Privacy Policy

We are committed to protecting your privacy and we seek to be fully accountable and transparent about the collection and use of information on our website. We will now introduce our Privacy and Cookie Policy (hereafter – “the Policy”), where you will find our provisions and principles for the protection of personal data.

This Policy applies whenever you visit the LHM Step (hereafter – the Company) website, register for meetings or calls, provide requests or submit a job application, and when the Company sends newsletters. We manage personal data in accordance with the European Union Data Protection Regulation No. 2016/679, Personal Data Act and the instructions of the controlling institutions.

If you have any questions about our Policy, please contact our Manager at this email address: woodstep@lhmstep.com.

PRIVACY AND COOKIES POLICY

Company’s personal data processing

To ensure transparency and responsible personal data processing, we ensure that the Company manages personal data for the following purposes:

• direct marketing, including newsletters and feedback forms;

What personal data is collected?

The Company collects and manages the following categories of personal data:

• basic data, necessary for direct marketing: name, surname, address and contact data;
• Data required for sale of goods: order details and information required for manufacturing request or invoice submission, etc;
• Additional data, collected with your consent; the purpose for requesting the data will be defined in detail. This data will also be handled according to Policy standards.

What is the legal basis for collecting your personal data?

The Company may collect your personal data only in accordance with the legal basis of concluding and executing a contract, either when you enter into a contract of sale with the Company or if you request information regarding a potential contract. The Company may also need to process data in the pursuit of legitimate customer communication such as sending feedback forms, newsletters and new information about goods or services. On another basis, the Company can process your personal data with your consent so the Company can provide direct marketing through individualized offers, or to conduct individual client analysis. The Company may also process your personal data while performing legal obligations, such as complying with the requirements of regulatory acts, providing answers to legitimate requests of state and municipalities, or other legal grounds for legal handling.

Cookies

The information collected by the cookies enables us to provide you with the convenience of browsing and receiving attractive offers, while giving us useful information about the behaviour of the website users, so we can analyse trends and improve the website, our customer service and the Company’s services.

We also use cookies to register whether you have agreed to use cookies on the Company’s website, so you do not need to respond to this question every time you visit the website.

The Company’s employees have access to the statistics about visitors to the Company’s website, and are responsible for data analysis and website improvement. The Official Company’s Representatives, indicated in our website, are responsible for our production sales and development, as well as providing website content management tools.

To learn more about cookies and how to manage or remove them, just visit www.allaboutcookies.org or your browser’s help page.

How do I manage my cookies?

On the Company website, you can choose whether you want to use cookies. You can manage and/or delete cookies according to your preferences. In the browser settings (Internet Explorer, Safari, Firefox, Chrome, etc.), you can choose, which cookies to accept or reject. You can delete all cookies already on your computer; in most browsers, you can set cookies not to be saved. The location of these settings depends on the browser you are using.

In most browsers, you can do the following:

• check, which cookies are saved and delete individual cookies;
• block third-party cookies;
• block cookies from specific websites;
• block all sending of cookies;
• delete all cookies upon closing the browser.

If you do not agree to save cookies to your computer or other device, you can cancel your consent at any time, by changing the settings and deleting the saved cookies. If you have chosen to delete cookies, remember that this will delete all the settings you have previously set. In addition, many websites (including the LHM Step website) will not function properly when cookies are completely blocked. For this reason, we do not recommend disabling cookies, when you use the Company’s website.

To learn more about cookies and how to manage or remove them, just visit www.allaboutcookies.org or your browser’s help page.

PERSONAL DATA SECURITY

Your Personal Information is managed responsibly and securely in accordance with Personal Data Act, EU regulations (GDPR) and other applicable laws (if any). During data processing and whenever we establish personal data processing tools, we implement appropriate legal and technical data protection and organizational measures to protect your personal data from unauthorized handling.

The Company’s Employees and Official Representatives, as indicated on our website, do not allow third parties to disclose or disseminate information about the Company’s customers, including visitors to the Company’s website, at the workplace.

When processing personal data, security measures are determined based on the potential risks that may arise.

YOUR RIGHTS AND OTHER IMPORTANT INFORMATION

You are entitled to:

• receive information about your personal data as processed by LHM Step, including where and how the personal data is collected and how the Company handles it;
• correct or update the information listed in your personal data; and/or to suspend the processing of such data, if you are aware that the data is incorrect, incomplete or inaccurate;
• delete personal data or stop the processing of such personal data, if you are aware that personal data was accessed illegally or fraudulently, or that excessive personal data is processed, or that there has been some other violation of relevant legal acts related to data processing.
• Obtain a copy of the personalized data held by the Company, in a computer-readable format, and either forward this data to another controller, or ask the Company to directly transfer such data to another manager, where technically feasible (the right to data portability).

