loader

Privacy policy

Privacy policy Objective and it's Application

IPSP, UAB (hereinafter referred to as „We” or „Company”) values your trust and is committed to ensure proper protection of your personal data. We respect your privacy and pledge to process and protect your personal data in a fair and lawful way in accordance with the applicable legal requirements of the European Union (General Data Protection Regulation 2016/679) (hereinafter referred to as „GDPR“) and the Republic of Lithuania.

This Privacy policy explains how we collect personal data about people who use our services and provides information about the scope of processing personal data, the purposes, sources, recipients and other important aspects of personal data processing.

In this privacy policy we describe what personal data we collect and process about people who use our services, clients and their representatives, visitors of this website, people that consented to receive direct marketing messages, job applicants for the vacant job position.

We may process your personal data for purposes other than those described in this Privacy policy. If this is the case, we will provide you with a separate privacy statement informing you about such processing.

We may change this Privacy policy at any time at our sole discretion, therefore, you have a responsibility to make sure that you are familiar with the latest version of the Privacy policy.

Definitions

Definitions 

The following definitions when used in this Privacy policy have the same meaning as stipulated in the GDPR and is as follows:

Personal data means any information relating to an identified or identifiable natural person („data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Personal data processing means any operation or set of operations which is performed on personal data or on sets or personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Company means IPSP, UAB, legal entity code 305621188, Saulėtekio al. 15-1, LT-10224 Vilnius, the Republic of Lithuania.

Contact Information

If you would like to find out how we process your personal data in more detail or if you wish to exercise any of your rights as data subject, please contact us: https://i-psp.com/en/contact-us.

You can contact Company also via e-mail: info@i-psp.com or mail: Saulėtekio al. 15-1, LT-10224, Lithuania.

General Provisions

The purpose of this Policy is to explain the procedures for the processing of personal data, the exercise of the rights of data subjects and the technical and organisational measures to protect personal data in accordance with the GDPR and other legislation on the protection of personal data.

In processing personal data, we comply with the GDPR, other applicable legislation governing the protection of personal data and this Policy.

We ensure that we comply with the following fundamental principles relating to the processing of personal data:

Personal data must be processed in a lawful, fair and transparent manner in relation to the data subject (principle of lawfulness, fairness and transparency);

Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes (purpose limitation principle);

Personal data must be adequate, relevant and only necessary for the purposes for which they are processed (principle of data minimisation);

Personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are not accurate in relation to the purposes for which they are processed are erased or rectified without undue delay (principle of accuracy);

Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (principle of limitation of retention periods);

Personal data must be processed in such a way as to ensure, through appropriate technical or organisational measures, adequate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (principle of integrity and confidentiality);

Personal Data

We collect personal data about you directly from you when you enter into contract with us or while representing other person, send your CV, as well as other information related to your employment.

We also collect information about you from a third party (such as your bank or merchant who you buy goods or services from), where you have given your explicit consent for your information to be shared with the Company in order to provide services.

Your personal data also might be obtained indirectly from other organisations (such as Linkedin) where you have explicitly consented to your information being shared, specific register and information systems, also such sources as State Social Insurance Fund Board, etc.

We will only collect and process your personal data following the applicable laws and regulations.

We use and share the personal data we collect about you for several different purposes and we rely on different legal grounds while processing it. Depending on whether you are a person that uses services, a representative to a current or potential client of ours or a website visitor, the below information sets out what categories of personal data we process, for what purpose and legal ground we rely on when processing the personal data. We also describe how we collect your personal data and whom we may share it with, as well as legal basis that allows us to do so.

On What Grounds Do We Process Your Data?

The Company collects and processes personal data in accordance with the legal acts of the European Union and the Republic of Lithuania regulating the protection of personal data.

The Company processes the personal data of the Clients on the following grounds:

  • On the basis of consent, which is expressed in your active actions, i.e. by contacting us and providing personal data by registering to receive newsletters, or by other proactive actions (GDPR Article 6(1)(a));
  • Concluding, executing, administering, amending contracts, agreements or similar documents (GDPR Article 6(1)(b));
  • Enforcing our legitimate interests (e.g., by administering the Website and ensuring its proper functioning) (GDPR Article 6(1)(f));
  • In order to fulfill our obligations under the law (GDPR Article 6(1)(c)).

Performance of Company‘s Agreements

We will process personal data of employees of our clients as well as service providers in order to perform the agreements. The Company receives data from the clients themselves, or the clients’ representatives.

In such case, we will process your personal data such as: name, surname, address, email address, contact information, messaging content and other personal data necessary for the conclusion and performance of agreements.

The basis for the processing of data of the employees of our clients as well as our service providers is the legitimate interest of the Company.

Personal data indicated in this section will be processed as long as the agreement or the business relationship is in effect, or to the extent necessary to achieve the purposes for which they are processed, and in accordance with statutory data retention requirements to limit or defend legal claims, and if any, to the extent necessary for that purpose. If personal data are indicated in the agreement, they will be stored for 10 years as of the date of expiration of the agreement.

Handling costumer complaints

The Company’s customers and service users have the right to file a complaint against the Company related to the services provided by the Company via email, phone or mail.

