UAB ,,Adex LT”

Registration code: 302416000

VAT: LT100004813119

CEO: Tomas Gulbinas 

Adress: Pramonės g. 3a, LT-65210 Varėna

 

 

PERSONAL DATA PROCESSING RULES 

 

CHAPTER I

TERMS

 

Terms used in the procedure: 

Data subject - a natural person whose personal data is processed by Adex LT UAB. employee - a person who has concluded an employment contract with UAB "ADEX Lt", performs the duties entrusted to him according to the job regulations and is appointed by the manager's decision to process personal data or a person who provides services according to the concluded service provision contract. personal data - any information related to a natural person - a data subject, whose identity is known or can be directly or indirectly determined using data such as a personal code, one or more physical, physiological, psychological, economic, cultural or social characteristics characteristic of a person signs; 

Processing of personal data - means any action performed with personal data: collection, recording, accumulation, storage, classification, grouping, connection, change (addition or correction), provision, publication, use, logical and/or arithmetic operations, search, dissemination, destruction or other action or set of actions. data recipient, processor – a legal or natural person to whom personal data is provided; 

Provision of data - disclosure of personal data by transmission or otherwise making them available (except for publication in public information means); 

Other terms used are understood as they are explained in the General Regulation on the Protection of Personal Data EU 2016/679, (hereinafter - GDPR).

 

 

GENERAL PROVITIONS

 

1. UAB ,,Adex LT" (hereinafter - the Company) in the description of the procedure for implementing the rights of data subjects, otherwise in the personal data processing rules (hereinafter - the Description), the scope and purposes of the processing of personal data, the rights of data subjects, the requests of data subjects regarding their rights, established in 2016 April 27 Implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (OJ 2016 L 119, p.1) (hereinafter - the Regulation) submission and examination procedure in the Company.

2. The description was prepared in accordance with the Regulation and the Law on Legal Protection of Personal Data of the Republic of Lithuania.

3. The terms used in the description are understood as they are defined in the Regulation.

4. The personal data of the data subjects is processed by the data controller – UAB ,,Adex LT”, Company code: 302416000, VAT payer code: LT100004813119, managed by director Tomas Gulbinas, e-mail: info@adexlt.com, www.adexlt.com, phone : +370 620 49104

5. The company stores the personal data of the following data subjects in manual and non-systematized files and/or automatically for the following personal data processing purposes:

5.1. fizinių asmenų, su Įmone sudariusių paslaugų ar viešojo pirkimo sutartis, asmens duomenys, o jurid5.1. the personal data of natural persons who have concluded service or public procurement contracts with the Company, and the personal data of legal entities - their employees specified in the contracts, are processed for the purpose of carrying out the company's activities and administering internal procedures (execution and settlement of contracts);

5.2. special categories of data related to the employee's health are processed only for the purpose of concluding employment contracts and providing suitable working conditions;

5.3. The personal data of employees are processed for the purposes of the recruitment process and the fulfillment of the obligations of employment contracts or relationships and for the purposes of contact;

5.4. The personal data of children under the age of 14 and the personal data of their parents/guardians are not processed.

5.5. CVs, motivational letters and other data of persons wishing to be employed are processed for the employment process. The personal data obtained by unemployed persons are stored for 2 (two) years with the permission of the applicant, and those who do not agree - are removed from all systems after the purpose of processing the received data has been achieved.

5.6. For the purpose of debt administration, in case of indebtedness to UAB "Adex Lt" company;

5.7. For the purpose of fulfilling requests from law enforcement authorities with legal authority to access the data;

5.8. For the purpose of video data monitoring and processing of received data;

5.9. For the purpose of company audit checks, preparation of financial reports and analysis, and improvement of services.

6. Personal data is always provided to third parties only in the cases and procedures established by laws and other legal acts:

6.1. The data of natural persons may be provided to: Institutions performing the Company's supervision activities, when these data are related to the ongoing supervision of the Company; to law enforcement institutions, the State Tax Inspectorate, State Control of the Republic of Lithuania, courts, insurance companies, security companies, debt collection companies and other institutions providing this type of service.

