Privacy policy

UAB Vilniaus aidai Privacy Policy 

Data Controller

UAB Vilniaus aidai, Legal Entity Identifier 126298220, registered office address Žarijų g. 6A, Vilnius (hereinafter the Company ir We) This Privacy Policy (the “Privacy Policy”) is intended for persons who purchase goods from the Company, use the Company’s services, visit the Company’s site or premises, inquire about employment with the Company, or visit the website www.vilniausaidai.lt

Joint controllers

The Company may process personal data as an individual controller and also jointly with other data controllers, i.e. joint controllers, as laid down in Article 26 of GDPR. Joint controllers shall enter into the Agreement that shall in a transparent manner determine their respective responsibilities for compliance with the obligations under GDPR, duly reflect the respective roles and relationships of the joint controllers vis-à-vis the data subject. The essence of the arrangement shall be made available to the data subject upon a written request. The data subject may exercise his or her rights under under GDPR in respect of and against each of the controllers.

General provisions

The Privacy Policy establishes and defines the basic principles for the processing of personal data and the exercise of data subject’s rights. Sales, service contracts and other arrangements may contain additional information.

The data subject shall confirm that he/she has read and understood this Privacy Policy, understands its provisions, and agrees to abide by it when the data subject uses the Company’s services, buys goods, submits personal data, sends or otherwise submits a CV to the Company, visits the Company’s premises or territory, or continues browsing the Company’s website. If you do not agree to be bound by this Privacy Policy, please do not use the Company’s services, do not provide your personal data to the Company for any other purpose, and do not browse the website www.vilniausaidai.lt

Key principles of personal data processing

The Company processes personal data in accordance with the legal acts of the European Union and the Republic of Lithuania governing the processing of personal data.

The scope of personal data processed depends on the goods and/or services ordered and the information provided by the person when ordering goods and/or services, visiting or registering on the Company’s website, submitting his/her data for the purposes of employment with the Company or visiting the Company’s premises or territory.

The data shall only be processed for explicit and legitimate purposes: to ensure the provision of goods and/or services; with the consent of the individual; when the processing of personal data is mandatory under the relevant legislation; when the processing of personal data is necessary for the legitimate interest of the data controller or a third party.

The Company aims to ensure that personal data are processed accurately, fairly and lawfully, that they are processed only for the purposes for which they were collected, and that they are processed in accordance with explicit and transparent principles and requirements for the processing of personal data set out in the legislation.

Sources of personal data

Personal data may be obtained directly from the data subject, who provides it when sending his/her CV or otherwise contacting the Company; retrieved from the client’s activities, from the Company’s personal data processors or from other external sources. The data can be also obtained from public sources.

Data may be generated when a person uses services, such as making a phone call, sending a text message, sending an email, ordering goods and/or services, or visiting the Company’s website.

No personal data are requested from a person unless the personal data is required for the purpose of making arrangements necessary for the sale of goods or services, invoicing, etc.).

The aims of personal data processing

The Company processes personal data for the following purposes: to meet contractual obligations; vehicle monitoring and control (GPS tracking); administration of traffic offence notifications; debt collection; administration of enquiries; website traffic statistics; security of property and persons; identification of persons; establishment, exercise and defence of legal claims; recruitment of employees; entering into, execution and administration of the contracts of employment, and for any other purposes relating to the management of the Company’s personnel.

The groups of data subjects are buyers (customers); buyer (customer) representatives; business partners; business partner representatives; employees; persons seeking employment with the Company; persons entering the Company’s premises and territory; and the Company’s visitors.

The following main categories of personal data may be processed, including but not limited to: name, surname, workplace, job title, personal identification number, mobile telephone number, CV, e-mail address, video recordings, visits to the Company’s premises and territory, vehicle registration numbers, other information necessary for the sale of goods and services, for business relationships and for the administration of contracts; IP address, browsing history and date of access.

Recipients and categories of recipients of personal data: public bodies and authorities, law enforcement authorities; auditors, legal and financial consultants; third parties managing databases and software; debt collection companies.

Personal data processing for the safety and security of people and property, and to ensure the continuous and stable operation of the Company

Visitors of the Company may be registered with the aim to ensure personal security, protection of property, continuous and stable operation of the Company. Visitors’ data may be recorded and stored electronically on Proxyclick SA servers in accordance with the personal data processing policy https://www.proxyclick.com/privacy. The following personal data can be collected: visitor’s name, surname, name of the organisation, the Company’s employee receiving the visitor and the time of arrival and departure, and data directly received from the data subject, i.e. the visitor. The Company’s visitors are informed about the processing of their data by a written notice handed to them upon arrival. They can also acquaint with the processing of their data in this Privacy Policy.

