All themes

General privacy notice

1. What is contained in this Privacy Notice and for whom it is intended? 

In carrying out its activities, BALTPOOL UAB (hereinafter referred to as the “Company” or “we”) processes (collects, stores, etc.) your personal data. In processing the afore-mentioned information, the Company is guided by the General Data Protection Regulation of the European Union (hereinafter referred to as the “GDPR”) and other legislation governing the protection of personal data.

In this Privacy Notice for you, we provide basic information concerning the processing of your personal data by the Company, i.e. where we obtain your personal data and to whom we may provide it, for what purposes and on what grounds we process it, what rights you have, how you can exercise them and other relevant information. Please read this important information carefully and regularly visit our website at [insert link to the website on which the privacy notice is published] to read the latest version of the Privacy Notice.

To learn the date of the last update of the Privacy Notice, please refer to the “Date last updated.”

2. Who is responsible for the protection of your personal data?

The Company is responsible for the protection of your personal data and is the controller of the afore-mentioned data, which determines the purposes and means of processing information concerning you. The contact details of the Company as data controller are set out in paragraph 15 of this Privacy Notice.

3. Why and what personal data do we collect?

No. Why do we collect information concerning you? What information concerning you do we collect? Why do we have the right to collect the information you provide? How long do we use or store information concerning you?
1. Carrying out of security clearance on candidates applying for management positions Name, surname, position applied for, date of giving and/or withdrawing consent for security clearance, signature, personal data referred to in Article 16 of the Republic of Lithuania Law on the Prevention of Corruption of and/or Article 17 of the Republic of Lithuania Law on the Protection of Objects of Importance to Ensuring National Security (the scope of the data shall depend on the information provided by the relevant authorities to the Company).

For this purpose, special categories of personal data may also be processed if they have been provided to us by the authorities carrying out the screening of the candidate (the State Security Department of the Republic of Lithuania, the Special Investigation Service of the Republic of Lithuania, the Ministry of the Interior of the Republic of Lithuania).

We have the right to process your personal data in accordance with the legislation (Article 6(1)(c) of the GDPR).

 

We have your consent (Article 6(1)(a) of the GDPR)

a. Where the screening of a candidate provides information leading to a decision not to appoint a person to a post, the personal data will be retained for 3 months after the end of the screening.

b. Where the screening of a candidate provides information that leads to a decision to employ the person, the candidate’s personal data (obtained prior to the conclusion of the employment contract) will be kept for the duration of the employment contract and for 1 year from the termination of the employment relationship.

2. Conducting a good repute check on members of collegial bodies, the head, deputy head and heads of business units Name, surname, position held by the person, date of submission and/or revocation of the consent to the good repute check, signature, personal data pursuant to Article 12(4) of the Republic of Lithuania Law on Energy Resource Market and Article 9(4) of the Republic of Lithuania Law on Markets in Financial Instruments. We have the right to process your personal data in accordance with the legislation (Article 6(1)(c) of the GDPR).

 

We have your consent (Article 6(1)(a) of the GDPR)

The personal data obtained in the course of the good repute check in respect of the person shall be stored for the duration of the employment and/or civil contract with the company and for 1 year from the end of the relationship.

 

3. Organising and conducting public procurement Name, surname, personal identification number or date of birth, address, telephone number, position, other personal data may be possible depending on the subject-matter of the contract and the qualification requirements (criminal record check, fulfilment of tax obligations relating to the subject-matter of the contract, qualification requirements specified in the contract documents), name, surname, personal identification number or date of birth, address, telephone number of the representative of the successful supplier a copy of the certificate of individual activity, a copy of the business licence. The successful supplier may be requested to provide the following: curriculum vitae, copies of diplomas, certificates obtained, number of contracts completed, criminal record, records of settlement of accounts with the State Tax Inspectorate, the State Social Insurance Fund Board etc. We have the right to process your personal data in accordance with the legislation (Article 6(1)(c) of the GDPR) a. During the term of the contract and for 5 years from the expiry of the contract.

b. Where no contract has been concluded, 10 years from the completion of the the procurement.

