About us

PRIVACY NOTICE

[[#ex]]

1. What is contained in this Privacy Notice and for whom is it intended?

EPSO-G (hereinafter - the Company or us) processes (collects, stores, etc.) Your personal data.  When processing this information, the Company is guided by the General Data Protection Regulation of the European Union (hereinafter – GDPR) and other legal acts regulating the protection of personal data.

In this Privacy Notice (hereinafter - Privacy Notice), we provide You with basic information about the Company's processing of your personal data - where we obtain your personal data and to whom we may provide it, for what purposes and on what grounds we process your personal data, what rights You have, how You can exercise those rights, and other relevant information. Please read this important information carefully and from time to time visit our website at https://www.epsog.lt/lt/apie-mus/privatumas and read the latest version of the Privacy notice posted there.

In order to find out when the Privacy Notice was last updated, You can check the “Last updated” date.


2. Who is responsible for the protection of Your personal data? 

EPSO-G, legal entity code: 302826889, registered office: Laisvės ave. 10, Vilnius, e-mail: [email protected], phone: +370 685 84866.


3. Why and what Your personal data do we process?

Why do we collect information about You?

What information do we collect about You?

Why do we have the right to collect the information You provided?

How long do we use or store information about You?

We select candidates to become members of our collegiate bodies or those of our group companies (which are directly controlled by us).

Name, surname, date of birth, telephone number, place of work, e-mail address, place of residence (address), education, date of receipt of curriculum vitae, personal qualities, work experience, knowledge of foreign languages, ability to work with computer programs, other information contained in the curriculum vitae, letter of recommendation and/or cover letter, signature, the data contained in the candidate's application for participation in the selection procedure and in the declaration of integrity and declaration of interests, and the records of the interviews/voice of the candidates for the membership of the collegial organs of the subsidiaries.

We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR).

 

 

 

We have Your consent (Article 6(1) clause a of the GDPR)

1 year after the end of the selection.

We carry out a verification of the reliability of candidates seeking to perform their duties

Name, surname, position applied for, date of submission and/or revocation of consent for security clearance, signature, personal data referred to in Article 16 of the Law on Prevention of Corruption of the Republic of Lithuania and/or Article 17 of the Law on the Protection of Objects of Importance to Ensuring National Security of the Republic of Lithuania (the scope of the personal data shall depend on the information provided by the relevant authorities to the Company).

 

 

 

For this purpose, special categories of personal data may also be processed if they have been provided to us by the authorities carrying out the screening of the candidate (the State Security Department of the Republic of Lithuania, Special Investigation Service of the Republic of Lithuania, the Ministry of the Interior of the Republic of Lithuania).

We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR).

 

 

 

We have Your consent (Article 6(1) clause a of the GDPR)

  1. When the selection process provides information leading to a decision not to appoint a person to a position, the personal data will be kept for 3 months after the end of the selection process.
  2. When a candidate's verification provides information that leads to an employment decision, the candidate's personal data (obtained prior to the conclusion of the employment contract) is stored for the duration of the employment contract and for 1 year after the termination of the employment relationship.

We organize and conduct public procurement

Name, surname, personal code or date of birth, address, telephone number, position, other personal data may be required depending on the object of the contract and the qualification requirements (criminal record check, tax obligations related to the object of the contract, qualification requirements as specified in the contract documents), name, surname, personal code or date of birth, address, telephone number, position, bank account number, copy of the certificate of sole proprietorship, copy of the business certificate.   The successful supplier may be asked for: curriculum vitae, copies of diplomas, certificates obtained, the number of contracts completed, criminal record, payment records with the State Tax Inspectorate, SoDra etc.

We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR).

  1. During the period of validity of the contract and 5 years after the expiry of the contract.

 

 

  1. When the contract was not concluded, 5 years after the end of the procurement.

We draw up and execute contracts with You, and comply with related tax obligations

Name, surname, personal code or date of birth, telephone number, e-mail address, bank account number, signature, basis of representation (power of attorney, statutes, etc.), number of the power of attorney, term, duties, billing information, settlement period, other information relevant to the conclusion and performance of the contract, depending on the nature of the contract.

We conclude a contract with You and fulfil our contractual obligations (Article 6(1) clause b of GDPR)

During the period of validity of the contract and 5 years after the expiry of the contract.

We carry out internal and external communications to publicise the Company’s activities

In the case of media representatives, name, surname, position, telephone number and e-mail address.

 

In the case of instructors, other invitees, name, surname and position.

