.g., the amount of server resources used per session, to optimize server performance.
1.12.5. The company does not collect or use customer data from third parties on its website or Customer Self-Service. However, information from social networks or other providers such as Facebook, LinkedIn, YouTube, and Google may be received if the customer uses their services to log into the company’s website. The company is not responsible for the privacy settings of these third-party services. Customers must independently review and manage their privacy settings (e.g., on Google, LinkedIn, Facebook, YouTube, or other sites used for login).
1.12.6. The customer may terminate their Customer Self-Service account at any time by following the instructions provided in the Customer Self-Service or by contacting the company via email at info@gaschema.lt.
1.12.7. If customers choose passwords to access certain features of the Customer Self-Service, they are responsible for keeping these passwords confidential. The company requests that customers do not disclose or share their passwords with third parties.
1.12.8. Personal data related to the conclusion and execution of contracts will be processed for 10 years from the last login to the Customer Self-Service. This period may be extended if the data is used or may be used as evidence or an information source in a pre-trial or other investigation, including investigations by the State Data Protection Inspectorate, civil, administrative, or criminal cases, or other legally defined circumstances. In such cases, personal data will be retained as necessary for these processing purposes and will be deleted immediately once they are no longer required.
1.13. Administration of E-Commerce Operations and Order Management
1.13.1. Personal data provided in the company’s online store at e.Gaschema.lt are processed to conclude and execute the purchase-sale contract. The legal basis for data processing is the necessity of processing data to fulfill the contract.
1.13.2. The following personal data are processed for the administration of personal accounts in the online store and order management:
- Name, surname, email, phone number, registration address, city, postal code;
- Order date and time, payment method, buyer’s IP address, and delivery-related details: delivery address, delivery method, and additional information entered in the order notes (a free-form field where the data subject (customer) can provide any relevant information about the order or delivery);
- Other purchase-related data: product names, quantities, purchase prices, and purchase history.
1.13.3. Data retention period: The data subject’s (customer’s) account will remain active for two years after the last login. If the account is inactive beyond this period, it will be deleted along with its data. If the account was used to purchase goods or services, separate purchase data (including invoice information) will be retained in the company’s accounting records for 10 years after the purchase.
1.13.4. The following recipients may receive the processed personal data:
- Data processors who perform certain tasks and provide services to the data controller (e.g., legal, financial, tax, audit, debt collection, accounting, IT maintenance services, etc.);
- Courts, law enforcement agencies, or state institutions as required by legal regulations or necessary to protect the legitimate interests of the seller;
- Product manufacturers (in case of warranty service).
When a customer places an order in the online store, the personal data provided may be transferred to third-party service providers responsible for transportation. The buyer acknowledges that when collecting goods from the designated pick-up location, the seller and/or the third-party service provider has the right to verify the buyer’s identity by requesting an identification document (e.g., passport, national identity card, or the new-format driver’s license) to ensure the goods are handed over to the correct recipient.
2. The Company uses cookies on its website and in the Client Self-Service platform to facilitate their use and to provide Individuals with more specific and relevant information. By using cookies, the Individual is recognized as a visitor, and the content is adapted to the Individual’s needs. The use of cookies helps the Company better understand the needs of Individuals. The collected statistical data on website traffic is useful for assessing website effectiveness and improving it. More information about cookies can be found in the Cookie Policy.
3. The Company processes Personal Data responsibly, lawfully, fairly, and transparently. When determining the means of processing personal data, as well as during data processing, the Company implements appropriate technical and organizational data protection measures to safeguard the processed personal data against accidental or unlawful destruction, damage, alteration, loss, disclosure, or any other unlawful processing.
4. If Individuals choose passwords that allow them to use certain website features, they are responsible for maintaining the confidentiality of their passwords. The Company asks Individuals not to disclose or share their passwords with third parties.
