Privacy Policy

PRIVACY POLICY

 

Data Controller

UAB Legal Balance, legal entity code 302528679, address Žalgirio st. 90, Vilnius, telephone number 8 700 80072, e-mail address info@legalbalance.lt, website www.legalbalance.lt.

 

1.   TERMS USED

1.1. Personal Data shall mean any information relating to a natural person, i.e. a data subject, whose identity is known or can be established, directly or indirectly, by reference to data such as a personal identification number, one or more factors specific to that person, such as his/her physical, physiological, psychological, economic, cultural or social background, location data, and an online identifier.

1.2. Company shall mean UAB Legal Balance, legal entity code 302528679, address Žalgirio st. 90, Vilnius.

1.3. Data Subject shall mean a natural person who uses the Company's services or provides services/goods to the Company, or is interested in the possibility of employment with the Company, or is a representative of a legal entity, or is a person who browses the Website, or any person whose data is processed by the Company.

1.4. IP Address shall mean a unique number that identifies the computer, telephone, tablet or other device that connects to the internet. The IP address can be used to identify the country where the computer connects to the internet.

1.5. Privacy Policy shall mean this document, which sets out the basic rules for the collection, storage, processing and retention of Personal Data applicable when visiting the Website, as well as the rights of Data Subjects and the procedures for their implementation applicable to the Company.

1.6. Self-Service Area shall mean an account of the Company's customers (natural persons or legal entities) on the Website, where the customers are given the opportunity to submit debts to the Company for collection or to collect them, to provide the Company with additional information and documents, and to provide the Company with the reports on the collection actions and results, as well as other information.

1.7. Debtor shall mean a natural person or legal entity who has a valid monetary obligation under the legislation of the Republic of Lithuania to the Company's customer or to the Company.

1.8. Debtor ID shall mean a unique identification number assigned to each Debtor.

1.9. Cookies shall mean small files placed on a computer, telephone, tablet or other device used by any person visiting the Website, which the Website uses to identify the device. This shall include not only cookies, but also the use of similar types of tools.

1.10. Website shall mean the website operated by the Company www.legalbalance.lt.

1.11. Regulation shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

2.   GENERAL PROVISIONS

 

2.1. In this Privacy Policy, we shall provide you with information about how the Company processes Personal Data of visitors to the Website, potential employees (candidates), customers, Debtors and other data subjects. Additional information may be contained in assignment of claims, service and other agreements that you enter into with the Company.

2.2. This Privacy Policy shall not address the Company's processing of Personal Data when you visit other websites of the Company, or when you use services published by the Company on or through other websites. If you visit other websites of the Company, or use services published or provided by the Company on such websites, your Personal Data shall be processed in accordance with the information provided on those websites. In such a case, please have a good look at the Privacy Policies posted on other websites of the Company.

2.3. The processing of personal data in the Company shall be governed by the Regulation, the Republic of Lithuania Law on Legal Protection of Personal Data and other legal acts, as well as the local acts of the Company.

 

3.   PRINCIPLES OF PERSONAL DATA PROCESSING

 

3.1. The scope of personal data processed depends on the services requested or used by the Data Subject and the information provided by the Data Subject when requesting and/or using the services, visiting the Website, or submitting his/her data for the purposes of employment with the Company.

3.2. The processing of personal data shall be carried out only under one of the criteria for lawful processing, e.g. to ensure the provision of the services published on the Company's websites; with the consent of the individual; where the Company is obliged to process personal data by the relevant legislation; where the processing of personal data is necessary for the purposes of the legitimate interest of the Company or of the legitimate interest of a third party, including creditors.

3.3. We aim to process Personal Data accurately, fairly and lawfully, and to process it only for the purposes for which it is collected, in accordance with the clear and transparent principles and requirements for the processing of personal data as set out in law.

3.4. You are not obliged to provide any Personal Data, but it is possible that certain services may not be provided unless Personal Data is provided.

