I. GENERAL PROVISIONS
- UAB Baltic Asset Management ensures that personal data is processed in a lawful, fair and transparent manner, that it is collected for specified and explicit purposes and that it is not processed in a manner inconsistent with those purposes.
- “Personal data” shall refer to any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is a person who can be identified, directly or indirectly, primarily by reference to an identifier such as a name, a personal identification number, location data and an online identifier, or by reference to one or more attributes specific to that natural person’s physical, physiological, genetic, mental, economic, cultural or social identity;
- “Data Controller” shall refer to UAB Baltic Asset Management, reg. No 304602224, registered office address: Upės g. 21, Vilnius;
- “Data Subject” shall refer to any customer of the Company, who may be any natural person whose personal data is processed by the Data Controller;
- “Data processing” shall refer to any operation or sequence of operations which is performed by automated or non-automated means on personal data or sets thereof, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transfer, dissemination or any other means of communication, collation or combination with other data, restriction, erasure or destruction.
- Please be advised that the Data Controller:
- Processes personal data in a lawful, fair and transparent manner with respect to the Data Subject (principle of lawfulness, fairness and transparency);
- Collects personal data for specified, explicit and legitimate purposes and does not process personal data in a manner inconsistent with those purposes (principle of purpose limitation);
- Only collects personal data that is adequate, relevant and only as necessary for the purposes of processing (principle of data minimisation);
- Only processes accurate personal data and updates it as necessary; takes all reasonable steps to ensure that personal data which is inaccurate in relation to the purposes for which it is processed is either erased or rectified without undue delay (principle of accuracy);
- Stores personal data in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data is processed (principle of storage limitation);
- Processes personal data in such a way as to ensure, through appropriate technical or organisational measures, the adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss or destruction (principles of integrity and confidentiality);
- The Data Controller is responsible for ensuring compliance with the above principles and must be able to demonstrate such compliance (principle of accountability).
- The use of third-party services, such as the use of the Data Controller’s profiles on social media, may be subject to the terms and conditions of those third parties. Therefore, when using such third-party services, it is advisable to also read the terms and conditions thereof.
II. PERSONAL DATA, PURPOSES OF PROCESSING, LEGAL GROUNDS AND STORAGE
|full name, personal identification number or date of birth, telephone number, email address, residential address, bank account number (for payment for services), data on the real estate purchased/sold/owned by the Data Subject (extract on the property from the Real Estate and Cadastral Register of the State Enterprise Registrų centras), IP address, email and social media correspondence (excl. public records).
For the purpose of providing and performing the Company’s services, purchasing and participating in the Company’s activities, for invoicing purposes, for data analysis purposes, and for the purpose of creating and improving the content of the website, describing products and services, and including the proper functioning of the website.
Your consent, the conclusion and performance of the Contract between the Company and you, the conclusion of the Contract with the Data Provider, our legal obligations under applicable law, including compliance with accounting and tax requirements, and our legitimate interests and the legitimate interests of third parties in the timely receipt of payments and arrears.
|full name, telephone number, and email address.
For direct marketing purposes
|comment, full name, telephone number, and email address.
For the purposes of administering customer enquiries and providing high-quality services
Your consent, the conclusion and performance of the Contract between the Company and you
|Information on the final beneficiary and policy participants
||We process this personal data in order to carry out the AML/CFT, CDD/KYC and Sanctions Enforcement Verification procedures
||Our legal obligations under applicable law, including AML/CFT and Sanctions Enforcement legislation; our legitimate interests and those of third parties (to protect our interest)
- Storage of personal data:
- Personal data in connection with the Company’s core business, i.e. the purchase and sale of real estate, project management and development, shall be stored for a period of 10 (ten) years. This period is provided in view of the potential inspections initiated by various public authorities (State Tax Inspectorate, SoDra, etc.), which may be initiated 5 (five) years following the conclusion of any given contractual relationship (e.g. a contract), and which may include a requirement for data relating to the preceding 5 (five) years;
- Personal data obtained for the purpose of direct marketing (i.e. offering Data Subjects to buy/sell/otherwise dispose of real estate of their interest, in part or in full, or to contribute to real estate projects under development) shall be stored for a period of five (5) years from the date of obtaining such data;
- Personal data obtained for the purpose of administering enquiries shall be stored for a period of 1 (one) year from the date of obtaining such data;
- Personal data obtained for the purpose of invoicing shall be stored in accordance with the legal requirements applicable to accounting.
