1.2 The Controller shall determine the purposes and means of processing of your personal data, and shall engage natural and/or legal persons who would process your personal data on behalf of and in accordance with the instructions of the Controller in compliance with the General Data Protection Regulation (hereinafter – GDPR), as well as the requirements for personal data processing laid down in the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legislation.
1.3 Persons under the age of 16 may not provide any personal data through the Website or at the Law Firm. If you are a person under the age of 16, you must obtain the consent of your parents or other legal guardians before submitting your personal information to the Controller.
1.4 By using the Website and the Services, the person shall agree, without reservations or restrictions, to these Rules, which govern the purposes and methods of collecting personal data, the conditions of processing and storage thereof, the rights of the data subject, etc. If you do not agree with these Rules, you are not entitled to use any Services of the Controller (on the Website, at the Law Firm and/or on social network accounts).
II. HOW DO WE COLLECT YOUR PERSONAL DATA? WHAT IS THE PURPOSE OF USE OF YOUR PERSONAL DATA?
2.1 Your personal data may be collected in the following ways:
2.1.3 when posting opinions, comments, likes, mentions and becoming a follower of the Controller-owned Website and/or social networks accounts (Facebook, Instagram, LinkedIn, etc.);
2.1.6. when exchanging business cards with the Controller at meetings or events, or when submitting your contact information through registration for the Controller’s events;
2.2 Your personal data shall be collected for a specific purpose of use and may not be used for any other purpose without a legitimate basis or consent. The Controller shall collect personal data and use them accordingly for the following purposes:
2.2.1 to provide services that you have ordered on the basis of the agreement with the Controller for the provision of legal services and/or on the Website (sending newsletters or other information);
2.2.2 to ensure that the content of the Website is presented according to your preferences (language and other preferences; customisation of the Website (with respect to the visitor));
2.2.3 for administrative purposes (to keep records of users who have registered for the content of the Website);
2.2.4 for the purposes of selling the Services (in cases where you are or have been a client of the Law Firm, we must retain personal data and other information in accordance with applicable laws of the Republic of Lithuania);
2.2.7 for replying to your inquiries or any other correspondence (if we do not have contact details we will not be able to reply to you);
2.2.8 in cases where we are required to provide information to public authorities in accordance with applicable laws of the Republic of Lithuania.
III. HOW DO WE PROCESS YOUR PERSONAL DATA?
3.1 All your personal data shall be processed:
3.1.1. on the basis of consent expressed by your active actions, i.e. contacting the Controller and submitting personal data in various forms or other active actions on the Website, social networks and/or at the Law Firm;
3.1.2. to implement the Controller’s legitimate interests (e.g. managing and administering the Website, notifying you of the Services offered, news, etc.);
3.1.3. to perform the obligations imposed on the Controller by the laws.
3.2. In accordance with the laws of the Republic of Lithuania, we may process the following personal data:
3.2.1. personal information (name, surname, represented company, position);
3.2.2. contact information (e-mail address, address of place of residence, telephone numbers, social network accounts);
3.2.3. any other data you provide in connection with the conclusion and performance of the agreement for the provision of legal services with the Controller;
3.2.4. personal data required by the Controller for the performance of legal obligations;
3.2.5. other data we collect from legal sources in the course of provision of legal services.
3.3. All your personal data shall be processed only to the extent necessary to ensure proper preparation of replies to inquiries made on the Website and/or social network platforms, provision of Services in accordance with agreement for provision of legal services, and for related purposes, as well as for performance of legal obligations binding to the Controller.
IV. TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?
4.1. We shall transfer your personal data to the following data recipients:
- UAB Destaras(IT maintenance);
- UAB Interneto vizija (server and hosting services);
- UAB Cgates (Internet provider);
- UAB Nexia JK (book-keeping services);
- AB Telia Lietuva (telecommunication services);
- UAB AMEA Business Solutions (client data management services);
- Google Analytics – Google, Inc. (web analytics service that helps analyse how the Website is used);
- Joint Stock Company Sendinblue (el. laiškų (naujienlaiškio) siuntimo paslaugos);
- courts; arbitrations; Prosecutor General’s Office of the Republic of Lithuania; Police Department under the Ministry of Interior of the Republic of Lithuania; State Tax Inspectorate under the Ministry of Finance of the Republic of Lithuania; Competition Council of the Republic of Lithuania; Lithuanian Bar Association; supervisory, law enforcement and other public authorities;
- lawyers; notaries; bailiffs; auditors; consultants; providers of information technology maintenance services; providers of banking services; recruitment agencies; providers of document and client database management programmes; providers of electronic communications services; insurance companies; companies providing archiving and other services;
- persons involved in cases, third parties concerned, representatives thereof.
