Lex Ano UAB (hereinafter, the Company) cares about the protection of your data and, therefore, when collecting, processing and storing your data, it complies with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, as well as any other legal acts regulating information protection.
The Privacy Policy (hereinafter, the Privacy Policy) is intended for persons who visit the Company’s website (www.lexano.lt), use the website’s information and services, as well as the Company’s accounts in social networks. The Privacy Policy does not apply when you browse other companies’ websites by accessing them through the Company’s website.
The controller of your data – Lex Ano UAB (reg. No. 300153209; address: Naugarduko g. 3, Vilnius Tel. +370 5 22 373 00, email: info@lexano.lt ).
The purpose of the Privacy Policy is to provide key information on how the Company collects, processes and stores information about you, the grounds for the processing of personal data, the conditions for the lawfulness of the processing of personal data, the origin of the personal data processed, the retention periods, the provision of the data to other entities and the recipients of the data, and the procedure for the exercise of the data subjects’ rights.
The Privacy Policy describes the conduct expected of each of the Company’s employees when collecting, handling and processing the personal data of the Company’s customers, suppliers, employees, service providers and other third parties. This policy is guided by three main commitments:
- Fair and lawful collection and processing of personal data.
- Respect for individual rights and choices.
- Responsible management of personal data.
On what grounds do we process your data?
The Company collects and processes personal data in accordance with the above-mentioned legal acts of the European Union and the Republic of Lithuania regulating the protection of personal data and only for the specific purposes.
- On the basis of consent (Article 6(1)(a) of GDPR)
- For the conclusion, performance, administration, amendment of contracts, agreements, and similar documents (Article 6(1)(b) of GDPR)
- For compliance with legal obligations (Article 6(1)(c) of GDPR)
For the purposes of the legitimate interests (Article 6(1)(f) of GDPR)
What data do we process and why?
- E-mail Communication
The processing of your personal data provided in the course of an e-mail communication is based on your expression of your free will to carry out this communication and to provide certain data (name, surname, e-mail address, telephone number, job title), i.e., your consent to the use of this information (Article 6(1)(a) of GDPR)
In the case of e-mail communication, we will keep the personal data you provide to us without entering into a contract for a maximum period of 3 years.
- Processing of personal data of applicants for jobs in the Company
If you submit your CV (resume), cover letter, references and/or other documents or data related to an open position published on the Company’s website, social media accounts or a specialised recruitment and job search website, the data that you submit voluntarily, and other personal data listed below shall be processed for the recruitment purposes. We will process your personal data on the basis of your consent to participate in the recruitment process, and after the recruitment process is over, we will retain your personal data on the basis of legitimate interest, and we may take other actions in order to comply with our obligations under the laws (Article 6 (1)(a), (b) and (c) of GDPR).
We will process your personal data for the recruitment purposes until we decide to hire a particular candidate, or we decide to complete the recruitment process without selecting any candidate. If you do not object to such processing of your data, after the completion of the recruitment process, we will keep your CV and other data submitted for a period of 3 years, so that when a new employee is needed, we could contact you and invite you to participate in a new recruitment process or offer you the position.
For more information on the processing of this data, please refer to the Company’s notice to applicants/candidates in recruitment procedures.
- Processing of data of the Company’s shareholders, members of management bodies, customers, business partners, suppliers, contractual partners, employees and other persons
In its activities, the Company processes personal data (name, surname, national identification number (where available), workplace, job title, e-mail address, correspondence history, telephone number, signature, health data (as provided)) of the Company’s shareholders, members of management bodies, customers, business partners, suppliers, contractual partners, employees (Article 6(1)(b), (c) and (f) of GDPR). This information is obtained from lawful sources (including public registers) and processed only in the Company’s legitimate interest to enter into and perform contracts and only as necessary to comply with legal obligations to which the Company is subject. In this case, the personal data received will be retained for 10 years from the date of expiry of the contract, unless a longer retention period is provided for by law.
- Processing of data of visitors/guests to the Company’s premises
When visiting the Company’s premises at: Naugarduko g. 3, Vilnius, we ask you to provide us with certain personal information, except for the employees of entities providing day-to-day services to the Company (e.g., employees of entities providing cleaning services, couriers, etc.): name, first letter of your surname, name of the company you represent, contact telephone or email details, signature.