 

4.   EXTENT, PURPOSES, GROUNDS FOR PROCESSING PERSONAL DATA

 

4.1. Conclusion and Execution of Contracts with Customers

4.1.1. In order to conclude and execute assignment of claims and legal services agreements, we shall process the following personal data of our customers who are natural persons: name, surname, personal identification number, address of place of residence, contact information (e-mail, telephone number), bank account number, other information provided by the customer in order to receive legal services.

4.1.2. In order to conclude and execute assignment of claims and legal services agreements with our customers which are legal entities, we shall process the following personal data of the representatives of our customers which are legal entities: name, surname, position, basis of representation, documents confirming the right to represent the customer.

4.1.3. In order to administer customer accounts in the Self-Service Area, we shall process the following customer data: e-mail address, password.

4.1.4. Sources of personal data: data subject, customers which are legal entities.

4.1.5. Legal basis: processing is necessary for the performance of a contract or to take action at the request of the data subject prior to the conclusion of a contract (Article 6(1)(b) of the Regulation); processing is necessary for the purposes of the legitimate interests of the Company in concluding a contract with a customer which is a legal entity (Article 6(1)(f) of the Regulation).

4.1.6. Retention period: the data shall be processed for as long as the contract for the provision of services or the assignment of claims concluded with the customer is valid, after which the data shall be retained for a period of 10 (ten) years for the purpose of asserting, exercising or defending the Company's legal claims as well as for the purpose of fulfilling the Company's obligation to archive the documents in accordance with the legal provisions.

4.1.7. Customers shall be obliged to protect their password and login to the Self-Service Area and not to disclose their login to the Self-Service Area to any third party. We shall not be liable if the Customer's data is unlawfully altered, disclosed, destroyed, or the Customer's identity is stolen or otherwise fraudulently used in connection with the use of the Customer's login credentials, whether due to the fault or negligence of the Customer.

 

4.2. Assessment of the Collection of a Debt for the Purpose of Concluding a Claim Assignment Agreement

4.2.1. In order to conclude a claim assignment agreement, i.e. to assess the financial capacity of the debtors who are natural persons to perform the contract from which the debt arises and to settle the debt, and to determine the commercial terms of the claim assignment agreement proposed by the Company, we shall process the following personal data of debtors: name, surname, personal identification number, date of birth, address of declared place of residence, address, telephone number, e-mail address, workplace data, marital status, assets owned and subject to seizures, amount of the debt, status, nature, date of indebtedness, date of settlement, data from the registers, credit history from the database of UAB Creditinfo Lietuva, documents confirming that the debt has arisen, legal basis from which the obligation to pay has arisen, number of registered obligations to the creditors, amount, time of repayment. If the debtor is a legal entity, we shall process the following personal data about the manager of the legal entity for the purpose indicated: name, surname, personal identification number/date of birth, address of the place of residence.

4.2.2. Sources of personal data: the original creditor, bailiffs, SE Centre of Registers, companies managing debtor databases.

4.2.3. Legal basis: the processing is necessary for the purposes of the legitimate interests of the Company in concluding the claim assignment agreement (Article 6(1)(f) of the Regulation).

4.2.4. Retention period: Until the conclusion of the claim assignment agreement or for 2 years after the assessment of the collection of the debt unless the original creditor orders the data to be destroyed immediately.

 

4.3. Debt Collection

4.3.1. In order to collect debts which are acquired by the Company from the original creditors or which are administered by the Company on the basis of a legal services agreement, we shall process the following personal data of debtors when acting as a representative of the customer: name, surname, personal identification number/date of birth, contact information (e-mail, telephone number), residential address, documents supporting the debt, amount of the debt, circumstances and date of incurrence of the debt, fact and date of settlement of the debt or part of the debt, other data provided by the data subject himself/herself or by the data subject's creditor (customer) (e.g. social account data), workplace, marital status (spouse's name, personal identification number/date of birth, workplace, assets), assets held, number/extent of enforcement proceedings, details of the debtor's other creditors, data from registers, credit history from the UAB Creditinfo Lietuva database. If the debtor is a legal entity, we shall process the following personal data about the manager and participant of the legal entity for this purpose: name, surname, personal identification number/date of birth, residential address, contact information (e-mail, telephone number).

