2018 May 24 by order no. V-2018-1
The policy has been prepared in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, General Requirements for Organizational and Technical Data Security Measures, approved by the Order No. of 12 November 2008 of the Director of the State Data Protection Inspectorate. 1T-71 (as amended). From 2018 May 25 Personal data shall be processed in accordance with the directly applicable April 27 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “the Regulation”) and other regulatory acts regulating the security of personal data.
The main terms used in the policy correspond to the terms defined in the Law on the Legal Protection of Personal Data of the Republic of Lithuania.
A personal data subject is a customer, partner or supplier – a natural person or a person related to the customer or supplier (customer’s representative, spouse, child, partner, etc.).
3.2. Personal data controller – Inesa Minsevičienė performing activities (in the field of employment agencies and business consulting) according to the individual activity certificate No. 657540, (hereinafter referred to as the controller). Contact tel. No. +37061489592.
3.3. A partner is a person who cooperates on an equal footing, has an equal interest in the best performance, works with a common information platform and data. Partner contacts are published on the website https://smarthr.lt/.
3.4. Personal data – information relating to a natural person – the data subject includes, but is not limited to, personal data, name, telephone number, e-mail address, address of residence or registration, state vehicle number, one or more personal data , physiological, psychological, economic, cultural or social characteristics.
3.5. Sensitive personal data – data related to the health and condition of a natural person are considered in the performed activities.
3.6. Processing of personal data means any action or sequence of personal data carried out by automated or non-automated means, including its collection, recording, storage, storage, destruction, classification, transfer, modification (completion or correction), granting of access, requesting, transmission , publication, use, search.
3.7. Consent is an act of the Data Subject, expressed voluntarily, by which he or she consents to the processing of personal data.
3.8. The registration or inquiry form is a document, including an electronic one, confirming the agreement between the data controller and the personal domain entity.
OBJECTIVES, GROUNDS AND SCOPE OF THE PROCESSING OF PERSONAL DATA
The data subject’s data shall be processed for the following purposes (including, but not limited to, the individual consent of the data subject to the processing):
for the provision of services and activities, in cooperation and exchange of information with Partners and other parties providing or acquiring services in accordance with concluded agreements or arrangements:
4.1.1. For the purpose of job candidates, we process personal data received from the candidate: candidate’s name, date of birth, place of residence or residential address, e-mail. postal address and / or telephone number, information on the candidate’s work experience (place of work, period of work, position, responsibilities and / or achievements), information on the candidate’s education (educational institution, period of training, education and / or qualifications), information on in-service training (training, certificates), information on language skills, information technology, driving skills, other competencies, other information you provide in your CV, cover letter or other application documents, recommendations, employer feedback;
4.1.2. For the purpose of customer service, if we provide or transfer data to our customers – employers who are looking for employees, the data of data subjects is transferred to the extent that was provided when applying.
4.1.3. In order to identify the customer or supplier, administer orders or services, fulfill financial obligations, receive the most appropriate solutions and offers, we process the following personal data: name, surname, date of birth, personal identification number (personal identification code of a resident of the Republic of Lithuania or foreign national, activity certificate number, business certificate number), address of residence, telephone number, e-mail address, bank account.
4.2. In order to inform the data subject about new business services and news by e-mail or telephone with his consent for marketing purposes, we process the following personal data of you: e-mail address, telephone number.
4.3. We process the following personal data: name, surname, positions, e-mail address, telephone number in order to assess the quality of concluding and executing data controllers’ contracts and providing services, asking for opinions on the provided services, services and their quality, and conducting market research.
4.4. We collect and process sensitive personal data only to the extent and to the extent necessary to comply with the requirements of the service contracts entered into and to the extent permitted by applicable law.
4.5. For other legitimate purposes as specified in the legal acts of the Republic of Lithuania;
4.6. We process personal data only in the territory of the European Union.
RIGHTS OF THE DATA SUBJECT
The rights guaranteed to the data subject in relation to the processing of his personal data include the right to:
5.1. request the correction of the Data Subject’s data if they are incorrect, incomplete or inaccurate;
5.2. not to consent to the processing of the Data Subject’s data, if the basis of the Data Subject’s data processing is illegal interests;
5.3. to receive the Personal Data provided by the Data Subject, which are processed on the basis of his consent or performance of the contract, in writing or in a commonly used electronic form and, with the consent of the Data Subject, to transfer such data to another service provider or partner (data portability);
5.4. withdraw its consent to process the Data Subject’s data for marketing purposes;
5.5. to demand the suspension (except for storage) of personal data processing actions in case of disputes or it is necessary to check the legality of data processing and the accuracy of data.