- The Data Subject may at any time submit a request to withdraw consent to the processing of their personal data by sending an email to firstname.lastname@example.org or by visiting the Company’s office at Upės g. 21 in Vilnius.
- The Data Controller collects personal data from the following sources:
- directly from the Data Subject;
- from publicly available sources, i.e. the Company collects publicly available data of business partners and/or their representatives from publicly available information systems (social media, public databases, etc.) in connection with the preparation of relevant tenders, project development, etc.;
- from the Company’s database, which includes all real estate brokers operating in Lithuania. Their data is publicly available and accessible. Each time the Company sends a relevant enquiry to a broker, the email gives the broker the opportunity to opt out of any relevant offers of future cooperation.
- Recipients of your personal data. The Data Controller undertakes not to disclose any personal data processed by it to third parties, except in the following cases:
- if the Data Subject has given consent to such disclosure of their personal data;
- when the data is provided to Data Processors for accounting, online system support, payment and other services. These Data Processors are third parties whose services we use to ensure the functionality of our services and our website. Personal data will only be transferred to these third-party service providers to the extent that is necessary to ensure that the third party is able to provide their services. We have ensured that all service providers, the third parties to whom we transfer your personal data, comply with our processing instructions with respect to your personal data. The transfer of your personal data is governed by the data processing agreement or processing terms and conditions that we have agreed with the third-party service providers;
- Personal data may be disclosed to companies affiliated with the Data Controller, as well as to companies that provide services at the request of the Data Controller, e.g. banks/companies that assist with payment transactions. These companies are limited in their ability to use your information; they cannot use this information for purposes other than to provide a service to the Data Controller;
- Personal data may be disclosed to other parties where required to do so by law or as necessary to protect the provision of information society services;
- Personal data may be transferred in the course of legal proceedings as well as in the context of any leasing services we may offer to our clients for the purpose of debt recovery;
- Personal data may be transferred to UAB Baltic Asset Management group companies, partners and institutions where such obligation is imposed on us by laws and regulations, or for the purposes of providing certain services related to the Company and the group of companies;
- Personal data may be disclosed for other relevant purposes in the performance of the Company’s statutory obligations.
Where we use social media, filtering and targeted marketing tools related to visits to social media pages to obtain statistical data, the providers of social media services (for example, Facebook, LinkedIn, Instagram) together with the Company shall be the joint Data Controllers of the personal data processed in relation to you.
Cases where the Data Controller may disclose personal data of the Data Subject to other parties:
- to comply with the law or in response to a mandatory court order;
- to prove the legality of its actions;
- to protect the Data Controller, its rights and property, or to ensure its security;
- to any related third party in the event of a merger, transfer or bankruptcy;
- in other cases, with the consent of the Data Subject or upon a legitimate request.
The Data Controller shall not collect any sensitive information about the Data Subject.
The Data Controller shall not perform automated decision-making or profiling based on the information about the Data Subject.
The Data Controller shall not share the personal data of the Data Subject with any entities outside the European Economic Area.
The Data Controller may share personal data with UAB Baltic Asset Management group companies and companies related to UAB Baltic Asset Management.
Cookies are files that store information on a Visitor’s computer hard drive or the search engine. Cookies can be used to identify visits to the Data Controller’s Website, to monitor the history of visits and to tailor the Website’s content accordingly.
Cookies are also used to ensure the most user-friendly browsing experience and the seamless functioning of the Website, to monitor the duration and frequency of visits and to collect statistical information about the number of visitors to the Website. They also help us to improve the functioning of the Website and to implement other improvements and tailor the Website to the best needs of its Visitors.