4. Entering into and performance of contracts with you, and fulfilment of related tax obligations Name, surname, personal identification number or date of birth, telephone number, e-mail address, bank account number, signature, basis of representation (power of attorney, articles of association, etc.), number, term of the power of attorney, duties, settlement information, settlement period, other information relevant to the conclusion and performance of the contract, depending on the nature of the contract. We enter into and perform a contract with you (Article 6(1)(b) of the GDPR) During the term of the contract and for 5 years from the end of the contract.
5. Internal and external communications to publicise the Company’s activities In the case of media representatives, name, position, telephone number and e-mail address.

In the case of trainers, other invitees, the name and position.

If you subscribe to our newsletter, your e-mail address and, if your e-mail address consists of your first name and surname, then also your first name and surname.

We have the legitimate interest to process your personal data in order to publicise the Company’s activities (Article 6(1)(f) of the GDPR)

In case you subscribe to our newsletter, we have your consent (Article 6(1)(a) of the GDPR)

a. Media representatives (e.g. journalists in charge) – stored as long as they actually work for the media or the responsible department.

b. 5 years from the expiry of the contract.

c. 3 years from the receipt of consent or until you cancel your subscription.

6. Managing an internal whistleblowing channel (the Helpline) and conducting internal investigations on the basis of the received information If the information is not provided anonymously, the data collected shall be the name, surname, telephone number, etc. The person’s name, telephone number, personal identification number, e-mail address, the circumstances of the notification, the date of the notification, the decision to inform about the actions taken and the decisions made. We have the legitimate interest to process your personal data in order to implement prevention of fraud, corruption, and other criminal activities, infringements of the law and work duties, and other violations: to prevent certain acts, take steps to prevent certain acts in the future, etc. (Article 6(1)(f) of the GDPR)

We have the right to process your personal data in accordance with the legislation (Article 6(1)(c) of the GDPR).

a. If the received information reveals an infringement, for 5 years from the end of the investigation.

b. If the received information has not led to an infringement, 3 years from the end of the investigation.

7. Dealing with complaints, proposals or requests received from you Name, surname, email address, telephone number, signature, date of referral, referral number (registration number) and the information contained therein, the outcome of the examination, and, if the person making the request, complaint or proposal has been contacted by e-mail, the personal data recorded in the communication. We have the legitimate interest to process your personal data in order to properly examine applications, complaints or proposals submitted to the Company (Article 6(1)(f) of the GDPR) 3 years from the date of receipt of the request, complaint or proposal.
8. Seeking to ensure the efficient and secure operation of our website (use of technical cookies to support the user session) Unique identifier We have the legitimate interest to process your personal data in order to ensure the security of the IT system network and information (Article 6(1)(f) of the GDPR)

We have your consent to the processing of analytical cookies (Article 6(1)(a) of the GDPR)

Up to 2 years (details on the cookies used and their storage terms is provided in paragraph 12 of the Privacy Notice)

The Privacy Policy for Candidates of BALTPOOL UAB is available at here.

4. Where do we receive your personal data from? 

We receive most information from you, but we may also receive certain personal data from the following persons:

  • legal persons for which you work (e.g. companies of the UAB EPSO-G group) or which you represent (e.g. suppliers with which we conclude contracts).

When we receive personal data from you, please to provide only the information that is necessary to fulfil the purposes set out above. Please do not provide any other information, such as: political opinions, nationality, religion, etc. 

5. What personal data do you have to provide to us and why?

Please review paragraph 3 above: you must provide information about you that is necessary for us to be able to:

  • carry out reliability evaluation of candidates wishing to hold certain positions;
  • carry out flawless reputation checks of members of collective managing bodies, the head of administration, the deputy head of administration, and managers of structural units;
  • conclude and perform contracts with you.

