Privacy policy

The purpose of this Privacy Policy is to inform how data subjects’ personal data is collected and processed, to explain how long it is stored, to whom it is provided, what rights data subjects have, and where to apply for the exercise of these rights or for any other questions related to personal data processing.

Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts governing personal data protection.

UAB “Reditus LT” follows these main data processing principles:

• personal data is collected only for clearly defined and legitimate purposes;
• personal data is processed only lawfully and fairly;
• personal data is kept up to date;
• personal data is stored securely and no longer than required for the defined data processing purposes or by applicable legal acts;
• personal data is processed only by those employees of the Company who are granted such a right according to their job functions or by duly authorised data processors.

1. Definitions

1.1. Data Controller – UAB “Reditus LT” (hereinafter – the Company), legal entity code 303526994, registered office address J. Grušo g. 21-7, Kaunas.

1.2. Data Subject – any natural person whose data is processed by the Company. The Data Controller collects only those data subject’s data that are necessary for carrying out the Company’s activities and/or when visiting, using, or browsing the Company’s websites, Facebook social network page, etc. (hereinafter – the Website). The Company ensures that the personal data collected and processed will be secure and used only for a specific purpose.

1.3. Personal Data – any information relating directly or indirectly to a data subject whose identity is known or can be identified directly or indirectly by reference to relevant data. Personal data processing means any operation performed on personal data (including collection, recording, storage, editing, alteration, access provision, submission of requests, transfer, archiving, etc.).

1.4. Consent – any freely given, specific, informed and unambiguous indication by which the data subject signifies agreement to the processing of his/her personal data for a specific purpose.

2. Sources of Personal Data

2.1. Personal data is provided by the data subject. The data subject contacts the Company, uses the services provided by the Company, purchases goods and/or services, leaves comments, asks questions, subscribes to newsletters, contacts the Company requesting information, etc.

2.2. Personal data is obtained when the data subject visits the Company’s website. The data subject fills in the forms available on the website or, for any reason, leaves his/her contact details, etc.

2.3. Personal data is obtained from other sources. Data is obtained from other institutions or companies, publicly available registers, etc.

3. Processing of Personal Data

3.1. By providing personal data to the Company, the data subject agrees that the Company may use the collected data in order to fulfil its obligations to the data subject and provide the services expected by the data subject.

3.2. The Company processes personal data for the following purposes:

3.2.1. Ensuring and continuity of the Company’s activities. For this purpose, the following data are processed:

• For the purpose of concluding and executing contracts, the personal data of suppliers (natural persons) may be processed: name(s), surname(s), personal identification number or date of birth, place of residence (address), telephone number, email address, place of employment, position, signature, data contained in the business certificate (type of activity, group, code, title, periods of activity, issue date, amount), number of individual activity certificate, information whether the data subject is a VAT payer, bank account number and bank, amount and currency of the goods/services, as well as other data provided by the person, data received by the Company under legal acts in the course of the Company’s activities and/or which the Company is obliged to process by law and/or other legal acts.
• For the purpose of concluding and executing contracts, the following data of suppliers’ representatives may be processed: name(s), surname(s), telephone number, email address, company name, address, position, authorisation data (number, date, authorised person’s date of birth, signature).
• Contracts, VAT invoices, and other related documents are stored in accordance with the terms set out in the General Document Retention Schedule approved by the order of the Chief Archivist of Lithuania.
• The legal basis for data processing – necessity for the performance of a contract to which the client as a data subject is party, or in order to take steps at the request of the client prior to entering into a contract (Article 6(1)(b) of the GDPR), and when certain personal data must be processed under legal obligations (Article 6(1)(c) of the GDPR).

3.2.2. Administration of a database of job applicants’ CVs. For this purpose, the following data are processed:

• Name(s), surname(s), date of birth (age), home address, contact details (telephone number, email address), information about the applicant’s education (educational institution, period of study, acquired education and/or qualification), information about professional development (completed trainings, acquired certificates), information about the applicant’s work experience (employer, period of employment, position, responsibilities and/or achievements), information about language skills, IT skills, driving skills, other competences, any other information you provide in your CV, cover letter or other application documents, employer references, feedback: the person giving the recommendation or feedback, their contacts, the content of the recommendation or feedback.
• After the end of the selection process for a specific position and if the data subject’s candidacy is not selected and no employment contract is concluded with the data subject, the Company deletes the CVs and other data sent by the applicants, unless the Company has received the applicant’s consent to process his/her personal data for a longer period in order to offer a position in the future. In such a case, the data subject’s data processed by automated means are stored for six months from the date of submission. After the end of the specified data processing and storage period, the responsible persons of the Data Controller will destroy the data within 1 (one) calendar week. Longer storage of personal data may be carried out when the data are necessary in the event of a dispute/complaint or on other grounds provided for in legal acts.
• The legal basis for data processing – data subject’s consent (Article 6(1)(a) of the GDPR).

3.2.4. Administration of inquiries, comments and complaints. For this purpose, the following data are processed:

• Name(s), surname(s) and/or username, email address, telephone number, address, subject of the message, comment, feedback or complaint, and the text of the message, comment, feedback or complaint.
• Data related to inquiries, comments and complaints are stored for 1 calendar year from the date of their submission.
• The legal basis for data processing – processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child (Article 6(1)(f) of the GDPR), and the data subject’s consent (Article 6(1)(a) of the GDPR).

