GENERAL INFORMATION

By this Privacy Policy (hereinafter referred to as the “Privacy Policy”), “DLG”, UAB, company code 126004149, registered office address: Perkūnkiemio g. 5, LT-12129 Vilnius, (hereinafter referred to as the “Data Controller”) shall set out the terms and conditions for the use of the website https://www.dlg.lt (hereinafter referred to as the “Website”) operated by the Data Controller. The terms and conditions set out in this Privacy Policy shall apply to every visit to the Website, regardless of the device (computer, mobile phone, tablet, television, etc.) used.

Please read this Privacy Policy carefully, as each visit to the Website operated by the Data Controller constitutes your consent to the terms and conditions set out in this Privacy Policy. If you do not agree to these terms and conditions, please do not visit this Website or access its content and/or services.

By submitting his/her personal data (including data provided directly or indirectly by visiting the Website and using the services provided therein), the Data Subject shall consent and not object to the Data Controller managing and processing the data for the purposes and in accordance with the procedures provided for in this Privacy Policy, the consent of the Data Subject, and any applicable legislation.

Persons under the age of 16 shall be prohibited from submitting any personal data through the Website of the Data Controller. If you are under the age of 16, you must obtain the consent of your parents or other legal guardians before submitting any personal data.

“Representative” shall mean a person representing the partners (service providers) of the Data Controller, both natural persons and legal entities.

“Data Subject” shall be understood within this Privacy Policy as a Representative, Contacting Person, Client, Candidate, Caller or any other natural person whose personal data is processed by the Data Controller.

“Contacting Person” shall mean a natural person interested in the services provided by the Data Controller or contacting the Data Controller on other matters.

“Candidate” shall mean a person participating or applying to participate in the recruitment process carried out by the Data Controller.

“Client” shall mean a legal entity or a representative of the Client purchasing services from the Data Controller or who has concluded an agreement with the Data Controller for the provision of services.

“Caller” shall mean a person making a call to a publicly available contact phone number regarding the provision of the services of the Data Controller and/or other matters.

The Data Controller shall collect personal data in accordance with the requirements of the applicable legislation of the European Union and the Republic of Lithuania, as well as the directions of the supervisory authorities. All reasonable technical and administrative measures shall be taken to protect the collected data on Data Subjects against loss, unauthorised use and alteration.

This Privacy Policy has been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”), the Republic of Lithuania Law on the Legal Protection of Personal Data, and other applicable legislation of the EU and the Republic of Lithuania. The definitions used in this Privacy Policy shall be understood as defined in the General Data Protection Regulation and the Republic of Lithuania Law on Legal Protection of Personal Data.

WHAT INFORMATION WE COLLECT ABOUT YOU

Information provided directly by you

Information on how you use our Website

If you visit our Website, we also collect information that reveals the patterns of use of our services or that automatically generates visitor statistics. For more information on this, please see our „Cookie Policy“.

Information from third-party sources

We may obtain information about you from public and commercial sources (to the extent permitted by applicable legislation) and link it to other information we obtain from or about you. We may also receive information about you from third-party social media services when you access them, such as via your Facebook account(s).

Other information collected by us

With your consent, we may also collect other information about you, your device or your use of our Website content.

You may opt out of providing us with certain information, but this may prevent you from using the services we offer.

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF CONSULTATION, ENQUIRY HANDLING

Processing of personal data of Contacting Persons, including Callers, contacting the Data Controller for the purpose of the provision of services and/or on other matters. The Data Controller shall process the following personal data of Contacting Persons, including Callers:

Name;

Surname;

Phone Number;

Email address;

Position;

Workplace.

The personal data of Contacting Persons shall not be transferred to third parties.

Personal data for the purposes of consultations, enquiry handling shall be processed on the basis of consent (Article 6(1)(a) of the General Data Protection Regulation).

PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SERVICE PROVISION

Processing of personal data of the representatives of Clients. The Data Controller shall process the following personal data of the representatives of Clients:

Name;

Surname;

Position;

Workplace;

Phone Number;

Email address;

Other information related to the purchased services.

Data shall be obtained directly from Clients, or in the performance of a contract with a Client, and/or from other third parties linked to the Data Subject.

