The purpose of the Privacy policy is to inform how personal data of data subjects are collected and processed, how long they are stored, to whom they are provided, what rights the data subjects have and where to apply for their implementation, or other matters related to the processing of personal data.

Personal data are processed in accordance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.

UAB “Kilo grupė” follows the following principles of data processing:

  • personal data are processed in a lawful, fair and transparent manner (the principle of legality, integrity and transparency);
  • personal data are collected for specified, clearly defined and legitimate purposes (purpose limitation principle);
  • personal data processed must be adequate, appropriate and necessary only for the purposes for which they are processed (the data reduction principle);
  • personal data are constantly updated (principle of accuracy);
  • personal data are stored safely and for no longer than required by the data processing objectives or the legislation (principle of limitation of storage time);
  • personal data are processed only by the employees of the Company who have been given such a right in accordance with their functions or data processors who provide services to the Company and process personal data on behalf of the Company and for the benefit of the Company or the data subject (principle of integrity and confidentiality);
  • The Company is responsible for ensuring that the Company complies with the stated principles (accountability principle).

 

1. DEFINITIONS

1.1. Data controller – UAB “Kilo grupė” (hereinafter referred to as the Company), legal entity code 303157579, registered office address Antakalnio g. 17, Vilnius.
1.2. The data subject is any natural person whose data are processed by the Company. The data controller collects only those data subject which are necessary for the operation of the Company and (or) visiting, using, while browsing the Company’s website (hereinafter the Website). The Company ensures that the collected and processed personal data will be safe and will only be used for a specific purpose.
1.3. Personal data means any information that directly or indirectly relates to a data subject whose identity is known or who can be directly or indirectly identified using the relevant data. Personal data processing means any activities performed on personal data (including collection, editing, recording, storage, modification, access, sending up queries, transfers, archiving, etc.).
1.4. Consent – any voluntary and deliberate confirmation by which the data subject agrees that his personal data are processed for a specific purpose.

 

2. PERSONAL DATA SOURCES

2.1. Personal data are provided by the data subject himself. The data subject contact the Company, uses the services provided by the Company, buys services and/or goods, asks questions, contact the Company for the purpose of providing information, etc.
2.2. Personal data are obtained when the data subject visits the Company’s website. For some reason, the data subject leaves his contact details etc.
2.3. Personal data are obtained from other sources. Data are obtained from other institutions or companies, publicly accessible registers, etc.

 

3. PERSONAL DATA PROCESSING

3.1. When submitting the personal data to the Company, the data subject agrees that the Company uses the collected data in fulfilling its obligations to the data subject in providing the services the data subject expects.
3.2. The personal data are managed by the Company for the following purposes:

3.2.1. Company activity and continuity. For this purpose, the following data are processed:

  • To make and to prosecute a contract the Company could manage this personal data of supplier (individual):
  • Full name (s);
  • Personal code or date of birth (age);
  • Residential address;
  • Contact details (phone number, email address);
  • Workplace and duties;
  • Bank account number and name of the bank;
  • Monetary operations and dates of transactions, amounts, currencies.
  • Other data that was received from individual or data that was received by following law (for example, data that is at business certificate (the type of activity, group, code, name, period of activity, date of issue, amount), number of individual activity certificate, information whether or not individual is VAT payer and other data that is necessary to perform the contract.

3.2.2. Administration of the curriculum vitae (CV) database for job candidates. For this purpose, the following data are processed:

  • Full name (s);
  • Date of birth (age);
  • Residential address;
  • Contact details (phone number, email address);
  • Information about the candidate’s education (educational institution, period of studies, education and/or qualification acquired);
  • Information about upgrading of qualification (training, certificates);
  • Information on the candidate’s work experience (workplace, period of employment, duties, responsibilities and/or achievements);
  • Information on language skills, information technology, driving skills, other competences, other information provided in the CV, cover letter or other candidate’s documents;
  • Employer references, feedback: persons recommending or providing feedback for the candidate, their contact details, contents of references or feedback.