6.2. Personal data of data subjects contained in the information systems managed by the company, to related registers, information systems and other recipients specified in the regulations of the relevant register or the relevant information system, who have access to personal data due to work functions related to the processing of personal data, for example; Territorial labor exchange, State Tax Inspectorate, Sodra and others.

6.3. To other third parties to whom the obligation to provide personal data is established by law or other legal acts, for example; employees of accounting institutions are hired, who, according to the contractual relations, are responsible for preparing documents, accounting and other work functions.

7. Personal data are stored no longer than the purposes of data processing require. The terms of storage of personal data stored in documents or files are determined in the annual documentation plan approved by the head of the Company. The terms of storage of personal data of data subjects in the registers and information systems managed by the company are provided for in the regulations of the relevant register or the relevant information system. Personal data of employees with files are stored for no less than 50 years; Personal e-mails are stored for at least 3 years.

7.1. When personal data are no longer needed to achieve the purposes of their processing, they are destroyed, with the exception of those data that must be transferred to the archive for further storage in cases established by law, or are returned to the candidate, the workplace, partners and others.

8. Personal data is not transferred outside the European Union or the European Economic Area.

8.1. If it is necessary to transfer personal data outside the above-mentioned areas during the performance of the service, the data subject is always informed about such transfer and its purpose and reason.

9. The company processes the following personal data of data subjects for the purpose specified in point 5 of these Rules:

1. name;

2. surname;

3. personal identification number;

4. date of birth;

5. address;

6. residence;

7. email address;

8. telephone number;

9. personal document data and their copies;

10. request texts and other documents related to the request are necessary to achieve contractual relations and fulfill obligations;

11. IP address;

12. video data from cameras located on the territory of the Company;

13. workplace or employer data;

14. electronic signatures.

​

10. Personal data is processed in compliance with technical and organizational methods of protection of personal data processing.

10.1. Legal basis for processing personal data: The company processes personal data based on GDPR Article 6, Section 1 a ( ...the data subject has given consent for his personal data to be processed for one or more specific purposes...") ; b (... processing of data is necessary in order to fulfill the contract...") ; c (,, ...processing of data is necessary to fulfill the legal obligation applicable to the data controller") points.

 

​

CHAPTER II 

CONFIDENTIALITY

 

11. The employees of the company, who have to work with personal data in the course of their work functions, are introduced to these Rules and the description of the confidentiality procedure. Each employee signs a promise to keep personal data secret (confidentiality agreement).

12. The company's employees have the right to process personal data only for the purposes and to the extent specified in these rules.

13. Employees must adhere to the principle of confidentiality, keep secret any information related to personal data that they have become familiar with in the course of their duties, unless such information is public in accordance with the provisions of applicable laws or other legal acts. The principle of confidentiality must be observed by employees even after the end of the employment relationship. The obligation to keep personal data secret also applies after the employee moves to another position. The principle of confidentiality means that persons processing personal data are prohibited from disclosing them without the consent of the data controller or company manager, after receiving requests from third parties for such disclosure.

 

 

CHAPTER III 

RIGHTS OF DATA SUBJECTS

 

14. Data subjects have the following rights enshrined in the Regulation:

14.1. the right to know (to be informed) about the processing of your personal data in the Company;

14.2. the right to get acquainted with the processed personal data;

14.3. the right to demand correction of incorrect or incorrectly submitted personal data;

14.4. the right to demand the deletion of illegally processed personal data ("right to be forgotten”);

14.5. the right to restrict the processing of personal data;

14.6. the right to object to the processing of personal data;

14.7. the right to portability of personal data;

14.8. the right to submit a complaint to the state data protection inspectorate regarding illegally or improperly processed personal data.

 

 

SECTION I

RIGHTS TO KNOW (TO BE INFORMED) ABOUT YOUR PERSONAL DATA IMPLEMENTATION OF PROCESSING IN THE COMPANY

 

15. The right of the data subject is implemented by providing information to the data subject about the processing of personal data:

15.1. During communication with the data subject in the manner in which the data subject addresses the Company.

16. The company has the right to refuse to implement the intended right of the data subject or to provide incomplete information requested by the data subject, when:

16.1. The data subject has already received such information during the current calendar year, or already has it;

16.2. Providing the information requested by the data subject is impossible or would require a disproportionate effort;

16.3. The acquisition or disclosure of personal data is clearly established in the legal acts of the European Union or the Republic of Lithuania, which establish appropriate measures to protect the interests of legitimate data subjects;

16.4. Personal data must remain confidential, in accordance with the obligation of professional secrecy regulated by the legal acts of the European Union or the legal acts of the Republic of Lithuania.

