1. TERMS AND DEFINITIONS
1.1. Personal Data – any information relating to a natural person (i.e. a data subject) whose identity is known or can be established directly or indirectly by using data such as personal identification number, one or several of the person’s physical, physiological, psychological, economic, cultural, or social characteristics, the person’s location and Internet identifier.
1.2. IP address – a unique number identifying a computer, telephone, tablet, or other device connecting to the Internet. The IP address can be used to identify the country where the computer has been connecting to the Internet.
1.4. Cookies – small files uploaded onto your computer, telephone, tablet or other device during any visit to eskolos.lt platform, which help the Website to recognize the device. This concept includes both cookies and other similar tools.
1.5. The Website – the website www.legalbalance.lt managed by the Company.
1.6. The Company – Legal Balance, UAB, registration number 302528679.
1.7. The Data Subject – a natural person, who uses the Company’s services, provides services / supplies goods to the Company or is interested in the possibility of employment in the Company, a representative of a legal entity or a person who browses the Website.
1.8. The Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2. GENERAL PROVISIONS
2.3. The Company’s processing of Personal Data is regulated by the Regulation, Republic of Lithuania Law on Legal Protection of Personal Data, other legislation and the Company’s local acts.
3. PRINCIPLES OF PERSONAL DATA PROCESSING
3.1. The scope of processed Personal Data depends on the services ordered or used by the Data Subject, and on the information provided by the Data Subject when ordering and (or) using the services, visiting the Website and providing his (her) data for the purposes of employment in the Company.
3.2. The data shall be processed only with the criterion of legal processing, i.e. to ensure the provision of services listed on the Company’s website; after obtaining a person’s consent; when the Company is obliged to process Personal Data under the relevant legislation; when processing of Personal Data is due to the legitimate interest of the Company or a third party (including creditors).
3.3. We seek to ensure that Personal Data is processed precisely, honestly and lawfully, solely for the purposes for which they have been collected, and in accordance with the principles and requirements of clear and transparent processing of personal data provided for in the current legislation.
3.4. You do not have to submit any Personal Data, but it may be that certain services will not be available unless Personal Data is provided.
4. SCOPE, OBJECTIVES AND BASIS FOR PERSONAL DATA PROCESSING
4.1. The Company shall process Personal data collected during the Data Subjects’ visits to the Company’s websites and related to services listed on those websites for the following purposes, on the following grounds and to the following extent:
4.1.1. Personal Data submitted by the Data Subjects:
22.214.171.124. the Data Subject’s name, surname, personal ID number, date of birth, telephone, e-mail, place of residence, and current bank account number; the basis being signing of an agreement with the Data Subject; the objective being verification of the client’s identity prior to signing of the agreement, signing of the agreement with the client (natural person), and assessment of opportunities for service provision;
126.96.36.199. The client representative’s office, name, surname, and e-mail; the basis being the Company’s legitimate interest of establishing a representative of the entity with which an agreement shall be signed; the objective being identification of the client and its representative, assessment of opportunities for service provision, and signing of the agreement with the client (legal entity);
188.8.131.52. The Company shall collect the Data Subject’s name, surname, telephone, e-mail, and place of residence for the signed agreement performance purposes (including communications with the client); the basis being performance of the signed agreement.
4.1.2. Personal Data of debtors submitted by the clients:
184.108.40.206. the Data Subject’s name, surname, personal ID number, date of birth, telephone, e-mail, documents confirming the appearance of debt, workplace data, family status, assets held, debt size, status and nature, debt date, recovery date, legal basis for payment obligation, and declared place of residence, credit history from UAB "Creditinfo Lietuva" database; the basis being third parties’ legitimate interest in the recovery of the debt; in case of the Company’s purchase of the debt, the Company’s legitimate interest in the recovery of the debt purchased and performance of the agreement between the client and the debtor; the objective being assessment of opportunities for debt recovery / service provision (in case of signing an agreement with the client - debt recovery).
4.2. The Personal Data specified above shall be processed while the debt is being recovered and the document confirming impossibility of the debt recovery is being drawn. After that, the data shall be stored for ten (10) years in order to raise, fulfil or defend the Company’s legal requirements and fulfil the document archiving obligation set forth by the current legislation.
