About us

PRIVACY NOTICE

[[#ex]]

1. What is contained in this Privacy Notice and who is it for?

In the course of its activities, EPSO-G UAB (hereinafter referred to as "the Company" or "we") processes (collects, stores, etc.) your personal data. In processing this information, the Company is guided by the European Union's General Data Protection Regulation (hereinafter referred to as "GDPR") and other legal acts regulating the protection of personal data.

In this Privacy Notice for you, we provide basic information about the processing of your personal data by the Company - where we obtain your personal data and to whom we may provide it, for what purposes and on what grounds we process it, what rights you have, how you can exercise them and other relevant information.

2. Who is responsible for the protection of your personal data?

The Company is responsible for the protection of your personal data and is the controller of this data, which determines the purposes and means of processing information about you. The contact details of the Company as the data controller are set out in section 11 of this Privacy Notice.

3. Why and what personal data do we collect?

No.	Why do we collect information about you?	What information do we collect about you?	Why do we have the right to collect the information you provide?	How long do we use or store information about you?
	We select candidates to become members of our collegiate bodies or those of our group companies (which are directly controlled by us).	Name, surname, date of birth, phone No., place of work, email address, place of residence (address), education, date of receipt of resume, personal characteristics, work experience, knowledge of foreign languages, ability to work with computer programs, other information provided in the resume, recommendation and (or) motivation letter, signature, the candidate's application for admission and declaration of integrity, the information given in the declaration of interests, interview (voice) recordings of candidates for members of the collegial bodies of our subsidiaries.	We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR). We have your consent (Article 6(1)(a) GDPR)	1 year after the end of the selection.
	We carry out security checks on candidates applying for office	Name, surname, position applied for, date of giving and/or withdrawing consent for security clearance, signature, personal data referred to in Article 16 of the Law on Prevention of Corruption of the Republic of Lithuania and/or Article 17 of the Law on Protection of Objects Important for National Security of the Republic of Lithuania (the scope of the data shall depend on the information provided by the relevant authorities to the Company). For this purpose, special categories of personal data may also be processed if they have been provided to us by the authorities carrying out the screening of the candidate (the State Security Department of the Republic of Lithuania, the Special Investigation Service of the Republic of Lithuania, the Ministry of the Interior of the Republic of Lithuania).	We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR). We have your consent (Article 6(1)(a) GDPR)	Where the screening of a candidate provides information leading to a decision not to appoint a person to a position, the personal data will be retained for 3 months after the end of the screening. Where the screening of a candidate provides information that leads to a decision to employ the person, the candidate's personal data (obtained prior to the conclusion of the employment contract) will be kept for the duration of the employment contract and for 1 year after the termination of the employment.
	Organising and conducting public procurement	Name, surname, personal identification number or date of birth, address, tel. No, position, other personal data may be possible depending on the subject-matter of the contract and the qualification requirements (criminal record check, fulfilment of tax obligations relating to the subject-matter of the contract, qualification requirements specified in the contract documents), name, surname, personal identification number or date of birth, address, telephone number of the representative of the supplier who won the purchase, a copy of the certificate of individual activity, a copy of the business licence. The following may be requested from the supplier who wins the purchase: resume, copies of diplomas, certificates obtained, number of completed contracts, certificate of criminal record, settlement with VMI, SoDra, etc.	We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR)	During the term of the contract and for 5 years after the end of the contract. When the contract has not been concluded, 5 years after the end of the purchase.
	We conclude and execute contracts with you, and fulfil related tax obligations	Name, surname, personal identification number or date of birth, tel. No., e-mail address, bank account number, signature, basis of representation (power of attorney, articles of association, etc.), number of mandate, term, position, settlement information, settlement period, other information relevant to the conclusion and performance of the contract, depending on the nature of the contract.	We conclude and perform a contract with you (Article 6(1)(b) GDPR)	During the term of the contract and for 5 years after the end of the contract.
	We carry out internal and external communications to publicise the Company's activities	In the case of media representatives, full name, position, tel. No. and email address. In the case of trainers, other invitees, full name and position.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR)	Media representatives (e.g. journalists in charge) - protected as long as they are actually working for the media outlet or the responsible department. 5 years after the end of the contract.
	Managing an internal whistleblowing channel (the Helpline) and conducting internal investigations on the basis of the information received	If the information is not provided anonymously, the data provided by the person himself is collected - first name, last name, tel. No., personal identification number, e-mail address, the circumstances specified in the notice, the date of submission of the notice, the decision on informing about the actions taken and the decisions made.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR) We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR).	If the information received reveals an infringement, 5 years from the end of the investigation. If no infringement was found after examining the received information - 3 years after the end of the investigation.
	We handle complaints, suggestions or requests from you	Name, surname, email address, tel. No., signature, date of referral, referral number (registration number) and the information provided in it, the outcome of the proceedings, and, if the person making the request, complaint or proposal has been contacted by e-mail, the personal data recorded in the communication.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR)	3 years from the date of receipt of the request, complaint or proposal.
	Managing lists of persons with insider information, implementing the requirements of the Market Abuse Regulation	Name, surname acquired at birth, work/personal tel. No., date of birth, personal identification number, home address, reason for inclusion, date and time of inclusion to the list, date and time of removal from the list.	We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR)	5 years from the date of the last update of the list
	Managing the Company's list of senior executives and their closely associated persons to implement the requirements of the Market Abuse Regulation	Personal data of persons closely related to the Company's senior executives (spouses, partners, persons treated as spouses in accordance with the procedure established by the legislation), children or stepchildren (aged 16 and over living with the senior executives), relatives who have been living with the senior executive for 1 year prior to the date of conclusion of the transaction in question) - name, surname, nature of the relationship with the senior executive.	We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR)	1 year after the person in a leading position leaves the position.
	Conducting internal audits of the Company and Group companies	Personal data recorded in documents, including but not limited to emails, etc., of employees and representatives of contractors of Group companies, which are provided for internal audit purposes.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR).	10 years after approval of the internal report.
	Developing, coordinating and controlling the activities and growth of the Group companies	Name, surname, date of birth or personal identification number, work email address, work telephone No., information on the employee's resume, information on salary and transfer of other benefits, investigation material relating to accidents at work, breaches of employment duties, other breaches of employment, information on private interests, and any other data obtained for the purpose of the development, expansion, co-ordination and control of the Group's companies' operations.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR).	Personal data is stored for 3 years.
	Providing services to our Group companies	Name, surname, position, tel. No., e-mail address, any other personal data recorded in the course of providing management or other services of a consultative nature, the number of hours spent on the consultation, the area, the category and the description of the consultation.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR).	Personal data is stored for 5 years.
	Ensuring the efficient and secure operation of our website (we use technical cookies to support the user session)	Unique identifier	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR)	Until the website window is closed (information is automatically deleted when the browser is closed)

