PRIVACY POLICY
Approved on 27 June 2018
- Out of respect for the privacy of its clients, as well as the protection of their personal data, the company JSC Provisus, legal entity code 123953838, registered office address: Kalvarijų Str. 98, Vilnius (hereinafter referred to as the Company) has developed the present Privacy Policy Rules, in accordance with which, inter alia, the Company shall process the personal data entrusted to it. By using the website lt following the conclusion of a contract with the Company, or the assumption of contractual obligations, clients confirm their acquaintance with, understanding of, and consent to, the present Privacy Policy.
General provisions
- The present Privacy Policy (hereinafter referred to as the Policy) shall regulate the processing and storage of personal data performed by the Company as a manager or processor of data.
- The company is engaged in business which encompasses the provision of financial statement audit, accounting, remuneration calculation, accounting and tax consultation, and other services. The Company processes personal data, necessary for the purposes of providing the above services, in accordance with the legal bases and data processing goals specified in the Policy, as well as legislation applicable to the Company.
- The present Policy is intended for persons who use, or are intending to use, the services provided by the Company, or who visit the website lt
- By concluding service agreements with the Company, assuming contractual obligations, connecting to the website and/or using it, all visitors of said website confirm their due acquaintance with the Policy, as well as their consent to the Company’s processing of the information (including personal data) they have provided, to the extent that such is necessary for the provision of the Company’s services and/or the management of the website, and the assurance of the functionality thereof.
Principles of the processing of personal data
- The Company shall process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter referred to as the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on the Audit of Financial Statement of the Republic of Lithuania, and other legislation regulating the processing of personal data and the economic activities of the Company.
- The scope of personal data to be processed shall depend on the Company services ordered and used, as well as on the type of information provided by the client, either actual or potential, upon placing an order for and/or using the Company services or visiting or registering at the website.
- The Company shall comply with, inter alia, the following key principles applicable to the processing of data:
- Personal data shall be collected only for clearly defined and legitimate goals.
- Personal data shall be processed only fairly and legitimately.
- Personal data shall be continuously updated.
- Personal data shall be stored in a secure manner and for no longer than is required by the goals of, and the legislation applicable to, the processing of data.
- Personal data shall be processed only by those employees of the Company which have been granted the requisite rights in accordance with their occupational functions.
Data shall be processed at the Company only given the presence of one or several of the following legitimate processing criteria – (i) in order to ensure the provision of services in accordance with a contract (i.e., in order to perform a contract or in order to take action at a data subject’s request prior to the conclusion thereof); (ii) upon receipt of a data subject’s consent; (iii) when the processing of data is necessary in order to perform a legal obligation applicable to the Company; (iv) when personal data must be processed in order to meet the legitimate interests of the Company or of a third party. (see Article 6(1) of the Regulation: http://www.privacy-regulation.eu/lt/6.htm).
- When processing and storing personal data, the Company shall implement both organisational and technical measures necessary to ensure the protection of personal data from accidental or unlawful destruction, alteration, or disclosure, or any other type of unauthorised processing. Access to the personal data processed by the Company shall be granted only to those Company employees and auxiliary service providers which require it in order to perform their occupational functions or provide services to the Company.
- Company clients, both actual and potential, shall be responsible for their personal data being accurate, correct, and complete. Upon any changes to the personal data provided, clients shall notify the Company of such without delay. The Company shall not be held liable for any damages incurred by persons and/or third parties due to the failure of a client, either actual of potential, to provide correct and/or complete personal data, or to contact the Company regarding the necessity to revise and/or amend it in case of any changes.
- By providing the Company with personal data, clients, both actual and potential, shall thereby grant the Company the right to collect, accumulate, systematise, use, and process any and all personal data, directly or indirectly provided by the client by visiting the website or using the services provided by the Company, for the purposes specified in the present Policy.
Sources of personal data
- Personal data is usually obtained from the legal entities of the Company clients upon the provision of services or directly from data subjects in connection with the provision thereof. When performing client orders, the Company shall have the right to obtain certain types of personal data from state registers, public authorities, and other legal entities (e.g., the State Tax Inspectorate, SE Centre of Registers, the State Social Insurance Fund Board, etc.). Prior to the provision of personal data, Company clients shall notify the relevant data subjects of such in accordance with the procedure specified in legislation.
The purpose of processing personal data
- The Company shall process personal data for the following key purposes:
- The provision of audit, accounting, remuneration calculation, and accounting and tax consultation services;
- The recovery of debts;
- Direct marketing;
- The internal administration of the company and the employees thereof;
- The selection of potential employees;
- The administration and performance of contractual relationships in order to duly perform contractual obligations and maintain relations with providers, partners and clients for the purposes of business development, service provision, and cooperation.
Personal data management for the purposes of direct marketing
- For the purposes of direct marketing, the Company may process the following personal data of the subjects thereof: full name, job title, workplace, e-mail address, and phone number. Consent to the use of personal data for direct marketing purposes is usually expressed by checking a respective box in the consent form submitted to the Company client regarding the processing of personal data. The giving of consent to direct marketing is voluntary, does not constitute a condition for entering into a contractual relationship with the Company, and does not exert any influence on the relations between data subjects and the Company.
- If a person has given consent to have his/her data used by the Company for direct marketing purposes, the Company may send him/her messages with informative content. The Company shall also have the right to send analogous messages to its current clients for the purposes of marketing similar services, provided they have been provided with a clear and easy to implement option of withdrawing consent or refusing such use of their contact details, and provided they did not object to such use of their data upon sending each message.
