Privacy policy

Privacy policy

 

 

UAB “BALTIC AMADEUS” (hereinafter referred to as the Company or we), when processing personal data, complies with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the Regulation), the Law on Legal Protection of Personal Data of Republic of Lithuania and requirements of the other applicable legal acts and ensures the security of your personal data.

You – are the visitors of our websites www.ba.lt, www.enjoyit.lt and www.fincell.eu (hereinafter referred to as the Websites), service users, employees and personnel selection participants, customers, partners, subcontractors, service providers (their representatives) and other data subjects, whose personal data we have the right to process and undertake to properly protect.

 

By browsing the Websites, using our services, proposing your services, performing trainings, contacting us or otherwise providing us with your personal information, you agree to the terms and conditions of this Privacy Policy and hereby confirm that you have read and understand the terms and conditions of the Privacy Policy.

1. Processed Personal Data

We may collect and process the following categories of personal data:

  • Personal identification data – name, surname, position, name of the workplace, etc.
  • Contact personal data – e-mail address, telephone number, workplace or residence address, etc.
  • Personal data confirming personal identity – personal identification number, personal identity document No., etc.
  • Personal data related to employment – information you provide in your CV, cover letter or other documents provided to us, information about your education, professional qualifications, work experience, etc.
    Information about browsing our Websites – technical data of the device used, IP address, operating system, type of browser, etc.
  • Personal data that may be provided to us by other data controllers or processors using our services.
  • Any other personal data relating to you that you may provide to us by contacting us, using or wishing to use our services, proposing or providing your services, visiting our office, etc.

2. Legal Basis and Objectives for the Processing of Personal Data

We process personal data on the following grounds and for the following purposes:

  • on the basis of your consent – in order to respond to your inquiries, evaluate your proposals, provide you with information, advertise our services, enable you to use our Websites, analyse your browsing behaviour on our Websites using cookies, perform personnel selections, arrange events, competitions, service presentations, provide direct marketing offers, etc.
  • on the basis of concluding and executing a contract with you – in order to prepare a commercial or employment offer, enter into a contract and provide/order services, to communicate with you or your representatives, properly fulfil the obligations to you.
  • on the basis of a legal obligation imposed on us – in order to meet the mandatory requirements imposed on us by legislation or decisions of the competent authorities or supervisory authorities, etc.
  • on the basis of our legitimate interest – in order to ensure the security of our employees and assets, to protect or defend our rights against violations (e.g., to defend our rights in court/arbitration, to manage arrears, etc.), to exercise the right to insurance coverage, to improve the quality of services provided, to ensure performance of our contractual obligations, to offer similar services to existing customers, to speed up and simplify the delivery of services or the management of business operations, etc.

Your personal data are processed only for the purposes for which they were collected and if the purpose changes – we will inform you about it and ensure that personal data is always processed within an appropriate legal basis.

3. Transfer of Personal Data to Other Recipients

We may transfer (disclose, grant access) personal data to third parties (other data controllers, processors or recipients) in the following cases and procedures:

  • when are required to provide personal data to the competent authorities based on an existing legal obligation (Sodra, VMI, Department of Statistics, VĮ „Registrų centras“, etc.) or individual legal order (e.g., law enforcement authorities);
  • when we are obliged to provide personal data to financial institutions, auditing companies and other entities that are obliged by law to request documents or information relating to the Company’s activities;
  • when we provide personal data of our own and our partners’ personnel participating in project activities to our existing and/or potential clients by submitting service proposals, taking part in tenders, organising personnel selection, etc;
  • if we use ancillary data processors (e.g., IT service providers, server and other infrastructure service providers and intermediaries, consultants, insurance service providers, communication service providers, recruitment agencies, electronic document signing platform service providers etc.) for the processing of personal data, with whom contracts are concluded defining the scope of data processing, implementation of appropriate organisational and technical measures and other obligations necessary to ensure secure personal data processing and confidentiality. In the case of cooperation with global service providers (e.g. Microsoft), we analyse in detail their standard terms and conditions for the processing of personal data (in particular with regard to the security measures to be applied, the area of storage/transfer of the data, the retention periods, the management of breaches), and we only choose service providers and services that comply with the requirements for security and reliability as defined in the Regulation and in the Company’s internal documents;
  • if we use technological solutions based on artificial intelligence for the processing of personal data (e.g. applications for technical processing of incoming invoices, etc.), we select only providers and products that are widely used and recognised in the market, and whose standard terms of service and the obligations of the providers with regard to the processing of personal data ensure an adequate level of security and confidentiality of data;
  • if we must protect or defend our legitimate interests (e.g., to transmit data about the incident to law enforcement authorities, insurance company, apply for a professional legal consultation etc.);
  • if your consent has been obtained for the disclosure of personal data (e.g., the person’s consent to use his/her image (photo) and/or a testimonial about the services provided in public communication, to take advantage of additional benefits provided by the Company, etc.).

