UAB “BALTIC AMADEUS” (hereinafter referred to as the Company or we), when processing personal data, complies with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the Regulation), the Law on Legal Protection of Personal Data of Republic of Lithuania and requirements of the other applicable legal acts and ensures the security of your personal data.
You – are the visitors of our websites www.ba.lt and www.enjoyit.lt (hereinafter referred to as the Websites), service users, employees and personnel selection participants, customers, partners and other data subjects, whose personal data we have the right to process and undertake to properly protect.
1. Processed personal data
We may collect and process the following categories of personal data:
- Personal identification data – name, surname, position, name of the workplace, etc.;
- Contact personal data – e-mail address, telephone number, workplace or residence address, etc.;
- Personal data confirming personal identity – personal identification number, personal identity document No., etc.;
- Personal data related to employment – information you provide in your CV, cover letter or other documents provided to us, information about your education, professional qualifications, work experience, etc.;
- Information about browsing our Websites – technical data of the device used, IP address, operating system, type of browser, etc.;
- Personal data that may be provided to us by other data controllers using our services;
- Any other personal data relating to you that you may provide to us by contacting us, using or wishing to use our services, visiting our office, etc.
2. Legal basis and objectives for the processing of personal data
We process personal data on the following grounds and for the following purposes:
- on the basis of your consent – in order to respond to your inquiries, provide you with information, advertise our services, enable you to use our Websites, analyse your browsing behaviour on our Websites using cookies, perform personnel selections, provide direct marketing offers, etc.;
- on the basis of concluding and executing a contract with you – in order to prepare a commercial offer, enter into a contract and provide services, properly fulfil the obligations to you;
- on the basis of a legal obligation imposed on us – in order to meet the mandatory requirements imposed on us by legislation or decisions of the competent authorities or supervisory authorities, etc.;
- on the basis of our legitimate interest – in order to ensure the security of our employees and assets, to protect or defend our rights against violations (e.g. to defend our rights in court/arbitration, to manage arrears, etc.), to exercise the right to insurance coverage, to improve the quality of services provided, to offer similar services to existing customers, etc.
We hereby guarantee that we shall only process your personal data for the purposes for which they were collected.
3. Transfer of personal data to other recipients
We may transfer (grant access) personal data to third parties (other data controllers, processors or recipients) in the following cases and procedures:
- if we are required to provide personal data to the competent authorities;
- if we use ancillary data processors (e.g. IT service providers, employment agencies, etc.) for the processing of personal data, with whom contracts are concluded defining the scope of data processing, implementation of appropriate organisational and technical measures and other obligations necessary to ensure secure personal data processing and confidentiality;
- if we must protect or defend our legitimate interests.
In all cases where personal data are transferred to third parties, we ensure that the data shall only be disclosed to trusted recipients and to the minimum extent necessary to achieve the purpose of the processing.
4. Transfer of personal data to recipients outside the EEA
We may also transfer (provide access to) your personal data to our employees, auxiliary data processors or other data controllers outside the European Economic Area (EEA). When transferring personal data outside the EEA, we undertake to ensure that the data are transferred only to countries that ensure adequate legal protection of personal data and in accordance with the requirements of the Regulation, such as the application of standard contract clauses, etc.
5. Personal data retention period
We set retention periods for personal data according to the specific purposes of the processing and process the data only for as long as is necessary to achieve the respective purposes. For example:
- We store the personal data of the customers provided to us for the purpose of performance of the service provision/cooperation agreement for 10 (ten) years from the date of termination of the agreement;
- We store personal data managed/processed by the customers and provided to us in accordance with the concluded personal data processing agreements until the expiry of the service provision/cooperation agreement or a separate instruction of the customer;
- We process the contact personal data of the customers/their representatives for the purposes of direct marketing as long as the service provision/cooperation agreement is in force or the customer/its representative’s objection to further data processing is received;
- We store the data of persons who have agreed to receive direct marketing offers for 3 (three) years after the date of receipt of the consent;
- We store the personal data of candidates for work in the Company until the end of the selection or for 3 (three) years from the end of the selection, if the candidate has given consent for longer data storage.