All guests of the Company, except employees of entities providing day-to-day services to the Company, are registered. We process and store the data we receive from you in this way for the purposes of communication, contact and cooperation, as well as for the protection of persons and the Company’s premises. In this case, the personal data obtained will be retained for 10 years.
- Communication on social networks
Any information (name, surname, your decision to follow the Company’s account(s), photograph (where provided), correspondence history (messages you send)) that you provide to a media outlet or a social networking site is under the control of the operator of the media outlet or social network. The Company processes data related to communication on social networks on the basis of Article 6(a) of the GDPR after you have given your consent to the use of this information, i.e., when you choose to follow the Company’s account on the social network Facebook or LinkedIn and/or use other communication functions such as liking, commenting, sharing and/or sending messages to us. These data will be retained by the Company for 10 years.
The Company currently manages social media accounts on:
- „Facebook“ privacy notice is available at https://www.facebook.com/privacy/explanation.
- „LinkedIn“ privacy notice is available at https://www.linkedin.com/legal/privacy-policy.
We recommend that you read the privacy notices of third parties and directly contact service providers if you have any questions as to how they use your personal data. Please note that the Company is not responsible for the content of social network operators or their privacy practices. If you click on a link to go to other websites from the www.lexano.lt website, you should consult the relevant privacy policies separately.
Who can we get your data from?
- From you directly (when you access the Company’s website, social media accounts, submit a complaint/request or notification, etc.), when you communicate with the Company, when you use the Company’s services, when you have a legal relationship with the Company (e.g., conclude or perform a contract, buy or supply goods and services, etc.).
- From your representative.
- From legitimate sources such as public registers and public information systems, contracting parties and contractual partners (e.g., data on the contracting party’s representatives, employees, etc.), recruitment service providers, public professional social networks, public databases, third parties and other legitimate sources.
Who can we transfer your data to?
When processing personal data on the grounds set out in the Privacy Policy and in the performance of the Company’s direct functions, the data may be transferred to other data processors that provide services to the Company (e.g., providing IT services or acting within the scope of the Company’s instructions). On legitimate grounds (e.g., where it is necessary for the conclusion of a contract with you, for the performance of that contract and where you have been duly informed of the transfer), the data may be transferred to our business partners/contractual partners.
The Company does not transfer your personal data to third countries or international organisations, i.e., outside the European Union, unless it is obliged to do so by law or by the courts, or it is necessary for the performance of a contract concluded with you. In each case, the Company shall only provide the third-country entity with as much data as is necessary to execute a specific order or provide a specific service. Data may also be provided to competent governmental or law enforcement authorities (e.g., police or supervisory authorities, but only upon request and only when required by applicable law or in the cases and according to the procedures provided by law, in order to enforce our rights, protect the safety of our customers, our employees, and our resources, and to bring and defend legal claims).
Data retention periods
The retention of your personal data for a longer period than that specified above in the Privacy Policy may only be carried out when:
-
- there is reasonable suspicion of illegal activities that are being investigated
- your data are necessary for the proper resolution of a dispute, complaint
- if we have received complaints relating to a visitor to the website or if we have become aware of violations committed by the visitor concerned
- for backup and other purposes related to the operation and maintenance of information systems or similar purposes
- on other special grounds, conditions or in other cases provided for by law.
How does the Company take care of the security of your personal data?
The Company uses appropriate organisational and technical personal data security measures to protect your personal data against accidental or unauthorised disclosure, destruction, alteration or other unauthorised acts. These measures are chosen taking into account the risks to your rights and freedoms as a data subject.
The Company’s employees have minimal access to personal data and are trained on how to protect it and keep it confidential. The safeguards take into account the state-of-the-art of technology, the cost of implementation, the risks associated with the processing and the nature of the data, with a particular focus on sensitive data. To prevent data from being shared or disclosed to unauthorised persons, efforts are made in particular to ensure sufficient awareness, confidentiality obligations and training of the Company’s employees.
Handling complaints and enquiries
If you submit a complaint or enquiry by e-mail, in writing or otherwise, the personal data that you submit voluntarily will be processed for the purposes of handling of such complaint or enquiry.
If you submit a complaint or enquiry by e-mail, in writing or otherwise, the personal data that you submit voluntarily will be processed for the purposes of handling of such complaint or enquiry.