Where you fail to provide the requested information, we will not be able to conclude an employment contract or other contracts with you or perform our contractual obligations.

6. Who can we transfer your personal data to?

We may transfer your personal data to our partners, service providers, as well as to the entities listed below, only to the extent necessary to achieve the purposes set out in paragraph 3 above and as permitted by the applicable law:

  • banks carrying out settlement operations;
  • courts, supervisory, law enforcement and other public authorities;
  • companies providing data centre, hosting, cloud, website administration and related services, companies that develop, support and develop software, companies that provide IT infrastructure services, companies that provide communication services.

Where we transfer personal data to other third parties as processors engaged by us, before engaging them we make sure that they have appropriate technical and organisational measures in place to ensure the secure processing of personal data and an adequate level of data protection in accordance with the applicable European Union legislation.

7. Will your personal data be transferred outside the European Economic Area?

Currently, the Company does not transfer your personal data to third countries (outside the EEA[1]). In the event that it becomes necessary

Where required by reason of provision of certain services, data may be transferred and processed outside of the said territories, provided that the adequate level of protection of personal data is ensured. Where permitted by legal acts and required due to reasons listed in paragraph 6 of this Privacy Notice, we shall disclose information about you:

  • in accordance with the European Commission decision on adequacy, which means that the European Commission has recognised the country in which the third party is established and/or carries out its activities as ensuring the adequate level of protection of personal data;
  • upon signing of an agreement with the third party in accordance with the Standard Contractual Clauses approved by the European Commission;
  • upon obtaining a permission from the State Data Protection Inspectorate;
  • using, where possible, other available personal data protection measures and in accordance with derogations.

8. How do we protect your personal data?

In order to ensure that information concerning you is protected against unauthorised access, disclosure, accidental loss, alteration or destruction, or other unauthorised processing, we have put in place and apply an appropriate level of technical and organisational data security measures to protect the security of your personal data.

9. What rights do you have?

The GDPR and other laws grant you rights, set out the cases in which you can exercise them, the procedure you must follow, and the exceptions in which cases you cannot exercise the granted rights. Where permitted by law, you have the following rights:

  • to familiarise yourself with your personal data, i.e. to receive a notice confirming whether the Company is processing your personal data and, if it is so, to request to familiarise yourself with the data being processed and related information;
  • to submit to us a request to rectify any inaccurate, incorrect personal data or to supplement them, if the data are incomplete;
  • to submit to us a request to delete your personal data that we hold, if this can be justified by one of the reasons listed in Article 17(1) of the GDPR;
  • to submit to us a request to restrict the processing of your personal data in the instances provided for in Article 18(1) of the GDPR;
  • to disagree to the use of data, where we process your data to pursue the legitimate interests of the Company and/or third parties;
  • to submit to us a request to transfer (receive) the data that you have provided to us under a contract or when granting your consent to data processing and that we process by automated means in a commonly used electronic form;
  • to disagree to fully automated decision-making, including profiling, if such decision-making may have any legal consequences or a similar significant effect for you;
  • to revoke your consent granted to us to the processing of your personal data in cases where we use your data based on your consent;
  • to file a complaint to the supervisory authority, first of all in the Member State in which your permanent residence is located or where the violation of the GDPR was committed and request judicial remedy. In the Republic of Lithuania, the supervisory authority is the State Data Protection Inspectorate (L. Sapiegos Str. 17, Vilnius; e-mail: [email protected]), but we advise you to contact us first, and we will attempt to resolve all your requests together.

10. How can you exercise your rights?

To exercise your rights as set out in paragraph 8 of the Privacy Notice, you must:

  • send a request to the Company or the Personal Data Protection Expert by e-mail to [email protected] (an application submitted by e-mail must be signed with a secure electronic signature);
  • deliver the application to the head office of the Company at Žalgirio g. 90-100, Vilnius, in person. The application must be accompanied by a personal identification document;
  • send the application to the Company or the Personal Data Protection Expert by registered mail to Žalgirio g. 90-100, Vilnius.