- In cases where information sent by the Company becomes irrelevant, persons may withdraw their consent regarding direct marketing at any moment by notifying the Company of such via the following e-mail address: provisus@provisus.ltor by contacting it by other means.
The provision of personal data
- The Company shall undertake to protect the confidentiality of the personal data of its clients, both current and potential. Personal data may be disclosed to third parties only if such is required for the purposes of drawing up and performing a contract, or for other legitimate reasons. The Company shall undertake to transfer the data obtained from its clients to third parties only to the extent that, and only in cases where, such is necessary for the purposes of providing its respective services and/or performing obligations applicable to it under legislation. If personal data is not necessary for providing a specific service, it shall not be transferred. Personal data shall only be transferred to aforesaid third parties by the Company on the basis of a data provision agreement or specific legislation, and by strictly keeping with the requirements specified therein.
- Furthermore, the Company may allow personal data to be processed by its data processors (sub-contractors) which provide the Company with IT, legal, debt recovery, or other services, and process personal data on its behalf. Data processors shall have the right to process personal data only in accordance with instructions issued by the Company, and only to the extent that such is necessary in order to duly perform the obligations specified in the Contract. The Company shall engage only those data processors which are capable of ensuring that the appropriate technical and organisational measures be implemented in a manner such that the processing of data would meet the requirements specified in the Regulation, and that the rights of data subjects would be duly ensured.
- The Company may also provide data obtained from clients in replying to requests issued by courts or state authorities, but only to the extent that such is necessary to duly implement valid legislation and instructions issued by state authorities.
Duration of the storage of personal data
- Personal data collected by the Company shall be stored in the form of printed documents and/or in the Company’s information systems in an electronic format. Personal data shall be processed for no longer than such is necessary to achieve the relevant data processing goals, or no longer than such is required by data subjects or is specified in legislation. Data obtained from clients is usually processed for 10 years following the conclusion of contractual relations.
- Even though clients may terminate the Contract and refuse the services provided by the Company, the latter shall be obligated to continue the storage of the relevant client’s personal data due to requirements and legal claims that may arise in the future, until the expiry of the data storage deadline.
- The Company shall endeavour to refrain from storing outdated or unnecessary information, and to ensure that personal data and other information on clients be continuously updated, correct, and destroyed without delay.
The rights of data subjects
- Data subjects whose personal data is processed by the Company shall have, inter alia, the following rights:
- The right to receive information on which of his/her personal data is being processed by the Company, how and wherefrom said data was collected, and the basis of the processing thereof;
- The right to furnish the Company with a request to correct or destroy his/her personal data, or to terminate the processing thereof, in case said data is incorrect, incomplete, or inaccurate, or if it is no longer necessary for the purposes for which it has been collected. In such case, the data subject shall submit a request, upon the receipt of which the Company shall assess the information provided and take all necessary action. The Company deems the accuracy and correctness of the personal data at its disposal to be of utmost importance;
- To right to address the Company with a request for the destruction of his/her personal data, or the termination of the processing thereof, except for storage, in cases where, upon inspection of the respective personal data, the owner thereof finds its processing to be unlawful or unfair;
- The right to reject the processing of personal data in case said data is being processed, or is scheduled to be processed, for direct marketing purposes, or in connection with a legitimate interest which the Company, or a third party to whom the personal data is provided, strives towards;
- The right to withdraw, at any moment, his/her consent regarding the processing of his/her personal data for direct marketing purposes;
- If a data subject finds the actions (or omissions) of the Company, by which it is potentially violating the requirements specified in the present Policy or in legislation, troubling, he/she may address the Company and be provided with assistance free of charge.
- Persons shall have the opportunity to perform all of their rights as data subjects by contacting the Company at the e-mail address provisus@provisus.lt
- In case of failure to settle an issue with the Company, clients shall have the right to contact the State Data Protection Inspectorate (lt), responsible for the supervision and control of legislation regulating the protection of data.
- Regarding the performance of the aforesaid rights in cases where the personal data of a data subject is being processed by the Company, acting in the capacity of a data processor, the respective data subject shall first contact his/her data manager (i.e., Company client) who had submitted his/her personal data to the Company in connection with the provision of services. In such case, the Company, acting in the capacity of a data processor, shall undertake to furnish the respective data manager, on whose behalf it is processing the personal data provided by the data manager, with all the information it requires.
Cookies
- In order to improve user experience on the Company website, the Company may use cookies – small pieces of textual data which are automatically generated during browsing and stored on the computer or other device of the visitor.
- Information collected via cookies enables the assurance of more convenient browsing on the Company website and collection of more information on the behaviour of the visitors to the different websites which belong to the Company, as well as the analysis of general tendencies, and the improvement of both the respective website and the services provided by the Company, as well as the information published on the website. Furthermore, cookies allow the Company to process anonymised personal data.
- In case a website visitor does not consent to cookies being installed on his/her computer or other device, he/she may change the settings of his/her internet browser and disable all cookies, or enable/disable them one by one. However, the Company would like to note that in some cases this may slow down the browsing process, restrict the operation of some of the functions on the website, or block access to some of the pages thereof. For more detailed information on the cookies used on the Company website, please visit orgor google.com/privacy_ads.html.
Final provisions
- The present Policy shall be subject to the laws of the Republic of Lithuania and the European Union.
- Since the Company shall reserve the right to amend the present Policy, we hereby request our clients to periodically check for any potential amendments to the Policy and become acquainted with the amended or updated provisions thereof.
We wish you happy browsing on our website!