Privacy Policy

PERSONAL DATA PROTECTION PRIVACY POLICY

Gi Kitchen, 77 Lincoln Rd, Peterborough PE1 2SH, United Kingdom, e-mail address gihealthykitchen@gmail.com, tel. no. 01780766848, website https://gikitchen.co.uk (hereinafter referred to as the Company) is the controller of personal data processed therein, which ensures that personal data in the Company are processed in accordance with the personal data protection requirements applicable to data controllers and data processors: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1–88) (hereinafter referred to as the GDPR), the Law of the Republic of Lithuania on the Legal Protection of Personal Data, as well as the requirements for the processing of personal data established in other legal acts. I. GENERAL PROVISIONS 1. The Company processes personal data lawfully, transparently and fairly, for predetermined purposes and only to the extent necessary to achieve the purposes. When processing personal data, the Company aims to ensure that they are accurate, secure, confidential, properly stored and protected for no longer than required by the purposes of data processing or by law. 2. The Personal Data Protection Privacy Policy (hereinafter referred to as the Privacy Policy) provides information about the purposes of personal data processing in the Company, the conditions of legality, personal data processed by the Company, their sources of receipt, storage terms, purposes of provision, the procedure for implementing the rights of data subjects, and data recipients. 3. The term “personal data” used in the Privacy Policy means any information from which a data subject can be identified – directly or indirectly, to determine the identity of the data subject. Personal data includes surname, first name, date of birth, postal or e-mail address, location data and internet identifier, characteristic features, etc. 4. The Privacy Policy applies to all persons whose data is processed by the Company. 5. When processing personal data, the Company: 5.1. complies with the requirements of applicable legal acts, including the GDPR; 5.2. processes personal data in a lawful, fair and transparent manner; 5.3. collects personal data for specified, explicit and legitimate purposes; 5.4. takes all reasonable measures to ensure that personal data that are inaccurate or incomplete, having regard to the purposes of their processing, are promptly rectified, supplemented, their processing suspended or destroyed; 5.5. keeps personal data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed; 5.6. does not provide personal data to third parties or make them public, except as provided for in legal acts or the Privacy Policy; 5.7. ensures that personal data are processed in such a way that, by applying appropriate technical or organizational measures, appropriate security of personal data is ensured, including protection against unauthorized or unlawful processing of data and against accidental loss, destruction or damage. II. PURPOSES OF PROCESSING PERSONAL DATA IN THE COMPANY AND CONDITIONS OF LAWFUL PROCESSING 6. The Company processes the personal data of data subjects, in relation to whom the Company acts independently, setting its own means and purposes of processing personal data: 6.1. The purpose of assessing the needs of the data subject. For this purpose, the Company processes personal data in order to assess the needs of the data subject and provide the most relevant and best-suited offer to the data subject. 6.2. The purpose of performing the contract. For this purpose, the Company processes personal data in order to fulfill the contractual obligation. 6.3. The purpose of sending newsletters (direct marketing). For this purpose, the Company processes personal data in order to provide the data subject with relevant information, offers, and notifications related to the services provided by the Company. 6.4. The purpose of protecting the rights and interests of the Company. For this purpose, the Company processes personal data in order to implement and defend its rights and protect its legitimate interests. 6.5. The purpose of fulfilling a legal obligation. For this purpose, the Company processes personal data in order to implement the legal obligations established for the Company by relevant legal acts. 6.6. The purpose of selecting candidates for the positions offered by the Company in the Company. For this purpose, the Company processes personal data in order to find candidates who meet the needs of the Company to work in the Company, select them and assess whether the candidates are suitable for the offered job. 7. When processing personal data, the Company relies on the following conditions for lawful processing of personal data established by the GDPR: 7.1. Consent of the person, when personal data are processed for the purpose of sending newsletters, for the purpose of assessing the needs of the data subject (when special categories of personal data are processed, for example, health-related data), for the purpose of performing the contract (when special categories of personal data are processed, for example, health-related data). 7.2. Performance of the contract or in order to take action at the request of the data subject before concluding the contract, when personal data are processed for the purpose of assessing the needs of the data subject, for the purpose of performing the concluded contract. 7.3. Compliance with legal obligations established by law, when personal data are processed in order to fulfill a legal obligation imposed on the Company, including the examination of requests from individuals. 7.4. Legitimate interests, when personal data are processed in order to protect the rights and legitimate interests of the Company and when the Company seeks to select candidates for the offered jobs. III. PERSONAL DATA PROCESSED BY THE COMPANY 8. For the purpose of assessing the needs of the data subject, the following personal data are collected and processed: 8.1. Identification data (name, surname, date of birth); 8.2. Contact data (address, telephone number, e-mail address); 8.3. Data necessary for the preparation and submission of the offer (health-related data, active leisure/sports activities, height, weight, gender, age, hobbies, individual habits). 9. For the purpose of concluding the contract, protecting the rights and interests of the Company and fulfilling the Legal Obligation, the following personal data are processed: 9.1. Identification data (name, surname, personal code, date of birth); 9.2. Contact data (address of residence, address of delivery location, telephone number, e-mail address); 9.3. Payment and debt obligation data (payer’s name, surname, purpose of payment, payment term, payment amount, payment date, payment order number, bank account number, amount of the data subject’s debt). 9.4. Other data necessary for the performance of the contract (delivery time, username, password, login time, IP address, order history). 10. For the purpose of sending newsletters (direct marketing), the following personal data is collected and processed: 10.1. Identification data (name, surname); 10.2. Contact data (telephone number, e-mail address); 10.3. Purchase history, feedback on services and personal changes. 