Privacy Police

The purpose of the Privacy policy is to inform how personal data of data subjects are collected and processed, how long they are stored, to whom they are provided, what rights the data subjects have, and where to apply for their implementation or other matters related to the processing of personal data.
Personal data are processed in accordance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating the protection of personal data.
UAB LIDARIS follows the following principles of data processing:

    • personal data are processed in a lawful, fair, and transparent manner (the principle of legality, integrity, and transparency);
    • personal data are collected for specified, clearly defined, and legitimate purposes (purpose limitation principle);
    • personal data processed must be adequate, appropriate, and necessary only for the purposes for which they are processed (the data reduction principle);
    • personal data are constantly updated (principle of accuracy);
    • personal data are stored safely and for no longer than required by the data processing objectives or the legislation (principle of limitation of storage time);
    • personal data are processed only by the employees of the Company who have been given such a right in accordance with their functions or data processors who provide services to the Company and process personal data on behalf of the Company and for the benefit of the Company or the data subject (principle of integrity and confidentiality);
    • The Company is responsible for ensuring that the Company complies with the stated principles (accountability principle).

1. DEFINITIONS

1.1. Data controller – UAB LIDARIS (hereinafter referred to as the Company), legal entity code 302813532, registered office address Šv. Stepono st. 27C-24, Vilnius.

1.2. The data subject is any natural person whose data are processed by the Company. The data controller collects only those data subject which are necessary for the operation of the Company and (or) visiting, using, while browsing the Company’s website (hereinafter the Website). The Company ensures that the collected and processed personal data will be safe and will only be used for a specific purpose.

1.3. Personal data means any information that directly or indirectly relates to a data subject whose identity is known or who can be directly or indirectly identified using the relevant data. Personal data processing means any activities performed on personal data (including collection, editing, recording, storage, modification, access, sending up queries, transfers, archiving, etc.).

1.4. Consent – any voluntary and deliberate confirmation by which the data subject agrees that his personal data are processed for a specific purpose.

2. PERSONAL DATA SOURCES

2.1. Personal data are provided by the data subject himself. The data subject contact the Company, uses the services provided by the Company, buys services and/or goods, asks questions, contact the Company for the purpose of providing information, etc.

2.2. Personal data are obtained when the data subject visits the Company’s website. For some reason, the data subject leaves his contact details etc.

2.3. Personal data are obtained from other sources. Data are obtained from other institutions or companies, publicly accessible registers, etc.

3. PERSONAL DATA PROCESSING

3.1. When submitting the personal data to the Company, the data subject agrees that the Company uses the collected data in fulfilling its obligations to the data subject in providing the services the data subject expects.

3.2. The personal data are managed by the Company for the following purposes:

3.2.1. Company activity and continuity. For this purpose, the following data are processed:

    • To make and to prosecute a contract the Company could manage this personal data of the supplier (individual):
      • Full name (s);
      • Personal code or date of birth (age);
      • Residential address;
      • Contact details (phone number, email address);
      • Workplace and duties;
      • Bank account number and name of the bank;
      • Monetary operations and dates of transactions, amounts, currencies.
      • Other data that was received from individual or data that was received by the following law (for example, data that is at business certificate (the type of activity, group, code, name, a period of activity, date of issue, amount), number of individual activity certificate, information whether or not the individual is a VAT payer and other data that is necessary to perform the contract.
    • To administrate e-system of orders the Company could manage this personal data of costumer (individual):
      • Full name (s);
      • Contact details (phone number, email address);
      • Workplace;
      • Address.

3.2.2. Administration of the curriculum vitae (CV) database for job candidates. For this purpose, the following data are processed:

    • Full name (s);
    • Date of birth (age);
    • Residential address;
    • Contact details (phone number, email address);
    • Information about the candidate’s education (educational institution, a period of studies, education, and/or qualification acquired);
    • Information about the upgrading of qualification (training, certificates);
    • Information on the candidate’s work experience (workplace, period of employment, duties, responsibilities, and/or achievements);
    • Information on language skills, information technology, driving skills, other competencies, other information provided in the CV, cover letter, or other candidate’s documents;
    • Employer references, feedback: persons recommending or providing feedback for the candidate, their contact details, contents of references, or feedback.

3.2.3. To administrate requests, comments, and complaints. For this purpose, the following data are processed:

    • Name and/or nickname;
    • Email address;
    • The subject of the request, comment, or complaint.
    • Text of request, comment, or complaint.

3.2.4. Direct marketing. For this purpose, the following data are processed:

    • Full name (s);
    • Contact details (phone number, email address);
    • Other questionnaire data about client’s needs for services.

