Privacy Policy
1. What does this Privacy Policy mean?
This Privacy Policy sets out the terms and conditions that users using UAB Optas IT services, Company's suppliers, partners and candidates must comply with. This Privacy Policy also sets out the basic details of personal data processing principles and the rights of data subjects.
This Privacy Policy is created based on the applicable laws governing the protection and security of Personal Data, directly applicable EU legislation, including the April 27, 2016 2016/679 General data Regulation (GDPR) and any amendments or additions thereto, other existing mandatory data protection provisions or security legislations.
The Company's services are intended for people over 14 years of age. Individuals under the age of 14 may not disclose any personal information to the Company.
2. About the data controller
UAB Optas IT (hereinafter – Company), Company code 305576024, registration address Partizanų str. 54, 49447 Kaunas, Lithuania. Contacts for personal data: email dpo@optas.lt.
3. Definitions
Personal data – any information relating to an identified or identifiable natural person (data subject).
A natural person (identifiable) – a person who can be directly or indirectly identified, in particular, by the identifiers such as the name, surname of the person, identification number, location data and internet identifier or one or more characteristics of that natural person's physical, physiological, genetic, mental, economic, cultural or social identity.
Customer – a natural or legal person who uses the services of the Company.
4. How do we collect and store your personal data?
The collection of personal data depends on the services and products you use, the contractual relationship with you and the data you provide to communicate with us.
The Company collects your personal data:
- provided by you (directly from the data subject), e.g. when you communicate or have legal relations with the Company, i.e. you purchase goods and / or services or register for services, contact us for information, etc.
- which is generated when you use our services, such as when you use the services, call us, send us a text message (SMS), browse the Internet, visit our websites or social network accounts, use our products, and so on.
- which we receive from other sources, such as a legal basis, from other institutions or companies, banks, credit bureau (for solvency assessment), publicly available registers, etc.
- when data controllers entrust the collection and processing of your data to us by concluding a service agreement with us.
The processing of data shall be carried out in accordance with the following principles, as set out in Article 5 of the GDPR:
- principle of legality, fairness and transparency;
- principle of purpose limitation;
- principle of data reduction;
- principle of accuracy;
- principle of limiting the duration of storage;
- principle of integrity and confidentiality.
Your personal data is processed in accordance with the General Data Protection Regulation. When processing your personal data, we implement reasonable organizational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as other unlawful processing.
5. What data do we collect and for what purposes?
Tiesioginė rinkodara ir rinkos tyrimai
Purpose of data processing | Processed personal data | Duration of data processing | Legal basis of data processing |
| Sending offers, advertisements to customers and other interested people via email | Name, surname, telephone number, email address | 3 years | Article 6 (1) (a) GDPR – consent of the data subjec |
| Market research, customer satisfaction and quality analysis | Customer's or potential customer's reaction, feedback, opinions | 3 years | Article 6 (1) (f) GDPR – legitimate interest |
Your participation in workshops, events
Purpose of data processing | Processed personal data | Duration of data processing | Legal basis of data processing |
| Publicity of information from events organized by the Company, informing the public about our events and promoting our notability | The fact of your participation, name, surname, photo or video material | 3 years | Article 6 (1) (f) GDPR – legitimate interest |
| Preservation of data about past marketing activities | Photos or videos from events, expense reports | 10 years | Article 6 (1) (f) GDPR – legitimate interest |
Participation in vacancy / internship recruitment
Purpose of data processing | Processed personal data | Duration of data processing | Legal basis of data processing |
| Selection for vacancies / internships | Your resume and / or cover letter and / or other information provided from you | Until the end of the recruitment | Article 6 (1) (a) and (b) GDPR – consent of the data subject and the intention to conclude a contract |
| Selection for future vacancies / internships | Your resume and / or cover letter and / or other information provided from you | 3 years | Article 6 (1) (a) and (b) GDPR – consent of the data subject and the intention to conclude a contract |
Protection of property and individuals
Purpose of data processing | Processed personal data | Duration of data processing | Legal basis of data processing |
| Protection of property and people in order to record, keep and examine incidents evidence (damage to property, theft, wrongdoing, injuries, accidents, etc.) | Video data | 14 days | Article 6 (1) (f) GDPR – legitimate interest |
Execution of contracts with suppliers / partners / customers
Purpose of data processing | Processed personal data | Duration of data processing | Legal basis of data processing |
| Performance of a contracts with suppliers / partners / customers | Name, surname of suppliers' or service providers' employees (natural and legal person), phone, email address, content of correspondence, date, other data related to the performance of the contract | 3 years after the end of the contract and 10 years after the termination of the contract | Article 6 (1) (b) GDPR – performance of a contract |
| Invoicing | Name, surname, payer's details, bought services or goods | 10 years | Article 6 (1) (b) GDPR – performance of a contract |
| Debt administration | Name, surname, position, information on indebtedness, contact details | 10 years | Article 6 (1) (f) GDPR – legitimate interest |
Examination of inquiries, reports and complaints
Purpose of data processing | Processed personal data | Duration of data processing | Legal basis of data processing |
| Inquiries (received via email, via website, social network account, phone) storage and processing | Name, surname, email address, phone number, inquiry text / call content | 1 year from the examination of the inquiry or according to a specific social network privacy policy | Article 6 (1) (a) and (b) GDPR – consent of the data subject and performance of a contract |
| Customer service system and helpline: complaints, inquiries, consultations, incidents | Contact details – name, surname, email address, place of work, telephone number, inquiry content, other communication details | 3 years from the examination of the inquiry | Article 6 (1) (b) and (f) GDPR – performance of a contract and legitimate interest of the data controller |
| Communication via remote communication applications | Information provided by customers, suppliers, partners | 1 year or according to the privacy policy of the specific application | Article 6 (1) (f) GDPR – legitimate interest |
Website / social network statistics and administration
Purpose of data processing | Processed personal data | Duration of data processing | Legal basis of data processing |
| Monitoring social network account and website traffic statistics | Cookies collect information related to website visitors (more information in the cookies section), anonymous statistics, social network data | According to social network's, statistical service providers' privacy policies | Article 6 (1) (a) and (f) GDPR – consent of the data subject and legitimate interest of the data controller |
Data backup
Purpose of data processing | Processed personal data | Duration of data processing | Legal basis of data processing |
| Storage of data backups and archival data to ensure continuity and recoverability | All data stored in the Company's information systems | 1 year | Article 6 (1) (f) GDPR – legitimate interest |
6. The data collected in the website – cookies
A cookie is a small text file or piece of software that is sent to your device, that stores information about your browsing history and the data usage of your device. It is controlled by your web browser, sometimes it has a unique random number. You can read, destroy or change it.
