3. The Company engages in project management and consultancy work, which includes the procurement of construction works, construction management, building lifecycle services, maintenance of the construction of buildings and other services. For the purpose of the provision of the aforesaid services, the Company shall process personal data in accordance with the legal bases and the data processing purposes set forth in this Policy, as well as with the legislation applicable to the Company.
4. This Policy is aimed at the persons who use or intend to use the Company’s services or visit the website www.risma.lt
Personal data processing principles
5. The Company shall process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter referred to as the “Regulation”), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legislation regulating the processing of personal data.
6. The scope of the personal data that is processed shall depend on the Company’s services ordered or used, and the information provided by the website visitor when ordering and/or using the Company’s services, visiting the website or registering thereon.
7. The Company shall be guided, inter alia, by the following basic data processing principles:
- Personal data shall only be collected for clearly defined and lawful purposes.
- Personal data shall be processed in an exclusively lawful and fair fashion.
- Personal data shall be continuously renewed.
- Personal data shall be stored securely, and only for as long as is required by the data processing purposes set forth or by the legislation.
- Personal data shall only be processed by the employees of the Company that have been granted such a right by virtue of their duties.
8. Data shall be processed by the Company only under one or several lawful processing criteria: (1) seeking to ensure the provision of services under an agreement (i.e. when seeking to fulfil an agreement or to take an action at the request of the data subject before concluding the agreement); (2) with the consent of the data subject; (3) when the processing of data is necessary for the fulfilment of a legal obligation applicable to the Company; (4) when the processing of data is necessary for carrying out a task performed in the public interest or in the exercising of the public powers assigned to the Company; and (5) when personal data needs to be processed in the legitimate interests of the Company or a third party (see Article 6(1) of the Regulation, http://www.privacy-regulation.eu/lt/6.htm).
9. When processing and storing personal data, the Company shall implement organisational and technical measures that shall ensure the protection of personal data from accidental or unlawful destruction, alteration or disclosure, as well as from any other unlawful processing. Access to the personal data processed by the Company shall only be granted to those employees of the Company and auxiliary service providers that require such access to carry out their duties and to provide services to the Company.
10. The Company’s clients or potential clients, employees and other natural persons shall be liable for ensuring that the personal data provided by them is accurate, correct and complete. In the case of a change to the personal data provided by them, they must immediately notify the Company thereof. The Company shall not be liable for any damage caused to a person and/or third parties as a result of the fact that the person has provided incorrect and/or incomplete personal data, or did not request for the data to be completed and/or altered upon a change thereof.
Personal data sources
11. Personal data shall be usually obtained directly from the data subject (the Company’s client or potential client, employees or candidates), who provides it by visiting the website, using the Company’s services, providing services to the Company, working or seeking employment with the Company
12. In the cases provided for by law, or on the basis of consent, personal data may also be obtained from third parties (e.g., temporary employment agencies, recruitment companies, public institutions and registers).
13. Although a customer shall not be required to provide any personal data to the Company, certain services may not be available to them, or they may not be able to find employment with the Company, if they fail to provide personal data.
Purposes of personal data processing
14. The Company shall process personal data for the following key purposes:
- the purposes of administration and the implementation of contractual relationships, seeking to duly fulfil its contractual obligations, as well as to maintain its relationships with suppliers, partners and customers through the development of business, the provision of services and cooperation;
- provision of the services specified on the Company’s website;
- the purposes of the Company’s internal and employee administration;
- direct marketing and marketing purposes;
- fulfilment of the requirements established by the legislation in terms of waste management and other areas, and the provision of data to public institutions (data controllers);
- for the purpose of assurance of the security of the Company’s equipment and property situated on the Company’s production premises and common areas, video surveillance cameras have been installed.
Provision of personal data and the recipients thereof
15. The Company shall be entitled to transfer the personal data of representatives of its customers and employees to third parties that need to process the customers’ personal data for the purposes specified in this Policy or the legislation.
16. The Company hereby undertakes an obligation to transfer the data of its customers to third parties only to the extent necessary, and where it is needed in order to provide the relevant services and/or to fulfil the obligations provided for in the legislation. In a case when personal data is not necessary for the provision of a specific service, it shall not be transferred. The Company shall transfer personal data to the aforesaid third parties on the basis of an agreement on the data provision or a specific legal act, in strict compliance with the legal requirements.
17. The Company hereby undertakes an obligation to comply with the confidentiality obligation with regard to the personal data of its customers, employees or potential customers. Personal data may not be disclosed to third parties unless that it is required for the conclusion and performance of an agreement for the benefit of the data subject or for other legitimate reasons.
