This Policy applies to all persons who use, have used, or are going to use our services, as well as those who are indirectly related (e.g. business representatives or other employees), persons who have any contractual relationship with us, or whose personal data have become known to us, as well as to anyone who visits our websites (hereinafter referred to as “You” or the “Customer”).
Our goal is to ensure the protection of personal data. In pursuing this goal, we consistently adhere to the requirements of the European Union and national legislation. The basic legal acts governing the processing of personal data are the national legislation and the General Data Protection Regulation (2016/679) (hereinafter referred to as the “GDPR”). The GDPR applies to the processing of personal data relating to citizens of the European Union (natural persons) which is carried out by a natural person, a company, or other organisation for business and other non-personal purposes. The reference to “personal data” in this Policy refers to any information which could be reasonably used to identify you as one of the above persons (hereinafter referred to as “Personal Data”).
The Policy provides a general overview of how we process personal data. Additional information on the processing of personal data may be provided in service contracts and in other documents.
We ensure the confidentiality of personal data in accordance with the requirements of the applicable law and we have appropriate technical and organisational measures in place to protect personal data from unauthorised access, disclosure, accidental loss, alteration, destruction, or any other unlawful processing.
We can use data processors to process personal data. In such cases, we will take the necessary steps to ensure that such data processors process personal data in accordance with our instructions and applicable laws, and require the implementation of appropriate personal data security measures. We ensure that we make every effort to guarantee the confidentiality and integrity of the personal data of our current, future, and past Customers.
Your personal data controller is the “Lewben” company to which you have either submitted your personal data concerning any contractual or pre-contractual relationship that you are bound to, or whose Services you (or the legal entity or entity to which you are the ultimate real owner) are going to use.
In the Policy we describe how we process personal data in dealing with all matters related to all our Customers (existing or former), potential Customers, sending newsletters and marketing information, recruitment processes, cookies used on our websites, all our legal obligations set by the GDPR, any relevant laws on data protection, as well as any other applicable laws and regulations (including the obligations relating to prevention processes against money laundering).
PERSONAL DATA CATEGORIES
Depending on the service provided or the nature of our cooperation, we process different categories of personal data. In each case, we ensure that we process only the data that are necessary. The main categories of personal data include but are not limited to:
Identification data: name, surname, nickname, personal code (national personal code), photo.
Contact details: address (correspondence/residential), telephone number, e-mail address;
Professional details: data on education and professional activity.
Data relating to relations with legal entities: data provided by you or obtained from public registries or third party transactions for the purpose of forming a third party transaction with the corresponding legal entity.
Financial data: data on invoices, accounts, property held, transactions, loans, income, liabilities that arise when the Customer chooses and provides accounting or asset and welfare management services.
Data we need to meet applicable compliance requirements, e.g. data needed for implementing measures to prevent money laundering and terrorist financing, such as date of birth, country of birth, sex, nationality, passport details, photo, information on people involved in politics.
Data related to your participation in our events: position title, workplace.
Data about the authors and their copyright work: title of the work, author.
Depending on the services provided, we may also process your other personal data.
We are responsible for the accuracy of your data, so we would appreciate if you could assist us in fulfilling this obligation by informing us about any change in regards to your personal data.
PURPOSE AND BASIS OF PERSONAL DATA PROCESSING
We will use the personal data you provided to us by sending your CV or a cover letter. We will keep the data you provide for as long as the recruitment process lasts, or for a longer period only with your consent to save your CV in the database of potential employees of the Company.
We collect the information necessary for us to do business, sign contracts or start any business relationship with you. Such personal data collection is strictly necessary to fulfil our obligations to you as well as for the provision of services to current and future Customers. In certain cases, we may receive your data from other sources.
Discharge of legal obligations and identification. Some of the Companies are subject to the obligations under the Law on Money Laundering and Terrorist Financing Prevention (hereinafter referred to as the “Law”). By providing the services, we process personal data in order to fulfil our obligations in regards to anti-money laundering (AML) and know-your-customer control (KYC).
BASIS FOR DATA PROCESSING
Agreement – a contract between us and you, which provides the basis for processing your personal data;
Consent – the consent given by you through which you have granted us the right to process your personal data for the purposes stated in your consent and only for such purposes;
Legitimate interest – in some cases, in order to be able to perform the tasks arising from our activities, we process data on the basis of a legitimate interest. Before we begin to process personal data on this basis, we verify that legitimate interests do not have a significant impact on the rights and freedoms of those persons.
Legal obligation – this obligation is imposed on us by the European Union and national legislation, such as the Law.
Most of the time, we receive your personal data from you, our data subjects, but in some cases we may also receive personal data from third parties. For example, personal data are provided to us by a representative of a potential Customer, when we sign various agreements containing the representatives’ data, and others cases.