Cookie name and purpose | Processed personal data | Duration of data processing | Legal basis of data processing |
| _ga – analytical cookie used to collect statistical information about the website | IP addresses and unique ID numbers are used for statistical information accounting. Accounting is done through Google analytics | 2 years | Article 6 (1) (f) GDPR - legitimate interest |
7. Websites and social networks, communication programs
For your convenience, in order to spread information about our activities and to meet the needs and expectations of our customers, we administer the following data and social networking services:
When you visit our social network accounts, your data may also be processed by social network administrators. We also recommend that you read the privacy policies provided by the social networks:
- Facebook - privacy policy
- LinkedIn - privacy policy
- Google - privacy policy
We try to communicate with our clients through all available channels, including remote communication programs like Zoom, Skype, Google Duo and so on. We encourage you to review the privacy policies of the following programs:
- Zoom - privacy policy
- Microsoft Teams - privacy policy
- Skype - legal conditions
- Google Duo - privacy
8. Who can we disclose your data to?
- To our professional advisors, auditors;
- To notaries, if the contract concluded with you requires a notarial form;
- Bailiffs, entities providing legal and / or debt collection services, entities taking over the right of claim, joint debtors' data processors;
- To companies which provide data center, hosting, cloud services; website administration and related services; software development, provision and support services; information technology infrastructure services; communications services;
- To companies providing advertising and marketing services;
- To companies providing archiving, physical and / or electronic security, asset management and / or other services;
- To state institutions in accordance with the procedure provided by law;
- To law enforcement authorities at their request or on our initiative, if there is a suspicion that a criminal offense has been committed, as well as courts and other dispute resolution authorities, tax administrators;
- Your personal data will not be transferred to a third country or international organization, except as provided in this Privacy Policy;
- We will not transfer your personal data outside the European Union and / or the European Economic Community to third parties other than IT service providers located in, for example, the United States. In this case, the European Commission has declared that the third country provides an adequate level of protection ("eligibility decision"). In the absence of a decision on adequacy, the data may be transferred subject to appropriate safeguards, provided that the individuals have enforceable rights and effective remedies as provided in the GDPR.
9. Your rights
In accordance with the provisions of the GDPR, you, as a data subject, may exercise the following rights:
- Right of access to personal data, i.e. make a request for information on whether your personal data is being processed, and if your personal data is being processed, you have the right to access your personal data that is being processed by the Company;
- The right to correct personal data, i.e. make a request to correct your personal data if you identify that the personal data we process is incorrect, incomplete or inaccurate;
- The right to delete data (the right "to be forgotten"), i.e. make a request to delete your personal data if your data is processed illegally or fraudulently;
- The right to restrict the processing of data, i.e. make a request to restrict (suspend) the processing of your personal data, except for storage – in the event that, for example, you request to correct your personal data (while the accuracy of personal data is checked and / or corrected), or it is established that personal data is being processed unlawfully and you do not consent to the deletion of the data, or you have objected to the processing of your personal data or other cases;
- The right to data transfer, i.e. make a request to transfer your personal data, which is processed by automated means;
- The right to object to the processing of data, i.e. to object to the processing of personal data where the processing is carried out on a legitimate interest or a public interest basis;
- The right to claim that you are excluded from a decision based solely on automated data processing, including profiling, which has legal consequences for you or which has a significant effect on you;
- The right to revoke the consents given to us at any time regarding the processing of personal data, e.g. for direct marketing.
You can fulfill your rights by sending us a request in the form provided via email dpo@optas.lt
If you believe that your rights as a data subject have been or may be violated, please contact us immediately with a complaint via email. We assure you that after receiving your complaint we will contact you within a reasonable time and inform you about the progress of the complaint investigation and, subsequently, of the outcome. You can also submit a complaint with the supervisory authority.
10. Website visitor's / customer's responsibility
You are responsible for ensuring that the information you provide to us is accurate, correct and complete. If the data you provide changes, you must notify us immediately via email. In no event will we be liable for any damages incurred by you as a result of you providing incorrect or incomplete personal information or not informing us of such data change.
The information published on the Company's websites, its copying, reproduction, references to it are allowed only with the written permission of the Company. It can be obtained by contacting us via email info@optas.lt. This permission does not imply any transfer of rights in the material.
11. Privacy Policy oversight
We regularly review the compliance of this Privacy Policy with the law and the personal data processed by the Company.
We may update or change this Privacy Policy at any time. Such updated or amended Privacy Policy will be effective as of the date of its publication on our website or UAB Optas IT software.
This privacy policy was last modified on 2022-10-17.