18. The Company may provide the processed personal data to its data processors (subcontractors), which provide the Company with IT, accounting, debt collection or other ancillary services and process personal data on behalf of the Company. The data processors shall be entitled to process personal data only with accordance with the Company’s instructions and only to the extent necessary for the due performance of the obligations set forth in the agreement. The Company shall only recruit those data processors that sufficiently ensure the implementation of appropriate technical and organisational measures, in such a way that ensures the compliance of the data processing with the requirements of the Regulation and the protection of the data subject’s rights.
19. The Company may also provide customer data in response to requests from the courts, bailiffs or public institutions, to the extent necessary to duly comply with the applicable legislation and instructions of public institutions.
Processing of personal data for the purpose of direct marketing
20. For the purposes of direct marketing, the Company may process the contact data of a data subject. Consent for personal data to be used for the purposes of direct marketing shall be expressed by sending an e-mail to firstname.lastname@example.org, or by subscribing to the Company’s newsletter, subscribing to the news on the Company’s social media accounts, providing one’s consent on the Company’s website (by ticking a box), signing a questionnaire or an agreement with the Company, as well as by notifying the Company’s administration in another written manner. The consent for direct marketing shall be voluntary, it shall not be a prerequisite of a contractual relationship with the Company and it shall not affect the relationship between the data subject and the Company.
21. The Company may send notices of an informational nature provided that the person has given their consent for the Company to use their data for direct marketing, and to the Company’s customers for the marketing of similar services without their express consent if they are given a clear, free and easily implementable possibility to object to or refuse such a use of their contact data, and if they did not object to such a use of the data when sending each notice in the first place.
22. For the purposes of direct marketing, the Company may send notices by e-mail.
23. A person may withdraw their consent for the receipt of direct marketing at any time by sending a notification thereof by e-mail to email@example.com or by otherwise contacting the Company.
Retention period of personal data
24. Personal data collected by the Company shall be stored in printed documents and/or in the Company’s information systems in an electronic format. Personal data shall be processed for no longer than is necessary for the purposes of the data processing, or no longer than is required by the data subjects and/or provided for in the legislation. Generally, personal data shall be processed for a period of 10 years after the end of the contractual relationship.
25. Even though the customer may terminate the agreement, or refuse the Company’s services, the Company must retain the personal data of the customer’s representatives until the data retention terms have expired due to possible future claims or legal claims.
26. The Company shall seek to avoid retaining obsolete or unnecessary information, and to ensure that personal data and other customer information is kept up to date, correct and is destroyed in a timely manner.
Rights of the data subjects
27. The data subject shall have, inter alia, the following rights:
- To receive information about the personal data processed by the Company, from where and in what way the personal data was collected, and the basis of the processing thereof;
- To contact the Company with a request to correct their personal data, suspend the processing thereof, and destroy it if the data is incorrect, incomplete or inaccurate, or if it is no longer necessary for the purposes for which it was collected. In such a case, the data subject must submit a request, upon the receipt of which the Company shall verify the provided information and take the necessary actions. It is very important for the Company that the personal data it holds is accurate and correct;
- To contact the Company with a request to destroy their personal data or suspend the processing of such personal data, except for its storage, should the person, after becoming acquainted with their personal data, determine that the personal data is being processed in an unlawful or fraudulent manner;
- To object to the processing of their personal data when such data is processed, or is intended to be processed, for the purpose of direct marketing or for a legitimate interest pursued by the Company, or by a third party to which the personal data is provided;
- to withdraw their consent to the processing of their personal data for the purpose of direct marketing, at any moment;
- should the data subject be concerned about the Company’s actions (omissions) that may not comply with the requirements of this Policy or the legislation, they may contact the Company for free assistance.
28. A person may exercise all their rights as a data subject by contacting the Company by e-mail at firstname.lastname@example.org.
29. If the issue with the Company cannot be resolved, the customer shall have the right to appeal to the State Data Protection Inspectorate (ada.lt), which is responsible for the supervision and control of the legislation regulating personal data protection.
32. If a website visitor does not consent to the storage of cookies on their computer or other terminal device, they can change the settings of their web browser and disable all cookies, or can enable/disable them one by one. However, the Company hereby notes that in some cases, this may slow down the speed of browsing on the website, restrict some of the website’s functions, or block access to certain pages on the website. For more information about the cookies used on the Company’s website, please visit org or www.google.com/privacy_ads.html.
33. This Policy shall be regulated by the laws of the Republic of Lithuania and the European Union.
34. The Company shall reserve the right to amend this Policy; therefore, we kindly ask website visitors to periodically check for amendments to the Policy and to get acquainted with the amended or new provisions.
We wish you a pleasant browsing experience on our website!