In all cases where personal data are transferred to third parties, we ensure that the data shall only be disclosed to trusted recipients and to the minimum extent necessary to achieve the purpose of the processing.

4. Transfer of Personal Data to Recipients Outside the EEA

The company operates on an international scale, therefore we may also transfer (disclose or provide access to) your personal data to our or our partners’ employees, auxiliary data processors or other data controllers (e.g., our existing and/or potential clients, IT service providers, server and other infrastructure service providers and intermediaries, etc.) outside the European Economic Area (EEA). When transferring personal data outside the EEA, we undertake to ensure that the data are transferred only to countries that ensure adequate legal protection of personal data and in accordance with the requirements of the Regulation, such as the application of standard contract clauses, etc.

5. Personal Data Retention Period

We set retention periods for personal data according to the specific purposes of the processing and process the data only for as long as is necessary to achieve the respective purposes. For example:

  1. We store the personal data of the customers/partners and their representatives (e.g. indicated as signatories or representatives in the contracts, involved in the provision of services and/or communications) provided to us for the purpose of performance of the service provision/cooperation agreement for 10 (ten) years from the date of end of effective period of the agreement;

2) We store personal data managed/processed by the customers and provided to us in accordance with the concluded personal data processing agreements until the expiry of the service provision/cooperation agreement unless a different storage term is stipulated in the contract concluded with a specific customer or specified in a separate instruction by the customer;

3) We process the contact personal data of the customers/their representatives for the purposes of direct marketing as long as the service provision/cooperation agreement is in force or the customer/its representative’s objection to further data processing is received;

4) We store the data of persons who have agreed to receive direct marketing offers no longer than 3 (three) years after the date of receipt of the consent;

5) We store the data of persons who have registered and agreed to participate in the competitions, service presentations or other events organized by the Company for no longer than 3 (three) months after the end of the event;

6) We store cookies about your browsing on our Websites for the periods specified in Clause 9 of this Privacy Policy according to the type of each cookie;

7) We store the personal data of candidates for work in the Company for a period specified in the Rules on the Processing of Personal Data of Participants in Personnel Selection;;

8) We store the personal data of our partners’ (their specialists who are being considered as candidates for the provision of services in the Company’s projects) during the effective period of the cooperation agreement and for 3 (three) years from the date of the candidate’s introduction and, in the case the candidate is selected for the provision of services (e.g. specialist is indicated in the service order entered between the partner and the Company), such specialist’s personal data can be processed within the time limit set out in point 1) abovethe end of the cooperation;

9) We store personal data of the service providers/their representatives collected during recorded video meetings (e.g., during training, service presentations, etc.) for a reasonable period of time, determined after assessing the necessity of the recorded information for the provision of services or the effective use of the result of the service received, but no longer than for 3 years (unless a different term is agreed in the service agreement).

The terms of storage of personal data of our employees, suppliers of goods and services/their representatives processed for the purposes of internal administration (personnel management, management and use of available material and financial resources, accounting and record keeping) are set in the Company’s internal documents.

We ensure that at the end of the retention period of personal data, all data shall be securely destroyed or depersonalized in such a way that the information cannot be recovered.

6. Personal Data Safeguarding

We grant access to your personal data only to those employees or partners whose processing of personal data is necessary for the performance of their direct duties and who are properly familiarized with the requirements applicable to the processing of personal data.

We apply appropriate technical and organisational measures to ensure the secure processing of your personal data, data confidentiality, integrity and access control. We are certified with the ISO 27001 information security management system certificate and accordingly have approved and implemented personal data and information security procedures determining the application of preventive measures, distribution of responsibilities, control measures and procedure for responding to security breaches. All procedures regulating the Company’s activities are periodically reviewed, execution of the procedures supervised and employee training arranged.

