UAB „Energy cells“ PRIVACY NOTICE
Last updated in 2024. August 27
1. What is contained in this Privacy Notice and for whom is it intended?
UAB „Energy cells“ (hereinafter – the Company or us) processes (collects, stores, etc.) Your personal data. When processing this information, the Company is guided by the General Data Protection Regulation of the European Union (hereinafter – GDPR) and other legal acts regulating the protection of personal data.
In this Privacy Notice (hereinafter – Privacy Notice), we provide You with basic information about the Company’s processing of your personal data – where we obtain your personal data and to whom we may provide it, for what purposes and on what grounds we process your personal data, what rights You have, how You can exercise those rights, and other relevant information. Please read this important information carefully and from time to time visit our website at PRIVACY NOTICE and read the latest version of the Privacy notice posted there.
In order to find out when the Privacy Notice was last updated, You can check the “Last updated” date.
2. Who is responsible for the protection of Your personal data?
UAB „Energy cells“, legal entity code: 305689545, registered office: Ozo str. 12A-1, e-mail. [email protected], phone: +370 659 00748.
3. Why and what Your personal data do we process?
No. | Why do we collect information about You? | What information do we collect about You? | Why do we have the right to collect the information You provided? | How long do we use or store information about You? |
3.1. | We carry out a verification of the reliability of candidates seeking to perform their duties | Name, surname, position applied for, date of submission and/or revocation of consent for security clearance, signature, personal data referred to in Article 16 of the Law on Prevention of Corruption of the Republic of Lithuania and/or Article 17 of the Law on the Protection of Objects of Importance to Ensuring National Security of the Republic of Lithuania (the scope of the personal data shall depend on the information provided by the relevant authorities to the Company). For this purpose, special categories of personal data may also be processed if they have been provided to us by the authorities carrying out the screening of the candidate (the State Security Department of the Republic of Lithuania, Special Investigation Service of the Republic of Lithuania, the Ministry of the Interior of the Republic of Lithuania). | We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR). We have Your consent (Article 6(1) clause a of the GDPR) | a. When the selection process provides information leading to a decision not to appoint a person to a position, the personal data will be kept for 3 months after the end of the selection process. b. When a candidate’s verification provides information that leads to an employment decision, the candidate’s personal data (obtained prior to the conclusion of the employment contract) is stored for the duration of the employment contract and for 1 year after the termination of the employment relationship. |
3.2. | We organize and conduct public procurement | Name, surname, personal code or date of birth, address, telephone number, position, other personal data may be required depending on the object of the contract and the qualification requirements (criminal record check, tax obligations related to the object of the contract, qualification requirements as specified in the contract documents), name, surname, personal code or date of birth, address, telephone number, position, bank account number, copy of the certificate of sole proprietorship, copy of the business certificate. The successful supplier may be asked for: curriculum vitae, copies of diplomas, certificates obtained, the number of contracts completed, criminal record, payment records with the State Tax Inspectorate, SoDra etc. | We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR). | a. During the period of validity of the contract and 5 years after the expiry of the contract. b. When the contract was not concluded, 5 years after the end of the procurement. |
3.3. | We draw up and execute contracts with You, and comply with related tax obligations | Name, surname, personal code or date of birth, telephone number, e-mail address, bank account number, signature, basis of representation (power of attorney, statutes, etc.), number of the power of attorney, term, duties, billing information, settlement period, other information relevant to the conclusion and performance of the contract, depending on the nature of the contract. | We conclude a contract with You and fulfil our contractual obligations (Article 6(1) clause b of GDPR) | During the period of validity of the contract and 5 years after the expiry of the contract. |
3.4. | We carry out internal and external communications to publicize the Company’s activities | In the case of media representatives, name, surname, position, telephone number and e-mail address. In the case of instructors, other invitees, name, surname and position. | We have a legitimate interest in processing Your personal data (to publicise the Company’s activities by informing You about ongoing news) (Article 6(1) clause f of GDPR) | a. Media representatives (e.g. journalists in charge) – protected for as long as they are actually working for the media outlet or the department. b. 5 years after the end of the contract. |
3.5. | We administer the internal reporting channel (Trust line) and carry out internal investigations on the basis of the information received | In case the information is not provided anonymously, the data collected will be the data provided by the person himself or herself – name, surname, telephone number, personal code, e-mail address, the circumstances of the notification, the date of the notification, the decision to inform about the actions taken and the decisions taken. | We have a legitimate interest in the processing of Your personal data (to prevent fraud, corruption, other criminal acts, violations of law, other violations – to prevent acts being committed, to take measures to prevent acts being committed in the future, etc.)(Article 6(1) clause f of GDPR). We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR). | If an infringement has been found after examination of the information received – 5 years after the end of the investigation. If the examination of the information received did not lead to the finding of an infringement – 3 years after the end of the investigation carried out. |
3.6. | We deal with complaints, suggestions or requests submitted by You | Name, surname, e-mail address, telephone number, signature, date of application, application number (registration number) and the information contained therein, the outcome of the proceedings, if the person making the application, complaint or proposal has been communicated with by e-mail, the personal data recorded in that communication. | We have a legitimate interest in processing your personal data (to deal with your applications, requests or complaints) (Article 6(1) clause f of GDPR) | 1 year from the date of receipt of the application, complaint or offer. |