 

 

SECTION II 

IMPLEMENTATION OF THE RIGHT TO ACCESS YOUR PERSONAL DATA IN THE COMPANY

 

17. The data subject has the right to receive confirmation from the Company as to whether the personal data related to him is being processed, and if such personal data is being processed, he has the right to familiarize himself with his personal data, to receive a copy of the processed personal data and information about:

17.1. purposes of processing personal data;

17.2. relevant categories of personal data;

17.3. data recipients or their categories;

17.4. the expected period of storage of personal data or the criteria by which the guiding retention period is determined;

17.5. sources of personal data;

17.6. in what ways is personal data protection ensured;

17.7. what automatic decisions are made with personal data.

18. In response to the request, the company must also provide the data subject with information about the rights of the data subject, including the right to file a complaint with the State Data Protection Inspectorate and the right to request correction or deletion of personal data, to limit the processing of their personal data or to object to the processing of personal data (when these rights are applicable).

19. If certain information about the data subject is also related to other persons, the information must be provided to the data subject in such a way that the rights of other persons are not violated.

20. Information may not be provided if, on the day of receiving the request, the Company no longer processes the requested data.

21. The additional information provided in point 14 may not be provided if this data is specified in the personal data processing rules.

​

​

SECTION III

EXERCISE OF THE RIGHT TO DEMAND CORRECTION OF PERSONAL DATA IN THE COMPANY

 

22. If the data subject believes that the Company is processing inaccurate or incomplete personal data, he has the right to request that the Company correct the processed inaccurate or complete incomplete personal data.

23. The company, upon receiving a data subject's request to correct inaccurate or supplement incomplete personal data, checks the data within 7 working days at the latest to determine whether the request is justified. Together with the verified personal data, the Company sends a response to the data subject regarding the action it intends to take, at the same time confirming that it has received the data subject's request.

24. If it is determined that the data subject's request is justified, the Company must:

24.1. correct inaccurate or supplement incomplete personal data within 7 working days at the latest;

24.2. if it is not possible to immediately correct inaccurate or supplement incomplete personal data, stop the processing of such personal data and store this personal data until it is corrected;

24.3. not later than within 10 working days from the correction of inaccurate or incomplete data addition of data, to inform the data subject and data recipients about the actions taken, except in cases where providing information to data recipients is impossible due to unreasonably high costs.

 

​

SCTION IV 

RIGHT TO DEMAND DELETE OF UNLAWFULLY PROCESSED PERSONAL DATA (RIGHT TO BE FORGOTTEN) IMPLEMENTATION IN THE COMPANY

 

25. The data subject has the right to request the deletion of personal data related to him, if there is one of the following grounds:

25.1. the personal data are no longer necessary for the purposes that were determined before the collection of the personal data;

25.2. the data subject's consent, which was the basis for processing the data subject's personal data, has been revoked, and there is no other legal basis for processing the subject's personal data;

25.3. the subject of personal data does not consent to the processing of data in accordance with Article 21, paragraph 1 of the Regulation, and there are no overriding legal reasons to process his personal data;

25.4. personal data were processed illegally;

25.5. personal data must be deleted in accordance with the European Union or Lithuania Legal obligations are established in the legal acts of the Republic;

26. In the data subject's request, the reasons for the deletion of his personal data must be explained in detail, and one of the grounds must be specified.

27. The right to demand deletion of personal data ("the right to be forgotten") is implemented in the company:

27.1. The company, upon receiving the data subject's request to delete the personal data related to him, assesses the validity of the request within 10 working days at the latest.