If the visitors come to other companies having their offices in the Company’s administration building at the address Žarijų g. 6A, Vilnius, information about the visitors is handed over to the employees of those companies. 

Video surveillance with the aim to protect the Company’s property and people

Video surveillance is in operation only in the premises and/or areas managed by the Company. Activities taking place in the Company’s premises and territory are under video surveillance. Video surveillance is used for the safety and security of the Company’s property and people. Data collected: videos.

The Company attempts to minimise the monitored areas (a room, a part of the room) that are not relevant for the intended purposes. Video surveillance is not used in the premises and/or territories designated for private use, i.e. WC rooms, shower rooms, changing rooms and the like.

After the lapse of recording retention period the image data are overwritten and the oldest data is erased in this way.

Videos may be used only to detect suspected offences or to detect and prove the damage caused to the property of the Company’s employees, service providers, third parties, and the Company. The recorded proof of damage may be transferred only to the parties entitled to receive such data by law.

The videos may be viewed and, if necessary, transferred to law enforcement authorities upon their written request. If the videos are viewed not by law enforcement authorities or outside the court premises, the videos must be viewed in a closed room of the Company. The data subject and the responsible staff member from the Company may be present while viewing the video.

Where there are reasonable grounds to believe that the visual monitoring material contains an offence being committed, the necessary video (footage) shall be copied to secure media and retained as long as it is necessary for these purposes. 

The data subject’s request to give access to the video must state the exact circumstances of the incident, including the following: the address of the premises/area managed by the Company; the specific location on the premises/area where the incident occurred; the date and time of the incident (to the nearest half hour). A response to the data subject’s request to view the video shall be given within 30 business days from the date of receipt of the request. The response (together with the requested video, if access to the video is given) shall be provided by the means specified in the data subject’s request, provided that the data subject confirms that the security of the data will be ensured by this method of transmission, or, where no means of transmission is specified in the data subject’s request, by the same means used to receive the data subject’s request. Where video is not provided, the data subject shall be given a letter of refusal of his/her request, stating the reasons for the refusal.

Personal data processing in the employment context

Potential employees of the Company (candidates, job seekers) shall provide the Company with the following personal data: curriculum vitae, name, surname, contact information. Potential employees shall be informed about the processing of their personal data and data retention periods at the time of the first contact. In addition, reference to this Privacy Policy is made where potential employees can acquaint with the processing of their personal data. 

The personal data of potential employees provided in their application for a specific position advertised by the Company shall be processed for the purpose of concluding an employment contract with the potential employee.

If a potential employee applies for a specific position but is not offered a job, the potential employee’s data shall be erased at the end of the selection process for the specific position advertised by the Company.

In cases where there is no selection of employees or trainees for a specific position advertised by the Company, but the data subject applies for one or more positions or seeks for a job in unspecified position, traineeships or voluntarily activities in the Company using the contact details provided on the Company’s website, and provides the Company with his or her personal data, such personal data shall not be retained.

Duration of storage of personal data 

Personal data shall not be processed longer than it is necessary to achieve the purposes for which personal data are processed, than requested by the data subjects and/or provided for by law.

The data will normally be processed for a period of 10 years from the end of the contract or the end of the customer relationship.

Videos are retained for 14 days, unless otherwise specified in this Privacy Policy or in the register of personal data. Before videos are deleted, they shall be checked for any requests received from data subjects.

The specific time limits for the retention of personal data are set out in the personal data register.

Transfer of personal data processed to other parties

The Company does not transfer the personal data processed to third parties without the person’s (data subject’s) prior consent, except for the cases provided for by law and data sharing between the companies of Concretus Group.

Processors 

Data may be processed by processors who provide accounting, website hosting, data centre and/or server rental, IT maintenance, external audit, security and other services to the Company. 

Processors shall have the right to process personal data only on the instructions of the Company and only to the extent necessary for the proper performance of their contractual obligations. The Company shall make arrangements with data processors only upon their confirmation that appropriate technical and organisational measures are in place to ensure the security and confidentiality of personal data.

Data protection officer 

The Company has a designated data protection officer. The data protection officer can be reached by e-mail dap@concretus.lt.

