Data Protection Policy

The terms used in the Data Protection Policy:

Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data category means a group of personal data that is processed on an appropriate basis and for appropriate purposes. 

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller means VILNIUS TECH, which, alone or jointly with others, determines the purposes and means of data processing.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

In controlling personal data, VILNIUS TECH shall be guided by the following principles of personal data processing:

Personal data shall be processed in accordance with the principles of lawfulness, fairness and transparency, shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a way incompatible with those purposes.

Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (the data minimization principle).

Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (the accuracy principle).

Personal data must be kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely subject to implementation of the appropriate technical and organisational measures required in order to safeguard the rights and freedoms of the data subject (the storage limitation principle).

Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (the integrity and confidentiality principle).

The controller shall be responsible for complying with the above principles and must be able to demonstrate that they are being complied with (the accountability principle).
 

In VILNIUS TECH, personal data is processed in accordance with laws, on the basis of employment contracts, study agreements, outsourcing and other contracts.

VILNIUS TECH collects and processes the following personal data of data subjects, presented under the procedure set by laws on the basis of contractual and other legal relationships:

• basic personal data, such as first name, surname, personal identification number, date of birth, telephone number, e-mail address, address; data of economic activities, such as the name of the employer(s) and its (their) contact data, job title, responsibilities; documents confirming qualification and experience, such as diplomas, qualification certificates, certifications, extracts from one’s working or studying history, grades; data about the family status; financial data, such as bank account number, amounts of salary and other payments, data about scholarships, pension accumulation data;
• VILNIUS TECH can also collect data subject’s personal data for public procurement procedures if he/she is related to legal entities, for example, if the data subject is the head of a legal entity, a member of its management body, representative acting pursuant to a power of attorney.

In order to assess a person’s qualification and competences related to his/her studies or working career, VILNIUS TECH collects information and documents proving and confirming a person’s education, qualification and its improvement, tasks performed, work carried out, issued publications, presented letters of recommendation, data about one’s current job title, studying results.

According to the Law of the Republic of Lithuania on Higher Education and Research, the relations between a student and a higher education institution are formalized by a study agreement, for this purpose the identity data of the person concluding a study agreement is collected:

• In case when a natural person makes an agreement with VILNIUS TECH on the basis of studies, we request to provide the following personal data, which is necessary for the conclusion of the study agreement (e.g. first name, surname, personal identification number, date of birth, education, personal identity document data, citizenship, contact information), personal data is obtained directly from the data subject and from the system of the Association of the Lithuanian Higher Education Institutions for the Organisation of the General Admission . 
• The standard terms and conditions of the study agreement are set by the Minister of Education and Science, having assessed the proposals of the Lithuanian University Rectors’ Conference and the union(s) of representations for students of Lithuanian higher education institutions.

Data related to visiting the VILNIUS TECH website is collected for the following purposes:

• to assess the peculiarities of our services and use of information;
• for the improvement of the quality of services, Internet traffic statistics is collected.

In order to ensure the safety of employees, students, visitors and premises, video surveillance is carried out at VILNIUS TECH premises, therefore we process image data collected when people visit our premises.

Upon receipt of a consent of natural persons in accordance with the procedure established by law, we may process other personal data (for example, collected at the time of the study fair, from graduates, during qualification courses, etc.).
 

When processing personal data, we follow the principle that data is to be processed for no longer than necessary for the purposes for which it is processed. Data storage periods vary depending on the bases and purposes of processing data of different categories. Specific time limits for the storage of specific personal data are indicated to data subjects in the form of an information notice at the time of conclusion of contracts and agreements, during the collection of that data from them or without undue delay after receiving data from other sources.

Upon expiration of the data storage periods, we will erase and destroy the data so that it cannot be reproduced or modified in such a way that it could be linked to a particular natural person.
 

Personal data processed by VILNIUS TECH may be disclosed to persons involved by us for the performance of contracts and agreements with data subjects. Data is in general controlled and processed with the help of the system of the Association of the Lithuanian Higher Education Institutions for the Organisation of the General Admission , student registers, registers of teachers, and the Research Council of Lithuania. In this case, we will only disclose as much personal data as it will be necessary for provision (performance) of a particular service (work).

In accordance with the law, we may be required to disclose data to competent authorities or bodies (e.g. police, courts).
 

In order to protect the data we process from loss, unauthorized use or unlawful modification, VGTU implemented the appropriate organizational and technical measures. 

VILNIUS TECH undertakes to respect the data subjects’ rights set forth in the General Data Protection Regulation, which are as follows:

• to know (be informed) about processing of one’s data (the right to know);
• to get access to one’s data and to know how it is processed (the right of access);
• to request rectification or, in view of the personal data processing purposes, to supplement the incomplete personal data of a person (the right to rectify);
• to request the destruction of one’s personal data or the suspension of its processing actions (except for storage) (the right to destroy and the right “to be forgotten”);
• to require the processing of personal data to be restricted;
• to transmit data;
• to object to personal data processing when processing is based on the consent of a data subject;
• other rights set by legal acts applicable to the processing of personal data.

Any request in connection with the processing of personal data may be submitted by a data subject to us by e-mail crypt:PGEgaHJlZj0ibWFpbHRvOmRhcEB2aWxuaXVzdGVjaC5sdCIgc3R5bGU9ImNvbG9yOiMwNTYzYzE7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmUiPmRhcEB2aWxuaXVzdGVjaC5sdDwvYT4=:xx or by post at Saulėtekio al. 11, LT-10223, Vilnius, or can be made directly upon personal arrival.

VILNIUS TECH shall reply to all requests related to the processing of personal data within one month from the date of their receipt in accordance with the procedure established by the General Data Protection Regulation.
 

Legal relations related to this Data Protection Policy shall be governed by the legal acts in force in the Republic of Lithuania.

VILNIUS TECH has the right to amend or replace the Data Protection Policy.
 

Data Protection Officer  
+370 5 2512191, crypt:PGEgaHJlZj0ibWFpbHRvOmRhcEB2aWxuaXVzdGVjaC5sdCI+ZGFwQHZpbG5pdXN0ZWNoLmx0Jm5ic3A7PC9hPg==:xx