4.3. Your Personal Data can be obtained both directly from you or your creditor (the Company’s client) and from the partners (debt collection agencies) from cross-border debt collection platforms (EOS Cross-border, TCM Group), the State Enterprise “Centre of Registers” i. e. Register of Legal Entities, Register of Residents, Mortgage Register, Register of Property Seizure Acts, Real Property Register and Cadastre, the Register of Wills, “Creditinfo Lietuva”, UAB and other data controllers processing joint debtor data files, Public Register of Invalid Personal Documents, or Public Register of Wanted Persons, Lithuanian Chamber of Bailiffs, bailiffs offices, publicly available information that you publish on your social networks, if such data are necessary for assessing the possibilities of debt recovery or provision of debt collection or other services.
4.4. The Website shall also collect the data of the Website visitors: IP address, visitor account connection time, Website browsing history and date. The data shall be collected for statistical purposes. The Website visitor stats are analysed by Google Analytics. The information about your Website browsing history collected by Google Analytics cookies shall be transferred and stored on Google.org servers.
The information gathered by cookies allows for more comfortable browsing, proposals and learning more about visitors’ behaviour on our Website, trend analysis and improvement of both the Website and services provided.
4.5. If you do not consent to cookies being recorded onto your computer or another device, you may change your browser settings and turn off all cookies or turn them on (off) one at a time. However, please note that in some cases this may slow down the Internet browsing, limit certain website functionalities or block access to the website altogether. For more information, visit AllAboutCookies.org or www.google.com/privacy_ads.html www.google.com/privacy_ads.htmlIn IT systems managed by the Company, the Company records and maintains the technical log records of Service providers. Technical log records are maintained to ensure security requirements to identify, monitor, track user’s actions related to the processing of Personal Data and to ensure accountability. The following personal data logs are recorded: login identifier, date, time, duration, connection result (successful, failed), files accessed, cases, to which a connection was attempted, actions have been taken on personal data (introduction, review, modification, deletion and other processing of Personal Data). Technical log records shall be stored for 3 (three) years. Personal data shall be processed on the basis of a legal obligation to which the Company is subject.
4.6. For direct marketing purposes: we shall process your Personal Data on the basis of your consent. For direct marketing purposes, the Company shall process the following Personal Data: name, surname, address, e-mail, and telephone. After obtaining your consent to the Personal Data processing, the data shall be processed in the course of five (5) years or until you withdraw your consent. Should you withdraw your consent to the Personal Data processing for the purpose(s) specified in this paragraph, only the fact of your consent shall be stored to raise, fulfil or defend our legal requirements and only for ten (10) years after the expiration of the consent term or consent withdrawal.
You shall have the right to decline the Company’s promotional messages at any time. You shall also have the right to refuse the Personal Data processing for direct marketing purposes without giving your reasons for such refusal. In order to withdraw your consent to the Personal Data processing for direct marketing purposes, you must clearly and unambiguously express your intention to the Company’s employee. The right to refuse the Personal Data processing for direct marketing purposes can also be exercised as follows:
· By clicking on the link that is present in each e-mail sent to you;
· By logging in to your account on the Company’s Website and selecting the withdrawal option;
· By contacting the Company via telephone or e-mail provided on the Website.
4.7. To ensure the service quality and form the uniform practice, the following Personal Data shall be processed for the purposes of objective consideration of the Data Subjects’ requests and complaints: the consultant’s name and (or) short telephone, your telephone, call date, and the call beginning and end times. Personal Data of the Data Subjects and the Company’s employees shall be processed on the basis of a legitimate interest. The client’s Personal Data shall be processed (i) on the basis of performance of the agreement signed with the client or in order to sign such agreement (if the data processing is required to ensure the proper quality of services) or (ii) on the basis of a legitimate interest (if the data processing is required to form the uniform practice and ensure the objective consideration of the Data Subjects’ requests and (or) complaints).
Your Personal Data shall be processed for the purposes specified in this paragraph but no more than ten (10) years after their receipt. Where there is a reason to believe that a conversation record contains a crime or other illegal actions, the required record data shall be transferred to a secure medium and stored as long as there is an objective need for it (i.e. even upon the expiration of the conversation record storage period specified in this paragraph).