28. The company submits an official application form, which the signed data subject forwards to the company,

29. If it is determined that the request is justified, the Company must:

29.1. delete personal data related to the data subject no later than within 7 working days;

29.2. if it is not possible to delete the data immediately, stop the processing of the data subject's personal data and inform the data subject about such an action;

29.3. not later than within 7 working days from the deletion of personal data, to inform the data subject and data recipients about the actions taken, except in cases where providing information to data recipients is impossible due to the excessive number of data subjects and unreasonably high costs.

 

​

SECTION V 

RIGHTS TO LIMIT THE PROCESSING OF YOUR PERSONAL DATA

IMPLEMENTATION IN THE COMPANY

 

30. The data subject has the right to request that the Company restrict the processing of his/her personal data on one of the following grounds:

30.1. the data subject disputes the accuracy of his personal data processed by the Company. In this case, the processing of the data subject's personal data is limited to the period during which the Company checks the accuracy of the personal data;

30.2. it is determined that the processing of the personal data of the data subject was illegal and the data subject does not agree to the deletion of the personal data and instead requests the restriction of their processing;

30.3. if the Company no longer needs the personal data of the data subject for the established purposes of data processing, but it is needed by the data subject seeking to assert, enforce or defend legal claims as a person or business entity;

30.4. submitted by the data subject in accordance with Article 21, Paragraph 1 of the Regulation a request in which he expressed his disapproval for the Company to process his personal data. In such a case, the processing of the personal data of the data subject may be restricted until it is checked whether such a request of the data subject is justified.

31. The company, upon receiving the data subject's request to limit his personal data processing actions, evaluates the validity of the request no later than within 10 working days.

32. If it is determined that the request is justified, the Company must:

32.1. to limit the processing of personal data of the data subject;

32.2. no later than within 7 working days from the adoption of the decision to limit the processing of personal data, to inform the data subject and data recipients about the actions taken, except in cases where providing information to data recipients is impossible due to an excessive number of data subjects and unreasonably high costs.

33. Before canceling the restriction on processing the data subject's personal data, the Commission shall inform the data subject in writing.

 

  

SECTION VI

THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA

IMPLEMENTATION IN THE COMPANY

 

34. If the Company processes the personal data of the data subject in order to implement the Company's legitimate interests, the data subject has the right to apply to the Company for objection to the Company or third parties related to the Company's activities processing his personal data.

35. The company, upon receiving the data subject's request to exercise his right to object to the processing of personal data, evaluates the validity of the request no later than within 10 working days.

36. If it is determined that the data subject's request is justified, the Company informs the data subject no later than within 14 days that his request will be fulfilled.

37. If it is determined that the data subject's request is unfounded, the Company must prove in its response that the data subject's personal data is processed in the Company or by third parties related to the Company's activities for legitimate reasons that override the data subject's interests, rights and freedoms .

 

​

SECTION VII 

IMPLEMENTATION OF THE RIGHT TO PERSONAL DATA PORTABILITY IN THE COMPANY

 

38. The data subject has the right to apply to the Company with a request to receive personal data related to him, which he has provided to the Company in a systematized, commonly used and computer-readable format, and has the right to request that these data be forwarded in the same format to another data controller when:

38.1. processing of personal data of the data subject is based on:

38.1.1. with the consent of the data subject;

38.1.2. executed by a contract between the Company and the data subject;

38.2. personal data is processed by automated means.

39. In order for the subject's request for the right to portability of personal data to be implemented, all the conditions specified in point 35 must be fulfilled.

40. The company, upon receiving the data subject's request to implement his right to personal data portability, assesses the validity of the request no later than within 14 working days.

41. Information may be provided:

41.1. to the data subject;

41.2. to another data controller:

41.2.1. if the data subject indicates in the request that they have personal data forward to another data controller;

41.2.2. if it is technically possible to provide personal data directly to another data controller.

42. If the data subject's request for personal data portability is implemented, it is not assessed whether the data controller to whom the data subject's personal data will be transferred has a legal basis to receive them and whether this data controller will ensure adequate personal data security measures. does not assume responsibility for the further processing of transferred personal data, which will be carried out by another data controller.

43. When personal data is processed in the performance of public authority functions assigned to the data controller, the data subject will not be granted the right to data portability.