Rights of data subjects

Every data subject has the following rights:

a) the right to know (be informed) about the processing of his/her personal data;

b) the right to have access to the personal data processed and know how they are processed, i.e. to be informed about the period for which the personal data will be stored, the technical and organisational measures in place to ensure the security of the data, the sources from which the personal data originate and what data are collected, the purposes for which they are processed, and whom they are transferred to;

c) the right to request rectification, erasure or suspend the processing of personal data, with the exception of storage, when the data is processed not according to the applicable legislation; 

d) the right to object to processing of personal data unless the processing is necessary for a legitimate interest pursued by the controller or by a third party to whom the personal data are disclosed and the interests of the data subject are not overriding;

e) the right to have the personal data erased;

f) the right to obtain from the controller restriction of processing personal data;

g) the right to have personal data provided by the data subject, where they are processed on the basis of his/her consent or on the basis of a contract, and where they are processed by automated means, transmitted directly by the controller to another controller, if this is technically feasible (data portability);

h) the right to lodge a complaint with the State Data Protection Inspectorate regarding the processing of personal data.

The data subject shall have the right to submit, in person or through a representative, by post, courier or e-mail, a written request concerning the exercise of any of the aforementioned rights, upon presenting an identity document, or in the manner provided for by law or by any means of electronic communication which ensure proper identification of the person. We will respond to the request within 30 calendar days of the receipt of the request.

The data subject may submit the request by one of the following means: send the document signed by a qualified electronic signatureby e-mail dap@concretus.lt, or deliver it in person at the address Žarijų g. 6A, Vilnius.

Ensuring data security

The Company seeks to implement appropriate, technically feasible and cost-effective organizational and technical data security measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, as well as from any other unlawful processing. All personal data and other information provided by the data subject shall be treated as confidential.

Only those employees, service providers and authorized data processors who need personal data to perform the functions assigned to their organizational unit may have access to personal data. Joint controller UAB Concretus group has access to personal data.

Cookies

The Company’s website www.vilniausaidai.lt uses cookies for the purpose of statistics and marketing. Cookies are small text files that are created  automatically when browsing a website and stored on your computer or other device. 

Cookies are used to collect information about the actions of our website visitors. The information collected by cookies allows us to ensure the smooth operation of the Company’s website, to make it easier for visitors to browse the Company’s website, to provide suggestions and learn more about the behaviour of visitors to our website, to analyse trends and to improve both the Company’s website and the services we provide.

Description of cookies used in the Company’s website www.vilniausaidai.lt:  

Name of the cookie

Description

Time of creation

Expiration time

CMSSESSIDX

A standard cookie used to support the user’s session 

On opening the website

Upon closing the website

cookiesAgree

The cookie used to identify whether you have consented to the use of cookies on our website

On confirming the consent

Upon deletion

 cookiesLevelX

The cookie used to recognise which cookies you allow to be used on our website

On confirming the consent

Upon deletion

_ga

This cookie is used by Google Analytics to assess the visitor’s goals and to generate reports on website activity for website operators so that they can improve the customer’s website experience

On confirming the consent

2 years

_gat

This cookie is used by Google Analytics to collect statistical information about the website visitor count

On opening the website for the first time 

At the end of the session

_gid 

This cookie is used by Google Analytics to recognise the visitor

On opening the website

2 days

Upon visiting the Company;s website www.vilniausaidai.lt you can indicate whether you consent to the use of statistical and marketing cookies. If you agree to have the non-essential (statistical and marketing) cookies stored on your computer or other device, then click the button “I agree”. If you do not consent to the use of cookies for all or any of the above purposes, you can disable/enable the selected cookies by clicking on “Settings” in the Cookie Notice field. However, please note that in some cases, the disabling of cookies may slow down your browsing speed, limit certain features of the website or block access to the website. You may enable/disable the selected cookies at any time.

The Company’s website contains hyperlinks to the websites of other enterprises. Please note that the Company assumes no responsibility for the content of these websites and and their privacy principles. Therefore, We strongly advise to check the privacy policies of other enterprises visited by following a link from the Company’s website.

More information about cookies is available at  http://www.allaboutcookies.org.

You may visit http://tools.google.com/dlpage/gaoptout to find out how to stop Google Analytics from tracking websites.

MISCELLANEOUS

The Company may, at its sole discretion, modify this Privacy Policy, which shall become effective since posting on the website www.vilniausaidai.lt. Last update on 10/09/2021

I hereby confirm my awareness that UAB Vilniaus aidai will process my personal data provided in this enquiry form for the purposes specified in UAB Vilniaus aidai Privacy Policy published at http://www.vilniausaidai.lt/privatumo-politika. I confirm that I am familiar with the Privacy Policy, I understand that I can contact dap@concretus.lt regarding the issues related to the processing of personal data, as well as to exercise my rights as a data subject. Providing information on breaches