Your Personal Data shall be processed for the purposes specified in this paragraph only if your telephone conversation takes place using telephone numbers assigned to the Company and during the Company’s working hours. The Company’s telephone counselling time and telephone numbers are published on the Company’s website.
4.9. For the purpose of informing debtors we use automatic program for sending text messages, calls and emails, installed in the IT systems managed by the Company. Personal Data shall be processed on the basis of legitimate interest of third parties in the recovery of the debt (in case of the Company’s purchase of the debt, the Company’s legitimate interest in the recovery of the debt purchased); after Company purchased the debt, Personal data shall also be processed on the basis of performance of a contract concluded between the client and the debtor. The categories of Personal Data processed: Data Subject’s phone number and e-mail address. Personal Data may be processed by the data processors.
4.10. For employment and related personnel administration purposes: the Company shall process the following Personal Data submitted by the Data Subject: curriculum vitae (CV), person’s image (photo), motivational letter, name, surname, e-mail, and residence address. Your Personal Data submitted to the Company when applying for a specific position in the Company shall be processed on the basis of signing of an employment contract. If you apply for a specific position by submitting an application, but do not receive a job offer, or if you fail to indicate that you are applying for some specific position, the Company shall store and process your Personal Data for future personnel recruitments in the course of a period not exceeding two (2) years after obtaining your consent. Candidates shall be informed about the Personal Data storage period and consent opportunities by e-mail, responding to a candidate’s letter with Personal Data. During the entire data storage period, the Company will be able to assess you as a candidate and offer you various jobs in the Company. You will have the right to withdraw your consent to the Personal Data processing for the purpose specified in this paragraph at any time by clearly and unambiguously expressing your intention in writing to the Company’s employee or by contacting the Company via telephone or e-mail provided on the Website. Candidates’ data can be obtained directly from the Data Subjects or by using the websites http://www.infolex.lt, https://www.cvbankas.lt/ or other Internet portals selected by the Company, which perform the search for employees and publish vacancy announcements.
4.11. Other objectives: the Company may also process your Personal Data for other purposes, adhering to the procedure and requirements of the Regulation and Republic of Lithuania Law on Legal Protection of Personal Data.
4.12. For the purpose of providing politically exposed persons and sanctions lists checking services, Company shall process the following Personal Data: name, surname, personal ID number, date of birth, place of residence, belonging to a political party, position, inclusion in sanctions lists (data sources: PEP Desk™ Database, Sanction Lists, the controller of database: Info4c AG, Schneckenmannstr. 27, CH-8044 Zurich). Company performs database searches to provide services to Clients for the purpose of money laundering and terrorist financing prevention. Company and outsourced client act as independent data controllers in performing client’s cognition (KYC).
5. PROVISION OF TARGET DATA TO OTHER SUBJECTS. DATA MANAGERS AND CONTROLLERS
5.1. The Company shall not transfer the processed Personal Data to third parties without the prior consent of the person (Data Subject), except in the manner prescribed by the current legislation.
5.2. The data recipients and recipient groups are as follows: state agencies and institutions (State Tax Inspectorate, State Labor Inspectorate), law enforcement authorities, auditors, legal and financial advisers, operators and partners (debt collection agencies) of cross-border debt collection platforms (EOS Cross-border, TCM Group), third-party registry and software managers.
5.2.1. If the Data Subject is behind with fulfilment of his (her) obligations to the Company for more than thirty (30) days, the Company shall submit information about his (her) identity and credit history, i.e. financial obligations and their execution, debts and their payment to the Credit Bureau Creditinfo Lietuva, UAB (registration number 111689163, address: A. Goštauto 40A, LT 01112 Vilnius, Lietuva, www.manocreditinfo.lt, Tel. (8 5) 2394131). The Credit Bureau shall process and submit the Data Subject’s information to third parties (such as financial institutions, telecommunication companies, insurance companies, electric and utility companies, trading companies, etc.) to achieve legitimate goals and interests, i.e. to assess the Data Subject’s creditworthiness and manage the debt. The credit history data shall be processed in the course of ten (10) years after the obligations have been fulfilled. You may visit www.manocreditinfo.lt to learn more about your credit history, terms and conditions of the Personal Data processing and the rights implementation procedure.