44. If the data subject wishes to receive the data that will be transferred on the medium delivered by him, the Company does not assume responsibility for the further processing of the transferred personal data and the application of personal data security measures after the transfer.

 

​

CHAPTER III

REQUEST FOR IMPLEMENTATION OF THE RIGHTS OF THE DATA SUBJECT 

SUBMISSION

 

45. Data subjects, in order to exercise their rights, must submit a written request in an officially approved form to the Company in person, by mail or by means of electronic communications.

46. ​​The request must be legible, signed by the person, it must contain the data subject's name, surname, place of residence, contact details and information about which of the rights specified in the Description and to what extent the data subject wishes to implement them.

47. When submitting a request, the data subject must confirm his identity:

47.1. when submitting an application, the employee of the Company accepting the application must submit an identity document;

47.2. when submitting an application by post or via messenger, you must also submit a copy of the document confirming the identity of the person, certified by a notary, or a copy of this document certified in another manner established by legal acts;

47.3. when submitting an application by means of electronic communication, he must sign it with an electronic signature.

48. The data subject can exercise his rights in the Company himself or through an authorized representative.

49. If a person's representative applies to the Company on behalf of the data subject, he must indicate in his request his name, surname, place of residence, contact details, as well as the name, surname, place of residence of the person represented, information about which of the rights specified in the Description and to what extent you wish to implement it, and attach a document confirming the representation or its copy. The request submitted by the representative must meet the requirements set forth in Chapter III of this Description.

50. No personal information is provided over the phone.

 

​

CHAPTER IV SKYRIUS

REQUEST FOR IMPLEMENTATION OF THE RIGHTS OF DATA SUBJECTS

INVESTIGATION

 

51. The company does not consider the request of the data subject or his representative, which is submitted without complying with the requirements set out in the points of the Description for confirming the identity or without the specified rights that they want to use, unless the head of the company decides otherwise. The company informs the person who submitted the request in writing about the reasons for refusing to consider the request.

52. The company, upon receiving a data subject's request to exercise his rights as a data subject, examines it and submits an answer no later than within the terms set in this Description.

53. The company provides the answer to the data subject in the national language in the manner chosen by the data subject: by handing it in person, by mail or by means of electronic communications. If, in order to exercise the rights of the individual, it is found that the submitted documents will contain sensitive data, or their submission may violate the security of personal data and they cannot be delivered to the person in the way he chooses, this type of data is given to the person or his authorized representative in person upon arrival at the Company.

54. When the company refuses to fulfill the data subject's request to exercise his rights as a data subject, the company informs the data subject in writing about the reasons for the refusal and indicates the procedure for appealing the refusal to provide information.

55. The company's refusal to exercise the data subject's rights in accordance with the procedure established by legal acts can be appealed to the State Data Protection Inspectorate after the day of receipt of the answer from the Company or within 3 months from the day when the deadline set in this Description expires.

56. The rights of the data subject are exercised in the Company once a year free of charge.

56.1. When the data subject's requests to exercise their rights are clearly unfounded or disproportionate, primarily due to their repetitive content, the data subject may refuse to fulfill the data subject's request, informing in writing about the reasons for the refusal and the appeal procedure.

57. The company, while implementing the data subject's rights, ensures that the right of other persons to the inviolability of private life is not violated.

58. In all cases, the data subject who wants to exercise his rights is asked to fill out an official application approved by the Company Manager, which he is asked to bring with him when he arrives to receive answers regarding the exercise of his rights.

 

​

CHAPTER V 

PERSONAL DATA PROTECTION IMPLEMENTATION MEASURES, PERSONAL DATA STORAGE TERMS

 

59. In order to ensure the protection of Personal data, the Company implements or plans to implement the following Personal data protection measures, in accordance with the principles of adapted and standardized protection:

59.1 administrative (establishment of procedures for safe handling of documents and computer data and their archives, as well as work organization of various fields of activity, personnel training, etc.);

59.2 hardware and software protection (administration of information systems and databases, maintenance of workplaces, premises, protection of operating systems, protection against computer viruses, use of official equipment and programs, etc.).

60. The company stores personal data no longer than is required by the purposes of data processing and established legal acts.