- The websites and social media accounts managed by the Data Controller allow the Data Subject to provide information directly to the Data Controller (for example, by subscribing to the newsletter on the website). The following information is obtained directly from the Data Subject:
The following information is obtained indirectly:
- information on the way the Data Controller’s websites are used, such as the following details:
- device information, i.e. IP address, operating system version and settings of the device used by the Data Subject to access the content/products on the Website;
- login information, i.e. the time and duration of the Data Subject’s session, the terms of queries made by the Data Subject on the Data Controller’s websites and any information stored in cookies stored on the Data Subject’s device;
- location information, i.e. the GPS data of the device or information about the nearest Wi-Fi access points and cell towers, which may be communicated to the Data Controller by the Data Subject when accessing the content of the Data Controller’s websites;
- information from third-party sources.
The Data Controller may obtain information about the Data Subject from public and commercial sources (to the extent permitted by applicable law) and link it with other information received from, or about, the Data Subject.
The Data Controller may also obtain information about the Data Subject from third-party social media services when the Data Subject has accessed them, for example, through their accounts on Facebook.
The Data Controller may collect information about the Data Subject, their device or their use of the websites’ content, but only with the Data Subject’s consent.
The Data Subject may choose not to provide the Data Controller with certain information (e.g. information required for subscriptions or marketing). In such a case, the Data Controller will not be able to provide the Data Subject with the most recent offers or to contact the Data Subject promptly when the most appropriate offer is available to the Data Subject.
- The processing of personal data by means of cookies does not enable direct or indirect identification of any Visitors to the Website.
- Any Visitor to the Website may delete cookies from their computer or block them in their web browser. However, some of the functionality of the Website may not be available or may not function correctly.
||DESCRIPTION, INTENDED PURPOSE
||A system cookie that detects and collects information about a visitor’s consent in their privacy settings.
||Until the website window is closed
||To save language settings
||DESCRIPTION, INTENDED PURPOSE
||Google reCAPTCHA saves the required cookie (_GRECAPTCHA) whenever it is triggered in order to provide a risk analysis.
||This cookie is used by Google Analytics to maintain the session status.
||To identify the goals of the visitors to the website, to report to the website operators on the performance of the website and to improve the visitors’ experience of browsing the website.
IV. RIGHTS OF DATA SUBJECTS
- The Data Controller shall guarantee the exercise of the Data Subject’s rights below and the provision of any relevant information at the request or inquiry of the Data Subject:
- to know (be informed) about the processing of their personal data;
- to have access to their personal data and to know how it is processed;
- to request the rectification or destruction of their personal data, or the suspension, other than storage, of the processing of their personal data;
- to object to the processing of their personal data, including in the context of direct marketing;
- to request the erasure of their personal data (“the right to be forgotten”);
- to seek the portability of their personal data, i.e. to access their personal data in a standard and computer-readable format;
- to lodge a complaint with the State Data Protection Inspectorate.
The Data Controller may prevent Data Subjects from exercising the above rights where, in cases provided for by law, it is necessary for the prevention, investigation and detection of crimes and breaches of official or professional ethics, as well as for the protection of the rights and freedoms of the Data Subject and other individuals.
- The Data Subject may submit a request form for the exercise of their rights referred to above to the Company’s office at Upės g. 21 in Vilnius, or by sending such a request by email to email@example.com.
- The Data Controller’s website(s) or social media accounts may contain links to third-party websites and services which are not controlled by the Data Controller. The Data Controller is not responsible for the security and privacy of information collected by third parties. It is the Data Subject’s responsibility to be cautious and to read the privacy statements governing the use of third-party websites and services as accessed by the Data Subject.
- If the Data Subject is not satisfied with the Data Controller’s response or considers that the Data Controller is not processing their personal data in accordance with the legal requirements, the Data Subject shall have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.
V. FINAL PROVISIONS
- The Data Controller shall not be liable for any damage, including damage caused by interruptions to the use of the Website, for any loss or corruption of data caused by the Data Subject themselves or by the acts or omissions of third parties operating with the Data Subject’s knowledge, including any incorrect data input, other types of errors, intentional tampering, or any other misuse of the Website. The Website provider shall also not be liable for any interruptions in access to and/or use of the Website and/or any damage caused by such interruptions due to the acts or omissions of third parties not related to the Data Controller or the Data Subject, including power outages, internet access failures, etc.