We have a legitimate interest in processing Your personal data (to publicise the Company's activities by informing You about ongoing news) (Article 6(1) clause f of GDPR) 

  1. Media representatives (e.g. journalists in charge) - protected for as long as they are actually working for the media outlet or the department.
  2. 5 years after the end of the contract.

We administer the internal reporting channel (Trust line) and carry out internal investigations on the basis of the information received

In case the information is not provided anonymously, the data collected will be the data provided by the person himself or herself - name, surname, telephone number, personal code, e-mail address, the circumstances of the notification, the date of the notification, the decision to inform about the actions taken and the decisions taken.

We have a legitimate interest in the processing of Your personal data (to prevent fraud, corruption, other criminal acts, violations of law, other violations -to prevent acts being committed, to take measures to prevent acts being committed in the future, etc.)(Article 6(1) clause f of GDPR).

 

We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR).

If an infringement has been found after examination of the information received - 5 years after the end of the investigation.

 

If the examination of the information received did not lead to the finding of an infringement - 3 years after the end of the investigation carried out.

We deal with complaints, suggestions or requests submitted by You

Name, surname, e-mail address, telephone number, signature, date of application, application number (registration number) and the information contained therein, the outcome of the proceedings, if the person making the application, complaint or proposal has been communicated with by e-mail, the personal data recorded in that communication.

We have a legitimate interest in processing your personal data (to deal with your applications, requests or complaints) (Article 6(1) clause f of GDPR)

3 years from the date of receipt of the application, complaint or offer.

We administer lists of persons with inside information in accordance with the requirements of the Market Abuse Regulation[1]

Name, surname acquired at birth, work/personal telephone number, date of birth, personal code, home address, reason for inclusion in the list, date and time of inclusion, date and time of removal from the list.

We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR).

5 years from the last update date of the list

We administer the list of persons in the management positions of the company and closely related to them, implementing the requirements of the Market Abuse Regulation

Personal data of persons closely related to the Company's heads/managers (spouses, partners, persons treated as spouses in accordance with the procedure established by the legislation), children or stepchildren (16 years of age or older, living together with the them), relatives who have been living together with them for 1 year prior to the date of conclusion of the transaction in question) - name, surname, nature of the relationship with him/her.

We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR).

1 year after the person has completed his/her duties.

We carry out internal audits of the Company and the Group companies

Personal data recorded in documents, including but not limited to emails, etc., of employees of Group companies and representatives of counterparties, which are provided for internal auditing.

We have a legitimate interest in the processing of Your personal data (ensuring proper risk management and internal control, improving the management of Group companies) (Article 6(1) clause f of GDPR).

10 years after the approval of the internal report.

We develop, coordinate and control the activities of the Group companies and their development

Name, surname, date of birth or personal code, work e-mail address, work telephone number, information on the employee's curriculum vitae, information on remuneration and transfer of other benefits, investigation material on accidents at work, breaches of work duties, other breaches of work-related obligations, information on private interests and other data obtained for the purpose of development, coordination and control of the Group companies' operations.

We have a legitimate interest in processing Your personal data (to coordinate the activities of the Group companies, ensuring their development) (Article 6(1) clause f of GDPR).

Personal data is stored for 3 years.

We provide services to our Group companies

Name, surname, position, telephone number, e-mail address, any other personal data recorded in the course of providing management or other advisory services, number of hours spent on the consultation, area of consultation, category, description.

We have a legitimate interest in the processing of Your personal data (to ensure the quality of the services provided and the efficiency of the activities) (Article 6(1) clause f of GDPR).

Personal data is stored for 5 years.

We strive to ensure the efficient and safe operation of our website (we use technical cookies to support the user session)

Unique identifier

We have a legitimate interest in processing Your personal data (to ensure that the Company's website operates in a high quality, secure manner) (Article 6(1) clause f of GDPR)

Until the closing of the website window (information is automatically deleted after the browser is turned off)

We implement economic or financial sanctions, embargoes or other restrictive measures imposed or administered by the EU or other relevant institutions.

 

Managing risks associated with business partners

Name, surname, date of birth, nationality, place of residence, address of registration, country of residence, percentage of shares held, information on links with politically exposed persons, information on investigations carried out in relation to corruption, competition, anti-money laundering, terrorist financing, occupational health and safety violations, information on business partners, clients.

 

Personal data of shareholders of the partner of activity, beneficiaries (name, surname, date of birth, nationality, place of residence)

 

Name, surname, position, e-mail address of the representative of the business partner.

 

Other information provided in the questionnaire by the business partner, his representative.