V. WHAT RIGHTS HAVE BEEN GRANTED TO YOU IN ACCORDANCE WITH PERSONAL DATA PROTECTION LEGISLATION?
5.1. The Controller shall ensure the implementation of your rights in accordance with personal data protection legislation. In compliance therewith, you have the following rights:
5.1.1. to obtain from the Controller confirmation whether the Controller is processing data relating to you and, if so, to obtain access to the data processed and related information;
5.1.2. to obtain from the Controller correction of inaccurate or incorrect information used or to supplement it when it is incomplete;
5.1.3. to obtain from the Controller deletion of any information that the Controller has about you in case of unauthorised use;
5.1.4. to obtain from the Controller restriction of the processing of information held about you – when you dispute the accuracy of the data or object to the processing; do not consent to the deletion of your data unlawfully processed; you need data to establish, exercise or defend legal claims;
5.1.5. to express objections to the use of your personal data – when the Controller uses your personal data to perform a task in the public interest or in performing public authority functions delegated to the Controller and/or processing is necessary for the legitimate interests of the Controller or a third party;
5.1.6. to submit to the Controller a request to transfer (receive), in a commonly used electronic format, the data you have provided to the Controller in accordance with the agreement for provision of legal services or through a consent and processed by the Controller by automated means;
5.1.7. to withdraw the consent given to the Controller regarding the use of information about you – when we use personal data on the basis of your consent;
5.1.8. to lodge a complaint with the supervisory authority, in particular in the Member State in which you are domiciled or the place where the alleged GDPR breach was committed and apply for judicial remedies.
5.2. In cases where an inquiry/request is submitted to the Controller in connection with data of a specific person, we may provide the data only after identifying that the applicant is indeed the person referred to in the inquiry/request. This can be done by presenting to the Law Firm a personal identity document valid in the Republic of Lithuania.
5.3. All requests specified in clause 5.1 of the Rules shall be submitted at the contacts specified in clause 5.4 of the Rules. Upon receipt of your request, the Controller shall immediately handle it (correct and delete data within 1–2 business days; upon written request, submit the personal data collected about you for familiarisation within 20 calendar days).
5.4. All requests shall be submitted to the Controller in one of the following ways:
– via e-mail email@example.com;
– by registered mail to the Law Firm at the address Kęstučio g. 86 / I. Kanto g. 18, Room 201, LT-44296, Kaunas;
– upon arrival to the Law Firm at the address Kęstučio g. 86 / I. Kanto g. 18, Room 201, LT-44296, Kaunas.
5.5. If you think your rights to privacy have been violated, you may lodge a complaint to the appropriate authority in the EU Member State in which you live. Contact details of such authorities can be found here.
5.6. V. P. is appointed as the Data Protection Officer of the Controller. He can be contacted in connection with personal data processed by the Controller via e-mail firstname.lastname@example.org.
VI. AMENDMENTS TO THE RULES
6.1. The Controller may amend, supplement or update the Rules at any time, in whole or in part, and we recommend making sure that you have familiarised with the current version of the Rules before using the Website (the date of publication of the Rules is always indicated at the end of the Rules).
6.2. Amendments or supplements to the Rules shall come into force from the date of publication thereof on the Website.
6.3. If you continue using the Controller’s Website and Services after the Rules have been supplemented or amended, it shall be deemed that you have agreed to the new version of the Rules.
6.4. If any provision of the Rules is declared invalid or inapplicable, this provision shall not affect the lawfulness and validity of the remaining provisions of the Rules.
VII. FINAL PROVISIONS
7.1. The Controller shall take appropriate technical and organisational measures to ensure the protection of all data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and any other forms of unauthorized processing.
7.2. All notifications relating to the processing of personal data shall be submitted to the Controller in the manner specified in clause 5.4 of the Rules. The reply shall be provided by the Controller in the same form in which the notification or claim was received.
7.3. The content of the Website is for information purposes only and cannot be treated or used as professional (legal or other) consultation. The Controller shall not assume liability for any actions that may be taken in the light of the information contained herein. Adequate and qualified legal advice can only be given after a thorough assessment of all the relevant facts of the individual case. For legal consultation, contact us via e-mail email@example.com or telephone +370 615 53 847.
7.4. The use of the information provided on this Website (text or link) is subject to the written consent of the Controller, which may be obtained by contacting us via e-mail firstname.lastname@example.org.
7.5. These Rules were published on 2 March 2020.