The Company’s knowledge and professional qualifications of our specialists are certified by Human Factors Certified Usability Analyst (CUA), Certified Ethical Hacker (CEH), Information Systems Security Professional (CISSP), Certified Data Privacy Solutions Engineer (CDPSE), Certified Information Security Auditor (CISA) and ISO/IEC 27001 Information Security Management System certifications.

7. Automated Decision Making and Profiling

The Company shall not process personal data through automated individual decision-making, but may conduct profiling (i.e. automated processing of personal data where personal data are used to assess certain personal aspects of an individual) that does not have legal consequences or similar significant effects for you.

Profiling shall be based on the Company’s legitimate interests, performance of the contract and/or your consent. If you have agreed to receive direct marketing messages, the Company shall have the right to process personal data for the purpose of sending direct marketing messages of a general nature and/or individually tailored to you.

8. Your Rights

As a data subject, you shall have the following rights under the Regulation:

1) To get acquainted with your personal data processed by us (right of access);

2) To require us to correct your personal information if it turns out to be inaccurate;

3) To require us to delete your personal data (right to be forgotten);

4) To demand that we limit the processing of personal data;

5) To require us to provide your personal data in a structured, commonly used and computer-readable format for transfer to another data controller (right to data portability);

6) To not consent to the processing of your personal data, including processing for marketing purposes;

7) To disagree with automated decision making, including profiling.
In order to exercise these rights, we hereby ask you to:

– Contact us at the contact details listed below in this Privacy Policy;

– Provide us with the information we need to identify you (for personal identification);

– Formulate your application and provide related information.

We undertake to respond to your request no later than within 1 (one) month from its receipt.

If you believe that our processing of personal data does not comply with the requirements established by the Regulation or other legal acts, you have the right to apply to the State Data Protection Inspectorate using the contacts provided on its website: https://vdai.lrv.lt/

9. Your Browsing of Our Websites and Use of Cookies

When you visit our Websites, we may collect certain information about your device, IP address, operating system, browser type, and more. We need this information to administer the system, to provide assistance, to collect aggregated data for analysis and quality improvement.

In addition, our Websites use cookies. A cookie is a small file of letters and numbers that we store on your device if you agree to it. With the help of cookies, we can distinguish you from other visitors to the Website and ensure you a pleasant experience browsing our Websites, providing you with better personalized content.

Types of cookies used on Websites:

Strictly necessary – these types of cookies are necessary for the operation of the Website. These cookies cannot be disabled because without them the Website will not function properly.
Functional – used to prevent changes to settings, such as language or time zone selection, each time you visit our Website.
Analytical – these cookies are used to collect general statistics on the number of visitors in order to monitor the performance of the Websites for analytical purposes and to improve their performance.
Marketing – used to better tailor the content of the Websites, to provide customized ads that may be of interest to an individual user.

By visiting our Websites, you can choose whether you want to use cookies. You can change your cookie settings to suit your preferences. You can also delete all cookies already on your device, and in most browsers you can prevent cookies from being saved. The location of these settings depends on the browser you are using.

If you do not agree to the storage of cookies on your device, you can revoke the consent at any time by using them by changing the settings and deleting the stored cookies. If you have chosen to delete cookies, remember that all the settings you have set are also deleted. In addition, if cookies are completely blocked, the Websites may no longer function properly. For these reasons, we do not recommend disabling cookies.

This link provides information about specific cookies currently used on our Websites. From time to time we can supplement and review the list of cookies, providing information about relevant cookies in this Privacy Policy and in a separate cookie selection window that pops up when you open the Website.

10. Third Party Websites

Our Websites may contain links to the websites of our partners, customers, advertising providers or others. If you want to click on a link to any of these websites, please note that each of them has its own privacy policy and terms of use. In consideration of this, it must be noted that we cannot accept any liability for your visits to other websites and the related processing of your personal data. Before submitting personal data to other websites, we recommend that you always read their privacy policy.

11. Changes to the Privacy Policy

This Privacy Policy is reviewed at least once a year, and more frequently reviewed and updated as needed.

In the event of a change to this Privacy Policy, we will post an updated version of it on our Websites, where you can always find the current version of the Privacy Policy.

This Privacy Policy was last revised on 9 September 2024.

12. Our Details

You can find our details and contact data at: https://www.ba.lt/en/contacts/

If you have any questions concerning the processing of personal data, please contact us by e-mail at dpo@ba.lt