If you have any concerns or complaints about your rights in relation to our use of your personal data, you can contact post@xtrapp.no. We will always seek to resolve such issues with you promptly and directly; however, if you are not satisfied with our response, you can also contact the State Data Protection Inspectorate.

How do I know about changes to this policy?

Whenever we update this privacy and cookie policy by LHM Step, we will post a notice on the website www.lhmstep.com to inform you of all major changes.

Rules for the processing of personal data

1. Basic concepts

1.1. Company – JSC “LHM Step”, a company and owner of the brand LHM Step, incorporated under the laws of the Republic of Lithuania, registered office at Vyturio str.1, Kausenai, Plunges distr. LT-90110 Republic of Lithuania, company code 303235362, whose data is accumulated and stored in the Register of Legal Entities.

1.2. Data subject – a natural person, whose personal data is managed by the Company.

1.3. Personal data – any information, related to a natural person – a data subject.

1.4. Personal data processing – any act relating to the use of Personal Data: collection, recording, storage, classification, grouping, merging, modification (addition or amendment), provision, publication, usage, logical and/or arithmetic operations, search, dissemination, deletion or any other action or set of actions.

1.5. Automatic mode – actions, performed in whole or in part by automated means.

1.6. Employee – the person who has undertaken a contract of employment or similar agreement with the Company and is appointed by the Company Head to take responsibility for processing personal data.

1.7. Official Representative – a business subject or a person, listed on www.xtrapp.no who has been appointed by the Company to represent the Company’s sales and product development interests.

1.8. Manager – the legal or natural person, authorized by the Company to process personal data. The manager (-s) (if any) must be registered with the appropriate institutions.

1.9. Data receiver – the legal entity or natural person who is provided with Personal Data. The data receiver (-s) (if any) must be registered with the appropriate institutions.

1.10. Cookies – small text files, sent to the device of each person who visits the website; these text files connect to the website and are temporarily stored on that device. During the person’s next visit to the website, the browser will read the cookie and transfer information back to the website or item. The information collected on the cookie website, helps adapt the website content according to the visitor’s interests by helping identify the website visitor and saving the history of the visit.

2. General provisions

2.1. This document regulates the actions of the Company and its Employees, Official Representatives in the management of Personal Data, and the Company’s use of automated Personal Data Processing Means. It also defines the Data Subject Rights, Personal Data Protection Risk Factors, Personal Data Protection Measures and other issues, related to the Personal Data processing.

2.2. Personal data must be accurate, appropriate and must only be collected and processed if it is necessary for Company data processing requirements. Any personal data required for personal data processing is constantly updated.

2.3. The goals of personal data processing – direct marketing and other legitimate goals, defined in advance of data collection.

2.4. The Company, for the purpose, specified in Clause 2.3 of the Rules, handles the following Data Subject Person details:

(a) name;

(b) surname;

(c) e-mail;

(d) phone number;

(e) living address.

2.5. The Personal Data processing is governed by The Personal Data Act and relevant legal acts, regulating the processing and protection of data, as well as these Rules.

3. Personal data processing

3.1. The Company manages personal data for the following purposes:

• direct marketing, including newsletters and feedback forms;
• internal administration.

3.2. The Company collects and manages the following categories of personal data:

(a) the basic data required for the above-mentioned purposes: name, surname and contact data;

(b) data, necessary for the sale of goods: order details, invoices, data, related to payments, etc .;

(c) other data, to be defined in detail when required, and only collected with your consent.

3.3. Personal data is processed manually and non-automatically, using the Company’s personal data processing facilities.

3.4. Only Employees, Official Representatives and Managers are entitled to manage Personal Data. Every Employee/Official Representative/Manager, assigned to handle Personal Data, must protect its confidentiality and comply with the requirements of the legislation on personal data protection.

3.5. An Employee/Official Representative/Manager must:

(a) maintain confidentiality of Personal Data;

(b) process Personal Data in accordance with the Personal Data Act and related Rules;

(c) not disclose the Personal Data, transfer or make it available to any person who is not authorized to process it by any means of access;

d) immediately notify the Company Head or the person, appointed by the Company Head, of any suspicious situation that may endanger the security of Personal Data.