5.6. The data controller shall revise, correct and update the personal data on the initiative of the person whose data are processed. The data controller may correct the data of the data subject in case the data provided by the data subject itself is indicated with grammatical errors.
5.7. The controller has the right to reasonably refuse to allow the Data Subject to exercise his rights or to charge a reasonable fee in accordance with Article 12 of the General Data Protection Regulation. 5 d. circumstances.
5.7.1. Where the data subject’s requests are manifestly unfounded or disproportionate, in particular because of their repetitive content, the controller may either:
(a) charge a reasonable fee, taking into account the administrative costs of providing the information or notifications or actions requested;
(b) may refuse to act on the request.
5.7.2. The burden of proving that the request is manifestly unfounded or disproportionate lies with the controller.
5.8. Submit a complaint regarding the Data Controller’s actions (inaction) to the State Data Protection Inspectorate (website address www.ada.lt) within 3 months from the date of receipt of the response from the Data Controller or within 3 months from the deadline of the Data Controller’s response to the data subject’s request (ie 30 calendar days after the date of the Data Subject’s request). Complaint / request to the Data Controller The Data Subject may submit an e-mail. email: Inesa@smarthr.lt
SECURITY OF PERSONAL DATA
The organizational and technical data security measures implemented by the Data Controller ensure a level of security that is commensurate with the nature of the Data managed by the Data Controller and the risks involved in their processing.
The data controller performs technical and software protection (administration of information systems and databases, maintenance of the work platform, protection of operating systems, monitoring of user access (monitoring), protection against computer viruses, etc.).
The Data Controller applies administrative security measures (secure management of documents and computer data and their archives, instructing Partners in cooperation and termination of cooperation).
Candidate job details related to the candidate are stored for 2 years. When providing information, data subjects themselves can choose how long they will keep it (3, 6 or 12 months) or decide that the data must be deleted at the end of the recruitment process. Contracts, financial documents, marketing summaries and other documents are stored in accordance with the General Index of Document Retention Terms and other legal acts regulating the chosen field or form of activity, and are not used for purposes other than those specified in this Policy.
The Data Controller undertakes not to disclose the Data Subject’s personal data to third parties, except for the Data Controller’s partners or if it is necessary in accordance with mandatory legal provisions for prevention purposes or in provided cases with the Data Subject’s written consent.
Data Controller Partners must respect the principle of confidentiality and keep confidential any information relating to personal data that they have accessed in the performance of their contractual obligations, unless such information is public under the provisions of applicable laws or regulations.
Personal data contained in laptops, if used outside the Data Controller’s internal data transmission network, shall be protected by appropriate means that are commensurate with the risks posed by the Data Processing.
Partners are granted access to personal data only to the extent necessary for the proper performance of their duties and the implementation of their ordering functions.
Partners who automatically process personal data or from whose computers can access areas of the local network where personal data is stored must use passwords. Passwords must be changed periodically (at least every 3 (three) months), as well as in the event of certain circumstances (eg change of employee, threat of burglary, suspicion that the password has become known to third parties, etc.). A partner working on a specific computer can only know their password.
The Partner loses the right to process personal data when the partnership agreement or a similar agreement with the Data Controller expires.
Personal data contained in external media and electronic mail must be adequately protected and transferred to databases immediately after use.
The risk assessment of personal data shall be carried out by identifying the probabilities and risks of the threats, taking into account the integrity, availability and confidentiality of the data for each purpose of the processing of personal data.
Partners who have noticed violations of personal data security, signs of a criminal act, and ineffective measures to ensure the security of personal data must immediately inform the Data Controller.
After assessing the risk factors, the degree of impact of the breach, the damage and the consequences, the Data Controller shall decide on the measures necessary to eliminate the data breach and its consequences and to inform the necessary entities in accordance with the relevant internal procedures.
Data subjects can get acquainted with this personal data protection policy at https://smarthr.lt/ or at the address Arklių st. 18, LT-01305, Vilnius.
The policy will be reviewed once a calendar year at the initiative of the Data Controller and / or when amending the legislation governing the processing of personal data.
The law of the Republic of Lithuania shall apply to the relations arising on the basis of this policy.
All disputes arising out of the implementation of this policy shall be settled by negotiation. If no agreement is reached, disputes shall be settled in accordance with the procedure established by the legal acts of the Republic of Lithuania.
This policy will take effect in 2018. May 25 You can contact this policy and / or general data protection issues by contacting the following:
El. email: Inesa@smarthr.lt
Tel. No. +37061489592