60.1. Personal data is stored on average for 10 (ten) years after the date of termination of the contractual relationship.

60.2. The data collected by cookies used for the purpose of improving the website is stored for an average of two years.

60.3. Emails are kept on average for three years.

61. When Personal data are no longer needed for the purposes of their processing, they must be destroyed in a safe and non-regenerative method, except for those that must be transferred to the archive(s) of the institution or relevant institutions controlling the institution's activities in cases established by law.

 

 

CHAPTER VI

PERSONAL DATA BREACH RISK FACTORS

 

62. Violation of personal data protection means actions or omissions that may cause or cause undesirable consequences, as well as contradict the mandatory norms of laws governing the protection of personal data. The degree of impact, damage and consequences of a breach of personal data protection are determined in each specific case by the head of the Company and the commission formed by him, but no later than within 72 hours he makes a decision and informs the data protection inspectorate and, if necessary, the data subject whose data was damaged.

63. Risk factors of personal data protection violation: 

63.1 accidental, when the protection of personal data is violated due to accidental reasons (errors in data processing, deletion, destruction of information media, data records, setting of incorrect routes (addresses) during data transmission, etc., or system failures due to power outages, computer viruses and etc., violation of internal rules, lack of system maintenance, software tests, inadequate maintenance of data carriers, invisible line capacity and protection, computer network integration, computer program protections, insufficient supply of fax materials, etc.); 

63.2 intentional, when the protection of personal data is deliberately violated (illegal intrusion into the Company's premises, information systems, computer network, malicious violation of established rules for processing personal data, deliberate distribution of a computer virus, theft of personal data, illegal use of another employee's rights, illegal copying, destruction of documents, etc.); 

63.3 unexpected and accidental events of force majeure (lightning, fire, flood, flood, storms, burning of electrical installations, effects of temperature and/or humidity changes, influence of dirt, dust and magnetic fields, random technical accidents, other unavoidable and/or uncontrollable factors and etc.).

 

 

CHAPTER VII 

VIDEO SURVEILLANCE

 

64. In order to ensure public order and protect the company's property from damage or loss, the institution carries out surveillance with video cameras.

65. Data subjects are warned about video surveillance in the institution's premises and/or territory with an information sign.

66. Data collected by video surveillance devices are stored in the Institution's video data recording devices for no longer than 7 days. Except for cases where it is suspected that a criminal act, an administrative violation of the law may have been committed or the property of the Institution, an employee or third parties has been damaged. In the specified case, the video surveillance data is stored as long as the purposes of processing this data require, and it is destroyed manually immediately when it is no longer necessary for the purposes of processing it. Data collected by video surveillance devices are automatically deleted after their validity period expires.

67. Only the head of the institution has the right to process (open, view, make copies and delete manually) data collected by video surveillance devices.

68. The data collected by video surveillance devices can only be used to reveal suspected criminal acts, administrative law violations or to prove damage caused by damage to the property of the institution, employees, or third parties. For the investigation of violations of public order, they can be transferred only to persons who have the right to receive this data in accordance with the procedure established by law.

 

 

CHAPTER VIII 

PERSONS RESPONSIBLE FOR DATA PROTECTION

 

69. Every employee of the institution working with personal data must ensure the processing and protection of personal data. Obligations of these employees:

69.1. to ensure that personal data is processed in compliance with the provisions of the Regulation and the Personal Data Legal Law of the Republic of Lithuania, these Rules and other legal acts regulating data protection;

69.2. submit proposals, conclusions to the head of the institution regarding the establishment of data protection and data processing measures, supervises how these measures are implemented and used;

69.3. immediately take measures to eliminate violations of personal data processing.

70. A personal data supervision coordinator, who is the executive director, is appointed to supervise the legality of employees' actions with personal data processing and the implementation of personal data rules in the institution.

