Prewise UAB, legal entity code 110855792, registration address Konstitucijos pr. 7, Vilnius, correspondence address- Gynėjų str.14-24, Vilnius, telephone number +370 677 95135, e-mail address: firstname.lastname@example.org, website https://www.prewise.lt/.
1. DEFINITIONS USED
1.1. Personal Data – shall mean any information relating to a natural person (Data Subject) that is considered Personal Data under Personal Data protection legislation.
1.2. Processing of Personal Data – shall mean any operation or range of operations performed on Personal Data, including by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
1.3. The Company– Prewise UAB, legal entity code 110855792, registration address: Konstitucijos pr. 7, Vilnius, correspondence address: Gynėjų 14-24, Vilnius.
1.4. Data Controller– shall mean a natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be determined by Union or Member State law.
1.5. Data Recipient – shall mean a natural or legal person, public authority, agency or another body, to whom Personal Data are disclosed, whether a third party or not.
1.6. Data Processor– shall mean a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
1.7. Data Subject – shall mean a natural person (including an employee of the Company) whose Personal Data is processed or is intended to be processed.
1.8. IP address – a unique number, known as an Internet Protocol (IP) address, assigned to each computer connected to the Internet.
1.9. Service Providers – shall mean natural or legal persons working under individual activity certificates or copyright, or service agreements, who provide the Company with services or goods agreed with the Company.
1.11. Cookies – shall mean small textual files that are recorded on the device when you visit the Website, which allow the Website to remember information about browsing the Website for a while and to recognize the Website visitor the next time you visit.
1.12. Consent – shall mean any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;
1.13. Website– Website operated by the Company- https://www.prewise.lt/.
1.14. Regulations – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.15. Direct marketing– shall mean an activity intended for offering goods or services to persons and /or seeking their opinion on goods or services offered by post, e-mail or telephone or in any other direct way.
1.16. Internal administration – shall mean activity which ensures an independent functioning of the data controller (structure management, personnel management, management and use of available material and financial resources, and clerical work).
2. GENERAL PROVISIONS
2.3. The processing of Personal Data in the Company is regulated by the Regulations, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts, as well as the internal legal acts of the Company.
3. PRINCIPLES OF PERSONAL DATA PROCESSING
3.1. The scope of Personal Data processed depends on the services ordered or used by the Data Subject, and the information provided by the Data Subject when using the services, visiting the Website, submitting his/her data for employment purposes in the Company.
3.2. The Company seeks to ensure that Personal Data shall be processed accurately, honestly and lawfully, solely for the purposes for which they have been collected, and in accordance with the clear and transparent principles and requirements for the processing of Personal Data set out in legislation.
3.3. Data Subject are not obliged to provide the Company with any Personal Data, however, it may not be possible to enter into a business relationship with the Company in whole or in part in such a case.
4. SCOPE, PURPOSES, BASIS OF PERSONAL PROCESSING
4.3. The Personal Data of the Company’s customers are processed for the purposes of concluding and executing the service agreement (including communication with the customer), the basis of Personal Data processing is the execution of the concluded agreement. For this purpose, the Company collects the following Personal Data of customers: Name, surname, personal identification code, date of birth, telephone number, e-mail address, address; if the customer is a legal entity: name, position, basis of representation, telephone number, e-mail address and other information which the customer provides to the Company in order to receive services. The data is processed until the contract concluded with the customer expires upon its proper execution; thereafter the data shall be stored for 10 (ten) years in order to express, enforce or defend the legal requirements of the Company and in the performance of the Company’s obligation to archive documents provided for in legal acts.
4.6. The Website also collects Website visitor data: IP address, Website browsing history and date. Data are collected for statistical purposes. Website visitor statistics are analysed using Google Analytics. The information collected by Google Analytics cookies about the browsing history of the Website will be transmitted and stored on Google.org servers. The information collected by cookies allows us to ensure more convenient navigation on the Website, provide suggestions and learn more about the behaviour of the Website’s visitors, analyse trends and improve both the Website and the services provided. More information is available at allaboutcookies.org or www.google.com/privacy_ads.html.