4.3.2. Sources of personal data: the original creditor, the customer, partners of cross-border debt collection platforms (EOS Cross-border, etc.), bailiffs, the Lithuanian Chamber of Bailiffs, SE Centre of Registers, the data subject, the judicial authorities, entities managing debtors' databases, the Authority of Audit, Accounting, Property Valuation and Insolvency Management under the Ministry of Finance of the Republic of Lithuania, the Public Register of Invalid Personal Documents, the Public Register of Wanted Persons, social networks, www.requvizitai.lt, other publicly available sources, if such data are necessary for the provision of debt collection or other services.

4.3.3. Legal basis: the processing is necessary for the purposes of the legitimate interests of the Company in the collection of debts for its own benefit or for the benefit of its customers (Article 6(1)(f) of the Regulation).

4.3.4. Retention period: 10 years after the end of the contractual relationship (after the debt has been collected or a document confirming the impossibility of collection has been drawn up), or until the customer instructs us to delete the data.

4.3.5. Data recipients: UAB Creditinfo Lietuva (for more information on the transfer of data to UAB Creditinfo Lietuva, please refer to Clause 5.5. of the Privacy Policy), bailiffs, judicial authorities, notaries, the Authority of Audit, Accounting, Property Valuation and Insolvency Management under the Ministry of Finance of the Republic of Lithuania.

 

4.4. Provision of Information to Debtors and Customers

4.4.1. In order to efficiently carry out debt collection activities, i.e. to inform the Debtors about the debt, change of creditor or other related circumstances, the Company shall inform the Debtors by mail or by using an automated texting, calling and e-mailing programme implemented in the Company's managed information systems. The Company may use a data processor for this purpose. When informing Debtors about the obligations incurred and to be repaid, we shall process the following Debtors' personal data, depending on the method of informing Debtors:

4.4.1.1. If Debtors are informed by SMS: telephone number, content of the SMS message.

4.4.1.2. If Debtors are informed by e-mail: e-mail address, content of e-mail.

4.4.1.3. If Debtors are informed by telephone call: telephone number, content of audio message.

4.4.1.4. If Debtors are informed by mail: name, surname, address.

4.4.2. Sources of personal data: original creditor, customer, data subject.

4.4.3. Legal basis: the processing is necessary for the legitimate interests of the Company to inform the Debtors of the obligations incurred and to be repaid (Article 6(1)(f) of the Regulation).

4.4.4. Retention period: 10 years after the end of the contractual relationship (after the debt has been collected or a document confirming that the debt cannot be collected has been concluded).

4.4.5. Data recipients: postal service providers.

4.4.6. For the purpose of informing debtors, the Company shall also uses an automated communication application via various online platforms such as Messenger, Viber, Whatsapp, etc., which is provided by Wingnut Labs Ltd (Webio), based in Dublin, Ireland (for more information on the processing of the data see: https://knowledge.webio.com/portal/en/kb/articles/data-processing-overview). Categories of personal data communicated to the data processor: name, surname, telephone number, amount of the debt, grounds, creditor and other information constituting personal data that may be provided or received through this communication channel.

4.4.7. For the purpose of informing debtors and customers, the Company shall also use automated SMS and e-mail sending platforms VivaSend, Omnisend, which are administered by third parties (data processors), to which the Company may transfer your e-mail addresses and the content of the information you send. Platform administrators shall ensure the use of technologies compliant with the standards in this area when providing e-mail services, and may, with the Company's permission, collect information about the date of reading the e-mail, the data subject's actions after opening the e-mail and other information. VivaSend's Privacy Policy can be found here: https://vivasend.lt/privatumo-ir-slapuku-politika/; Omnisend's Privacy Policy can be found here: https://www.omnisend.com/privacy/.

4.4.8. For the purpose of informing Debtors, the Company shall maintain unique Debtor ID numbers and enable Debtors to find out about amounts due to the Company and/or the Company's customers (debts administered by the Company) by entering the Debtor ID in the “Pay the Debt” section of the Website.