 

 

CHAPTER IX 

SECURITY OF PERSONAL DATA

 

70. Company employees, when performing their functions and processing personal data, must comply with the basic requirements for processing personal data:

71. personal data is collected for the purposes defined in these rules, established by legal acts and processed in ways consistent with these purposes;

72. when collecting and processing personal data, the principles of expediency and proportionality are observed, data subjects are not required to provide data that is not needed, redundant data is not accumulated and processed;

73. personal data is processed accurately, honestly and legally;

74. personal data must be accurate and, if necessary for the processing of personal data, constantly updated; inaccurate or incomplete data must be corrected, supplemented, destroyed or their processing stopped;

75. personal data must be identical, appropriate and only of such scope that it is necessary to collect and further process them;

76. personal data is stored in such a form that the identity of data subjects is determined no longer than is necessary for the purposes for which these data were collected and processed;

77. personal data are collected in the Company only in accordance with the procedure established by legal acts, receiving them directly from the data subject, by officially requesting the entities processing the necessary information and having the right to provide it according to the request (in the case of one-time collection of personal data) or according to the personal data provision agreement (multiple collection of personal data in case), which meet the requirements of the Law on the Legal Protection of Personal Data, received together with the originals of documents or their copies during inspections, from other entities, using technical means or together with other information collected, necessary for the performance of the Company's work functions.

78. the terms of personal data storage and the actions to be taken after the expiry of this term are determined by legal acts regulating the processing of relevant personal data. Personal data is stored no longer than the purposes of data processing require. The specific storage terms of personal documents are determined in the document management description approved by the Company manager. When personal data are no longer needed for the purposes of their processing, they are destroyed.

79. employees have the right to collect, process, transmit, store, destroy or otherwise use personal data only when performing their direct work functions, defined in the job descriptions or assigned by the order of the Company's manager and only in the manner established by legal acts. In the information system, employees work only with the operational functions allowed to them and only with the documents assigned to them.

80. employees can process personal data automatically only after they are given such authorization by the head of the Company and in accordance with the procedure established by legal acts, they are granted the right of access to the material of personal documents containing personal data or the corresponding information system. Upon termination of the employment relationship, the employee's access rights to registers and other programs are revoked, in accordance with the procedure established by legal acts

81. Employees who have been granted the right to process personal data shall be informed and trained in accordance with the procedure established by the entities that granted access to the relevant information system. In other cases, employees are trained and informed about the processing of personal data by persons responsible for data protection appointed by the Company manager or by an accredited training service provider

82. The head of the company or persons authorized by him must ensure compliance with the basic requirements for processing personal data at the workplace and after leaving it, control how employees and officials process personal data, immediately take appropriate organizational measures (orders, instructions, recommendations are allowed to remove) violations of personal data processing in order to implement the obligations assigned to the data controller (for example, obliging to terminate illegal or violating data protection requirements, to encrypt personal data in accordance with the established procedure, to destroy copies of documents containing personal data, etc.).

83. when preparing drafts of various Company letters, decisions and other documents, the use of redundant data about natural persons, including personal data of an economic nature, is avoided, if this is not required by the law, an officially approved form of a state document or other circumstances related to the preparation of a specific document.

84. in cases where it is necessary to use non-public personal data in a publicly published document - an extract of the document is made. For example, if a document uses a first and last name, a depersonalized document extract is made with the initials of the first and last name and at the top right corner of the first page of the document extract is written "Personalized Document Extract" (for example, if it is a decision, it says "Personalized Decision Extract").

85. technical means are used only after informing the persons whose data will be recorded that appropriate means will be used and records will be made. The use of technical means is recorded in protocols.

86. third parties are prohibited from accessing documents, photos, video or audio recordings containing personal data. Other persons may be allowed access to information containing personal data only if it is necessary to ensure their rights. Third parties are not considered law enforcement or other bodies authorized by legislation that have the legal power to request certain documents related to personal data.

87. the decision whether the audio recordings made during the decision-making should be destroyed or added to the person's file is made by the manager before the decision is announced to the person who submitted the request (complaint).

88. employees are obliged to comply with the terms of the confidentiality agreement. The obligation to keep personal data secret also applies to employees who are assigned to other positions and after the end of the employment relationship with the Company.

89. Organizational and technical measures for personal data protection (hereinafter - security measures) are applied in the company. 