5. Individuals must take active measures to ensure the confidentiality of their Personal Data and make every effort to protect their website login password from being known to third parties. They must not disclose it directly or indirectly to any third party and must ensure that no third party can use their data when accessing the website and/or using the Company’s services and/or for any other purpose. Individuals are responsible for any actions taken by third parties if those actions were carried out using their Personal Data. All obligations and liabilities arising from or related to such actions by third parties rest entirely with the Individual.
6. If the Company has doubts regarding the accuracy of the Personal Data provided by an Individual, it has the right to verify and clarify such data.
Despite all reasonable efforts by the Company to protect Personal Data, it should be noted that data transmitted electronically is transferred using communication networks managed by electronic communication service providers. Therefore, the Company cannot guarantee and is not responsible for data security and protection during such transmission. Any data transfer procedures are carried out at the Individual’s own risk. From the moment the data is received, the Company applies strict data protection policies, as well as technical and organizational measures, to ensure protection against unauthorized access to Personal Data.
7. Personal Data will not be used for automated decision-making, including profiling, in relation to you.
8. Personal Data may be shared with:
8.1. Data controllers and processors who perform certain tasks and/or provide services (e.g., IT companies processing data to ensure the development, improvement, and maintenance of IT systems; companies ensuring customer notifications, providing security and other services, including legal, financial, tax, business management, personnel administration, accounting, and similar services).
8.2. Courts, law enforcement agencies, government institutions, and other organizations and individuals to the extent required by legal regulations (e.g., bailiffs, courts, the State Tax Inspectorate (VMI), the State Social Insurance Fund Board (SODRA), police, etc.) or to protect the legitimate rights and interests of the Company or third parties.
8.3. UAB “ACHEMOS GRUPĖ” and/or its group companies.
8.4. Other persons with the Individual’s consent if such consent is obtained for a specific case.
If any recipients of Personal Data are located outside the European Economic Area, data will be transferred only to countries recognized by the European Commission as providing an adequate level of data protection or only to countries where the appropriate safeguards set out in Article 46(2) or (3) or Article 49(1) of the General Data Protection Regulation apply. These safeguards can be reviewed by contacting the Company using the contact details provided in this Privacy Policy.
II. Cookie Policy
9. A cookie is a small data set that a website records in the browser of a person’s computer, mobile device, or other device. The next time the person visits the website, this file may be read so that the website can recognize the computer, mobile device, or other device. Data sets do not contain personal information, but if you provide such information to us, for example, by registering on our website, it may be linked to the information contained in the data set.
10. The Company’s website typically uses cookies for the following purposes:
10.1. Essential cookies. Technical cookies help display the Company’s website, ensure its functionality, create a user account, log in, and manage orders. These technical cookies are necessary for the proper functioning of the website.
10.2. Technical cookies. Functional cookies are designed to remember the preferences of website visitors and help use the website effectively and efficiently. For example, these cookies remember the preferred language of website visitors, searches, and previously viewed products. The Company may also use these cookies to remember website visitors’ registration information so that they do not have to re-enter login data each time they visit the website. These functional cookies are not essential for the website’s operation but add functionality and improve the user experience.
10.3. Analytical cookies. These cookies provide insights and data on how visitors use the Company’s website. This allows optimization and improvement of the website, as well as an understanding of the effectiveness of advertisements and communications. These cookies help collect data about visited web pages, the referring pages visitors came from, which emails were opened and responded to, as well as date and time information. This also allows the Company to use information about the website visitor and how they use the website, such as visit frequency, number of clicks on a particular page, search terms used, etc. As part of advertising campaigns, the Company may use analytical cookies to determine how users navigate the website after seeing an online advertisement. This may also include advertisements on third-party websites.
11. Cookies may only be used if the website user has given consent. Consent is not required when cookies are used for the website’s functionality, as well as for technical data storage or use, where the sole purpose is to transmit information via an electronic communications network or to provide necessary information society services requested by the website user.
