IPRA

PRIVACY POLICY

The purpose of the Privacy Policy is to inform how the personal data of data subjects is collected and processed, explain how long it is stored, to whom it is provided, what rights data subjects have and where to apply to exercise those rights, or any other issues related to personal data processing.

Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter referred to as the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.

Ipra LT Ltd. is guided by the following basic principles of data processing:

  • Personal data are collected only for clearly defined and legitimate purposes.
  • Personal data are processed only lawfully and fairly.
  • Personal data are kept up to date.
  • Personal data shall be stored securely and for no longer than required by the purposes of processing or by law.
  • Personal data shall only be processed by those employees of the Company who are authorised to do so by their job functions or by duly authorised data processors.

1. DEFINITIONS

1.1. The data controller is Ipra LT Ltd. (hereinafter referred to as the Company), entity code 305920824, registration address Liubčios g. 8, Vilnius.

1.2. Data Subject refers to any natural person whose data is processed by the Company. The Data Controller shall only collect the data of the Data Subject that is necessary for the performance of the Company’s activities and/or for visiting, using, or browsing the Company’s websites, social network accounts, etc. (hereinafter referred to as the Website). The Company ensures that the personal data collected and processed shall be secure and used only for the specific purpose.

1.3. Personal data shall mean any information relating, directly or indirectly, to a data subject whose identity is known or can be established, directly or indirectly, by reference to the data concerned. Processing of personal data means any operation carried out on personal data (including the collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).

1.4. Consent means any freely given and informed indication by which the data subject agrees to the processing of his or her personal data for a specified purpose.

  •  

2. SOURCES OF PERSONAL DATA

2.1. The personal data shall be provided by the data subject. The data subject applies to the Company, registers on the Company’s website, participates in the recruitment process, leaves comments, asks questions, subscribes to the newsletters, contacts the Company to request information, etc.

2.2. The personal data are obtained when the data subject visits the Company’s website. The data subject fills in the forms it contains or leaves his or her contact details, etc., for a certain reason.

2.3. Personal data are obtained from other sources. Data are obtained from other bodies or companies, publicly available registers, etc.

3. PROCESSING OF PERSONAL DATA

3.1. By providing personal data to the Company, the data subject consents to the Company’s use of the collected data for the purpose of fulfilling its obligations to the data subject in the provision of the services expected by the data subject.

3.2. The Company shall process personal data for the following purposes:

3.2.1. Providing recruitment and consultancy services. For this purpose, the following personal data of clients (applicants applying for vacancies) shall be processed:

Name/names, surname/surnames, date of birth/age, residential address, telephone, e-mail, information on the client’s/applicant’s education (educational institution, period of training, education and/or qualifications obtained), information on the client’s/applicant’s work experience (workplace, period of work, position, responsibilities and/or achievements), information on language skills, information technology, driving skills, other competences, other information provided by the person in his or her CV, cover letter or other application documents, references from employers, and feedback: the persons recommending or giving a reference, their contacts, and the content of the recommendation or reference.

Clients/applicants can register for the Company’s services on the Company’s website www.ipra.lt. At the time of registration/account creation, customers/applicants provide the Company with the following personal data: email and password.

Personal data shall be kept until the date of expiry of the selection for the position in question.

The legal basis for processing is the necessity to perform a contract to which the client is a party as a data subject or to take action at the client’s request prior to entering into a contract with the client (Article 6(1)(b) of the GDPR), and the consent of the data subject (Article 6(1)(a) of the GDPR).

3.2.2. Ensuring business continuity and business continuity. The following data shall be processed for this purpose:

Personal data of suppliers/natural persons processed for the purpose of concluding and performing contracts are as follow: name/names, surname/surnames, personal identification number or date of birth, place of residence/address, telephone, e-mail, place of work, position, signature, business certificate data, such as type of activity, group, code, name, periods of activity, date of issue, and amount, number of the certificate of individual activity, data on whether the data subject is a VAT payer, bank account and bank, amount of the service/product, currency and other data provided by the person himself or herself, which the Company receives in accordance with the legislation in the course of the Company’s business and/or which the Company is obliged to process by law and/or other legislation.

For the purpose of concluding and executing contracts, the following data shall be processed for the representatives of the suppliers: name/names, surname/surnames, telephone, email, company name, address, position, details of the authorisation (number, date, date of birth of the authorised person, and signature).

