We aim to keep you fully informed about the processing of your personal data, whether you communicate with us in person, by electronic means (for example, using our website, registration form, e-mail) or in any other way of your choice. This document applies to you if your data is processed by the Association "Unique Projects".
This "Unique Projects" Personal Data Processing Policy (hereinafter referred to as "Policy") is intended to inform you of the purpose and basis on which "Unique Projects" collects, uses and shares your personal data provided by us or otherwise collected by us. In this way, we aim to ensure the fair and transparent collection and use of personal data.
Please take the time to review this Policy and if you have any questions, please do not hesitate to contact us in any of the following ways. We may change this Policy in the future, and we encourage you to review this Policy periodically.
Data controller - is Association “Unique Projects”, hereinafter referred to as the Company. Company code 303043554, registration address Europos ave. 122, Kaunas, Lithuania, mail: firstname.lastname@example.org email@example.com
Data subject - means an individual person from whom the Company receives and processes personal data.
Employee - means a person who has entered into an employment or similar contract with the Company and is appointed to process Personal Data by the decision of the Company's manager or whose personal data is processed.
Personal data - any information relating to an individual person - a data subject whose identity is known or can be directly or indirectly established by means of data such as name, date of birth, one or more personal, physical, physiological, economic or, cultural or social characteristics.
Data recipient - a legal or an individual person to whom personal data is provided.
Provision of data - disclosure of personal data by transferring them or other ways making them available (excluding publication in the media).
Processing of data - means any operation carried out on personal data: collection, recording, storage, protection, classification, grouping, aggregation, modification (addition or correction), provision, publication, use, logical and / or arithmetic operations, retrieval, dissemination, destruction or other action or set of actions.
Data user - subdivisions of the data controller who have the right to use personal data for the performance of the intended functions and are named in these Rules. If the following text imposes specific requirements on data users regarding personal data security actions, then the data user is understood as a specific employee of the unit who is entitled to use personal data for the performance of his / her work functions.
Automatic data processing - data processing operations performed in whole or in part by automatic means.
Data processor - a legal or an individual person (who is not an employee of the data controller) who is authorized by the data controller to process personal data. The data processor and / or the procedure for its appointment may be established by laws or other legal acts.
Data controller - a legal or an individual person who, alone or together with others, determines the purposes and means of the processing of personal data. If the purposes of data processing are determined by laws or other legal acts, the data controller and / or the procedure for its appointment may be established in those laws or other legal acts.
Special personal data - data related to a person's racial or ethnic origin, political, religious, philosophical or other beliefs, trade union membership, health, sexual life, as well as information about a person's criminal record.
Social and public opinion research - is the systematic collection and interpretation of data and / or information on natural and legal persons by statistical, analytical and other methods used by the social sciences in order to obtain the insights necessary for decision-making. Direct marketing cannot be used for social and public opinion research.
Consent - is a voluntary statement by the data subject of the will to process his or her personal data for a purpose known to him or her. Consent to the processing of sensitive personal data must be expressed in a clear, written or equivalent other form that clearly demonstrates the will of the data subject.
Direct marketing - is the activity of offering goods and services to individuals and / or seeking their opinion on the goods or services offered by post, telephone or other means.
Third party - a legal or an individual person, other than the data subject, the controller, the processor and persons who are directly authorized by the controller or the processor to process the data.
Internal administration - activity that ensure the independent functioning of the data controller (structure management, personnel management, management of available material and financial resources, clerical management).
GDPR – General Data Protection Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC.
The terms used in these Rules shall be understood as they are defined in the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts.
BASIC PRINCIPLES AND OBJECTIVES OF PERSONAL DATA PROCESSING
"Unique Projects" must adhere to the following principles of personal data processing in the performance of its functions and processing of personal data:
- personal data is collected for specified, legitimate purposes and processed in a way compatible with those purposes;
- the collection and processing of personal data respects the principles of purpose and proportionality, data subjects are not required to provide data that is not necessary, redundant data is not collected and processed;
- personal data is processed accurately, fairly and lawfully;
- personal data must be accurate and, where necessary for the processing of personal data, kept up to date. Inaccurate or incomplete data is corrected, supplemented, destroyed or suspended;
- personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and for which they are processed.
Personal data shall be collected only in accordance with the procedure established by legal acts, receiving them directly from the data subject, formally requesting the processing of the necessary information and having the right to provide it on the basis of entities or contracts.
Personal data shall be kept for no longer than is necessary for the purposes of the processing. When personal data is no longer needed for the purposes of their processing, it is destroyed, except for those that must be transferred to the Company's archives in cases prescribed by law.
