PRIVACY POLICY

Data controller

Prewise UAB, legal entity code 110855792, registration address Konstitucijos ave. 7, Vilnius, correspondence address: Gyneju str. 14-24, Vilnius, telephone number +370 677 95135, e-mail address info@prewise.lt, website https://www.prewise.lt/.

 1.         DEFINITIONS USED

1.1.     Personal Data – shall mean any information relating to a natural person (Data Subject) that is considered Personal Data under Personal Data protection legislation.

1.2.      Processing of Personal Data – shall mean any operation or range of operations performed on Personal Data, including by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.

1.3.     The Company – Prewise UAB, legal entity code 110855792, registration address Konstitucijos ave. 7, Vilnius, correspondence address Gyneju str. 14-24, Vilnius.

1.4.      Data Controller – shall mean a natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be determined by Union or Member State law.

1.5.      Data Recipient – shall mean a natural or legal person, public authority, agency or another body, to whom Personal Data are disclosed, whether a third party or not.

1.6.      Data Processor – shall mean a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.

1.7.      Data Subject – shall mean a natural person (including an employee of the Company) whose Personal Data is processed or is intended to be processed.

1.8.      IP address – a unique number, known as an Internet Protocol (IP) address, assigned to each computer connected to the Internet.

1.9.      Service Providers – shall mean natural or legal persons working under individual activity certificates or copyright, or service agreements, who provide the Company with services or goods agreed with the Company.

1.10.    Privacy Policy – this document containing the main rules and regulations of collection, accumulation, processing and storage of Personal Data to be applied when a visitor is visiting the Website, and the Data Subjects’ rights and procedure for their exercise applicable within the Company.

1.11.    Cookies – shall mean small textual files that are recorded on the device when you visit the Website, which allow the Website to remember information about browsing the Website for a while and to recognize the Website visitor the next time you visit.

1.12.    Consent – shall mean any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;

1.13.    Website – Website operated by the Company: https://www.prewise.lt/.

1.14.    Regulations – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.15.   Direct marketing – shall mean an activity intended for offering goods or services to persons and /or seeking their opinion on goods or services offered by post, e-mail or telephone or in any other direct way.

1.16.   Internal administration – shall mean activity which ensures an independent functioning of the data controller (structure management, personnel management, management and use of available material and financial resources, and clerical work).

2.        GENERAL PROVISIONS

2.1.     This Privacy Policy provides information on how the Company handles the Personal Data of Data Entities that have a business relationship with the Company. Additional information may be provided in service and other agreements signed by you and the Company.

2.2.     We encourage you to read this Privacy Policy carefully before entering into a business relationship with the Company. You can review the Privacy Policy at any time on the Website.

2.3.     The processing of Personal Data in the Company is regulated by the Regulations, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts, as well as the internal legal acts of the Company.

3.        PRINCIPLES OF PERSONAL DATA PROCESSING

3.1.    The scope of Personal Data processed depends on the services ordered or used by the Data Subject, and the information provided by the Data Subject when using the services, visiting the Website, submitting his/her data for employment purposes in the Company.

3.2.    The Company seeks to ensure that Personal Data shall be processed accurately, honestly and lawfully, solely for the purposes for which they have been collected, and in accordance with the clear and transparent principles and requirements for the processing of Personal Data set out in legislation.

3.3.    Data Subject are not obliged to provide the Company with any Personal Data, however, it may not be possible to enter into a business relationship with the Company in whole or in part in such a case.

4.        SCOPE, PURPOSES, BASIS OF PERSONAL PROCESSING

4.1.    Data shall be processed only in accordance with the criterion of lawful processing. The Company shall process Personal Data for the purposes of selling the Company’s services and executing contracts (including, but not limited to, consulting, programming, digital content development and other services), also for the purposes of inquiry administration, statistics, awareness raising, direct marketing (newsletter sending), recruitment, internal administration and other purposes specified in this Privacy Policy and the Company’s internal legislation.

4.2.    Personal Data shall be stored in the Company for no longer than required by the purposes of data processing, Data Subjects and/or legal acts. Usually (unless otherwise stated) Personal Data is processed in the Company for 10 (ten) years from the receipt of Personal Data. Specific terms for the processing of Personal Data, including storage, are or may be specified in the Privacy Policy and /or the Company’s internal legislation.