3.2.5. Recording phone calls to execute negotiations, to discuss orders, and to ensure conditions of the contract. For this purpose, the following data are processed:

    • Records of phone calls;
    • Phone number (whereof the phone call was made or was received);
    • Date of phone call;
    • Duration of a phone call.

3.2.6. For other purposes, in which the Company has the right to process personal data of the data subject when the data subject has expressed his consent, when the data is to be processed for the legitimate interests of the Company, or when the data are processed by the Company according to the requirements of the relevant legislation.

4. FORMS OF DISCLOSURE OF PERSONAL DATA

4.1. The Company undertakes to comply with the confidentiality obligation with respect to data subjects. Personal data may only be disclosed to third parties if it is necessary for the conclusion and drawing up of the contract for the benefit of the data subject or for other legitimate reasons.

4.2. The Company may submit personal data to its data processors, which provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the instructions of the Company and only to the extent necessary for the proper fulfillment of obligations laid down in the Contract. The Company shall use such processors that provide reasonable assurance that appropriate technical and organizational measures will be implemented in such a way that the processing of data complies with the requirements of the Regulation and will ensure the proper protection of the data subject’s rights.

4.3. The Company may also provide personal data in response to requests from courts or public authorities to the extent necessary to properly enforce existing legislation and instructions from public authorities.

4.4. The Company guarantees that personal data will not be sold or leased to third parties.

5. PERSONAL DATA STORAGE TERM

5.1. The personal data collected by the Company are stored in printed documents and/or in the Company’s information systems. Personal data is processed for no longer than necessary for the purpose of data processing or for no longer than required by data subjects and/or provided by law.

5.2. Although the data subject may terminate the contract and refuse from the Company’s services, the Company continues to be obliged to keep the date of the data subject for possible future claims or legal claims until the expiration of the data storage periods.

6. RIGHTS OF DATA SUBJECT

6.1. The right to receive information on the processing of data.

6.2. Right to access the data processed.

6.3. The right to request the correction of data.

6.4. The rights to request to delete the data (“The right to be forgotten”). This right does not apply if the personal data requested to be deleted are also processed on other legal grounds, such as the processing necessary for the performance of the contract, or when the obligations according to the applicable law.

6.5. Right to restrict the data processing.

6.6. The right to disagree with data processing.

6.7. Right to data portability. The right to data portability may not adversely affect other rights and freedoms. The data subject has no rights to the portability of data in relation to personal data processed in non-automatic weigh-in systematized files, such as paper files.

6.8. The right to require that only automated data processing, including profiling, is applied.

6.9. The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.

7. The Company must ensure the disability for the data subject to exercise the rights of the data subject specified in the Rules, except in cases established by law, when it is necessary to guarantee state security or defense, public order, prevention, investigation, detection or prosecution of criminal offenses, important economic or financial interests of the state, prevention, investigation and detection of breaches of professional ethics, protection of the rights and freedoms of the data subject or other persons.

8. PROCEDURE FOR IMPLEMENTING THE DATA SUBJECT’S RIGHTS

8.1. The data subject, in connection with the implementation of his rights, may apply to the Company:

8.1.1. When submitting a written request in person, by post, via a representative or by electronic means – by e-mail: info@lidaris.com.

8.1.2. orally – by phone 8 609 09233 (when making calls from other countries – +370 609 09233);

8.1.3. in writing – at the address Šv. Stepono st. 27C-24, Vilnius.

8.2. In order to protect the data against unauthorized disclosure, the Company must verify the identity of the data subject upon receipt of the data subject’s request for data or implementation of other rights.

8.3. The Company’s answer to the data subject must be given not later than within one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

9. DATA SUBJECT’S RESPONSIBILITY

9.1. The data subject must:

9.1.1. Inform the Company about changes in the submitted information and data. It is important for the Company to have valid and effective information of the data subject;

9.1.2. to provide the necessary information so that at the request of the data subject the Company can identify the data subject and a certain that it communicates or co-operates with the specific data subject (to provide a personal identity document, or in accordance with the procedure laid down by legal acts or by electronic means of communication that allows the data subject to be properly identified). It is necessary for the protection of data of the data subject and other persons so that the disclosure of the data subject’s information is restricted to the data subject, without prejudice to the rights of others.

10. FINAL PROVISIONS

10.1. By transferring personal data to the Company, the data subject agrees with this Privacy Policy, understands its provisions, and agrees to comply with it.

10.2. In developing and improving the Company’s activities, the Company has the right at any time to unilaterally make changes to this Privacy Policy. The Company has the right to unilaterally, partially, or completely change the Privacy Policy by notifying there on the website www.lidaris.com.

10.3. The additions or changes to the Privacy Policy come into force from the day they are published, i.e., from the date they are placed on the website www.lidaris.com.