11. For the purpose of selecting candidates for the job positions offered by the Company, the following personal data are collected and processed in the Company: 11.1. Identification data (name, surname, personal code, date of birth); 11.2. Contact data (address, telephone number, e-mail address); 11.3. Data related to education and skills (educational history (including training courses and certificates), languages, other skills, taking into account the positions applied for; 11.4. Data related to work experience (work history (experience), contact information for obtaining recommendations); 11.5. Data related to expectations (desired work and/or working hours, salary expectations); 11.6. Data related to job interview and selection results (date of job interview, comments made during the job interview process (such comments may include the Company’s assessment), results of tests and/or practical tasks); 11.7. Other data provided (CV attachments, URL link to social media accounts, photos, videos). IV. SOURCES OF OBTAINING PERSONAL DATA 12. The Company processes the personal data of data subjects obtained in the following ways: 12.1. The data subject provides the Company with personal data voluntarily, in order to receive an offer, conclude a contract, in order to apply for a vacant job position, when the data subject provides personal data on the Company’s website, communicating by phone, e-mail or during meetings, answering the questions and questionnaires submitted. When the data subject contacts the Company in writing or by e-mail, the Company stores the correspondence data. 12.2. For the purpose of protecting the rights and interests of the Company, the data subject’s personal data is obtained from publicly available sources, for example, the State Enterprise Registers Centre, etc. V. TRANSFER OF PERSONAL DATA PROCESSED WITHIN THE COMPANY 13. The Company may transfer the personal data of the data subject to persons providing delivery and other services to the Company, including legal, financial, tax, business management, personnel administration, accounting, and competent state institutions, such as bailiffs and courts, in accordance with the procedure established by legal acts. 14. The Company does not transfer personal data collected for the purpose of sending newsletters to third parties. 15. The Company does not transfer the personal data of the data subject to third countries or international organizations, i.e. outside the European Union, except in cases where it is obliged to do so by legal acts or courts. VI. HOW LONG DOES THE COMPANY KEEP PERSONAL DATA? 16. The Company stores personal data for no longer than required by the purposes of data processing or provided for by legal acts, if they establish a longer data storage period. In cases where legal acts do not establish periods, personal data are stored: 16.1. if personal data are processed on the basis of consent – ​​for the period of validity of the consent and 2 years after the withdrawal of consent; 16.2. if a contract has been concluded – for the period of validity of the contract and 10 years after its expiry; 16.3. if a contract has not been concluded – for 6 months from the moment of receipt of personal data. 16.4. if personal data of candidates has been collected – for 6 months from the moment of receipt of personal data. 17. These periods may be extended if the personal data are used or may be used as evidence or a source of information in a pre-trial or other investigation, civil, administrative or criminal case, or in other cases prescribed by law. In such a case, the personal data may be stored for as long as necessary for these data processing purposes and destroyed immediately when they are no longer necessary. VII. RIGHTS OF THE DATA SUBJECT 18. When processing personal data, the Company ensures the rights of the data subject in accordance with the GDPR and the Law on Legal Protection of Personal Data of the Republic of Lithuania: 18.1. to know (be informed) about the processing of their personal data; 18.2. to familiarize themselves with their personal data processed by the Company; 18.3 . to demand correction or supplementation, clarification of incorrect, inaccurate, incomplete personal data ; 18.4. to demand deletion of personal data; 18.5. to object to the processing of personal data; 18.6. to demand restriction of data processing; 18.7. the right to data portability (if technically possible, to systematize personal data collected on the basis of consent or for the purposes of performing a contract in an easily readable format or to request their transfer to another data controller). 19. The data subject, wishing to exercise his/her rights, may submit a written request to the Company in person, by e-mail at info@7pack.lt , by post, or through persons providing postal or other parcel delivery services, confirming his/her identity. Requests for the implementation of GDPR rights, in the absence of the possibility of establishing the identity of the person submitting the request, are not considered by the Company. 20. Requirements for the request: 20.1. The request must be legible; 20.2. The request must be signed; 20.3. The request must indicate the name, surname, date of birth, and contact information of the data subject for communication; 20.4. The request must indicate which right the data subject wishes to exercise and, where applicable, the arguments or documents substantiating such a request; 20.5 . If the request is submitted on behalf of the data subject by a representative, the request must indicate not only the data specified above, but also the name, surname, place of residence, and contact information of the data subject’s representative and attach documents confirming the right of representation, approved in accordance with the procedure established by legal acts. 21. Methods of confirming the identity of the data subject: 21.1. When submitting a request in person: by submitting a personal identification document to an employee of the Company; 21.2. When submitting a request by mail or through persons providing postal or other parcel delivery services: a copy of the personal identification document must be submitted together with the request, certified by the data subject himself or a person entitled to confirm the authenticity of the copies; 21.3. When submitting a request by e-mail: the request must be signed with an electronic signature or a handwritten scanned or photographed request must be submitted together with an attached copy of the personal identification document, certified by the data subject himself or a person entitled to confirm the authenticity of the copies. 22. Upon receipt of a request, the Company will respond to it no later than within one month of receipt of the request. Depending on the complexity of the request and the number of requests received, this period may be extended by two months. 23. The data subject has the right to submit a complaint regarding the Company’s data processing or response to a request to the supervisory authority – the State Data Protection Inspectorate. VII. PROCEDURE FOR CHANGING THE PRIVACY POLICY 24. All changes to the Privacy Policy will be posted on the website. If necessary, they will be communicated personally. 25. The privacy policy is reviewed at least once a year. Privacy Policy Publication Date: March 14, 2026