11. How will we inform you of amendments to this Notice?

We may update or amend this Privacy Notice at any time. Such updated or amended Privacy Notice shall be effective as of the date of making it available on our website.

If we update the Privacy Notice, we will inform you of what we consider to be material changes by publishing them on the website. You can look at the “Date Updated” date at the bottom to see when the Privacy Notice was last updated.

12. Does your website save cookies on my computer or device?

Yes, we do use cookies as specified in the table below. Cookies are small text files that are stored in the browser of your device (e.g. computer, mobile phone, tablet) when you browse websites. Other technologies, including data that we store in your browser or on your device, identifiers relating to your device, and other software may be used for similar purposes. Cookies are widely used to ensure the operation or better and more effective operation of websites.

Essential cookies are the cookies required for the appropriate operation of a website. These cookies enable the use of certain website functions, e.g. network service management (load balancing) and user setting storage. These cookies are used to ensure the technical functioning of a website.

If you disable cookies in your browser, some website functions may become partially or fully inoperative.

Cookie name Purpose Validity
PHPSESSID To support a user session Valid until the browser is switched off
pll_language Used to remember the language of the page so that the language is selected automatically on your next visit. Valid for 1 year
__cfduid Used to store settings for DataTables Valid for 24 hours.

Analytical cookies that you can manage and disable.

Cookie name Purpose Validity
_ga Used by Google Analytics application to obtain visitor traffic data, browsing time, browser Valid for 2 years
_gid Used by Google Analytics application to obtain visitor traffic, browsing time, browser Valid until the browser is switched off
1P_JAR Used for the purposes of tracking users and tailoring advertising Valid for 1 month

13. How can you manage cookies?

When you visit the website (baltpool.eu), you can choose whether you want cookies to be used. Cookies can be managed on the website and/or deleted in your browser. On the website, you can opt out of non-essential cookies the use of which is not mandatory, but in this case some of the functionalities of the website may become unavailable.

In your browser settings, you can choose which cookies you wish to accept and reject. You can delete all cookies already stored on your computer, and most browsers permit rejecting cookies. The location of these settings depends on the type of browser you use.

If you disagree to the saving of cookies on your computer or other device, you can revoke your consent to cookies at any time by changing your settings on the websites and deleting the saved cookies from your browser. If you choose to delete cookies, do not forget that all preferences will be removed. Furthermore, if you completely block cookies, most websites (including baltpool.eu) may fail to operate properly. For this reason, we advise you not to disable the essential cookies.

14. How can you remove cookies from your device?

To prevent the processing of your personal data by means of cookies, you can change your browser settings to reject cookies or delete all saved cookies.

You can change cookie settings in your browser at any time. All browsers provide an opportunity to delete cookies. More detailed instructions depend on the type of browser you use, and can be found in the preferences menu of your browser:

Further information: https://allaboutcookies.org/

We would like to note once again that removing or blocking of cookies may affect the operation of the website and certain functions of the website and also negatively affect your use of the services available on the portal.

To learn more about cookies and their management and deletion, visit the website at https://allaboutcookies.org/ and your browser help page.

15. Contact details of the controller and the Personal Data Protection Expert

If you have any questions, comments or complaints about how we collect, use and store information concerning you, or if you wish to exercise your rights as a data subject, you can contact the Company by e-mail [email protected], Žalgirio g. 90-100, Vilnius, tel. +370 5 239 3157.

Contact details of the Company’s Personal Data Protection Expert: [email protected]

                                                           This Privacy Statement has been reviewed on: 28/06/2024

[1]The EEA, or European Economic Area, is made up of the Member States of the European Union including Iceland, Norway and Liechtenstein.