5.3. Your Personal Data may be processed by the data managers who provide the accounting, web hosting, data centre and (or) server rental, IT maintenance, external audit, and other services to the Company.
5.4 For the purpose stated in paragraph 220.127.116.11., your personal data may be processed by the data controllers belonging to the group of companies together with the Company, as well as other partners of the Company, with whom the data processing agreement is concluded.
5.5. The data managers shall have the right to process Personal Data but only in accordance with the Company’s instructions and only to the extent necessary for the proper fulfilment of contractual obligations. Before involving the data managers, we seek to ensure that they also implement the appropriate technical and organisational security measures and maintain the confidentiality of Personal Data.
5.6. Your Personal Data may be submitted to third parties as follows: in writing, via electronic media, by connecting in a coherent manner to databases, information systems or other Personal Data controllers which accumulate individual data.
6. SECURITY OF PERSONAL DATA
6.1. Through its internal organizational and technical measures, the Company shall make every reasonable effort to ensure that Personal Data is protected against any unlawful actions. All Personal Data and other information provided by the Data Subject shall be deemed confidential. Only the Company’s employees and data managers who require Personal Data to perform their work functions or provide services shall have access to Personal Data.
7. RIGHTS OF THE DATA SUBJECTS
7.1. Each Data Subject shall have the following rights:
7.1.1. The right to familiarize himself (herself) with the submitted Personal Data at any time by contacting the Company;
7.1.2. The right to receive information by submitting a written request and the right to know what Personal Data have been collected and from which sources, for what purpose they are being processed and to whom they are being transferred;
7.1.3. The right to demand that his (her) inaccurate or incomplete Personal Data be corrected and (or) processing of such Personal Data be suspended by submitting a written request or an e-mail.
7.1.4. The right to refuse the processing of his (her) Personal Data, unless such Personal Data is being processed for the legitimate interest pursued by the data controller or a third party to whom Personal Data is transferred, and if the Data Subject’s interests are not more important;
7.1.5. The right to demand that the submitted Personal Data be destroyed;
7.1.6. The right to demand that the Personal Data processing actions be restricted;
7.1.7. The right to demand that the Personal Data submitted by him (her) (if such data are being processed automatically and on the basis of his (her) consent or agreement) be transferred by the data controller to another data controller if such operation is technically feasible (data transferability);
7.1.8. The right to refuse the automated processing of personal data;
7.1.9. The right to refuse the processing of personal data for direct marketing purposes;
7.1.10. The right to revoke the consent given for the data processing;
7.1.11. The right to submit a complaint regarding the Personal Data processing to the State Data Protection Inspectorate.
7.2. After submitting a personal identity document or confirming his (her) identity in accordance with the procedure established by the current legislation or via electronic media which allow to identify a person properly, the Data Subject must submit a written application for the exercise of his (her) rights personally or by post, courier or e-mail. We will respond to your application not later than within one (1) month after its receipt. After you submit your revised request, we will respond your application within one (1) month of receiving your revised request. That period may be extended for 2 (two) months depending on the complexity of the request. In that case we will inform you of the extension and the reasons for the extension within 1 (one) month of receipt of the request.
7.3. While acting as the data controller, the Company shall be entitled to reasonably refuse to exercise your rights on the basis provided for in the Regulation.
7.4. You may submit the application by e-mail: email@example.com or by personally arriving to the Company’s office at Žalgirio 90, LT-09303 Vilnius.
7.5. Information about the processing of your data shall be provided to you, legality and integrity of the data processing shall be verified, the data processing related actions shall be terminated, and your data shall be destroyed free of charge.
8. DATA PROTECTION OFFICER
8.1. The Company has a Data Protection Officer.
8.2. If you would like to check and find out how the Company handles your Personal Data, or you intend to use your rights as the Data Subject, please contact the Company’s appointed Data Protection Officer by e-mail: firstname.lastname@example.org, or by phone 8 700 800 72.
9. FINAL PROVISIONS