The data controller is UAB Concretus group, legal entity code 124656868, registered office address Žarijų g. 6A Vilnius, Lietuva.
The Company processes personal data under the legal acts of the European Union and the Republic of Lithuania regulating the processing of personal data.
The scope of personal data to be processed depends on the services ordered or used, the information provided by a person when contacting the Company, ordering and/or using services, visiting the website or registering on it, providing his/her data for employment in the Company or entering the Company’s premises or territory.
The processing of personal data is subject to the criterion of lawful processing, namely, to ensure the provision of services; with the consent of the individual; where the processing of personal data is subject to an obligation of the Company under the relevant legislation; where the processing of personal data is necessary for the legitimate interest of the data controller or a third party.
The Company aims to ensure that personal data is processed accurately, fairly and lawfully, only pursuing the purposes for which it has been collected, following clear and transparent principles and requirements for the processing of personal data established by the law.
Personal data may be obtained directly from data subjects who provide it when sending their CV or otherwise contacting the Company, from clients’ activities, from corporate data controllers or other external sources. Data can also be obtained from publicly available sources.
Data can be generated when a person uses services, for example, phone calls, SMS, electronic mail, orders services or visits the website.
The person is not required to provide any personal data unless the personal data is necessary for the conclusion of transactions with him/her (for example, the provision of services, billing).
The Company processes personal data for the following purposes: Performance of contractual obligations; recovery of debts; management of enquiries; statistics of the website’s use; protection of property and people; identification of individuals; submission, fulfilment and defence of legal requirements; recruitment; conclusion and performance of labour contracts, administration, clerical work, and other purposes related to the management of the Company’s staff.
The Company is entitled to process personal data of individuals referred to herein under Article 6(1)(c) and Article 9(1)(h) of the General Data Protection Regulation, to implement the legislative requirements, comply with the recommendations made by the competent authorities, and protect the vital interests of customers, interested parties and employees. Information on body temperature readings of such persons shall be maintained for the specified purposes. For the purposes stated, the body temperature of individuals shall be expressed in real-time, and the recorded data shall not be stored.
Data subjects’ groups are clients; clients’ representatives; business partners; representatives of business partners; employees; job seekers; persons entering the Company’s premises and territory; interested parties of the Company.
The main categories of personal data that may be processed include but are not limited to a full name, workplace, position, personal ID number, mobile telephone number, personal data provided in a CV, address, e-mail address, video records, information on visits to the Company’s premises, vehicle licence plate numbers, other information required for the provision of services, business/employment relationship, and contract administration; IP address, website browsing history and date.
Recipients and recipient groups are public institutions and authorities, law enforcement authorities; auditors, legal and financial advisers; third parties handling registers, debt recovery companies.
Video surveillance in the Company is carried out only on the premises and/or areas controlled by the Company. The Company’s premises and territories are monitored by video surveillance. Video surveillance is carried out to protect the Company’s assets, information, and people. Data collection: Videos.
The Company aims to arrange video surveillance in such a way that the observation field does not fall beyond what is strictly necessary (a room, a part of the room). There is no monitoring in the premises and/or in areas dedicated to private use, such as toilets, showers, changing rooms, etc.
At the end of the period of video storage, the video records are automatically overwritten, thus deleting the data of the oldest period.
Video recordings may only be used to reveal alleged offences or prove the damage caused to the Company’s property by the Company employees, service providers, third parties, and may be transmitted only to persons entitled to receive such data under the procedure established by law.
Video recordings may be allowed to be reviewed and, where necessary, transferred to law enforcement authorities upon a written request from law enforcement authorities. If video records are evaluated outside the premises of law enforcement authorities or the premises of the court, the video review must take place in a closed room at the Company. Such report shall be open to the participation of the data subject and the Company’s responsible employee.
Where there is reason to believe that a legal violation has been captured on the surveillance material, the necessary image data (sequences) shall be transferred to secure media storage and retained for as long as required objectively.
The data subject’s request to provide a video record shall contain the precise circumstances of the incident (including the address of the premises/territory managed by the Company; specific place in the premises/site where the incident occurred; date and time of the event (up to half an hour)). A reply to the request to provide video recordings for review shall be submitted no later than 30 working days from the date of receipt of the request in the same form as received or in the manner specified in the data subject’s request, subject to the data subject’s confirmation that the data security will be ensured during the transmission. Otherwise, the refusal to grant such a request is notified, stating the reasons for the denial.