4.7. If the Data Subject does not consent to the storage of cookies on his/her computer or other terminal device, he/she may change the settings of his/her Internet browser and disable all cookies or enable /disable them one by one. It should be noted that in some cases this may slow down the speed of Internet browsing, restrict the operation of certain features of the Website or block access to the Website.
4.8. For the purposes of direct marketing (sending newsletters), the Company shall process Personal Data on the basis of the consent of the Data Subject. The Company handles the following data: Name, surname, e-mail address, telephone number, position, usernames in social networks. The Data shall be processed for 5 (five) years from the receipt of the Data Subject’s consent or until the Data Subject revokes the given consent regarding the data processing. If the Data Subject revokes the consent for data processing for the purpose (s) discussed in this clause only the fact of giving the consent of the Data Subject shall be stored for 10 (ten) years from the expiry of the consent period or revocation of the consent in order to express, enforce or defend the legal requirements of the Company. The Data Subject may withdraw the consent for direct marketing at any time by contacting the Company by e-mail email@example.com or by clicking “unsubscribe” in the received newsletter.
4.10. For the purpose of employment, the Company processes the following Personal Data provided by the Data Subject: Curriculum Vitae (CV), personal image (photo), cover letter, name, surname, e-mail address, telephone number, residential address, as well as other information provided by the Data Subject. Personal Data submitted to the Company when applying for a specific position advertised in the Company shall be processed on the basis of the legitimate interest of the Company and the Data Subject. The Personal Data of potential employees of the Company shall be destroyed at the end of the selection performed by the Company for a specific position, if an Employment Contract is not concluded with them. After receiving the consent of the Data Subject, the Company will protect and process Personal Data for future employee selections for a period not exceeding one year. Candidates shall be informed about the term of Personal Data storage and the possibilities of expressing consent during the first contact orally or by e-mail (if a potential employee applies to the Company by e-mail). Throughout the data storage period, the Company may evaluate the candidacy of the Data Subject and submit proposals for jobs in the Company. The Data Subject shall have the right to withdraw the consent for the processing of Personal Data for the purpose specified in this clause at any time by clearly and unambiguously expressing his/her will to the Company in writing. The Company can obtain the data of candidates directly from the Data Subjects or by using the Internet portals selected by the Company, where the search for employees is performed and job advertisements are published.
4.11. For the purpose of concluding, executing and internally administering Employment Contracts, the Company processes the following Personal Data provided by the Data Subject: name, surname, residential address, date of birth, personal identification number, bank account number, social security number, image (photo), telephone number, e-mail address, information related to the Employee’s state of health and other data necessary for the Company to properly perform its duties as an Employer. The Personal Data of employees shall be stored in accordance with the terms specified in the Index of Terms of Storage of General Documents approved by the Order of the Chief Archivist of Lithuania.
4.12. The Company shall have the right to store Personal Data on the server to the extent necessary for the specifics of the activities performed on the Website, if the data provided by the Company’s customer was (i) used for illegal activities or (ii) an identity theft or other misconduct has been suspected that has been or will be the subject of an investigation by the relevant law enforcement authorities, (iii) if the Company has received complaints related to the relevant customer of the Company, or if the Company has noticed violations committed by the relevant customer of the Company, or (iv) for other legitimate purposes for the storage of Personal Data. These data shall be destroyed upon lawful instructions from law enforcement or other authorised authorities.
4.13. The Company may process the Personal Data of the Data Subject for other purposes in accordance with the requirements of the Regulation, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and internal legal acts.
5. PROVISION OF PROCESSED DATA TO OTHER ENTITIES. DATA CONTROLLERS AND PROCESSORS
5.1. The Company does not provide the processed Personal Data to third parties without the prior consent of the Data Subject, except in cases established by legal acts. Personal Data may be provided in accordance with the Personal Data Provision Agreement concluded between the Personal Data Controller and the Data Recipient (in case of multiple supply) or at the request of the Data Recipient (in case of single supply). The Agreement shall specify the purpose of the use of Personal Data, the legal basis for the provision and receipt, the conditions, the procedure and the scope of the Personal Data to be provided. The request shall specify the purpose of the use of Personal Data, the legal basis for its provision and receipt and the scope of the Personal Data requested.