If you submit a complaint, your personal data will be processed in order to administer requests and / or complaints, ensure the quality of its services, on the basis of a contract or on the basis of the fulfilment of the Company‘s legal obligations or legitimate interest of the Company to defend against the legal claims. Also, your personal data might be processed on a basis of your consent in case you provide your personal data that is not required.

For this purpose, your personal data will be stored to the extent necessary to examine and respond to your request and / or complaint and in accordance with the terms established by the applicable law, 

Client support

We value your feedback and we want to understand what we can do to improve our services. Therefore, you can contact us in order to receive assistance on your question or concern.

If you contact us, we will process your personal data by collecting your name, surname and contact details through the source you chose to contact us (via e-mail, post or any other way).

All personal data will be processed on the basis of your consent which is expressed by your actions by sending us a question or concern.

Your personal data will be stored for 2 years after certain question or concern was sent to us. In some individual cases, in accordance with the applicable legal requirements, your personal data might be stored longer.

Processing personal data for recruiting purposes

You can send us your data in order to join our Company. Your personal data you present for the purpose of recruiting for the vacant job position in our Company will be processed based on your consent, expressed by submitting your personal data.

We collect and process your name, surname, address, contact phone number, email address, current employment status and company, other information in CVs and/or motivation letters, and/or other information submitted by you at the time of participation in the selection for the purpose of recruitment and on the basis of your consent which you give to us or to the recruitment company by sending your curriculum vitae.

If you do not submit your curriculum vitae and/or motivation letter, we will not be able to assess your suitability for the offered position.

Please comply with personal information protection requirements and do not send us excessive information. Please observe at least the following minimum requirements for the protection of your personal information by sending personal data to us: do not indicate excessive or unnecessary personal data either in the subject line of the letter or query, or in the attached CV, in motivational letters, in other files: personal identification code, health or other special personal data, financial data, bank account number, family member data, car license plate number, etc.

All personal data will be stored until ongoing recruitment process is finished. Please note that on basis of your consent we could store and use personal data you sent for the purposes of later recruitment for up to 1 year. Once you have given such a consent, you are entitled to withdraw it at any time, without prejudice to lawfulness of personal data processing based on such consent until the withdrawal of the consent. If you exercise this right, we will immediately take action to destroy your personal data.

Please note that in order to evaluate your candidacy, we may contact the former employers you have indicated for their recommendations and may ask them about your qualifications, professional skills and business qualities. We can request such information from your current employer only if we have your separate consent for this.

Direct marketing

We may send offers for the provision of services of our Company, newsletters and other advertising material to persons who have provided their contact details and have expressed a wish to receive information about services offered via e-mail.

We will process the following personal data for direct marketing purposes: name, surname, e-mail address.

We may work with third parties, such as online advertising developers and ad exchanges, to advertise online, and we may work with third-party analytical service providers to help evaluate and provide us and / or third parties with information about the use of such advertisements, third-party sites and ads and views of our content.

Data about your online activities may also be collected so that we, our partners or third parties can later display content that is relevant to your individual interests (see Cookie Policy for more details).

Your data will be used for direct marketing purposes for 2 (two) years as of the receipt of your consent.

If you are our Customer and have not objected to our direct marketing messages, we will send you messages about services similar to those provided to you by e-mail on the basis of our legitimate interest.

You have the right to refuse direct marketing at any time by contacting us via e-mail on info@i-psp.com.

Website visitors

When you visit our website, the Company may process the visitor’s IP address, network and location data when the visitor provides it. Data is collected using cookies and other similar technologies with the consent of users.

Data Processors and Data Recipients

If there is a sufficient legal basis (for example, when it is necessary for the conclusion or performance of the contract with you and when you have been duly informed about such transfer), we can disclose information about you to our employees, managers, service providers such as auditors, compliance officer, legal advisors.

We must transfer your personal data to the national supervisory authorities on the grounds and in the cases provided for by applicable law.

Moreover, we can disclose information about you:

  • If we must do this under the law;
  • In order to protect our rights or interests (including the provision of your data to third parties in order to recover your debts to us);
  • In order to sell a part of Company’s activities or assets, where we disclose your personal data to the potential buyer of the activities or a part thereof;
  • Having sold the activities of the Company or a substantial part thereof to third parties.

We may also provide personal data to other persons upon receiving your written consent.

Your personal data will not be transferred to third countries outside the European Economic Area and/or international organisations.

Except in cases provided in this Privacy Policy, we do not transfer your personal data to any third parties.

Retention of Personal Data

Retention of your personal data for longer than specified above may take place when:

  • It is necessary for the Company to be able to defend itself against claims, claims or lawsuits and exercise its rights;
  • There are reasonable grounds for suspecting an illegal activity under investigation;
  • Your data is necessary for the proper resolution of a dispute or complaint;
  • Backups and other purposes related to the operation and maintenance of information systems or similar;
  • In other cases provided for by law.

After the expiry of the period of processing and storage of your data set out in this Policy, we shall delete your data as soon as possible and within a reasonable and prudent period of time for such action.