PERSONAL DATA RECIPIENTS
“Lewben” group’s companies (for the purposes of administration, anti-money laundering obligations, learning more about customers, and marketing);
Partners with whom we jointly provide services or products;
State institutions and authorities, other persons performing functions delegated to them by law (for example, law enforcement agencies, tax administration and financial crime investigation institutions).
Financial institutions, third parties (such as banks), auditors, legal and financial advisers; our authorised data processors, third parties, managing various registers (including loan registers, the Population Register, the Register of Legal Entities or other registers in which personal data are processed) or other persons, who has right to provide personal data from such registers.
Other persons who provide services to us, such as IT maintenance companies, communication and postal services providers, third parties, whose services we use to perform our Customer contracts or in the performance of administrative functions.
All service providers to whom we transmit your personal data must follow our instructions on how they process your personal data. Your personal data transfer is governed by the data processing agreements we have concluded with independent service providers. All independent service providers are considered data processors and must guarantee that your personal data is processed with the same level of accuracy and care that we apply, and they will be held legally responsible for the non-performance of such guarantees. All service providers must have technical and organisational measures in place to ensure the same level of data protection as we do.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES
As a general rule, personal data are processed within the territory of the European Union/European Economic Area (EU/EEA), but may, in certain cases, be transmitted and processed outside the EU/EEA.
Personal data may be transmitted and processed outside the EU/EEA where the transfer is necessary for the conclusion and execution of a contract where personal data may be stored using data storage solutions whose servers are outside the European Economic Area or the Customer has given their consent, and if there are adequate safeguards in place.
YOUR RIGHTS AS A DATA SUBJECT
Right to access – you have the right to request access to any of your personal data that may be stored, including, for example, the right to know whether we process your personal data, which categories of personal data we process, and the purposes for which we process the data.
Right to rectification – you have the right to request that we correct any of your personal data that you believe to be inaccurate or incomplete.
Right to disagree – you have the right to disagree with the corresponding processing of your personal data, including, for example, the processing of your personal data for marketing purposes or, data processing based on the legal interest.
Right to erasure – you may also request that your personal data are deleted if they are no longer required for the purposes for which they were collected, or if you consider that the processing is illegal, or that personal data must be deleted in order not to violate the legal requirement. In certain cases, under statutory regulation, where the laws of the relevant jurisdiction prohibit us from deleting our stored and processed data, we will not be able to fulfil such an obligation, evenupon your request , but we will inform you if any such obligation applies to us.
Right to data transfer – if your personal data are processed automatically with your consent or on the basis of mutual contractual relations, you may request that we provide such personal data in a structured, commonly used and electronic form. You can also request that personal data be transferred to another controller. Please note that this can only be done where technically possible.
Right to withdraw your consent – in cases where the data are processed with your consent, you have the right to withdraw your consent for data processing at any time .
Right to refuse marketing messages –you can opt out of our outgoing communications, in which we provide the information about our events or any other material that we think may be of interest to you, at any time. You can express your refusal at any time by contacting us.
If you are concerned about a potential violation of privacy laws or any other violation of statutory obligations , please contact us by e-mail at firstname.lastname@example.org or get in touch with any of our employees. The responsible person will investigate and transfer your complaint to the responsible employee, and will provide information regarding further handling of the complaint.
If you are not satisfied with the investigation of the complaint, you have the right to file a complaint with your country’s data protection authority. You also have the right to apply to the court of competent jurisdiction. Information about the authorities responsible for the enforcement of personal data protection legislation:
The State Data Protection Inspectorate
Žygimantų g. 11-6a
Tel. + 370 5 279 14 45
Personal Data Authority (Autoriteit Persoonsgegevens)
Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel. +31 70 888 8500
Commissioner for Personal Data Protection
1 Iasonos Street,
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456
Fax +357 22,304,565
WHERE TO GET INFORMATION
You have the right to contact us in order to submit inquiries, cancel your issued permissions, and submit requests to exercise your rights as a data subject and complaints regarding the processing of personal data.
Our contact details are available on the websites listed at the top of the Policy, and you can also contact us by e-mail at email@example.com.
This Policy may be changed or updated. The latest version of it will always be published on our websites, so we invite you to familiarise yourself with the latest version from time to time.
SOCIAL NETWORKS AND OTHER WEBSITES
All information that you provide to us via social media (including messages, Like and Follow button clicks, and other communications) is controlled by the social network. We currently have Facebook and LinkedIn accounts .
We may be linked to third-party sites; links can be made to and from such websites. We have not reviewed, have no influence, and are not responsible for the content or privacy practices of websites that we may be linked to. We do not support third-party sites and we are not responsible for any information, software or other products or materials contained therein as well as the results obtained through the use of such websites. We suggest that you always verify the information obtained through third party websites before acting upon it.