3.2.5. Direct marketing. For this purpose, the following data are processed:

• Name(s), surname(s), date of birth, home address, email address, telephone number.
• Data is stored for 5 years from the date of receipt of consent. This period may be extended if personal data is used or may be used as evidence or a source of information in pre-trial or other investigations, including investigations conducted by the State Data Protection Inspectorate, or in civil, administrative or criminal cases, or in other cases provided for by law. In such a case, personal data may be stored for as long as is necessary for these processing purposes and will be destroyed without delay when no longer needed.
• The legal basis for data processing – data subject’s consent (Article 6(1)(a) of the GDPR) and the necessity to pursue the legitimate interests of the Company in improving its activities and business performance indicators (Article 6(1)(f) of the GDPR).

3.2.6. Other purposes

• For other purposes for which the Company has the right to process the data subject’s personal data when the data subject has expressed his/her consent, when the data must be processed in order to pursue the Company’s legitimate interest, or when the Company is obliged to process the data under applicable legal acts.

4. Use of Social Networks

4.1. All information you provide via social media tools (including messages, the use of “Like” and “Follow” fields, and other communication) is controlled by the operator of the respective social network.

4.2. Currently, our Company has an account on the social network Facebook, whose privacy policy is available at: https://www.facebook.com/privacy/explanation.

4.3. Currently, our Company has an account on the social network LinkedIn, whose privacy policy is available at: https://www.linkedin.com/legal/privacy-policy.

4.4. We recommend that you read the privacy notices of third parties and contact the service providers directly if you have any questions regarding how they use your personal data.

5. Disclosure of Personal Data

5.1. The Company undertakes to maintain confidentiality towards data subjects. Personal data may be disclosed to third parties only when necessary for the conclusion and performance of a contract in favour of the data subject or for other legitimate reasons.

5.2. The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the Company’s instructions and only to the extent necessary to properly fulfil the obligations set out in the contract. The Company engages only those data processors who sufficiently ensure that appropriate technical and organisational measures are implemented in such a way that processing meets the requirements of the Regulation and ensures the protection of data subject rights.

5.3. The Company may also provide personal data in response to requests from courts or state authorities to the extent necessary to properly comply with applicable legal acts and instructions of state authorities.

5.4. The Company guarantees that personal data will not be sold or rented to third parties.

6. Processing of Minors’ Personal Data

6.1. Persons under the age of 14 may not provide any personal data via the Company’s website. If a person is under 14 years of age and wishes to use the Company’s services, written consent from one of the representatives (father, mother, guardian) for personal data processing must be provided before submitting personal information.

7. Personal Data Retention Period

7.1. Personal data collected by the Company is stored in printed documents and/or in the Company’s information systems. Personal data is processed no longer than necessary to achieve the purposes of data processing or no longer than required by data subjects and/or legal acts.

7.2. Although the data subject may terminate the contract and refuse the Company’s services, the Company must continue to store the data subject’s data due to possible future claims or legal demands until the expiry of the data retention periods.

8. Data Subject Rights

8.1. Right to receive information about data processing.

8.2. Right of access to the data being processed.

8.3. Right to request rectification of data.

8.4. Right to request erasure of data (“Right to be forgotten”). This right does not apply if the personal data requested to be erased is also processed on another legal basis, such as processing necessary for contract performance or for compliance with obligations under applicable legal acts.

8.5. Right to restrict data processing.

8.6. Right to object to data processing.

8.7. Right to data portability. The right to data portability must not adversely affect the rights and freedoms of others. The data subject does not have the right to data portability in respect of personal data processed in non-automated form in structured files, for example in paper files.

8.8. Right to request that no decision based solely on automated data processing, including profiling, be applied.

8.9. Right to lodge a complaint regarding personal data processing with the State Data Protection Inspectorate.

9. The Company must enable the data subject to exercise the above-mentioned rights, except in cases provided for by law where it is necessary to ensure national security or defence, public order, prevention, investigation, detection or prosecution of criminal offences, important economic or financial interests of the state, prevention, investigation and detection of breaches of professional or official ethics, and protection of the data subject’s or other persons’ rights and freedoms.

10. Procedure for Exercising Data Subject Rights

10.1. The data subject may contact the Company to exercise his/her rights:

10.1.1. by submitting a written request in person, by post, through a representative or by electronic means – by email: redituslt@gmail.com;

10.1.2. verbally – by telephone: +370 652 64738;

10.1.3. in writing – to the address: J. Grušo g. 21-7, Kaunas.

10.2. In order to protect data from unlawful disclosure, upon receiving the data subject’s request to provide data or to exercise other rights, the Company must verify the identity of the data subject.

10.3. The Company’s response to the data subject is provided no later than within one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of personal data processing. This period may, where necessary, be extended by a further two months depending on the complexity and number of requests.

11. Data Subject Responsibilities

11.1. The data subject must:

11.1. inform the Company about any changes in the information and data provided. It is important for the Company to have correct and valid information about the data subject;

11.2. provide the necessary information so that, at the data subject’s request, the Company can identify the data subject and make sure that it communicates or cooperates only with the specific data subject (by providing an identity document or in the manner prescribed by legal acts, or by using electronic means of communication that allow proper identification of the data subject). This is necessary for the protection of the data subject’s and other persons’ data so that the information disclosed about the data subject is provided only to the data subject and does not infringe the rights of other persons.

12. Final Provisions

12.1. By transferring personal data to the Company, the data subject agrees with this Privacy Policy, understands its provisions and agrees to abide by them.

12.2. As the Company develops and improves its activities, it has the right to unilaterally amend this Privacy Policy at any time. The Company has the right to unilaterally amend the Privacy Policy in part or in full by notifying about it on the website www.reditus.lt.

12.3. Amendments or supplements to the Privacy Policy come into force from the date of their publication, i.e. from the date they are posted on the website www.reditus.lt.