Data subject rights
Any Data Subject may exercise the rights set out in Articles 15–22 of the GDPR by submitting a request to the Company using the contact details provided in the Privacy Policy.
You have the following rights:
- The right to access the data.
- The right to obtain the rectification of the data.
- The right to obtain the erasure of the data (right to be forgotten).
- The right to restriction of the processing of the data.
- The right to object to the processing of the data.
- The right to lodge a complaint with the State Data Protection Inspectorate under Article 77 of the GDPR.
Requirements for a written request:
- The request must be legible.
- The request must be signed.
- The request must include your name, surname, residential address and contact details for communication.
- The request must specify the right you wish to exercise and, where applicable, the reasoning or documentation supporting the request.
- If a representative is submitting the request on your behalf, the request must include (in addition to the above details) your representative’s name, surname, residential address and contact details for communication.
Ways to verify your identity:
- If the request is submitted in person: presenting proof of identity to the Company’s employee in charge of the protection of personal data.
- If the request is submitted by mail or through a postal or other parcel delivery service: the request must be accompanied by a copy of an identity document certified by a notary public, or a copy of the document certified in accordance with another procedure laid down by law.
- If the request is submitted by e-mail: the request must be signed with a qualified electronic signature or made by electronic means which ensure the integrity and unalterability of the text. Signing the request with a qualified electronic signature allows the Company to properly identify you and to ensure that the information requested by you, or the information on the execution/refusal to execute the actions requested by you, is only disclosed to the person to whom it is addressed, i.e., you.
- If the request is made through a representative: the request must be accompanied by a document certifying the representation, or a copy thereof, certified in accordance with the procedure laid down by law.
You can fill in the sample form (Data Subject Request Form) on the Company’s website. Download.
How can I receive your help?
If you have any questions, comments or complaints regarding the management of your data, the Company’s Data Protection Officer may be able to assist you, in which case please contact the following email address gdpr@lexano.lt.
Please be advised that in the event of a data breach, the Company will inform you of the breach.
Changes to the Privacy Policy
The Company reserves the right to amend and update the Privacy Policy.
INFORMATION NOTICE
TO CUSTOMERS AND CONTRACTUAL PARTNERS OF LEX ANO UAB
ON THE COLLECTION, PROCESSING AND STORAGE OF INFORMATION
Lex Ano UAB (hereinafter, the Company) cares about the protection of your data and, therefore, when collecting, processing and storing your data, it complies with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, as well as any other legal acts regulating information protection. Please read this notice carefully to find out more.
- How should I treat this notice?
This notice will answer key questions about how the Company collects, processes and stores information about the Company’s customers, contractual partners and/or their employees (natural persons).
- Who is responsible for the protection of my information?
The controller of your data – Lex Ano UAB (reg. No. 300153209; address: Naugarduko g. 3, Vilnius Tel. +370 5 22 373 00, email: info@lexano.lt ).
- Why do you collect information about me?
You are seeking to enter into a contract with us or we, as the data controller responsible for collecting and processing data in the context of a business relationship, are primarily seeking to fulfil our contractual obligations to you, as well as to carry out pre-contractual steps to enquire about a product or service offer or to enter into a contract with you. We process your personal data to ensure the correct fulfilment of tax obligations, the correct issuance of accounting documents and the declaration of the acquisition of goods to the public authorities, and to be able to issue and administer accounting documents, such as invoices and/or bills, in the event that you purchase goods from us, or supply goods or services. For these reasons, we need to collect, process and store information about you and/or your employees (natural persons).
- What information should I give you and why?
To enter into and perform a contract with us, you must provide the following information:
- Identification data (name, surname, national identification number, VAT number, self-employment certificate number, business certificate number, licence name and number, etc.).
- Technical, financial, and similar data needed for contracts, the terms and conditions of the contracts, documents evidencing the performance of contracts (invoices, certificates, notices, etc.), and correspondence.
- Contact details (address, email address, telephone number, etc.).
- Other information relevant to the conclusion or performance of the contract (e.g., details of debts owed to third parties from bailiffs, credit institutions, etc., certification data, professional experience of staff).
If we do not receive the necessary information from you, we will not be able to enter into a contract with you or perform it properly.
- Which information about me do you collect from other sources?
No information about you is collected from other sources, except from bailiffs or credit institutions.
- What is the legal basis for collecting information about me?