3.6. The Employees/Official Representatives, who automatically process Personal Data or can access the local area network, where Personal Data is stored, must use passwords. The passwords must be changed periodically, as well as in certain circumstances (for example, when an employee leaves the company employment or if there is any other possibility that the password has become known to third parties, etc.). An Employee/Official Representative must only know his own password.

3.7. The computer maintenance officer must ensure that Personal Data files are not “shared” from other computers and that antivirus programs are updated periodically.

3.8. The protection of personal data is organized, guaranteed and carried out by the Company Head or an Employee who has been appointed by him.

3.9. An Employee no longer has the right to process Personal Data, once the work contract with the Company has expired or if the Company Head revokes the Employee’s appointment to process Personal Data.

3.10. An Official Representative does not have the right to process Personal Data, when the cooperation agreement with the Company is terminated or if the Company Head revokes Official Representative rights to process Personal Data.

3.12. The Manager loses the right to process Personal Data, when the Manager’s contract with the Company is terminated.

4. Data on the Company’s website (www.lhmstep.com):

(a) By administering the website and diagnosing the problems in the LHM Step server, we can use the IP addresses of visitor computers. IP address – a unique network code, identifying a computer. It can be used to set up a visitor and collect various demographic information;

(b) Using cookies, we collect data regarding the use of services. Information about cookies, cookie types and their uses are provided in the 5th paragraph of the Rules (see below);

(c) You submit data by sending inquiry forms, guarantee services, employment applications or requesting a meeting or call through the LHM Step website. We collect the basic information, necessary for the user identification, which you have provided, i.e. name, surname, e-mail address, living address etc.

5. Cookie usage:

(a) Technical Cookies: ensure website functionality by creating a user account and logging in to manage Data Subject orders. These technical cookies are essential for the proper functioning of the site.

(b) Functional cookies: help to remember the wishes of the Data Subject and to use our website effectively. For example, these cookies will remember information such as your preferred language, login information, searches and previously viewed items. While these functional cookies are not essential, they add functionality and improve the Data Subject’s website experience.

(c) Analytical cookies: help gain insights on how visitors use the website, so this information can help optimize and improve the website, and choose the most effective means of advertising and communication.

(d) Commercial cookies: Company and third-party cookies are designed to display personalized advertising on our own website and other websites, based on browsing actions, such as the items viewed or searched for by the Data Subject.

(e) The “Google Analytics” tool is provided by the US company “Google Inc.”, so it also has access to the statistics collected by this tool. “Google Inc.” is committed to the application of the EU-US Privacy Policy, which ensures that the service provider complies with EU privacy standards. This provider is also subject to contractual privacy obligations. You can read about this at https://www.google.com/analytics/terms/dpa/dataprocessingamugges_20160909.html.

6. Implementation of data subject rights

6.1. When submitting a personal identity document to the Company, the Data Subject is entitled to receive information on the sources and personal data collected, such as how they are processed and provided. The Data Subject can submit a written request by mail or e-mail for the Company to provide access to Personal Data..

6.2. Upon receipt of a request from the Data Subject, regarding the processing of his Personal Data, the Company is responsible for submitting the requested data to the Data Subject no later than within 30 calendar days from the date of the Data Submission’s request. At the request of the Data Subject, such data shall be provided at the written or e-mail address.

6.3. As a Data Subject, you can request a correction or deletion of Personal Data or request a suspension of your Personal Data Processing activities by submitting a written request to the Company by post or e-mail. Upon receipt of such a request, the Company immediately verifies the Personal Data and promptly rectifies incorrect, incomplete, inaccurate Personal Data at the request of the Data subject.

6.4. The Company immediately informs the Data Subject about the correction, deletion or removal of Personal Data in accordance with the request.

6.5. The Company also ensures all other rights, guarantees and interests of the Personal Data Subjects, guaranteed by Personal Data Act and other legal applicable acts (if any).

7. Personal data transfer

7.1. Personal data may be provided only to the Data Providers, when the Company has signed respective agreements with on the Transfer/Provision of Personal Data; the Data Protection shall ensure adequate protection of the Personal Data transferred. Personal data may also be transferred to third parties in other cases, as outlined in the Personal Data Act and other applicable legal acts (if any).

7.2. The Company does not use or disclose any sensitive personal information, such as health information, race, religious beliefs or political opinions without the explicit consent of the Data Subject, unless required or permitted by law.

7.3. Personal Data may also be transferred to third parties in other cases, as outlined in the Personal Data Act and other applicable legal acts (if any).