Personal data of potential employees submitted during the recruiting process for a specific position announced by the Company shall be processed to conclude an employment contract with a potential employee.
If a prospective employee applies for a specific position, but no job is offered to him/her, the potential employee’s particulars shall be destroyed at the end of the selection process for the position announced by the Company.
Where the Company does not announce the selection of employees or trainees for a specific position, but the data subject nevertheless applies for one or several jobs or internships at the Company, or contacts the Company without specifying a particular position, and voluntarily provides his/her data (e.g. CV, full name, contact details), such personal data of the data subject is not stored.
The processing of personal data shall be limited to achieving the purposes of the processing or complying with the requirements of the data subjects and/or by legislation.
The data is usually continued to be processed for ten years from the end of the contract or the relationship with the customers.
The Company can process the data as a separate data controller or together with other data controllers (i.e. joint controllers within the meaning of Article 26 of the Regulation). An agreement shall be concluded between joint controllers, establishing their respective responsibilities for the fulfilment of the obligations under the Regulation in a transparent manner, defining the individual functions of joint controllers and their relationship with data subjects. The data subject shall have access to the essential provisions of this agreement at the written request of the data subject. The data subject may exercise his/her rights under the Regulation in respect of each of the data controllers.
The data may be processed by data processors providing accounting, website hosting, data centre/server rental, IT maintenance, external audit, protection, and other services to the Company.
Data processors shall have the right to process personal data only upon instructions from the Company and to the extent necessary for the proper performance of their obligations under the contract. The Company seeks confirmation through the data controllers that the data processors have also implemented appropriate organisational and technical security measures and maintain the confidentiality of personal data.
The Company has the Data Protection Officer. The Data Protection Officer can be contacted by e-mail at firstname.lastname@example.org.
Each data subject shall have the following rights:
(a) Right to information about the processing of their data;
(b) Right of access to his/her processed personal data and the way of processing, namely to obtain information on the period of retention of personal data, the technical and organisational measures taken to ensure data security, to receive information from which sources and for what purpose, personal data is collected, to whom it is transferred;
(c) Right to rectification and erasure or blocking, other than storage, of his/her data, where the processing is not carried out under legal provisions;
(d) Right to object to the processing of his/her data, unless such processing is required for the legitimate interest of the data controller or a third party to whom the personal data is provided, and the importance of the data subject are not overriding;
(e) Right to erasure of the submitted personal data submitted;
(f) Right to restriction of processing of personal data;
(g) Right to require that personal data provided by him/her be transmitted by the data controller to another data controller, if it is processed based on his/her consent or contract and by automated means, and where it is technically possible (data portability);
(e) Right to file a complaint with the State Data Protection Inspectorate regarding the processing of personal data.
The data subject who has submitted a personal identification document or identified himself/herself following the statutory procedure or using electronic means of communication enabling a person’s proper identification shall have the right to send a written request, either individually or through a representative, by post, courier or e-mail. On request, we will respond no later than 30 calendar days after receipt of the application.
The Company aims to implement appropriate, technically feasible and cost-effective organisational and technical data security measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, and any other illegal processing. All personal data and additional information provided by the data subject shall be treated as confidential.
Access to personal data shall be limited to those employees, service providers and authorised data processors who need personal data to perform the functions assigned to them by their organisational unit.
Cookies are small text information files that are created automatically by browsing the website and stored on a computer or another terminal device and used to improve the browsing experience.
The information collected by cookies enables us to make web-navigation more user-friendly, make proposals and learn more about the user behaviour on our websites, analyse trends and improve both the site and the services provided.
If you agree that cookies are added to your computer or another terminal device, press the ‘Agree’ button.
If you do not agree to save cookies on your computer or another terminal device, you can either express your disagreement by pressing ‘Do not agree’ button on the website or by changing the settings of your web browser and turning off all cookies at once or one by one. However, please note that in some cases, this may slow down the speed of internet browsing, limit the functionality of certain web features or block access to the website.
We provide links to websites of third parties on the site. Information on the processing of personal data by third parties can be found in privacy policies published on third party websites, the content of which is not affected by the Company.
|Name||Purpose||Time of creation||Period of validity||Data used|