4.3.    The Personal Data of the Company’s customers are processed for the purposes of concluding and executing the service agreement (including communication with the customer), the basis of Personal Data processing is the execution of the concluded agreement. For this purpose, the Company collects the following Personal Data of customers: Name, surname, personal identification code, date of birth, telephone number, e-mail address, address; if the customer is a legal entity: name, position, basis of representation, telephone number, e-mail address and other information which the customer provides to the Company in order to receive services. The data is processed until the contract concluded with the customer expires upon its proper execution; thereafter the data shall be stored for 10 (ten) years in order to express, enforce or defend the legal requirements of the Company and in the performance of the Company’s obligation to archive documents provided for in legal acts.

4.4.    The Company also processes the Personal Data of potential customers when they apply to the Company by filling in the inquiry form on the Website, by e-mail, on social networks or by telephone. The Personal Data of potential customers is processed for the purpose of concluding the contract, including, but not limited to, the purpose of providing preliminary advice and offering the Company’s services. The processing of Personal Data of potential customers is based on a legitimate interest. The Website collects the name, surname, telephone number, e-mail address, as well as other information provided by the potential customer in the request form. When contacting potential customers by e-mail, social networks or telephone, the Company may also process other Personal Data of potential customers. Data shall be processed on this basis until a contract is signed with the customer (after which Personal Data shall be processed in accordance with Clause 4.3 of the Privacy Policy) or the potential customer refuses to enter into the contract; thereafter the data shall be stored for 5 (five) years in order to express, enforce or defend the legal requirements of the Company.

4.5.    The Company provides information on cookies on the Website (the Personal Data to be collected with the help of cookies and the purposes of processing the collected Personal Data, the term of storage of cookies, information that the user may revoke his/her consent to the storage of cookies at any time when cookies are stored with the consent of the Data Subject). The Company makes it possible to accept the storage of cookies on the Website visitor’s terminal device when storing functional, tracking, advertising cookies and /or third-party cookies. Essential cookies are used on the basis of a legitimate interest. Cookies are used for the purpose of improving the Website, updating marketing campaigns, website traffic statistics and monitoring. Information on the use of cookies must be provided and consent must be obtained before using the cookie for the first time, i.e. there must be prior consent to the use of the cookie. In the event that consent has been obtained, re-use of the same cookie for the same purpose in the future does not require consent again. This also applies to cookies used by third parties.

4.6.    The Website also collects Website visitor data: IP address, Website browsing history and date. Data are collected for statistical purposes. Website visitor statistics are analysed using Google Analytics. The information collected by Google Analytics cookies about the browsing history of the Website will be transmitted and stored on Google.org servers. The information collected by cookies allows us to ensure more convenient navigation on the Website, provide suggestions and learn more about the behaviour of the Website’s visitors, analyse trends and improve both the Website and the services provided. More information is available at allaboutcookies.org or www.google.com/privacy_ads.html.

4.7.    If the Data Subject does not consent to the storage of cookies on his/her computer or other terminal device, he/she may change the settings of his/her Internet browser and disable all cookies or enable /disable them one by one. It should be noted that in some cases this may slow down the speed of Internet browsing, restrict the operation of certain features of the Website or block access to the Website.

4.8.    For the purposes of direct marketing (sending newsletters), the Company shall process Personal Data on the basis of the consent of the Data Subject. The Company handles the following data: Name, surname, e-mail address, telephone number, position, usernames in social networks. The Data shall be processed for 5 (five) years from the receipt of the Data Subject’s consent or until the Data Subject revokes the given consent regarding the data processing. If the Data Subject revokes the consent for data processing for the purpose (s) discussed in this clause only the fact of giving the consent of the Data Subject shall be stored for 10 (ten) years from the expiry of the consent period or revocation of the consent in order to express, enforce or defend the legal requirements of the Company. The Data Subject may withdraw the consent for direct marketing at any time by contacting the Company by e-mail info@prewise.lt or by clicking “unsubscribe” in the received newsletter.

4.9.    For the purposes of promoting the Company, the Company manages accounts on social media that process the following Personal Data on the basis of a legitimate interest: Profile of the Data Subject and other information such as date of review of the Company’s profile, comments, “Like”, “Follow”, etc. clicks. Although the Company has created and manages accounts on social media, the information provided by the Data Subject on social media (including notifications, “Like”, “Follow”, etc., and other communications) or which is obtained by the Data Subject visiting the Company’s profiles (including information received by means of cookies used by the social media) or by reading the Company’s records on the social media network, is controlled by the social network manager. Usually, the social network manager processes Personal Data (even those collected by the Company upon selection of additional account settings) for the purposes set by the social network manager in accordance with the social network manager’s Privacy Policy. Social network managers collect information on what type of content the Data Subject sees, what they do on the social network, with whom they interact, how often and for how long they interact with them, social network activity and other information, including information about the terminal used. The Privacy Policies of social network operators are published on: https://www.facebook.com/policy.php; https://www.linkedin.com/legal/privacy-policy; https://twitter.com/en/privacy.