Contracts, VAT invoices and other related documents shall be stored in accordance with the deadlines set out in the Index of General Document Storage, approved by Order of the Chief Archivist of Lithuania.

The legal basis for processing is the necessity to perform a contract to which the client is a party as a data subject or to take action at the client’s request prior to entering into a contract with the client (Article 6(1)(b) of the GDPR), and the consent of the data subject (Article 6(1)(a) of the GDPR).

3.2.3. Managing enquiries, comments and complaints. The following data shall be processed for this purpose:

Name/names, surname/surnames and/or username, email, telephone, address, the subject of the enquiry, comment or complaint, the text of the enquiry, comment or complaint.

Data on enquiries, comments and complaints shall be kept for 1 calendar year from the date of their submission.

The legal basis for processing data is that the processing is necessary for the purposes of the legitimate interests of the controller or of a third party, unless such interests are overridden by the interests of the data subject or by the fundamental rights and freedoms of the data subject, which make it necessary to ensure the protection of the personal data, in particular, in the case of a child (Art. 6(1) (f) of the GDPR), and the data subject has given his or her consent (Art. 6(1) (a) of the GDPR).

3.2.4. Games and competitions. The following data shall be processed for this purpose:

Name/names, surname/surnames and/or username, telephone, email, and residential address.

The personal data of unsuccessful participants shall not be stored.

The personal data of the successful participants shall be stored until the prize is collected.

The legal basis for processing is the data subject’s consent (Article 6(1)(b) of the GDPR).

3.2.5. Direct marketing. For this purpose, the following data shall be processed:

Name/names, surname/surnames, email, and telephone.

The data shall be kept for 5 years after the date of consent. This period may be extended if the personal data are used or may be used as evidence or as a source of information in a pre-trial or other investigation, including an investigation carried out by the State Data Protection Inspectorate (SDPI), in a civil, administrative or criminal proceeding, or in any other cases established by law. In that case, personal data can be stored for as long as necessary for the processing of these data and shall be destroyed immediately when they are no longer needed.

The legal basis for processing is the data subject’s consent (Article 6(1)(a) of the GDPR) and the need to pursue the legitimate interests of the Company to improve its activities and business success rates (Article 6(1)(f) of the GDPR).

3.2.6. Other purposes for which the Company has the right to process the data subject’s personal data where the data subject has expressed his or her consent, where the processing is necessary for the Company’s legitimate interest, or where the Company is obliged to process the data by the relevant legal acts.

4. USE OF SOCIAL NETWORKS

4.1. All information submitted by you on the social media (including notifications, use of Like and Follow, and other communications) is controlled by the relevant social network manager.

4.2. Our Company currently has an account on the social network Facebook. Its privacy policy is available at https://www.facebook.com/privacy/explanation.

4.3. Our Company currently has an account on the social network Instagram. Its privacy policy is available at https://help.instagram.com/519522125107875;

4.4. Our Company currently has an account on the social network LinkedIn. Its privacy policy is available at https://www.linkedin.com/legal/privacy-policy.

4.5. We recommend you to read third-party privacy notices and contact your service providers directly, if you have any questions about how they use your personal information.

5. SENDING NEWSLETTERS

5.1. To have access to the data collected/stored about you, to request its completion/correction or deletion (right of withdrawal), right of withdrawing consent or lodging a complaint. 1.1. The Company uses a third party, MailChimp, to send newsletters. The third party, MailChimp, uses only the email address of the recipient of the newsletter for the successful sending of newsletters. MailChimp’s privacy policy is available at:

MailChimp’s privacy policy: https://mailchimp.com/legal/privacy/.

5.2. You can unsubscribe from the newsletters by clicking on the ‘Unsubscribe’ at the bottom of each email, by replying to the email or by contacting the Company directly by email and expressing your wish to stop receiving the Company’s newsletters.

6. PROVIDING PERSONAL DATA

  • 6.1. The Company undertakes to respect the duty of confidentiality towards data subjects. Personal data may be disclosed to third parties only if necessary for the conclusion and performance of a contract for the benefit of the data subject or for other legitimate reasons.

    6.2. The Company may provide personal data to its data processors who provide services to the Company and process personal data The Company’s data processors shall have the right to process personal data only upon the Company’s instructions and only to the extent necessary for the proper performance of their obligations under the Contract. The Company shall use only those data processors that properly ensure that appropriate technical and organisational measures shall be implemented in such a way that processing of the data complies with the requirements of the Regulation and ensure the protection of the data subject’s rights.