We shall undertake not to transfer your personal data to any unaffiliated third parties, except in the following cases:

If the Client has given consent to the disclosure of personal data;

In the provision of services: to the partners of the Data Controller, other recipients, both within the European Union and outside the European Economic Area, in order to perform the services requested by the Client. The Data Controller shall provide these service providers with as much personal data of Clients as may be necessary for the performance of the specific services;

In the exercise of the legitimate interests of the Data Controller (e.g. for debt recovery);

To authorised institutions, in accordance with the procedure set out in the legislation of the Republic of Lithuania.

The Data Controller may provide the personal data of Clients and other Data Subjects to Data Processors not specified in this Policy who provide services (perform work for) the Data Controller and process the personal data of Clients and Data Subjects on behalf of the Data Controller. Data Processors shall have the right to process personal data only in accordance with the directions of the Data Controller and only to the extent necessary for the proper performance of their obligations under the contract. When engaging Data Processors, the Data Controller shall take all necessary measures to ensure that the Data Processors have put in place appropriate organisational and technical security measures and maintain the confidentiality of personal data.

Personal data shall be processed on the basis of consent of the Data Subject and/or for the performance of a contract with the Data Subject (Article 6(1)(a) and (b) of the General Data Protection Regulation).

PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF PERFORMANCE OF CONTRACTS WITH PARTNERS/SERVICE PROVIDERS

The Data Controller in cooperation with partners (service providers) shall process the following personal data of natural persons or Representatives:

Name;

Surname;

Personal number;

Address (if applicable);

Number and date of issue of the self-employment certificate (if applicable);

Bank account number (if applicable);

Power of Attorney;

Duration of the Power of Attorney;

Person represented (relation to the person represented);

Position;

Workplace;

Phone Number;

Email Address.

Data shall be obtained directly from natural persons, Representatives, and/or represented persons.

We shall undertake not to transfer your personal data to any unaffiliated third parties, except in the following cases:

In the performance of contracts: for Clients, partners of the Data Controller, other recipients, both within the European Union and outside the European Economic Area, in order to perform the services requested by the Client. The Data Controller shall provide these Clients, partners and other recipients with as much of personal information of natural persons and representatives as may be necessary for the performance of the specific services or contract(s);

If the Client has given consent to the disclosure of personal data;

In the exercise of the legitimate interests of the Data Controller (e.g. for debt recovery);

To authorised institutions, in accordance with the procedure set out in the legislation of the Republic of Lithuania.

The Data Controller may provide the personal data of natural persons and Representatives to Data Processors not specified in this Privacy Policy who provide services (perform work for) the Data Controller and process the personal data of natural persons and Representatives on behalf of the Data Controller.

Personal data for the purpose of performance of contracts with partners/service providers shall be processed on the basis of the performance of a contract and/or the legitimate interests of the Data Controller (Article 6(1)(b) and (f) of the General Data Protection Regulation).

PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES

The Data Controller shall aim to share only relevant news and other useful information with the recipients of newsletters. It shall carry out such activities in accordance with this Privacy Policy.

The Data Controller shall only process personal data for direct marketing purposes with the explicit consent of the Data Subject. For direct marketing purposes, the following personal data of Clients and other Data Subjects shall be processed:

Name;

Surname;

Phone Number;

Email Address.

By sending a newsletter, the Data Controller may collect statistical data on the use patterns of the Data Subject and the content of the newsletter (e.g. whether the newsletter was read, which links were opened by the Data Subject).

The email address of the Data Subject may be used to show advertising via Facebook, Google and other advertising platforms, adapting advertising to the target audience.

Based on the personal data you provide, for direct marketing purposes, profiling of your personal data may be performed in order to provide you with personalised solutions and offers. You may at any time withdraw your consent to or object to the processing of your personal data through automated processing, including profiling (if such processing is applicable).

Personal data shall be obtained directly from Data Subjects. The Data Controller may only transfer Personal Data to third parties providing specialised services for the purpose of sending emails, personalising advertising placed through advertising platforms.

The personal data of Clients and other Data Subjects shall be processed on the basis of consent expressed by providing their data and consenting to the processing of personal data for direct marketing purposes (Article 6(1)(a) of the General Data Protection Regulation).

Please be informed that the Data Subject shall have the right to object to or withdraw his/her consent to the processing of his/her personal data for direct marketing purposes at any time, without providing reasons for the objection:

• By clicking the “unsubscribe” link at the end of the newsletter; or
• By emailing us at office@dlg.lt or giving us a call at +370 5 232 0000.

Withdrawal of consent shall not affect the lawfulness of consent-based data processing carried out before the withdrawal of consent.