 

4.5. Implementation of the Law on International Sanctions and the “Know Your Customer” Principle

4.5.1. In order to implement the “Know Your Customer” principle and to comply with the obligations set out in the Republic of Lithuania Law on International Sanctions, we shall process the following personal data of the Customers (natural persons), the managers of the Customers (legal entities) and the final beneficiaries: name, surname, personal identification number, date of birth, nationality, country of residence, position, inclusion in the international lists of international financial sanctions, and any other personal data, which may comprise the content of the documents submitted to the Company.

4.5.2. Sources of personal data: the data subject, the Customer (legal entity), SE Centre of Registers, institutions and companies maintaining lists of sanctioned persons.

4.5.3. Legal basis: the processing of data is necessary for the purposes of the legitimate interests of the Company to know its customers and to comply with a legal obligation under Article 4(1) and (2), Article 7(1) and (2) of the Republic of Lithuania Law on International Sanctions (Article 6(1)(f) of the Regulation).

4.5.4. Retention period: the data shall be processed for as long as the contract for the provision of services or the assignment of claims concluded with the customer is valid, after which the data shall be retained for a period of 10 (ten) years for the purpose of asserting, exercising or defending the Company's legal claims as well as for the purpose of fulfilling the Company's obligation to archive the documents in accordance with the legal provisions. In the absence of a contract for the provision of services or the claim assignment agreement with the customer, the data shall be stored for a period of 5 (five) years from the moment of receipt.

4.5.5. Data recipients: Financial Crimes Investigation Service.

 

4.6. Recording Conversations

4.6.1. In order to ensure the quality of our services, to establish uniform practices, and to objectively deal with data subjects' requests or complaints, we record calls and process the following personal data of callers: telephone number, audio recording, and the metadata of the audio recording (the date of the call and the time at which the call started and ended). Before the start of the call, we shall inform you that the call is being recorded. By continuing the call, you consent to the recording of the call. If you do not agree to the interview being recorded, you are welcome to come to the Company for the interview.

4.6.2. Sources of personal data: data subject.

4.6.3. Legal basis: consent of the data subject (Article 6(1)(a) of the Regulation).

4.6.4. Retention period: for the purposes set out in this Clause, your personal data shall be processed for a period of one year from the receipt of the personal data. Where there are reasonable grounds to believe that the call recording material records the commission of a criminal offence or other unlawful acts, the necessary data from the call recording shall be transferred to secure media and retained in perpetuity for as long as there is an objective need for them to do so, even after the expiration of the term for retention of the call recordings referred to in this Clause.

4.6.5. Data recipients: courts, law enforcement and other public authorities.

4.6.6. For the purposes set out in this Clause, your personal data shall only be processed if the call takes place using telephone numbers assigned to the Company. The Company's telephone numbers shall be published on the Website.

4.6.7. In order to listen to or obtain a copy of the call recordings, please contact the Company in accordance with the procedures set out in this Privacy Policy.

 

4.7. Inquiry Administration

4.7.1. When administering inquiries submitted on the Company's Website, we shall process the following personal data of the inquirers: name, surname, contact details (telephone number, e-mail address), inquiry which may contain other personal data.

4.7.2. Sources of personal data: data subject.

4.7.3. Legal basis: processing is necessary for the legitimate interests of the Company in administering inquiries (Article 6(1)(f) of the Regulation).

4.7.4. Retention period: 10 years from the time of data collection.

 

4.8. Direct Marketing

4.8.1. For direct marketing purposes, we shall process the following customer personal data: name, surname, telephone number, e-mail address, IP address, date and time of the survey, content of the survey (if a survey is provided), e-mail readership statistics.

4.8.2. Sources of personal data: data subject.

4.8.3. Legal basis: consent of the data subject (Article 6(1)(a) of the Regulation).

4.8.4. Retention period: The data shall be processed for a period of 5 (five) years from the receipt of the Data Subject's consent or until you withdraw your consent to the processing of Personal Data. If you withdraw your consent to the processing of data for the purpose(s) set out in this Clause, only the fact of your consent shall be retained for a period of 10 (ten) years from the expiry of the consent period or the withdrawal for the purpose of asserting, exercising, or defending legal claims against the Company.