3.2.3. Direct marketing. For this purpose, the following data are processed:

  • Full name (s);
  • Contact details (phone number, email address).

3.2.4. For other purposes, in which the Company has the right to process personal data of the data subject when the data subject has expressed his consent, when the data is to be processed for the legitimate interests of the Company, or when the data are processed by the Company according to the requirements of the relevant legislation.

 

4. COOKIES

4.1. Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device. Cookies allow a site to know if your computer or device has visited that site before. Cookies can then be used to help understand how the site is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience. Cookies can also help ensure that marketing you see online is more relevant to you and your interests.
4.2. We use cookies in a range of ways to improve your experience on our site.
4.3. We could use these types of cookies, which we describe as:
4.3.1. Essential – cookies that are essential to provide you with services you have requested. If you set your browser to block these cookies, then some basic functions and services will not work for you. In particular, we won’t be able to save your preferences about cookies.
4.3.2. Performance – cookies which measure how often you visit our sites and how you use them. We use this information to get a better sense of how users engage with our content and to improve our site, so that users have a better experience.
4.3.3. Functionality – cookies that are used to recognize you and remember your preferences or settings when you return to our site, so that we can provide you with a more personalized experience.
4.3.4. Advertising – cookies that are used to collect information about your visit to our site, the content you have viewed, the links you have followed and information about your browser, device and your IP address.
4.4. Data which are collected by cookies could be used only by Company’s employees who are responsible for analyzing this data and improving our website.
4.5. Technical information which are collected by cookies could also be available to Company partners who are responsible for our website’s content management tools.
4.6. Our website uses Google Analytics, a web analysis service of Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, google.com (“Google Analytics” or “Google”). Google Analytics employs cookies that are stored to your computer in order to facilitate an analysis of your use of the site. The information generated by these cookies, such as time, place and frequency of your visits to our site, including your IP address, is transmitted to Google’s location in the US and stored there.
4.7. In using Google Analytics our website employs the extension “anonymizeIp”. In doing so, Google abbreviates and thereby anonymizes your IP address before transferring it from EU/EEA member states. Google uses this information to analyze your use of our site, to compile reports for us on internet activity and to provide other services relating to our website.
4.8. Google may also transfer this information to third parties where required to do so by law or where such third parties process this data on Google’s behalf. Google states that it will in never associate your IP address with other data held by Google. You can prevent cookies from being installed by adjusting the settings on your browser software accordingly as noted elsewhere in this Privacy Policy. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website.
4.9. Google Analytics also offers a deactivation add-on for most current browsers that provides you with more control over what data Google can collect on websites you access. The add-on tells the JavaScript (ga.js) used by Google Analytics not to transmit any information about website visits to Google Analytics. However, the browser deactivation add-on offered by Google Analytics does not prevent information from being transmitted to us or to other web analysis services we may engage.
4.10. Google Analytics also uses electronic images known as web beacons (sometimes called single pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used.
4.11. You can find additional information on how to install the browser add-on referenced above at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
4.12. For the cases in which personal data is transferred to the US, Google has self-certified pursuant to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
4.13. The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.
4.14. For more information about cookies, please visit AllAboutCookies.org.
4.15. Guidance on how to control cookies for common browsers is linked below:

 

5. SOCIAL MEDIA

5.1. We have a Facebook The provider of this platform is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified in accordance with the EU-US Privacy Shield. We have entered into an agreement with Facebook regarding joint responsibility for the processing of data (a Controller Addendum). This agreement determines which data processing activities we are responsible for when you visit our Facebook fanpage and which are the responsibility of Facebook. You can view this agreement by following this link:

 

6. FORMS OF DISCLOSURE OF PERSONAL DATA

6.1. The Company undertakes to comply with the confidentiality obligation with respect to data subjects. Personal data may only be disclosed to third parties if it is necessary for the conclusion and drawing up of the contract for the benefit of the data subject or for other legitimate reasons.
6.2. The Company may submit personal data to its data processors, which provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the instructions of the Company and only to the extent necessary for the proper fulfilment of obligations laid down in the Contract. The Company shall use such processors that provide reasonable assurance that appropriate technical and organizational measures will be implemented in such a way that the processing of data complies with the requirements of the Regulation and will ensure the proper protection of the data subject’s rights.
6.3. The Company may also provide personal data in response to requests from courts or public authorities to the extent necessary to properly enforce existing legislation and instructions from public authorities.
6.4. The Company guarantees that personal data will not be sold or leased to third parties.