PROCESSING OF PERSONAL DATA OF CANDIDATES FOR THE PURPOSE OF RECRUITMENT

The Data Controller shall, for the purpose of recruitment, process the personal data voluntarily provided by the Candidate to the extent to which the personal data have been provided. The Data Controller may contact the former employers of the Candidate for data relating to the qualifications, professional abilities and qualities of the Candidate. The Data Controller may only contact the current employer of the Candidate with the separate consent of the Candidate.

Data shall be obtained directly from the Candidates and/or from third parties. Such data shall not be transferred to third parties.

Data of Candidates shall be processed on the basis of the consent expressed by providing their data and/or the application made by the Candidate prior to the conclusion of the contract (Article 6(1)(a) and (b) of the General Data Protection Regulation).

WHAT WE DO TO PROTECT YOUR INFORMATION

Personal data shall be protected against loss, unauthorised use and alteration. Organisational and technical measures have been put in place to protect all information we collect for the purposes of providing our services. Please be reminded that while we take reasonable steps to protect your information, no website, online transaction, computer system or wireless connection is entirely secure.

The Data Controller shall apply different storage periods for personal data in accordance with the requirements of the applicable legislation and the purposes for which personal data are processed.

Storage periods for personal data

Exceptions to the retention periods may be made to the extent that they do not infringe on the rights of Data Subjects, comply with legal requirements and are properly documented.

At the end of the set periods, provided they have not been extended, the data shall be destroyed in such a way that they cannot be reproduced.

YOUR RIGHTS

The Data Subject whose data is processed as part of the activities of the Data Controller shall have the following rights:

• The right to know (be informed) about the processing of your data;
• The right of access to your data and how it is processed;
• The right to rectification or, depending on the purposes of the processing of the personal data, completion of incomplete personal data;
• The right to erasure (“right to be forgotten”), i.e., to stop the processing of your data (except for storage);
• The right to restriction of the processing of personal data on one of the legitimate grounds;
• The right to data portability where the Data Subject has provided his/her personal data to the Data Controller in a structured, commonly used and machine-readable format;
• The right to object to the processing of personal data where such data is processed or intended to be processed for direct marketing purposes, including profiling in relation to such direct marketing;
• The right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.

The Data Subject shall have the right to submit any request or instruction related to the processing of personal data to the Data Controller in writing in one of the following ways: direct hand-delivery to “DLG”, UAB, Perkūnkiemio g. 5, LT-12129 Vilnius; by post to “DLG”, UAB, Perkūnkiemio g. 5, LT-12129 Vilnius; by email: office@dlg.lt.                         

Upon receipt of such request or instruction, the Data Controller shall, within one month of the date of the request at the latest, provide a reply and shall carry out or refuse to carry out the actions specified in the request. Where necessary, the period referred to shall be extended by a further two months, depending on the complexity and number of requests. In such case, the Data Controller shall inform the Data Subject of such extension within one month of receipt of the request, together with the reasons for delay.

The Data Controller shall be entitled to prevent any data subject from exercising the rights listed above, except for the objection to the processing of personal data for direct marketing purposes, in cases where, as provided for by law, it is necessary to ensure the prevention, investigation, and detection of criminal offences, breaches of official or professional ethics, or the protection of the rights and freedoms of a data subject or of other persons.

THIRD-PARTY WEBSITES, SERVICES AND PRODUCTS ON OUR WEBSITES

The Website of the Data Controller may contain third-party advertising banners, links to their websites and services, which are not under the control of the Data Controller, for example, a link to the Facebook profile of the Data Controller. The Data Controller shall not be liable for the security and privacy of information collected by third parties. Please refer to the privacy policies applicable to any third-party websites and services that you access.

If you provide your details via Facebook, it is assumed that you consent to us contacting you using the contact phone number and email address you have provided to offer you services.

FINAL PROVISIONS

Amendments or modifications to the Privacy Policy shall come into force from the date of their publication on the Website.

Where, after the amendment or modification of the Privacy Policy, the Data Subject continues to use the Website and/or the services provided by the Data Controller, it shall be deemed that the Data Subject has not objected to such amendments and/or modifications.

CONTACT US

If you have any questions regarding any information contained in this Privacy Policy, please contact us in any way that is convenient for you:

By phone: +370 5 232 0000

By email: office@dlg.lt

By post: „DLG”, UAB, Perkūnkiemio g. 5, LT-12129 Vilnius

Last updated on 01/02/2024