We collect information about you lawfully on the following grounds:
- to conclude and perform a contract with you (Article 6(1)(b) of GDPR)
- to fulfil legal obligations in tax, accounting, and other areas (Article 6(1)(c) of GDPR)
- the legitimate interest of the Company to be interested in your opinion on the quality and preferences regarding the performance of the contract (provision of services, goods, sales) and to offer you in the future services or goods similar to those purchased from us (Article 6(1)(f) of GDPR)
- Do you collect sensitive information about me?
Sensitive information about you is not collected.
- Do you perform automated decision-making? Do you perform profiling?
We do not perform automated decision-making or profiling.
- Do you transfer information about me to anyone?
Information about you may be transferred to:
- State and local authorities (State Tax Inspectorate, SODRA, customs, etc.) in the cases and to the extent provided for by law.
- external data processors – companies or bodies providing accounting, advertising, information, communication, legal and similar services, which are subject to data confidentiality and security obligations in the area of the protection of personal data.
- carriers of goods, etc., to the extent necessary to organise the delivery of goods to you or from you.
- the Company’s customers, suppliers, other contractual partners to the extent necessary for the performance of the contract with you (e.g., for ordering goods, services, coordinating organisational issues, etc.).
- public or private entities conducting audits or inspections of the Company, where such inspections are common practice, and the recipients of the data assume non-disclosure and retention obligations.
- owners of the Company.
- Do you transfer information about me outside the European Economic Area?
Information is not transferred outside the European Economic Area (all Member States of the European Union as well as Iceland, Liechtenstein and Norway), unless such transfer of data to Service Providers or Third Parties is made in the performance of a contract concluded with you and with your knowledge. In these cases, the Company assesses that measures are in place to ensure an adequate level of protection of the transferred data in accordance with Chapter V of the GDPR (e.g., the data is transferred to a US company that complies with the Privacy Shield principles, or to a data recipient with whom the Company has concluded a data transfer agreement in accordance with the Standard Contractual Clauses as approved by the European Commission), or other measures as appropriate (in the case of international transportation of goods, we will transfer your personal data to a service provider located in the country in question in order to enable us to ensure that we are able to successfully transport your goods in accordance with the CMR Convention). To guarantee that your personal data are always protected, we ensure that appropriate safeguards are in place (for example, we make sure that the country concerned ensures an adequate level of protection of personal data).angl. Privacy shield) principų, arba duomenų gavėjui, su kuriuo Įmonė yra sudariusi duomenų perdavimo sutartį pagal Europos Komisijos patvirtintas standartines sutarčių sąlygas) ar kitos reikiamos priemonės (tarptautinio prekių transportavimo atvejais Jūsų asmens duomenis mes perduodame atitinkamoje valstybėje esančiam paslaugų teikėjui tam, kad sudarytume sąlygas sėkmingai transportuoti prekes pagal CMR konvencijos reikalavimus. Siekdami garantuoti, kad jūsų asmens duomenys visuomet būtų apsaugoti, mes užtikriname, kad būtų įdiegtos tinkamos apsaugos priemonės, pavyzdžiui, įsitikiname, ar susijusi valstybė užtikrina tinkamą asmens duomenų apsaugos lygį).
- How long do you retain information about me?
We retain information about you in accordance with the Index of General Document Retention Periods approved by the Chief Archivist of Lithuania or the statute of limitations applicable to the relevant legal relationship, whichever is longer. In the normal course of business, your personal data will be retained for 10 years from the date of purchase of the goods and the date of issue of the invoice or termination of the contract.
- What are my rights?
If you wish to take the actions set out below, please contact the Company’s Data Protection Officer as set out in Section 13. Please note that these rights are subject to statutory conditions and exceptions.
- Request access to the information we hold about you
- Request rectification of the information we hold about you
- Request deletion of the information we hold about you
- Request restriction of access to or deletion of the information we hold about you
- Object to the collection, use and storage of your information by our Company
- File a complaint with the State Data Protection Inspectorate
- Withdraw your consent at any time
- How can I receive your help?
If you have any questions, comments or complaints about how we collect, use and store data about you, we are here to help. If you need assistance, please contact the Company’s Data Protection Officer by email to gdpr@lexano.lt. gdpr@lexano.lt .
Changes to the notice
The Company reserves the right to amend and update the Notice.