 

We are obliged to collect information in accordance with the law (Article 6(1) clause c of the GDPR), we have a legitimate interest (to ensure the compliance of our business partners with the requirements of the Group's Supplier Code of Conduct and the management of potential financial and reputational risks) (Article 6(1) clause f of the GDPR) 

 

 

5 years after the end of the contractual relationship.

The privacy policy of the candidates to the employees of EPSO-G” can be found here.


1 Regulation (EU) No. 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (Market Abuse Regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC


4. Where do we receive Your personal data from?

You provide us with most of the information Yourself, but we may also receive certain personal data from:

4.1. the legal entities for which you work (e.g. companies within the EPSO-G group of companies) or which You represent (e.g. suppliers with whom we enter into contracts).

When we receive personal data from You, we would ask You to provide only the information necessary to achieve the purposes set out in point 3. Other information, such as political views, nationality, religion, etc., would be requested not to be provided.


5. What personal data do You need to provide to us and why?

Please review the answer to point 3 above – You must provide the information about You that is necessary in order to:

5.1. enter into contracts with You and fulfil our contractual obligations;

5.2. enter into contracts with the persons You represent and fulfil our contractual obligations.

If you do not provide the above information, we will not be able to conclude contracts with You and/or the persons You represent and fulfil contractual obligations.


6. Who can we disclose Your personal data to?

We may transfer information related to You to our partners, service providers, as well as to the following entities only if it is necessary for the purposes set out in point 3 and permitted by applicable law:

6.1. banks carrying out settlement operations (data shall be transmitted for the purpose specified in point 3.4);

6.2. courts, supervisory, law enforcement and other public authorities (data may be transferred for all the purposes set out in point 3);

6.3. lawyers, notaries, bailiffs, auditors, consultants, companies providing data centre, hosting, cloud, website administration and related services, companies designing, maintaining and developing software, companies providing information technology infrastructure services, companies providing communication services, insurance companies, companies providing archiving services and other services to the Company (the data may be transferred for all of the purposes set out in point 3 above)

We note that when the Company transfers personal data to other third parties as outsourced data processors, it shall make sure, before using them, that they have appropriate technical and organisational measures in place to ensure the secure processing of personal data and an adequate level of data protection in accordance with the applicable European Union legislation.


7. Will Your personal data be transferred outside the European Economic Area?

In most cases, personal data is processed and transferred within the territory of the European Union and the European Economic Area (EEA[1]).

If necessary for the provision of certain services, the data may be transferred and processed outside these territories, provided that an adequate level of personal data protection is observed. Where permitted by law and necessary for the reasons set out in section 6 of this Privacy Notice, we disclose information about You:

7.1. on the basis of an adequacy decision of the European Commission, which means that the European Commission has recognised the country in which the third party is established and/or carries out its activities as having an adequate level of protection of personal data;

7.2. we have signed a contract with a third party based on standard contractual clauses approved by the European Commission;

7.3. we have obtained permission from the State Data Protection Inspectorate;

7.4. making use, where possible, of other available safeguards and derogations for the protection of personal data.


[1] The EEA or European Economic Area shall be composed of the Member States of the European Union and Iceland, Norway and Liechtenstein.


8. How is Your personal data processed?

In order to ensure that information about You is protected from unauthorized access, disclosure, accidental loss, alteration or destruction or other unlawful processing, we have implemented and apply appropriate level of technical and organizational security measures for Your personal data.


9. What rights do You have?

The GDPR and other laws give You rights, provide for when You can exercise them, the procedures You must follow, and the exceptions in which cases You cannot exercise the rights granted. When permitted by law, You can:

9.1. access Your personal data, i.e. to receive a notification confirming whether the Company processes Your personal data and, if processed, to request access to the data processed and related information;

9.2. submit a request to us to correct inaccurate, incorrect personal data or to supplement it when it is not complete;

9.3. submit to us a request to delete Your personal data, which we have if this can be justified by one of the reasons provided for in Article 17(1) of the GDPR; 

9.4. submit a request to us to restrict the processing of Your personal data, where one of the cases provided for in Article 18(1) of the GDPR applies. 

9.5. object to the use of data when we process Your data for the legitimate interests of the Company and (or) third parties;

9.6. submit to us a request for the transfer (receipt) of data that You have provided to us under the contract or with Your consent to the processing of data and which we process by automated means in a commonly used electronic form;

9.7. object to a fully automated decision, including profiling, if such decision-making may have legal consequences or similar significant effects on You;

9.8. revoke the consent given to us to process Your personal data when we use the data on the basis of Your consent;

9.9. lodge a complaint with a supervisory authority, in particular in the Member State where You have Your habitual residence or the place where the alleged infringement of the GDPR has occurred and to seek judicial remedies. In the Republic of Lithuania, the supervisory authority is the State Data Protection Inspectorate (L. Sapiegos str. 17, Vilnius; e-mail: [email protected]), but first we recommend You to contact us and we will try to solve all Your requests together with You.