4.8.5. You shall have the right to unsubscribe from promotional communications sent by the Company at any time, and you shall have the right to object to the processing of your personal data for the purpose of direct marketing, without giving reasons for your objection. You may withdraw your consent to the processing of personal data for the purpose of direct marketing by expressing your will clearly and unambiguously in writing to an employee of the Company. You may also exercise your right to object to the processing of personal data for the purpose of direct marketing in the following ways:

4.8.5.1. by clicking on the link in each e-mail sent to you;

4.8.5.2. by contacting the Company by telephone or by e-mail at duomenys@legalbalance.lt with “Unsubscribe” in the subject field and by indicating in the letter your name, surname and the address, telephone number, e-mail address at which you do not wish to receive information.

 

4.9. Development and Maintenance of Business Relationships

4.9.1. In order to develop business relationships, we shall process the following personal data of employees and representatives of business entities (partners, suppliers, customers, potential customers): name, surname, position, contact details (telephone number, e-mail address).

4.9.2. Sources of personal data: data subject, publicly available information.

4.9.3. Legal basis: the processing is necessary for the legitimate interests of the Company in maintaining business relations (Article 6(1)(f) of the Regulation) and the data subject's consent to the sharing of his/her contacts in the business clubs/transfer of his/her contacts to third parties (Article 6(1)(a) of the Regulation).

4.9.4. Retention period: 10 years after the end of the contractual relationship or the moment of data collection (in the absence of a contract with the customer).

 

4.10. Assurance of the Functionality of the Website, Collection of Statistical Information

4.10.1. In order to improve the Website, to update marketing campaigns, to analyse and collect statistics on visitors to the Website, and to ensure the proper functioning of the functionalities of the Website, the Website shall use cookies, plug-ins and similar technologies. For this purpose, the Company shall process the following personal data of visitors to the Website: IP address, time of access to visitor accounts, Website browsing history and date. Website visitor statistics shall be analysed using Google Analytics cookies. The information collected by Google Analytics cookies about your browsing history shall be transmitted to and stored on Google servers.

4.10.2. Sources of personal data: data subject, Cookies and similar technologies.

4.10.3. Legal basis: the processing of the data is necessary for the legitimate interests of the Company to ensure the operation of the websites (on this basis, the processing of personal data collected on the basis of strictly necessary cookies is carried out) (Article 6(1)(f) of the Regulation), and the data subject's consent is required (personal data collected by means of non-essential cookies shall be processed for this purpose) (Article 6(1)(a) of the Regulation).

4.10.4. Retention period: the retention period of personal data depends on the specific cookie used to collect the personal data, but in all cases the retention period shall not exceed 2 years. The specific terms shall be set out in the Website's Cookie Policy.

 

4.11. Promotion of the Company's Visibility (Social Media Management)

4.11.1. The information you provide on social networking profiles operated by the Company (including messages, the use of the “Like” and “Follow” fields, and other communications), or that you receive when you visit the Company's accounts (including information obtained through the use of cookies used by the social networking operators), is under the control of the operator of the social networking site. We therefore recommend that you read the privacy notices of the social network operator, where you can find all the information about the categories of personal data collected, the retention periods and recipients, etc.

4.11.2. Legal basis: the processing is necessary for the legitimate interests of the Company to promote the visibility of the Company (Article 6(1)(f) of the Regulation).

4.11.3. As the administrator of your social media account, we shall choose the appropriate settings based on our target audience and our performance management and promotion objectives. The social network operator may restrict the ability of the Company to change certain essential settings by allowing the Company to create and administer a social network account, and thus we may not be able to influence what information about you is collected by the social network operator once the Company has created a social network account.

4.11.4. Any such settings may affect the processing of personal data when you use social media, visit the Company's account or read the Company's posts on a social media network. Even if you only look at our posts on Facebook, LinkedIn, Instagram or YouTube, the social network operator may receive certain personal information, such as which end device you are using, your IP address, etc.