4.10.    For the purpose of employment, the Company processes the following Personal Data provided by the Data Subject: Curriculum Vitae (CV), personal image (photo), cover letter, name, surname, e-mail address, telephone number, residential address, as well as other information provided by the Data Subject. Personal Data submitted to the Company when applying for a specific position advertised in the Company shall be processed on the basis of the legitimate interest of the Company and the Data Subject. The Personal Data of potential employees of the Company shall be destroyed at the end of the selection performed by the Company for a specific position, if an Employment Contract is not concluded with them. After receiving the consent of the Data Subject, the Company will protect and process Personal Data for future employee selections for a period not exceeding one year. Candidates shall be informed about the term of Personal Data storage and the possibilities of expressing consent during the first contact orally or by e-mail (if a potential employee applies to the Company by e-mail). Throughout the data storage period, the Company may evaluate the candidacy of the Data Subject and submit proposals for jobs in the Company. The Data Subject shall have the right to withdraw the consent for the processing of Personal Data for the purpose specified in this clause at any time by clearly and unambiguously expressing his/her will to the Company in writing. The Company can obtain the data of candidates directly from the Data Subjects or by using the Internet portals selected by the Company, where the search for employees is performed and job advertisements are published.

4.11.    For the purpose of concluding, executing and internally administering Employment Contracts, the Company processes the following Personal Data provided by the Data Subject: name, surname, residential address, date of birth, personal identification number, bank account number, social security number, image (photo), telephone number, e-mail address, information related to the Employee’s state of health and other data necessary for the Company to properly perform its duties as an Employer. The Personal Data of employees shall be stored in accordance with the terms specified in the Index of Terms of Storage of General Documents approved by the Order of the Chief Archivist of Lithuania.

4.12.    The Company shall have the right to store Personal Data on the server to the extent necessary for the specifics of the activities performed on the Website, if the data provided by the Company’s customer was (i) used for illegal activities or (ii) an identity theft or other misconduct has been suspected that has been or will be the subject of an investigation by the relevant law enforcement authorities, (iii) if the Company has received complaints related to the relevant customer of the Company, or if the Company has noticed violations committed by the relevant customer of the Company, or (iv) for other legitimate purposes for the storage of Personal Data. These data shall be destroyed upon lawful instructions from law enforcement or other authorised authorities.

4.13.    The Company may process the Personal Data of the Data Subject for other purposes in accordance with the requirements of the Regulation, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and internal legal acts.

5.            PROVISION OF PROCESSED DATA TO OTHER ENTITIES. DATA CONTROLLERS AND PROCESSORS

5.1.      The Company does not provide the processed Personal Data to third parties without the prior consent of the Data Subject, except in cases established by legal acts. Personal Data may be provided in accordance with the Personal Data Provision Agreement concluded between the Personal Data Controller and the Data Recipient (in case of multiple supply) or at the request of the Data Recipient (in case of single supply). The Agreement shall specify the purpose of the use of Personal Data, the legal basis for the provision and receipt, the conditions, the procedure and the scope of the Personal Data to be provided. The request shall specify the purpose of the use of Personal Data, the legal basis for its provision and receipt and the scope of the Personal Data requested.

5.2.      The Company may transfer both Personal Data received from the Data Subject as well as those, collected by the Company, to the competent state authorities if it is related to their investigation/inspection or certain performed function, and the legal acts provide for the Company’s obligation to provide them with such information.

5.3.      Personal Data may be processed by Data Processors providing accounting, server rental, office cleaning, security and other services to the Company, as well as suppliers of goods.

5.4.      Data Processors shall have the right to process Personal Data only in accordance with the Company’s instructions and only to the extent necessary to properly perform the obligations set forth in the Agreement. By using Data Processors, the Company seeks to ensure that Data Processors have implemented appropriate organizational and technical security measures and maintain the confidentiality of Personal Data.

5.5.      Personal Data may be provided to third parties in the following ways: in writing, by electronic means or by any other means agreed with the Data Controllers.

6.          SECURITY OF PERSONAL DATA

6.1.     The Company shall process Personal Data in accordance with the basic principles of Personal Data Processing set out in the Regulation, including lawfulness, fairness and transparency; purpose limitation; data reduction; accuracy; limitation of storage time; integrity and confidentiality; accountability principles.