If personal data is necessary for us to defend ourselves against existing or threatened claims, demands, or lawsuits, if there are suspicions of unlawful activity, if personal data is used as evidence in a civil, administrative, or criminal proceeding, for backup and purposes related to the operation and maintenance of our IT systems, or for other purposes as required by law, it may be retained for the period of time necessary for these processing purposes and destroyed immediately after it becomes no longer required.

Security of Your Personal Data

Your personal data will be processed pursuant to the requirements set out in GDPR, the Republic of Lithuania Law on Legal Protection of Personal data, the Republic of Lithuania Law on Electronic Communications and other legal acts.

In the course of processing your personal data, we implement organisational and technical measures which ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure and any other unlawful processing. These measures may include, among other, encryption, physical access security, auditing and other appropriate technologies.

Your Rights

This section contains information about your rights related to the processing of your personal data carried out by us and cases where you can exercise these rights. If you would like to receive more information on your rights or to exercise them, please contact us via e-mail indicated in this privacy policy.

We will provide information on actions taken on a request with regard to implementation of your rights without undue delay and in any event within 1 (one) month of receipt of the request. In consideration of the request complexity and the number of received requests, the aforementioned term may be extended for 2 (two) further months. In this case, we will notify you of such term extension and reasons for it within 1 (one) month as of the receipt of request. We will refuse to implement your rights only in cases provided for in the legal acts.

Your rights are as follow:

The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy.

The right of access

We want you to fully understand how we use your personal data and not to experience any inconvenience because of that. You can contact us at any time and ask if we process any of your personal data. If we store or use your personal data in any way, you have the right to access them.

We will provide access to the personal data we hold about you as well as the following information: the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data has been disclosed, the retention period or envisioned retention period for that personal data, when personal data has been collected from a third party, the source of the personal data.

The right to rectification

When you think we process inaccurate or incomplete personal information about you, you may exercise your right to correct or complete certain personal data. This may be used with the right to restrict processing to make sure that incorrect / incomplete personal data is not processed until it is corrected.

The right to restrict processing

You have the right to ask us to restrict the processing of your personal data or to object to their processing:

  • During the period required for us to verify the accuracy of your personal data when you submit claims with regard to data accuracy;
  • In cases of unlawful collection, storage or use of your personal data where you decide not to request of data;
  • When we do not need your personal data anymore, but you need them for the establishment, exercise or defense of legal claims;
  • During the period required to determine if we have an overriding legal basis to continue processing your personal data if you exercise your right to object to the processing of your personal data.

The right to erasure (the right „to be forgotten“)

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have unlawfully processed. We will take all reasonable steps to ensure personal data erasure.

The right to data portability

You have the right to the portability of data obtained by us under your consent or for the purpose of agreement conclusion. If you exercise this right, we will transfer a copy of the data provided by you.

The right to object

You have the right to object to use of your personal data by us:

  • In cases where we use such data in order to implement our legitimate interests but we do not have an overriding legal basis to continue using your personal data; or
  • At any time when we use your personal data to send newsletters or for direct marketing purposes. In such case, the data will not be used for these purposes anymore; however, they may be used for other legitimate purposes.

If you believe that your rights of the data subject have been and / or may be violated, please promptly contact us via email indicated in this Policy. We ensure that as soon as we receive your complaint, we will contact you within the reasonable period and inform you about the complaint handling process, and then about its result.

If the handling results are unsatisfactory to you, you can submit a claim to the supervisory authority – the State Data Protection Inspectorate (www.vdai.lrv.lt).

Exercising your rights

You may exercise the above-mentioned rights in the following ways: 

  1. by submitting a written request to us in person, by post and (or) through a representative or at the address: Saulėtekio al. 15-1, LT-10224 Vilnius; 
  2. by submitting a request to us by electronic means of communication, i.e., by e-mail: info@i-psp.com. 

In order for us to accept and exercise the rights of the data subject you request, you must confirm your identity in one of the following ways when submitting a request:

  • by submitting a request to our employee - together with a valid identity document;
  • by submitting a request by post or courier - together with a copy of a valid identity document approved in accordance with the procedure established by legal acts;
  • by submitting a request electronically - by confirming it by electronic means of communication that allow proper identification of the person (e.g., by a mobile signature, a qualified electronic signature, etc.).

Upon receipt of your request for the exercise of data subjects’ rights, We will provide you with an answer immediately, but no later than within 1 month from the date of the request. This period may be extended by a further 2 months, if necessary, depending on the complexity and number of requests. You will be notified of such an extension in the first month. The information you request will be provided free of charge. However, if We see that your requests are manifestly unfounded or disproportionate, in particular due to their repetitive content, We reserve the right to charge a reasonable fee for this (i.e. to claim administrative costs) or to refuse to act on such your request.

The answer will be provided in the manner chosen in your request. If you do not specify in the request the way in which you wish to receive a reply, the reply will be sent to you in the same way as the request.

Privacy Policy Review

We may update or amend this privacy policy at any time. Such updated or amended privacy policy will come into effect as of its publication on our website. You should check it from time to time and make sure that you find the current version of privacy policy acceptable.

After making an update to the privacy policy, we will notify you about any changes that we consider material by publishing them on the website