8. Personal Data protection risk factors

8.1. A breach of Personal Data protection – an act or omission that may result in undesirable effects, as well as in violation of the mandatory rules of the laws, regulating the Personal Data protection. The Personal Data protection, degree of impact from the damage violation and consequences in each case, shall be assessed by a commission, formed by the Company Head or his authorized person.

8.2. Personal Data protection risk factors:

(a) unintentional, when Personal Data protection is violated due to accidental reasons (data processing error, data media, deletion of data records, erroneous routes (addresses) for data transfer, etc., or system interruptions due to power failure, computer virus, etc., internal rules violation, system maintenance shortage, software tests, inadequate data carrier maintenance, inadequate line capacity and protection, network integration of computers, protection of computer programs, lack of fax supplies, etc.);

(b) deliberate violation of Personal Data protection (unauthorized intrusion into Company’s/Official Representatives premises, Personal Data storage repositories, information systems, computer network, malicious Personal Data infringement, deliberate distribution of computer viruses, personal data theft, unlawful use of another Employee’s right etc.);

(c) unexpected accidental events (lightning, fire, flood, flood, storm, electrical wiring, effects of temperature and/or humidity changes, impacts of dirt, dust and magnetic fields, accidental technical accidents, other inevitable and/or uncontrolled factors, etc.).

9. Implementing measures for the Personal Data protection

9.1. To ensure the protection of Personal Data, the Company implements or intends to implement the following Personal Data protection measures:

(a) administrative (organization of safe documents and computer data and their archives, as well as the organization of work in different fields of activity, introduction of personnel to the Personal Data protection in employment and after the termination of employment or similar relations, etc.);

(b) technical and software security (administration of servers, information systems and databases, maintenance of work places, maintenance of the Company’s premises, protection of operational systems, protection against computer viruses, etc.);

(c) communications and computer networks (firewalling, sharing data, programs, unwanted data packets, etc.).

9.2. Technical and software tools for protecting personal data must ensure the following:

(a) installation of operating system and database copies, copying technique and compliance control;

(b) continuous processing technology;

(c) the strategy of updating systems in unforeseen cases (management of surprises);

(d) physical (logical) separation of the environment testing programs from operating mode processes;

(e) authorized use of data and maintaining its integrity.

9.3. All Employees/Official Representatives, who have the right to manage Personal Data or organize and enforce its protection, must strictly observe the requirements of the Personal Data protection measures and relevant rules, instructions or procedures, established by the Company.

10. Terms for the personal data processing.

10.1. For the purpose of meeting or call registration – first name, last name, e-mail address, telephone, residential address. This Personal Data is processed with your consent and stored for 10 (ten) years after your last visit to our site for marketing and quality assurance purposes.

10.2. For the purpose of concluding and performing the contract – name, surname, e-mail address, telephone number, delivery address, payment details of the product / service (bank account number, payment method, etc.), purchase history (purchased goods, price, etc.), other information related to the conclusion and performance of the contract or issuing offer. This Personal Data is processed for the necessity of performing the contract entered into with you or to ensure effectiveness of process, high quality customer services for potential contracts and stored for 10 (ten) years from the date of your last purchase and/or from the date of your last inquiry to make a potential contract.

10.3. For the purpose of providing guaranteed services – name, surname, e-mail address, telephone number, residential address, purchase history (purchased goods, order number etc.), other information related to identify subject of the guaranteed services. This Personal Data is processed for the necessity of performing the contract entered into with you and stored for 10 (ten) years from the date of concluded contract.

10.4. For the purpose of creating Official Representatives network – first name, last name, e-mail address, telephone, residential address. This Personal Data is processed with your consent and stored for 10 (ten) years after your application form was filled and sent to us.

10.5. When Personal Data no longer needs to be processed, it is deleted, except for that, which, in the cases specified by law, must be transferred to state archives.

10.6. The data for direct and indirect marketing campaigns is retained by the company for no longer than the intended purpose of the data processing, legislation or data subject. Upon the Subject’s request, the Company deletes all the data which not required for storage, in accordance with all legal requirements, regarding the Data Subject.

11. Responsibility

11.1. The Employees/Official Representatives, who violate the law on the legal protection of Personal Data, other legal acts, regulating processing and protection of Personal Data or these Rules, apply the liability measures, provided for in the laws..

12. Final provisions

12.1. Compliance with the Rules and, if necessary, review, trusted by the Company Head or his authorized person.

12.2. Responsible Employees/Official Representatives are introduced to the Rules by signing.