12. Consent to the use of cookies may be obtained through browser settings, notification bars on the website, pop-ups, or during website registration. When visiting the Company’s website, visitors can choose whether they want to allow cookies. Cookies can be managed and/or deleted as desired. In Internet Explorer, Safari, Firefox, Chrome, or other browsers, users can select which cookies to accept and which to reject. Most browsers allow checking which cookies have been recorded, deleting individual cookies, blocking third-party cookies, blocking cookies from specific websites, blocking all cookies, and deleting all cookies when closing the browser.
13. Data on cookies used on the Company’s website www.gaschema.lt:
| Title | Purpose | Validity Period |
| pll_language | Functional cookie. A cookie that saves the visitor’s language settings. | Until the end of the session |
| cookieconsent | Used to store the user’s cookie settings. | 1 month |
| _ga | Google Analytics statistics cookie. Registers a unique ID used to generate statistical data on how the visitor uses the website. | 2 years |
| _gat | Google Analytics statistics cookie. Controls the sequence of data transmission to the Google Analytics system. | Until the end of the session |
| _gid | Registers a unique ID used to generate statistical data on how the visitor uses the website. | Until the end of the session |
| _fbp | Facebook cookie that collects information about user behavior on the website and is used for remarketing. | 3 months |
13.1. Cookies used in the online store e.gaschema.lt
13.2. When visiting e.gaschema.lt, some or all of the following types of cookies may be stored on your device.
Essential cookies:
| Name | Purpose | Expiration |
| csrf | Prevents unauthorized content posting in the store. | Until the session ends |
| session- | Used to maintain the user session. | 7 days |
| timezone | Used to set the user’s time zone. | 2 months |
| cookie-preference | Used to store user cookie settings. | 2 months |
| sw-states | Used to save the user’s cart status. | Until the session ends |
| omnisendAnonymousID | Omnisend cookies enable provided services and ensure their proper functioning. | 1 year |
Analytical cookies:
| Name | Purpose | Expiration |
| wbm-tagmanager-enabled | Stores whether it allows collecting user statistics. Activates Google Analytics and Google Tag Manager services. | 3 months |
| omnisendSessionID | Omnisend cookie assigns a unique session ID to the visitor. | 30 minutes |
| soundestID | Omnisend cookie determines whether the visitor has previously visited a specific online store page. | Until the session ends |
| soundest-views | Omnisend cookie assigns a specific visitor ID to track the number of visits to a self-service page for analytics and statistical purposes. | Until the session ends |
| _fbp | Facebook cookie that collects information about user behavior on the website and is used for remarketing. | 3 months |
14. A website visitor can revoke consent for cookies at any time by changing settings and deleting recorded cookies. Note that fully blocking cookies may affect the proper functioning of the Company’s website.
15. Information about the cookies used by the Company and cookie preferences can be found and managed on the Company’s website by clicking the relevant link.
16. Third-party cookies may also be used on the website. For more information about third-party cookies, please refer to their privacy policies.
III. Data Subject Rights
17. Individuals have the following rights
17.1. The right to access data and how it is processed.
17.2. The right to request data correction.
17.3. The right to request data deletion.
17.4. The right to restrict data processing.
17.5. The right to data portability.
17.6. The right to object to data processing.
17.7. The right not to be subject to automated evaluation and profiling.
17.8. The right to withdraw consent for data processing at any time when processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
IV. Personal Data Security
18. The Company processes personal data responsibly, lawfully, fairly, and transparently, implementing appropriate technical and organizational security measures.
V. Complaint Procedures
19. Individuals have the right to file complaints with the State Data Protection Inspectorate and courts regarding the Company’s actions.
VI. Final Provisions
20. The Company’s website may contain links to other websites. The Company is not responsible for their content or privacy policies.
21. Any updates to this Privacy Policy will be published on the Company’s website www.gaschema.lt.
22. For any questions regarding data processing, please contact the Company at: info@gaschema.lt, tel. +370 349 56845.