10. How can You exercise Your rights?

In order to exercise Your rights referred to in point 9 of this Privacy Notice, You must:

10.1. personally present a request to exercise the rights of the data subject (hereinafter - Request) to the Company’s headquarters at Laisvės ave. 10, LT-04215, Vilnius (together with the Request, a document confirming personal identity must be submitted); 

10.2. send a Request to the Company or the Personal Data Protection Expert by e-mail [email protected] or [email protected] (the Request submitted by e-mail must be signed with a secure electronic signature);

10.3. submit to the Company or the personal data protection expert by post, at Laisvės ave. 10, LT-04215, Vilnius (the Request must be accompanied by a copy of the identity document, certified by a notary or other procedure established by legal acts).

When submitting an application through a representative, the application must be accompanied by a document confirming the representation or a copy thereof certified in accordance with the procedure laid down by legal acts. 


11. How will we inform You of changes to the Privacy Notice?

We may update or change this Privacy Notice at any time. Such updated or amended Privacy Notice will be effective from the date of its posting on our Website. 

When we update the Privacy Notice, we will inform You of what we consider to be material changes by posting them on the Website. You can look at the “Updated” date at the bottom to see when the Privacy Notice was last updated.


12. Does Your website leave cookies on my computer or device?

Yes, we use cookies as shown in the table below. Cookies are small text files stored in Your device (e.g. computer, mobile phone, tablet) browser when You browse websites. Other technologies, including data we store on Your browser or device, identifiers associated with Your device and other software, may be used for similar purposes. Cookies are used extensively to make websites work or work better and more efficiently. 

Essential cookies

Essential cookies – these cookies are necessary for the proper functioning of the website. They enable the use of certain functions of the website, such as the management of network services (load balancing), the storage of user preferences. Cookies are used to ensure the technical functioning of the website.

If You disable cookies in Your browser, some features of the website may not work at all or in part.

 

                                                             

Name

Supplier

Purpose

Valid for

PHPSESSID

EPSO-G

to set up a user session and transmit status data

Until the closing of the website window

gpdr-checked

EPSO-G

To inform the user about the cookies used

Until the closing of the website window

                        

         


13. How can You manage cookies?

By visiting the website (www.epsog.lt) You can choose whether You want to use cookies. You can control cookies on the website itself and (or) delete them according to Your preferences in the browser. You can refuse the use of optional cookies on the website, which are not mandatory, but the website may not be fully functional.

In Your browser settings, You can choose which cookies You want to accept and which You want to reject. You can delete all cookies that are already on Your computer, and most browsers allow You to prevent cookies from being saved. The location of these settings depends on the browser You are using.

If You do not agree to the storage of cookies on Your computer or other device, You can revoke Your consent to use them at any time by changing the settings on the website and deleting the saved cookies in Your browser. If You have chosen to delete cookies, remember that all the options set will also be removed. In addition, by blocking cookies completely, many websites (including www.epsog.lt) may not function properly. For these reasons, we do not recommend disabling essential cookies.


14. How to remove cookies from Your device?

In order to prevent the processing of Your personal data with the help of cookies, You can change the settings of Your web browser so that cookies are not accepted or delete the saved cookies.

You can change the cookie settings in Your browser at any time. All browsers have the option to delete cookies. More detailed instructions depend on the browser You are using, You can find them in the options menu of the browser You are using:

Cookie settings in Internet Explorer

Cookie settings in Firefox

Cookie settings in Chrome

Cookie settings in Safari web and iOS

More information https://allaboutcookies.org/

Please note that the removal or blocking of the cookies used may affect the functioning of the website and some of its functionalities, as well as may adversely affect Your use of the services available on the portal.

In order to learn more about cookies and how to manage or delete them, just visit https://allaboutcookies.org/ and Your browser’s help page.


15. How to contact the Company or Personal Data Protection Expert?

If You have any questions, comments or complaints about how we collect, use and store information about You, or if You wish to exercise Your rights as a data subject, You can contact:

15.1. Company, address: Laisvės ave. 10, Vilnius, Tel. No. +370-685 84866, e-mail: [email protected]

15.2. Personal data protection expert of the Company, e-mail [email protected]                                                                       

[[#ex]]

Last updated on 22 August 2024

Last updated: 29-08-2024