5.2. The Company may transfer both Personal Data received from the Data Subject as well as those, collected by the Company, to the competent state authorities if it is related to their investigation/inspection or certain performed function, and the legal acts provide for the Company’s obligation to provide them with such information.
5.3. Personal Data may be processed by Data Processors providing accounting, server rental, office cleaning, security and other services to the Company, as well as suppliers of goods.
5.4. Data Processors shall have the right to process Personal Data only in accordance with the Company’s instructions and only to the extent necessary to properly perform the obligations set forth in the Agreement. By using Data Processors, the Company seeks to ensure that Data Processors have implemented appropriate organizational and technical security measures and maintain the confidentiality of Personal Data.
5.5. Personal Data may be provided to third parties in the following ways: in writing, by electronic means or by any other means agreed with the Data Controllers.
6. SECURITY OF PERSONAL DATA
6.1. The Company shall process Personal Data in accordance with the basic principles of Personal Data Processing set out in the Regulation, including lawfulness, fairness and transparency; purpose limitation; data reduction; accuracy; limitation of storage time; integrity and confidentiality; accountability principles.
6.2. The Company, through its internal organizational and technical measures, makes all reasonable efforts to ensure that Personal Data shall be protected from any unlawful acts. All Personal Data and other information provided by the Data Subject shall be treated as confidential. Only those Employees of the Company and the Processors of the Company’s data who have it necessary for the performance of work functions or the provision of services shall have access to the Personal Data.
7. RIGHTS OF DATA SUBJECTS
7.1. Each Data Subject shall have the following rights:
7.1.1. to have access at any time to the Personal Data provided by him/her;
7.1.2. to receive information from which sources and what Personal Data have been collected, for what purpose they are processed, to whom they are provided;
7.1.3. require the correction of incorrect, incomplete, inaccurate Personal Data and/or suspend the processing of such Personal Data;
7.1.4 do not give consent to the processing of his or her Personal Data, unless such Personal Data are processed in the legitimate interest of the Data Controller or a third party to whom the Personal Data are provided, and unless the interests of the Data Subject are overriding;
7.1.5. to require that the Personal Data provided shall be destroyed;
7.1.6. to require that the processing of Personal Data shall be restricted;
7.1.7. to require that Personal Data provided by him/her, if they are processed on the basis of his/her consent or contract, and if they are processed by automated means, shall be transferred by the Data Controller to another Data Controller, if technically possible (data portability);
7.1.8. the right to object to the use of automated data processing only;
7.1.9. the right to object to the processing of Personal Data for direct marketing purposes;
7.1.10. the right to withdraw consents given for the processing of data;
7.1.11. the right to submit a complaint to the State Data Protection Inspectorate regarding the processing of Personal Data.
7.2. When applying to the Company, the Data Subject must submit an identity document or a notarised copy thereof, and when applying by electronic means, confirm his/her identity by electronic means that allow proper identification of the person as provided by law.
7.3. The request for the exercise of the Data Subject’s rights must be legible, signed by the person, and must indicate the name, surname, address and/or other contact details of the Data Subject for contacting or requesting a response on the exercise of the Data Subject’s rights.
7.4. The Data Subject may exercise his/her rights himself/herself or through a representative. The personal representative must indicate in the request his/her name, address and/or other contact details with which the personal representative wishes to receive a reply, as well as the name, surname and other data of the represented person which are necessary for the proper identification of the Data Subject; moreover, the personal representative shall provide a document confirming the representation or a copy thereof.
7.6. The Company, acting as the Data Controller, shall have the right to reasonably refuse to exercise the rights of the Data Subject on the grounds set out in the Regulation.
7.7. The actions or omissions of the Company related to the implementation of the rights of the Data Subject may be appealed to the State Data Protection Inspectorate, as well as to the competent court.
7.8. Information on the processing of Personal Data is provided, the legality and integrity of the Data Processing is checked, the Data Processing operations are terminated, the data is destroyed free of charge.
7.9. Data Subjects may submit a request in the following ways: by e-mail firstname.lastname@example.org, or on arrival at the office at: Gynėjų st. 14-24, Vilnius.
8. FINAL PROVISIONS