    6.3. The Company may also provide personal data in response to requests from the courts or public authorities to the extent necessary for the proper observance of applicable law and the instructions of public authorities.

    6.4. The Company guarantees that personal data will neither be sold nor rented to third parties.

7. PROCESSING OF PERSONAL DATA OF MINORS

7.1.

Persons under the age of 14 may not submit any personal data through the Company’s website. If the person is under the age of 14, in order to benefit from the Company’s services, the written consent of a representative/parent/mother/guardian for the processing of the personal data must be provided prior to the provision of personal information.

8. PERSONAL DATA STORAGE TERMS

8.1. Personal data collected by the Company shall be stored in hard copy documents and/or in the Company’s information systems. Personal data shall be processed for no longer than is necessary to achieve the purposes of the processing or for no longer than is required by the data subjects and/or provided for by law.

8.2. Although the data subject may terminate the contract and refuse the Company’s services, the Company shall remain obliged to retain the data subject’s data for any claims or legal claims that may arise in the future, as long as the data retention periods have not expired.

9. DATA SUBJECT'S RIGHTS

9.1. The right to receive information on data processing.

9.2. Right of access to processed data.

9.3. The right to request rectification.

9.4. The right to have your data erased (‘Right to be forgotten’). This right does not apply if the personal data for which erasure is requested is also processed on another legal basis, such as processing necessary for the performance of a contract or the performance of an obligation under applicable law.

9.5. The right to restrict the data processing.

9.6. The right to disagree with the data processing.

9.7. The right to data portability. The right to data portability must not adversely affect the rights and freedoms of others. The data subject does not have the right to data portability in respect of personal data processed in non-automatically structured files, such as paper files.

9.8. The right to request that a decision based solely on automated processing, including profiling, is not applied.

9.9. The right to lodge a complaint about the processing of personal data with the State Data Protection Inspectorate.

10. The Company shall enable the data subject to exercise the aforementioned rights of the data subject, except in the cases provided for by law, where it is necessary to ensure the security or defence of the state, public order, the prevention, investigation, detection or prosecution of criminal activities, the protection of the state’s important economic or financial interests, the prevention, investigation or detection of breaches of professional or official conduct or the protection of the rights and freedoms of the data subject or of other individuals.

11. PROCEDURE FOR IMPLEMENTING THE RIGHTS OF THE DATA SUBJECT

11. 1. The data subject may contact the Company in order to exercise his or her rights:

11.1.1. When submitting a written application in person, by post, through a representative or by electronic means of communication, by email at info@ipra.lt.

11.1.2. By word of mouth – by telephone +370 606 52508;

11.1.3. In writing at: Liubčios g. 8, Vilnius.

11.2. In order to protect against unauthorised disclosure of data, the Company is obliged to verify the identity of the data subject upon receipt of a data subject’s request for the provision of data or the exercise of other rights.

11.3. The Company’s reply shall be provided to the data subject at the latest within one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. This period can, if necessary, be extended for two months more depending on the complexity and the number of requests.

12. RESPONSIBILITIES OF THE DATA SUBJECT

12.1. The data subject shall have to:

12.1.1. Inform the Company of any changes to the information and data provided. It is important for a company to have correct and valid data subject information.

12.1.2. Provide the necessary information to enable the Company to identify the data subject at the request of the data subject and verify that it is communicating or cooperating with a specific data subject (either by means of a document proving the identity of the data subject, or by a procedure established by law, or by electronic means of communication, which allows the due identification of the data subject). This is necessary for the protection of the data subject’s data and the data of other persons so that the information disclosed about the data subject is provided only to the data subject, without prejudice to the rights of other persons.

FINAL PROVISIONS

  • By transferring personal data to the Company, the data subject agrees to this Privacy Policy, understands its provisions and agrees to comply with it.
  • As part of the development and improvement of the Company’s business, the Company has the right to unilaterally amend this Privacy Policy at any time. The Company has the right to unilaterally partly or completely amend the Privacy Policy by notifying about it on the website ipra.lt.
  • Additions or amendments to the Privacy Policy take effect on the date of their publication, i.e. from the date on which they are put on the website ipra.lt.