Private company limited by shares (Lith. UAB) “OQEMA” (Legal entity’s code No.: 166102551)
APPROVED by the Order No.: 2018/10 dated 26 October 2018 of the Managing Director of UAB “OQEMA”
collected and processed, explain for how long they are stored, to whom they are provided and transferred, what kind of rights do the data subjects have and where to apply regarding the implementation of such rights or regarding other issues associated with personal data processing.
Personal data is processed by following the requirements of General Data Protection
Regulation (EU) 2016/679 (hereinafter – the Regulation), Law on Legal Protection of Personal Data of the Republic of Lithuania and other statutes of law, which regulate personal data protection.
UAB “OQEMA” follows these main data processing principles:
+ Personal data is collected only for clearly defined and legal purposes
+ Personal data is processed legally and honestly
+ Personal data is continuously updated
+ Personal data is securely stored and for no longer than it is required by the established
data processing purposes or statutes of law
+ Personal data is being processed only by the employees of the Company, who have
this right in accordance to their work duties or by properly authorized data processors
1.1. Data Controller – UAB „OQEMA“ (hereinafter – the Company), legal entity’s code:
166102551, head office address: Veiverių 139 (3rd floor), LT-46389, Kaunas, Lithuania.
1.2. Data Subject – any natural person, whose data is processed by the Company. Data
controller collects only that data of the Data Subject, which is necessary in order to carry-out the activities of the Company and/or consulting, using or browsing the Company’s website (hereinafter – the Website). The Company ensures that the collected and processed personal data will be safe and used only for a specific purpose.
1.3. Personal Data – any information, which is directly or indirectly associated with the data subject, whose identity is known or can be directly or indirectly determined by using specific data. Personal Data processing is any operation conducted with Personal Data (including, collecting, recording, storage, editing, amending, granting access, submission of queries, transferring, archiving etc.).
1.4. Consent – any confirmation, which is given by free will and consciously, by which the Data Subject agrees that his/her Personal Data would be processed for a specific purpose.
2.1. Personal Data is submitted by the Data Subject himself/herself. Data Subject contacts
the Company, uses its services, leaves comments, gives questions and applies to the Company with
a request to provide information, etc.
2.2. Personal Data is received when Data Subject visits the Website. Data Subject fills-out
the forms or for any reason leaves his/her contact data, etc.
2.3. Personal Data is received from other sources. Data is received from other institutions
or companies, publicly accessible registers, etc.
3.1. When submitting Personal Data to the Company the Data Subject consents that the
Company would use the collected data in order to carry out its obligations to the Data Subject and provide services, which he/she expects.
3.2. The Company processes Personal Data for the following purposes:
3.2.1. In order to conclude and execute the provided and/or received services or
agreements with the Data Subject; retention of contacts by ensuring the possibility to have contact with them; tax accounting and control of contributions. For this purpose, the following data is processed:
3.2.2. In order to control indebtedness. For this purpose, the following data is processed:
3.2.3. In order to administrate the database of curriculum vitae (CV) of the candidates to
a workplace. For this purpose, the following data is processed:
3.2.4. In order to ensure the safety of the employees of the Company, other Data Subjects and assets (video monitoring). For this purpose, the following data is processed:
3.2.5. For other purposes, by which the Company has the right to process Personal Data of the Data Subject when the Data Subject gave his/hers Consent, when the data must be processed due to the lawful interest of the Company or when respective statutes of law obligate the Company to process Personal Data.
4.1. The Company undertakes to adhere to the obligation of confidentiality with respect to the Data Subject. Personal Data may be disclosed to third parties only in case when this is needed to conclude and execute an agreement for the benefit of the Data Subject, or for any other lawful reasons.
4.2. The Company may submit Personal Data to its data processors, which provide services to the Company and processes Personal Data in the name of the Company. Data processors have the right to process Personal Data only in accordance to the instructions of the Company and only as much as it is necessary to carryout contractual obligations. The Company uses only those data processors, who sufficiently ensure that proper technical and organization means will be implemented in such a way that the data processing would conform to the requirements of the Regulation and the protection of rights of the Data Subject would be ensured.
4.3. The Company also may submit Personal Data when answering the queries of the court or governmental institutions as much as it is necessary to properly carryout the instructions of governmental institutions or the requirements of the statutes of law.
4.4. The Company guarantees that Personal Data will not be sold or leased to any third
5.1. Persons younger than 14 cannot submit any Personal Data via the Website. If the person is younger than 14 and wants to use the Company’s services, prior to submitting personal information he/she must acquire a written consent from one of his/hers representatives (father, mother, guardian) regarding processing of Personal Data.
6.1. The Personal Data collected by the Company are stored in printed documents and/or information systems of the Company. Personal Data is processed for no longer, than it is necessary to achieve the purposes of data processing or no longer, than it is required by the Data Subjects and/or envisaged in the statues of law.
6.2. Even though the Data Subject may terminate the agreement and refuse Company’s
services, however, the Company must retain Data Subject’s data due to the possible demands or legal claims, which might arise later in the future, until the data retention terms end.
7.1. The right to receive information about data processing.
7.2. The right to get familiar with the processed data.
7.3. The right to demand to correct the data.
7.4. The right to demand to delete the data (“The right to be forgotten”). This right is not
applied, if Personal Data, which is requested to be deleted, is processed on another legal basis, such as in case the processing is necessary for the execution of the agreement or the fulfillment of obligation in accordance to the statutes of law.
7.5. The right to limit data processing.
7.6. The right to object to the processing of data.
7.7. The right to a transferability of data. The right of transferability of data cannot
negatively affect the rights and freedoms of other persons. The Data Subject does not have the right to the transferability of data regarding the data, which is processed non-automatically in structured mediums, for example, paper files.
7.8. The right to demand that a solution based on only automated data processing,
including profiling, would not be applied.
7.9. The right to submit a complaint to the State Data Protection Inspectorate regarding
the processing of Personal Data.
9.1. The Data Subject may address the Company regarding the implementation of his/her rights:
9.1.1. By submitting a written request personally, by mail, through a representative or via
means of electronic communication – e-mail: email@example.com;
9.1.2. Orally – by phone: +370 37 308408;
9.1.3. In writing – at the address: Veiverių St. 139 (III floor) LT-46389 Kaunas (Lithuania).
9.2. In order to protect the data against unlawful disclosure, the Company after receiving the request of the Data Subject to submit the data or implement other rights, must check the identity of the Data Subject.
9.3. The Company submits its answer to the Data Subject no later than within 1 month from the day of receipt of the request of the Data Subject, having regard to the specific circumstances of processing of Personal Data. If needed, this period may be extended for another 2 months, having regard to the complexity or quantity of requests.
10.1. The Data Subject must:
10.1.1. Inform the Company about the changes in the submitted information and data. It is important for the Company to have correct and valid information of the Data Subject;
10.1.2. Submit the necessary information that in the event of the Data Subject’s request the Company would be able to identify the Data Subject and ascertain that it communicates or cooperates with a specific Data Subject (submit a document confirming the person’s identity or in accordance to the procedure established in the statutes of law by means of electronic communication, which would allow to properly identity the Data Subject). This is necessary for the protection of the data of the Data Subject or other persons, that the disclosed information about the Data Subject would be submitted only to the Data Subject, without infringing the rights of other persons.