 

4.12. Accounting for Securities (Bonds) and Collateralisation of Financial Obligations

4.12.1. In order to keep records of securities (bonds) and to ensure the fulfilment of financial obligations, we shall process the following personal data of bondholders: name, surname, personal identification number, contact details (telephone number, e-mail address), address, bank account and securities account numbers; and the following data of debtors: name, surname, personal identification number, contact details, address, amount of the debt, and any other information which may be contained in the content of the documents evidencing the right of claim.

4.12.2. Sources of personal data: data subject, central depositary, brokerage firms, original creditor.

4.12.3. Legal basis: the processing is necessary for the performance of a contract or to take action at the request of the data subject prior to the conclusion of a contract (Article 1(1)(b) of the Regulation), the processing is necessary for the purposes of the Company's legitimate interests in the keeping of securities records and the enforcement of financial obligations (Article 6(1)(f) of the Regulation).

4.12.4. Retention period: the data shall be processed for as long as the Company's financial obligations remain in force, after which the data shall be retained for a period of 10 (ten) years for the purpose of asserting, exercising or defending the Company's legal claims, and for the purpose of fulfilling the Company's statutory obligation to archive documents.

4.12.5. Data recipients: bondholder trustee, creditors, central depository, securities account managers, notaries.

 

4.13. Organisation and Conduct of Virtual Meetings

4.13.1. In order to organise and conduct conference calls, virtual meetings, videoconferences and/or webinars, the Company shall process the following personal data of the persons participating in the virtual meetings: information about the participants of the meeting (name, surname, telephone number, e-mail address, profile picture), data about the meeting (topic, description, IP addresses of the participants, information about the device's hardware, the start and end time of the videoconference), text data, voice and video recordings.

4.13.2. Legal basis for data processing: the Company's legitimate interests in ensuring the organisation and conduct of remote meetings, convenient and secure communication (Article 6(1)(f) of the Regulation) and the data subject's consent (Article 6(1)(f) of the Regulation) (in relation to the recording of virtual meetings).

4.13.3. Data retention period: one year from the date of receipt.

 

4.14. Recruitment of New Employees

4.14.1. For the purposes of recruitment, we shall process the following personal data of candidates: name, surname, contact details (e-mail, telephone number), curriculum vitae (CV), its annexes and any personal data contained therein at the initiative of the data subject.

4.14.2. Sources of Personal Data: Data subject, job portals.

4.14.3. Legal basis: consent of the data subject (Article 6(1)(a) of the Regulation).

4.14.4. Retention period: until the end of the selection, or for 1 year after the end of the selection (with the candidate's consent), or until the candidate's employment contract is concluded.

 

4.15. Technical Log Entries

4.15.1. In the information systems managed by the Company, the Company shall record and maintain technical logs of service providers in order to ensure security requirements, to identify and monitor and track users' actions related to the processing of personal data, and to ensure accountability.

4.15.2. The following records of accesses to personal data shall be recorded: the identifier of the access, date, time, duration, the result of the access (successful, unsuccessful), the files accessed, and the actions carried out on the personal data (entry, review, modification, deletion, and any other personal data processing actions).

4.15.3. Technical logs shall be kept for 3 years.

4.15.4. Basis for data processing: processing is necessary for the legitimate interests of the Company to ensure the security of information (Article 6(1)(f) of the Regulation).

 

4.16. The Company may process your personal data for other purposes in accordance with the requirements of the Regulation and the Republic of Lithuania Law on Legal Protection of Personal Data.

 

5.   DATA RECIPIENTS AND DATA PROCESSORS

5.1. The Company undertakes to respect the duty of confidentiality towards data subjects. Personal Data may be disclosed to third parties only if it is necessary for entering into and performance of a contract for the benefit of the data subject, for the performance of a legal obligation to which the Company is subject, for the protection of the Company's or a third party's legitimate interests, or for other legitimate reasons.