 

7. PERSONAL DATA STORAGE TERM

7.1. The personal data collected by the Company are stored in printed documents and/or in the Company’s information systems. Personal data is processed for no longer than necessary for the purpose of data processing or for no longer than required by data subjects and/or provided by law.
7.2. Although the data subject may terminate the contract and refuse from the Company’s services, the Company continues to be obliged to keep the date of the data subject for possible future claims or legal claims until the expiration of the data storage periods.

 

8. RIGHTS OF DATA SUBJECT

8.1. The right to receive information on the processing of data.
8.2. Right to access the data processed.
8.3. The right to request the correction of data.
8.4. The rights to request to delete the data (“The right to be forgotten”). This right does not apply if the personal data requested to be deleted are also processed on other legal grounds, such as the processing necessary for the performance of the contract, or when the obligations according to the applicable law.
8.5. Right to restrict the data processing.
8.6. The right to disagree with data processing.
8.7. Right to data portability. The right to data portability may not adversely affect other rights and freedoms. The data subject has no rights to the portability of data in relation to personal data processed in a non-automatic weigh in systematised files, such as paper files.
8.8. The right to require that only automated data processing, including profiling, is applied.
8.9. The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
9. The Company must ensure the disability for the data subject to exercise the rights of the data subject specified in the Rules, except in cases established by law, when it is necessary to guarantee state security or defence, public order, prevention, investigation, detection or prosecution of criminal offenses, important economic or financial interests of the state, prevention, investigation and detection of breaches of professional ethics, protection of the rights and freedoms of the data subject or other persons.

 

10. PROCEDURE FOR IMPLEMENTING THE DATA SUBJECT’S RIGHTS

10.1. The data subject, in connection with the implementation of his rights, may apply to the Company:
10.1.1. When submitting a written request in person, by post, via a representative or by electronic means – by e-mail: [email protected] The application must be legible, signed by the data subject, using the free application form and format or the recommended application form prepared by the Company:
10.1.2. orally – by phone +370 612 76615;
10.1.3. in writing – at the address Antakalnio g. 17, Vilnius.
10.2. In order to protect the data against unauthorized disclosure, the Company must verify the identity of the data subject upon receipt of the data subject’s request for data or implementation of other rights.
10.3. The Company’s answer to the data subject must be given not later than within one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

 

11. DATA SUBJECT’S RESPONSIBILITY

11.1. The data subject must:
11.1.1. Inform the Company about changes in the submitted information and data. It is important for the Company to have valid and effective information of the data subject;
11.1.2. to provide the necessary information so that at the request of the data subject the Company can identify the data subject and a certain that it communicates or co-operates with the specific data subject (to provide a personal identity document, or in accordance with the procedure laid down by legal acts or by electronic means of communication that allows the data subject to be properly identified). It is necessary for the protection of data of the data subject and other persons so that the disclosure of the data subject’s information is restricted to the data subject, without prejudice to the rights of others.

 

12. FINAL PROVISIONS

12.1. By transferring personal data to the Company, the data subject agrees with this Privacy Policy, understands its provisions and agrees to comply with it.
12.2. In developing and improving the Company’s activities, the Company has the right at any time to unilaterally make changes to this Privacy Policy. The Company has the right to unilaterally, partially or completely change the Privacy Policy by notifying there on the website kilo.health.
12.3. The additions or changes to the Privacy Policy come into force from the day they are published, i.e., from the date they are placed on the website kilo.health.