When we receive personal data from you, we would ask you to provide only the information that is necessary to fulfil the purposes set out above. Please do not provide any other information, such as political views, nationality, religion, etc.

You can read the privacy policy for EPSO-G candidates here.

4. Where do we get your personal data from?

Most of the information is provided by you, but we may also receive some of your personal data from the legal entities for which you work (e.g. companies within the EPSO-G group of companies, UAB) or which you represent (e.g. suppliers with whom we contract).

5. Who can we transfer your personal data to?

We may transfer your personal data to our partners, service providers, as well as to the entities listed below, only to the extent necessary to achieve the purposes set out in section 3 above and as permitted by the applicable law:

5.1 for banks carrying out settlement operations;

5.2 courts, regulators, law enforcement and other public authorities;

5.3 companies providing data centre, hosting, cloud, website administration and related services, companies that create, support and develop software, companies that provide IT infrastructure services, companies that provide connectivity services.

When we transfer personal data to other third parties as data processors used by us, we make sure before we use them that they have appropriate technical and organisational measures in place to ensure the secure processing of personal data and an adequate level of data protection in accordance with applicable European Union law.

6. Will your personal data be transferred outside the European Economic Area?

The Company does not currently transfer your personal data to third countries (outside the EEA). If it is necessary to transfer your personal data outside the EEA for the purposes set out in this Privacy Notice, we will comply with the requirements set out in the GDPR and inform you of such transfer.

7. How do we protect your personal data?

In order to ensure that information about you is protected against unauthorised access, disclosure, accidental loss, alteration or destruction, or other unauthorised processing, we have put in place and apply an appropriate level of technical and organisational data security measures to secure your personal data.

8. What rights do you have?

The GDPR and other laws give you rights, the cases in which you can exercise them, the procedures you must follow, and the exceptions in which cases you cannot exercise the rights granted. Where permitted by law, you have:

8.1 the right to know (be informed) about the processing of your personal data;

8.2 the right of access to your personal data processed;

8.3 the right to have your personal data corrected;

8.4 the right to have your personal data erased ("right to be forgotten") if this can be justified on one of the grounds set out in Article 17(1) of the GDPR;

8.5 the right to restrict the processing of your personal data. You can request the restriction of the processing of your personal data where one of the cases set out in Article 18(1) of the GDPR applies;

8.6 the right to object to the processing of your personal data;

8.7 the right to withdraw your consent to the processing of your personal data where we process your personal data on the basis of consent.

If you believe that the Company's processing of your personal data violates data protection legislation, you have the right to file a complaint with the State Data Protection Inspectorate by mail to L. Sapiegos g. 17, LT-10312, Vilnius or online (https://vdai.lrv.lt).

9. How can you exercise your rights?

To exercise your rights as set out in section 8 of the Privacy Notice, you must:

9.1 send an application to the Company or the Personal Data Protection Expert by email to [email protected] or [email protected];

9.2 deliver the application in person to the Company's registered office at Gedimino pr. 20, Vilnius. The application must be accompanied by proof of identity;

9.3 send the application to the Company or the Personal Data Protection Expert by post to Gedimino pr. 20, Vilnius.

10. How will we inform you of changes to this notice?

We may update or change this Privacy Notice at any time. Such updated or amended Privacy Notice will be effective from the date of its posting on our website.

When we update the Privacy Notice, we will inform you of what we consider to be material changes by posting them on the website. You can look at the "Date of update" date at the bottom to see when the Privacy Notice was last updated.

11. Contact details of the data controller and the personal data protection expert

If you have any questions, comments or complaints about how we collect, use and store information about you, or if you wish to exercise your rights as a data subject, you can contact the Company by email at [email protected], Gedimino pr. 20, Vilnius, tel. +370 685 84866.

Contact details of the Company's personal data protection expert: [email protected].