90. documents used in the Company's work are not included or archived in the personal files, or documents received by mistake and/or their copies containing personal data are destroyed in such a way that these documents cannot be restored and their content recognized or returned to the sender unopened. For this purpose, Company employees use document shredders or the services of companies providing destruction services. Other methods of destruction of documents and/or their copies containing personal data may be chosen only in the absence of objective opportunities to use the company's document shredders or the services of document shredder companies.

91. unnecessary computer media containing personal data are deleted or otherwise destroyed, and used ones are encrypted so that they cannot be opened without a login code.

92. documents with personal data and their extracts are attached to the case file and additionally transferred to a secure electronic system. With a secure electronic system, the company has chosen a "cloud" supplier: DropBox.

93. the administration department ensures that the employees of the Company familiarize themselves with these Rules by signing them and undertake to protect the confidentiality of personal data, if these personal data are not intended to be published publicly, or have not yet been published publicly.

94. employees whose computers store personal data or from which computers can access sources where personal data are stored use passwords to access personal data, which are provided, changed and stored ensuring their confidentiality. Passwords are unique, consist of at least 8 characters, do not use personal information, are changed at least once every 3 months.

95. The electronic files in the company's information system, which store personal data, are available only to those employees of the company who have been granted access.

96. Computers have anti-virus programs installed and are kept up-to-date.

97. backup copies of data are made once a day and stored on a backup server, from which data can be restored in case of emergency loss.

 

 

CHAPTER X 

FINAL PROVISIONS

 

98. Supervision of compliance with the rules and, if necessary, review at least once in 1 year, is entrusted to the head of the Company or a person authorized by him.

99. The responsible employees of the Company who process personal data are familiarized with the rules of personal data processing in a signed form.

100. The personal data protection coordinator can be contacted at: info@adexlt.com

 

 

UAB „AdexLt“ cookies policy 

 

UAB "AdexLt" takes care of the security of your data very carefully. We are committed to protecting and responsibly handling your personal data.

In this document, we provide information on how we process personal data using cookies.

 

What is cookie ?

 

A cookie is a small file sent to your computer or other device (e.g. mobile phone) when you visit a website, and saved in your browser. The cookie is sent to your computer or other device in order to save the data, so that the company responsible for installing this cookie can restore and update them. The cookies we use cannot identify a person, so your identity is protected.

 

Functions of cookies

 

Different types of cookies perform different functions. Cookies can be categorized according to their purpose, storage time and their location on the website. Below we list the cookies used on our website.

 

How can you refuse the use of cookies?

 

You can choose which cookies to use or refuse certain cookies at any time by changing your browser settings. Below are instructions on how to do this:

 

Complete blocking of websites

 

1. In your browser, select Tools » Internet options.

2. In your web browser options, click the Privacy section.

3. Click the Site button.

4. Add the domain you want to block and press the Block button.

 

Delete individual cookies

​

1. In your browser, select Tools » Internet options.

2. In the Internet browser options, click the General section.

3. Press the Settings button under Browsing history.

4. Press the View files button.

5. Select the cookies you want to delete.

6. Press the Delete button in the File menu.

7. Press OK.

 

Delete all cookies

 

1. In your browser, select Tools » Internet options.

2. In the Internet browser options, click the General section.

3. Press the Delete button under Browsing history.

4. Tick ​​the Cookies box.

5. You can choose to save cookies and temporary internet files for your favorite websites: check the Preserve Favorites website data box.

If you do not want cookies to be stored on your computer or other device, you can choose to receive a notification in your browser settings before any cookie is saved.

You can also set your browser to reject all or some cookies immediately. You can also delete cookies that have already been saved on your computer or other device.

Please note that in this case you will have to select the settings separately for each browser and device you use.

Each browser has a different method of customizing settings. If necessary, use the help function of your browser to select the correct settings.

We have to warn you that if you refuse the use of certain cookies, many functions of the website may not work.

 

Ensuring data security using cookies

 

Your personal data collected by cookies is processed in accordance with the provisions of the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania and other legal acts regulating the protection of personal data.

 

In accordance with the requirements of legal acts, we apply security measures that prevent the illegal disclosure, copying, loss, and other illegal use of your personal data.

In all cases, if you have any questions, you can contact us at: info@adexlt.com