University
Community
International Students
Studies
Research and Innovation
For Business
Faculties
Back

Privacy Policy

The Personal Data Protection Policy of Vilnius Gediminas Technical University (VILNIUS TECH) sets out the main guidelines and provisions that VILNIUS TECH follows when processing personal data entrusted to it or otherwise collected about natural persons.

  • General Provisions

    The following terms are used in the Personal Data Protection Policy:

    Personal data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    Category of personal data – a group of personal data processed for a specific legal basis and purposes.

    Processing of personal data – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    Data controller – VILNIUS TECH, which alone or jointly with others determines the purposes and means of the processing of personal data.

    Data processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

    When processing personal data, VILNIUS TECH adheres to the following principles of personal data processing:

    • Personal data are processed lawfully, fairly and in a transparent manner in relation to the data subject. They are collected for specified, explicit and legitimate purposes and are not further processed in a manner that is incompatible with those purposes.
    • Personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimisation).
    • Personal data are accurate and, where necessary, kept up to date. All reasonable steps are taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy).
    • Personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods if the personal data are processed only with the application of appropriate technical and organisational measures required to safeguard the rights and freedoms of the data subject (principle of storage limitation).
    • Personal data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of integrity and confidentiality).
    • The data controller is responsible for compliance with the above principles and must be able to demonstrate compliance with them (principle of accountability).

  • What personal data do we collect and for what purposes?

    VILNIUS TECH processes personal data in accordance with the requirements of the law, on the basis of employment, study, commissioned work and other contracts.

    VILNIUS TECH collects and processes the following personal data of data subjects, provided in accordance with the law and on the basis of contractual and other legal relations:

    • Basic personal data, such as name, surname, personal identification number, date of birth, telephone number, email address, address. Data related to economic activity, such as place(s) of employment and its contact details, position held, functions performed. Documents confirming qualifications and experience, such as diplomas, qualification certificates, statements, extracts from employment or study history, grades. Data on marital status. Financial data, such as bank account number, amount of salary and other payments, data on scholarships, pension accumulation.
    • VILNIUS TECH may also collect personal data of the data subject for public procurement procedures if the person is connected with legal entities (for example, if the data subject is a manager, member of a management body, or representative acting under a power of attorney of a legal entity).

    To assess a person’s qualifications and competence related to studies or employment, VILNIUS TECH collects information and documents that prove and confirm education, qualifications and professional development, completed tasks, performed work, published works, submitted recommendations, data on current positions, and study results.

    Under the Republic of Lithuania Law on Science and Studies, the relationship between a student and a higher education institution is formalised by a study contract. For this purpose, the following identity data of the person concluding the study contract are collected:

    • When a natural person concludes a study contract with VILNIUS TECH, we request personal data necessary for concluding the study contract (for example: name, surname, personal identification number, date of birth, education, identity document details, citizenship, contact information). These personal data are obtained directly from the data subject and from the Lithuanian Higher Education Association Information System for Joint Admissions.
    • Standard conditions of the study contract are set by the Minister of Education and Science, taking into account proposals from the Conference of Rectors of Lithuanian Universities and the Lithuanian National Union of Student Representations (unions).
    • Data related to visits to the VILNIUS TECH website are collected for the following purposes:
      • to evaluate the characteristics of the use of services and information provided;
      • to improve service quality by collecting website visit statistics.
    • To ensure the safety of employees, students, visitors and premises, video surveillance is carried out in VILNIUS TECH premises. Therefore, video data collected during visits to our premises are processed.
    • For the implementation of scientific projects and to obtain new scientific knowledge, personal data protected by pseudonymisation are processed for research purposes with the consent of natural persons. These include data such as gender, age and health data (for example, key indicators of the body’s condition: height, weight, measurement/test data and results carried out according to the biomedical research protocol).
    • With the consent of natural persons obtained in accordance with the procedure established by legal acts, VILNIUS TECH may process other personal data (for example, during study fairs, for graduates, during qualification courses, and similar situations).

  • How long do we process personal data?

    When processing personal data, VILNIUS TECH follows the principle that data are processed for no longer than is necessary for the purposes for which they are processed. The retention periods for personal data vary depending on the legal basis and purposes of processing for each category of data.

    Specific retention periods for particular personal data are communicated to data subjects:

    • in an information notice provided at the time of concluding contracts,
    • at the time the data are collected directly from the data subject, or
    • without undue delay after the data are obtained from other sources.

    Once the retention period has expired, VILNIUS TECH deletes and destroys the personal data in such a way that they cannot be restored or altered to allow re-identification of the specific natural person.

  • To whom may the personal data processed by us be disclosed?

    Personal data processed by VILNIUS TECH may be disclosed to persons whom we engage to fulfil contracts with data subjects.

    In general, data are managed and processed with the assistance of the Lithuanian Higher Education Association Information System for Joint Admissions, student registers, teacher registers, and the Research Council of Lithuania. In such cases, VILNIUS TECH discloses only the amount of personal data that is strictly necessary for the provision of the specific service (or performance of the specific tasks).

    In accordance with the procedure laid down by legal acts, VILNIUS TECH may be required to disclose data to competent authorities or institutions (for example, to the police or courts).

  • How do we ensure the security of the personal data we process?

    To protect the personal data we process from loss, unauthorised use or unlawful alteration, VILNIUS TECH has implemented appropriate organisational and technical measures.

  • Data Subjects’ Rights

    VILNIUS TECH undertakes to respect the rights of data subjects as set out in the General Data Protection Regulation (GDPR). These rights include:

    • the right to be informed about the processing of personal data (right to be informed);
    • the right to access personal data and information about how they are processed (right of access);
    • the right to request rectification of inaccurate personal data, or to have incomplete personal data completed, taking into account the purposes of processing (right to rectification);
    • the right to request erasure of personal data or the restriction of processing (except for storage) (right to erasure and the right to be forgotten);
    • the right to request restriction of processing of personal data;
    • the right to data portability;
    • the right to object to the processing of personal data when the processing is based on consent;
    • other rights provided for by the legal acts applicable to personal data processing.

    Data subjects may submit any request related to the processing of their personal data:

    VILNIUS TECH undertakes to respond to all requests concerning the processing of personal data within one month of receipt, in accordance with the procedure laid down in the General Data Protection Regulation.

  • Final Provisions

    The legal relations related to this Personal Data Protection Policy are governed by the laws of the Republic of Lithuania.

    VILNIUS TECH reserves the right to amend this Personal Data Protection Policy in part or in full.

  • Rules for the Exercise of Data Subjects’ Rights

    The Rules for the Exercise of Data Subjects’ Rights at Vilnius Gediminas Technical University (hereinafter – the Rules) aim to establish the procedure for exercising the rights of data subjects at Vilnius Gediminas Technical University (hereinafter – VILNIUS TECH) in order to ensure compliance with the principle of accountability.

    The full document and the application form for exercising data subject rights can be downloaded here:

    Rules for the Exercise of Data Subjects’ Rights
    Application for the Exercise of Data Subject Rights

  • Employees’ Personal Data Retention Policy

    Employees’ Personal Data Retention Policy

  • Personal Data Processing Rules

    Personal Data Processing Rules

  • Contacts

    Data Protection Officer