5.2. Without prejudice to the data recipients set out in Section 4 of the Privacy Policy, we may also provide your personal data to the following recipients:

5.2.1. public bodies and institutions, and other persons exercising functions assigned to them by law (e.g. law enforcement authorities, bailiffs, notaries, tax administration, supervisory authorities, financial crime investigation authorities);

5.2.2. creditors;

5.2.3. chartered accountants, legal and financial advisers;

5.2.4. companies within the group to which the Company belongs;

5.2.5. the legal entities you represent.

5.3. The data may be processed by data processors providing the Company with cross-border collection services (EOS Cross-border platform, etc.), accounting, data centre and/or server rental, IT maintenance, external auditing, security, legal, postal, data protection officer and other services.

5.4. Data processors shall have the right to process personal data only on the instructions of the Company and only to the extent necessary for the proper performance of their obligations under the data processing agreement. The Company, with the help of processors, seeks their confirmation that the processors have implemented appropriate organizational and technical security measures and will maintain the confidentiality of personal data.

5.5. If the data subject is more than 30 days late in performing his/her obligations, on the basis of a legitimate interest in the collection of debts, the Company shall transfer information about your personal identity, contact details and credit history, i.e. financial and property obligations and their fulfilment, debts and their payment, to the credit bureau UAB Creditinfo Lietuva (company code: 111689163, address: A. Goštauto st. 40A, LT 03163 Vilnius, Lithuania, www.manocreditinfo.lt, tel. No.: (+370 5) 2394149). The Credit Bureau shall process and provide to third parties (financial institutions, telecommunication companies, insurance companies, electricity and utility providers, trading companies, etc.) your personal data received from the Company in order to pursue its legitimate interests and purposes of assessing your creditworthiness and managing your debts. Creditworthiness assessment shall involve an automated assessment of a person's characteristics (profiling), which may adversely affect your ability to transact in the future. Automated assessment helps to ensure responsible lending and the legitimate interests of creditors by assessing information provided by the individual, credit history, public information, etc. Automated assessment methods shall be regularly reviewed to ensure their fairness, transparency, efficiency and impartiality. Credit history data shall be processed for 10 years after the fulfilment of obligations. You may access your credit history by contacting the Credit Bureau UAB Creditinfo Lietuva directly. You shall also have the right to request rectification or erasure or restriction of data processing, and the right to object to the processing of your personal data, to request human intervention and participation in automated decision-making, to express your point of view and contest the decision, as well as the right to data portability in the cases provided by law. You can find out more about the implementation and restrictions of these rights, automatic assessment of properties (profiling) at www.manocreditinfo.lt.

 

6.   PROFILING AND AUTOMATED DECISION MAKING

6.1. We are committed to protecting your privacy and ensuring transparency in our data processing practices. We would like to inform you that we do not carry out profiling or automated decision-making processes that may have a significant impact on your rights, interests or otherwise have a significant effect on you.

 

7.   TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA

7.1. Your data may be transferred outside the EU/EEA, subject to the signing of agreements with the recipients that comply with European Union law.

7.2. Data may be transferred outside the EU/EEA where the transfer is necessary for the conclusion and performance of contracts and the proper provision of services to the Company's customers. In such a case, the Company shall take steps to ensure that any transfer of personal data outside the EU/EEA is properly executed and that the privacy rights of data subjects are maximally protected.

7.3. When transferring personal data outside the EU/EEA, the Company shall be guided by:

7.3.1. Decision on the eligibility of the foreign country taken by the European Commission;

7.3.2. Certification mechanism approved in a foreign country;

7.3.3. Decision adopted by the European Commission on standard contractual clauses.

7.4. The third country outside the EU/EEA in which the recipient of the personal data is located shall be required by a decision of the European Commission to ensure an adequate level of protection of personal data.