6.2.     The Company, through its internal organizational and technical measures, makes all reasonable efforts to ensure that Personal Data shall be protected from any unlawful acts. All Personal Data and other information provided by the Data Subject shall be treated as confidential. Only those Employees of the Company and the Processors of the Company’s data who have it necessary for the performance of work functions or the provision of services shall have access to the Personal Data.

7.           RIGHTS OF DATA SUBJECTS

7.1.       Each Data Subject shall have the following rights:

7.1.1.   to have access at any time to the Personal Data provided by him/her;

7.1.2.   to receive information from which sources and what Personal Data have been collected, for what purpose they are processed, to whom they are provided;

7.1.3.   require the correction of incorrect, incomplete, inaccurate Personal Data and/or suspend the processing of such Personal Data;

7.1.4   do not give consent to the processing of his or her Personal Data, unless such Personal Data are processed in the legitimate interest of the Data Controller or a third party to whom the Personal Data are provided, and unless the interests of the Data Subject are overriding;

7.1.5.   to require that the Personal Data provided shall be destroyed;

7.1.6.   to require that the processing of Personal Data shall be restricted;

7.1.7.   to require that Personal Data provided by him/her, if they are processed on the basis of his/her consent or contract, and if they are processed by automated means, shall be transferred by the Data Controller to another Data Controller, if technically possible (data portability);

7.1.8.   the right to object to the use of automated data processing only;

7.1.9.   the right to object to the processing of Personal Data for direct marketing purposes;

7.1.10.   the right to withdraw consents given for the processing of data;

7.1.11.   the right to submit a complaint to the State Data Protection Inspectorate regarding the processing of Personal Data.

7.2.       When applying to the Company, the Data Subject must submit an identity document or a notarised copy thereof, and when applying by electronic means, confirm his/her identity by electronic means that allow proper identification of the person as provided by law.

7.3.       The request for the exercise of the Data Subject’s rights must be legible, signed by the person, and must indicate the name, surname, address and/or other contact details of the Data Subject for contacting or requesting a response on the exercise of the Data Subject’s rights.

7.4.       The Data Subject may exercise his/her rights himself/herself or through a representative. The personal representative must indicate in the request his/her name, address and/or other contact details with which the personal representative wishes to receive a reply, as well as the name, surname and other data of the represented person which are necessary for the proper identification of the Data Subject; moreover, the personal representative shall provide a document confirming the representation or a copy thereof.

7.5.       Upon receipt of the request, the Company shall provide a response no later than within 30 calendar days from the date of receipt of the request.If the Data Subject applies in accordance with the procedure established in the Privacy Policy, the Data Subject shall be informed of the deficiencies no later than within 7 calendar days from the receipt of the application. The request of the Data Subject shall not be considered if the Data Subject does not correct the indicated deficiencies or does not inform the Company about the reasons why the indicated deficiencies cannot be eliminated. In case of objective circumstances due to which the Data Subject is unable to eliminate the indicated deficiencies, the Company, having assessed them, may accept the Data Subject’s request and examine it.

7.6.       The Company, acting as the Data Controller, shall have the right to reasonably refuse to exercise the rights of the Data Subject on the grounds set out in the Regulation.

7.7.       The actions or omissions of the Company related to the implementation of the rights of the Data Subject may be appealed to the State Data Protection Inspectorate, as well as to the competent court.

7.8.       Information on the processing of Personal Data is provided, the legality and integrity of the Data Processing is checked, the Data Processing operations are terminated, the data is destroyed free of charge.

7.9.       Data Subjects may submit a request in the following ways: by e-mail info@prewise.lt, or on arrival at the office at Gyneju str. 14-24, Vilnius.

8.            FINAL PROVISIONS

8.1.        The Privacy Policy provides links to the websites of other individuals, companies or organizations and the privacy provisions contained therein. The Company is not responsible for the content of such websites and privacy policies and their compliance with the law, therefore the visitor of the Website should read the privacy policies of the respective website before providing information about himself/herself.

8.2.       The law of the Republic of Lithuania applies to the implementation and interpretation of the provisions of the Privacy Policy.

8.3.       If any provision of this Privacy Policy becomes or is declared void, the remaining provisions will remain in full force and effect.

8.4.       This Privacy Policy is effective from the date of its publication on the Website. The Company may change the Privacy Policy at any time. All changes to the Privacy Policy are posted on the Website. Changes and/or additions to the Privacy Policy shall take effect after their publication on the Website. We recommend that you regularly review the Company’s Privacy Policy.