"Unique Projects" shall ensure that all necessary information is provided to the data subject in a clear and comprehensible manner.
"Unique Projects" may provide personal data processed by it to third parties in cases and in accordance with the procedure established by law.
The protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing, shall be ensured by appropriate organizational and technical measures.
Purposes of personal data usage of the data subject:
- The data subject's participation in the "Unique Projects", events, projects, registration, organization and administration, membership registration and organization management;
- Identification of the data subject in the Company's information systems;
- Issuance of purchased (ordered) services, confirmations, invoices and other financial documents;
- To solve problems related to the implementation, submission and usage of services;
- Contact with the Data Subject in case of changes in the conditions of participation in events, activities, projects or membership in the organization in which the Data Subject was registered;
- Fulfillment of other contractual obligations;
- For security, health, administrative, crime prevention disclosure and legal purposes;
- Business analysts and statistical analyzes, general research that allows to improve services and improve their quality;
- Quality assurance of telephone consultations on the services provided by "Unique Projects", ongoing projects by improving the quality of customer service, controlling that information is provided in a qualified and expeditious manner;
- For marketing purposes.
DATA SUBJECT'S RIGHTS AND ARRANGEMENTS OF THEIR IMPLEMENTATION
In accordance with the procedure established by legal acts, data subjects must:
- the right to know about the processing of their personal data;
- the right to access and obtain a copy of their personal data;
- the right to have inaccurate personal data rectified;
- the right to request restrictions on the processing of personal data;
- the right to request the deletion of personal data ("right to be forgotten");
- the right to withdraw consent to the processing of personal data. Withdrawal of consent shall not affect the processing of data prior to the withdrawal;
- the right to object to the processing of personal data where such data are processed or are intended to be processed for the purposes of direct marketing or for a legitimate interest pursued by "Unique Projects" or a third party to whom the personal data are disclosed;
- the right to transfer personal data.
Data subjects can implement their rights by contacting the Association "Unique Projects", company code 303043554, registration address Europos ave. 122, Kaunas, Lithuania, email: firstname.lastname@example.org. email@example.com.
If the data subject considers that his or her rights have been violated, he or she has the right to submit a complaint to the State Data Protection Inspectorate (L. Sapiegos St. 17, 10312 Vilnius, www.ada.lt). In all cases, please contact us before we file a complaint so that we can find a suitable solution together.
In case of questions related to the processing of personal data or in the presence of offers, data subjects may contact the above contacts.
In order to implement your rights as a data subject, you must submit a written request and confirm your identity (one of the following documents must be submitted to confirm your identity: a passport of a citizen of the Republic of Lithuania, an identity card, a driving license).
The request must specify which of the above rights is to be exercised and to what extent.
The data subject may verify the identity of the data subject in the following ways:
- when the application is made in person, by presenting an identity document;
- when the application is submitted by post, submitting a copy of the identity document certified by a notary, or a copy of this document certified in accordance with another procedure established by legal acts;
- when the application is submitted electronically by signing it with a qualified electronic signature.
The requirement for the data subject to prove his or her identity does not apply if the data subject requests information on the processing of personal data in accordance with Articles 13 and 14 of Regulation (EU) 2016/679.
If we have doubts about the identity of the data subject or if we cannot determine the identity of the data subject according to the information provided in the request, UAB "Mokesčių srautas" may request additional information necessary to unambiguously confirm the identity of the data subject.
An application for the implementation of rights may be made in a free-form application or in accordance with a form approved by "Unique Projects" via the website.
No later than one month from the date of receipt of the request, "Unique Projects" will provide you with information on the action taken on the request. In the event of a complex or multiple application, this time limit may, if necessary, be extended by a further two months, taking into account the complexity and number of such applications. In any case, we will inform you of such an extension and give the reasons for it within one month of receiving the request. "Unique Projects" may charge for providing information for complex requests.
If "Unique Projects" decides not to implement the application, it will inform you immediately, but no later than within one month from the date of receipt of the application. Such a decision may be appealed to the State Data Protection Inspectorate and other legal remedies may be used.
AUTOMATIC AND NON-AUTOMATIC PROCESSING OF PERSONAL DATA
Personal data may be processed automatically for purposes of internal administration.
Personal data is automatically processed by responsible persons appointed by "Unique Projects".