 

8.   RIGHTS OF DATA SUBJECTS

8.1. Each data subject has the following rights:

8.1.1. the right to know about the processing of your personal data;

8.1.2. the right to have access to your personal data and how they are processed;

8.1.3. the right to have your personal data rectified, erased or to restrict the processing of your personal domains;

8.1.4. the right to object to the processing of your personal data, unless the processing is carried out for the purposes of a legitimate interest pursued by the data controller or by a third party to whom the personal data are disclosed and the interests of the data subject are not overriding;

8.1.5. the right to have the Personal Data provided erased or to restrict the processing of Personal Data;

8.1.6. the right to have Personal Data, if processed by automated means, transmitted by the data controller to another data controller where this is technically feasible (data portability);

8.1.7. the right to object to automated data processing, including profiling;

8.1.8. the right to object to the processing of Personal Data for direct marketing purposes;

8.1.9. the right to withdraw your consent to data processing;

8.1.10. the right to lodge a complaint with the State Data Protection Inspectorate regarding the processing of Personal Data.

8.2. The data subject shall have the right to request the exercise of the data subject's rights orally or in writing, in person, by post or by electronic means. If the exercise of the data subject's rights is requested in writing by post, a copy of the person's personal identity document must be submitted with the request. If the data subject's personal data, such as name and surname, have changed, they shall be accompanied by a copy of the documents confirming the change in those data. In the case of a request submitted by electronic means, the request must be signed with a qualified electronic signature or must be made by electronic means which guarantee the integrity and the unalterability of the text.

8.3. The request for the exercise of the data subject's rights must be legible, signed by the data subject, and contain the data subject's name, surname, address and/or other contact details for the purpose of contacting the data subject or for the purpose of obtaining a response regarding the exercise of the data subject's rights.

8.4. The data subject may exercise his/her rights himself/herself or through a representative. In the request, the person's representative shall indicate his/her name, surname, address and/or other contact details for communication, by which the person's representative wishes to receive a reply, as well as the name of the represented person and any other data necessary for the proper identification of the data subject, and shall provide the document confirming the representation, or a copy thereof. In case of doubt as to the identity or data of the data subject, the Company shall request additional information necessary to verify it.

8.5. If the data subject does not apply in accordance with the procedure set out in this Chapter, the data subject shall be informed of the deficiencies at the latest within 7 calendar days of receipt of the application. The data subject's request shall not be considered if the data subject fails to rectify the deficiencies identified or fails to inform the Company of the reasons why the deficiencies identified cannot be rectified. In the event of objective circumstances which prevent the data subject from rectifying the deficiencies identified, the Company may, after assessing them, accept the data subject's request and process it. If the data subject applies in writing without complying with the form of the request established by the Company, this shall not be considered a deficiency in the data subject's request.

8.6. Upon receipt of the request, we shall provide a response no later than within 30 calendar days from the date of receipt of the request. In exceptional cases, this period may be extended by a further 30 (thirty) days upon notice to you.

8.7. The Company, acting as Data Controller, shall have the right to reasonably refuse to exercise your rights on the grounds set out in the Regulation.

8.8. You shall be provided with information about the processing of your data, the lawfulness and fairness of the processing shall be verified, the processing shall be terminated, and the data shall be deleted free of charge. Information shall be provided in Lithuanian.

8.9. You may submit your request by e-mail to duomenys@legalbalance.lt, by mail or by coming to the office at Žalgirio st. 90, LT-09303 Vilnius. In order to ensure the confidentiality enshrined in Article 38(5) of the Regulation, correspondence addressed to the Data Protection Officer by mail shall be marked on the envelope as addressed to the Data Protection Officer.

 

9.   DATA PROTECTION OFFICER

9.1. The Company has an appointed Data Protection Officer.

9.2. If you would like to clarify, find out how the Company processes your personal data, or if you intend to exercise your rights as a data subject, please contact the Company's designated Data Protection Officer by e-mail: duomenys@legalbalance.lt.

 

10. FINAL PROVISIONS

10.1. The law of the Republic of Lithuania shall apply to the enforcement and interpretation of the provisions of the Privacy Policy.

10.2. We may amend our Privacy Policy at any time. Any amendments to the Privacy Policy shall be posted on the Website. Amendments and/or supplements to the Privacy Policy shall come into force after their publication on the Website.

10.3. We recommend that you regularly review our Privacy Policy.