The terms of storage of personal data of our employees, suppliers of goods and services/their representatives processed for the purposes of internal administration (personnel management, management and use of available material and financial resources, accounting and record keeping) are set in the Company’s internal documents.
We ensure that at the end of the retention period of personal data, all data shall be securely destroyed or depersonalized in such a way that the information cannot be recovered.
6. Personal data safeguarding
We grant access to your personal data only to those employees or partners whose processing of personal data is necessary for the performance of their direct duties.
We apply appropriate technical and organisational measures to ensure the secure processing of your personal data, data confidentiality, integrity and access control.
The Company’s knowledge and professional qualifications of our specialists are certified by Human Factors Certified Usability Analyst (CUA), Certified Ethical Hacker (CEH), Information Systems Security Professional (CISSP), Certified Data Privacy Solutions Engineer (CDPSE), Certified Information Security Auditor (CISA) and ISO/IEC 27001 Information Security Management System certifications.
In our activities, we implement appropriate personal data and information security procedures, which establish the application of preventive measures, allocation of responsibilities, control measures and procedures for responding to security breaches. All procedures used in the Company’s operations are periodically reviewed, their proper implementation is controlled and employee trainings performed.
7. Automated decision making and profiling
The Company shall not process personal data through automated individual decision-making, but may conduct profiling (i.e. automated processing of personal data where personal data are used to assess certain personal aspects of an individual) that does not have legal consequences or similar significant effects for you.
Profiling shall be based on the Company’s legitimate interests, performance of the contract and/or your consent. If you have agreed to receive direct marketing messages, the Company shall have the right to process personal data for the purpose of sending direct marketing messages of a general nature and/or individually tailored to you.
8. Your rights
As a data subject, you shall have the following rights under the Regulation:
- To get acquainted with your personal data processed by us (right of access);
- To require us to correct your personal information if it turns out to be inaccurate;
- To require us to delete your personal data (right to be forgotten);
- To demand that we limit the processing of personal data;
- To require us to provide your personal data in a structured, commonly used and computer-readable format for transfer to another data controller (right to data portability);
- To not consent to the processing of your personal data, including processing for marketing purposes;
- To disagree with automated decision making, including profiling.
In order to exercise these rights, we hereby ask you to:
- Provide us with the information we need to identify you (for personal identification);
- Formulate your application and provide related information.
We undertake to respond to your request no later than within 1 (one) month from its receipt.
If you believe that the processing of personal data does not comply with the requirements established by the Regulation or other legal acts, you have the right to apply to the State Data Protection Inspectorate using the contacts provided on its website: vdai.lrv.lt.
When you visit our Websites, we may collect certain information about your device, IP address, operating system, browser type, and more. We need this information to administer the system, to provide assistance, to collect aggregated data for analysis and quality improvement.
Types of cookies used on Websites:
- Strictly necessary – these types of cookies are necessary for the operation of the Website. These cookies cannot be disabled because without them the Website will not function properly.
- Functional – used to prevent changes to settings, such as language or time zone selection, each time you visit our Website.
- Analytical – these cookies are used to collect general statistics on the number of visitors in order to monitor the performance of the Websites for analytical purposes and to improve their performance.
- Marketing – used to better tailor the content of the Websites, to provide customized ads that may be of interest to an individual user.
If you do not agree to the storage of cookies on your device, you can revoke the consent at any time by using them by changing the settings and deleting the stored cookies. If you have chosen to delete cookies, remember that all the settings you have set are also deleted. In addition, if cookies are completely blocked, the Websites may no longer function properly. For these reasons, we do not recommend disabling cookies.
This link provides information about specific cookies currently used on our Websites.
10. Third party websites
12. Our details
You can find our details and contact data at: https://www.ba.lt/en/contacts/
If you have any questions concerning the processing of personal data, please contact us by e-mail at firstname.lastname@example.org