Passwords must be used by responsible persons whose computers store personal data or from which computers can access areas of the local network where personal data is stored. Passwords must be changed periodically at least once every 3 months, as well as in certain circumstances (change of employee, threat of burglary, suspicion that the password has become known to third parties, etc.). It is recommended that you use a screen saver with a password on these computers.
Computer files on "Unique Projects" computers that contain personal data must not be accessible to users of other computers. Computers must use constantly updated antivirus software.
Personal data may be processed manually for purposes provided for in the internal administration.
Personal data is constantly stored in "Unique Projects" internal files, personal files, personal cards. A digitized method of storage on electronic media may be chosen to ensure their security.
Documents of data subjects and their copies, financing, accounting and reporting, archival or other files containing personal data shall be stored in lockers or safes. Documents containing personal data are not kept in a place accessible to all.
SECURITY AND PROCESSING OF PERSONAL DATA
"Unique Projects" is committed to confidentiality when processing personal data. Personal data shall be provided to third parties only in accordance with the legal basis for the provision of personal data and after assessing the purpose of the provision of personal data and the scope of the personal data provided. We may disclose your personal information to the following recipients:
- The State Tax Inspectorate, other state institutions, when we are obliged to disclose data by legal acts or at your request.
- Service providers (data processors) through "Unique Projects", providing accounting, document archiving, auditing, consulting, training, asset maintenance and servicing, hardware and software development, support and maintenance, direct marketing messaging, data centers, cloud, communication, website administration and other services to which personal data are provided or access is made.
- Personal data may be disclosed to courts, law enforcement agencies, public authorities conducting business inspections, other third parties in connection with the sale, merger, acquisition or reorganization of all or part of a business, or to protect the rights and legitimate interests of "Unique Projects".
Personal data may be disclosed to other third parties in accordance with Regulation (EU) 2016/679 and other legal acts, to whom we are obliged to provide personal data by law or other legal acts.
STORAGE OF PERSONAL DATA
The personal data is collected and stored in printed documents and in our information systems. Personal data shall be stored for as long as they are necessary for the established purposes or within the time limits established in the legal acts of the Republic of Lithuania regulating the terms and procedure of storage.
We store your personal data:
- for the purpose of concluding and performing contracts - during the term of the contract and for 10 years after the end of the contract;
- for the purpose of providing training services and participation in the activities and events of the organization - up to 6 months after the end of trainings, activities or events;
- for the purpose of participation in international projects - up to 5 years after the end of the projects;
- for direct marketing purposes, 1 year from the last submission of data until you withdraw your consent or object to the processing;
- for the administration of inquiries received via the website and / or e-mail - one year after the submission of the answer;
- for accounting purposes - 10 years after the end of the calendar year in which the economic operation took place;
- for the purposes of ensuring the functionality and efficiency of the operation of the website, ease of use, speed of operation of the website and security, personal data is processed during the validity period of the cookie.
At the end of the specified time limits, the data are deleted in such a way that they cannot be restored or transferred to the state archives, if such an obligation is imposed on us by legal acts.
When processing personal data, we implement the necessary organizational and technical measures for the security of personal data in order to protect them from accidental or unlawful disclosure or other unlawful processing.
The Data Subject must provide "Unique Projects" with complete and correct personal data of the Data Subject and inform about relevant changes in the personal data of the Data Subject. "Unique Projects" will not be liable for any damage caused to the Data Subject and / or third parties as a result of the Data Subject providing incorrect and / or incomplete personal data or failing to notify them in a proper and timely manner.
"Unique Projects" is not responsible for communication failures that prevent users of the "Unique Projects" website and others from accessing the website or using the services.
"Unique Projects" does not have a full guarantee that the operation of the "Unique Projects" website will be uninterrupted and without any errors, that the "Unique Projects" website will be completely protected from viruses or other malicious components. The Data Subject is informed that any material that the Data Subject reads, downloads or otherwise receives through the "Unique Projects" website is at the sole discretion and risk of the Data Subject and that the Data Subject is solely liable for any damage caused to the Data Subject and the Data Subject computer system.
By collecting and using personal data entrusted to us by you, as well as from other sources, we undertake to:
- process your personal data only for clearly defined and legitimate purposes;
- not process your personal data for purposes other than those specified in this Policy, except as provided by law;
- process your personal data lawfully, accurately, transparently, fairly and in such a way as to ensure the accuracy, identity and security of the personal data processed;
- ensure that redundant personal data are not processed;
- process your personal data for no longer than is necessary for the purposes for which the personal data are processed;
- be responsible for ensuring that the principles set out in this Policy are complied with and be able to demonstrate compliance with them;
- to perform other duties provided for in legal acts.