3.7. | We carry out security clearance checks on the Company’s contractors and sub-contractors who, by virtue of their assigned functions, are granted unescorted access to national security facilities and assets under the Company’s control. | Name, surname, personal identification number/date of birth, position, date of signature, signature of contractors’/subcontractors’ employees; Personal data referred to in Article 17 of the Law on Protection of Objects Important for National Security of the Republic of Lithuania (the scope depends on the information provided to the Company by the relevant authorities). For this purpose, special categories of personal data may also be processed if they have been provided to us by the authorities carrying out the background check (the State Security Department of the Republic of Lithuania, the Special Investigation Service of the Republic of Lithuania, the Ministry of Interior of the Republic of Lithuania). | We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR). We have Your consent (Article 6(1) clause a of the GDPR) | a. In the case of the provision of final services/works, the Personal Data is retained for 1 month after the end of the contract; b. In the case of continuing services/works, the data shall be kept for 10 years after the end of the contract. c. Where a contractor’s or sub-contractor’s employee has been vetted and, on the basis of the information obtained, is denied access to facilities and assets of national security significance under the Company’s control, personal data shall be retained for a period of 3 months following the completion of vetting |
3.8. | We aim to ensure the protection of the Company’s facilities and the people who visit them | In the case of access control, name, surname, date and time of entry and exit, details of movement within the facility; In the case of video surveillance, video data of persons within the surveillance area of CCTV cameras; For visitors on excursions to the Company’s facilities – name, surname, signature, place of work. | We have a legitimate interest in processing your personal data (security of property and persons) (Article 6(1) clause f of GDPR) We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR). | a. The retention period for image data and visitor (tour participant) data is 30 days. b. access control records are kept for 6 months |
3.9. | We implement economic or financial sanctions, embargoes or other restrictive measures imposed or administered by the EU or other relevant institutions. Managing risks associated with business partners | Name, surname, date of birth, nationality, place of residence, address of registration, country of residence, percentage of shares held, information on links with politically exposed persons, information on investigations carried out in relation to corruption, competition, anti-money laundering, terrorist financing, occupational health and safety violations, information on business partners, clients. Personal data of shareholders of the partner of activity, beneficiaries (name, surname, date of birth, nationality, place of residence) Name, surname, position, e-mail address of the representative of the business partner. Other information provided in the questionnaire by the business partner, his representative. | We are obliged to collect information in accordance with the law (Article 6(1) clause c of the GDPR) We have a legitimate interest (to ensure the compliance of our business partners with the requirements of the Group’s Supplier Code of Conduct and the management of potential financial and reputational risks) (Article 6(1) clause f of the GDPR) | 5 years after the end of the contractual relationship. |
The privacy policy of the candidates to the employees of UAB „Energy cells“ can be found here.
4. Where do we receive Your personal data from?
You provide us with most of the information Yourself, but we may also receive certain personal data from:
the legal entities for which you work (e.g. companies within the UAB “EPSO-G” group of companies) or which You represent (e.g. suppliers with whom we enter into contracts).
When we receive personal data from You, we would ask You to provide only the information necessary to achieve the purposes set out in point 3. Other information, such as political views, nationality, religion, etc., would be requested not to be provided.
5. What personal data do You need to provide to us and why?
Please review the answer to point 3 above – You must provide the information about You that is necessary in order to:
- enter into contracts with You and fulfil our contractual obligations;
- enter into contracts with the persons You represent and fulfil our contractual obligations;
If you do not provide the above information, we will not be able to conclude contracts with You and/or the persons You represent and fulfil contractual obligations.
6. Who can we disclose Your personal data to?
We may transfer information related to You to our partners, service providers, as well as to the following entities only if it is necessary for the purpose set out in point 3 and permitted by applicable law:
- banks carrying out settlement operations (data shall be transmitted for the purpose specified in point 3.4);
- courts, supervisory, law enforcement and other public authorities (data may be transferred for all the purposes set out in point 3);
- lawyers, notaries, bailiffs, auditors, consultants, companies providing data center, hosting, cloud, website administration and related services, companies designing, maintaining and developing software, companies providing information technology infrastructure services, companies providing communication services, insurance companies, companies providing archiving services and other services to the Company (the data may be transferred for all of the purposes set out in point 3 above)
We note that when the Company transfers personal data to other third parties as outsourced data processors, it shall make sure, before using them, that they have appropriate technical and organisational measures in place to ensure the secure processing of personal data and an adequate level of data protection in accordance with the applicable European Union legislation.
7. Will Your personal data be transferred outside the European Economic Area?
In most cases, personal data is processed and transferred within the territory of the European Union and the European Economic Area (hereinafter – EEA[1]).
If necessary for the provision of certain services, the data may be transferred and processed outside these territories, provided that an adequate level of personal data protection is observed. Where permitted by law and necessary for the reasons set out in section 6 of this Privacy Notice, we disclose information about You:
- on the basis of an adequacy decision of the European Commission, which means that the European Commission has recognized the country in which the third party is established and/or carries out its activities as having an adequate level of protection of personal data;
- we have signed a contract with a third party based on standard contractual clauses approved by the European Commission;
- we have obtained permission from the State Data Protection Inspectorate;
- making use, where possible, of other available safeguards and derogations for the protection of personal data.
[1]The EEA or European Economic Area shall be composed of the Member States of the European Union and Iceland, Norway and Liechtenstein.
8. How is Your personal data processed?
In order to ensure that information about You is protected from unauthorized access, disclosure, accidental loss, alteration or destruction or other unlawful processing, we have implemented and apply appropriate level of technical and organizational security measures for Your personal data.
9. What rights do You have?
The GDPR and other laws give You rights, provide for when You can exercise them, the procedures You must follow, and the exceptions in which cases You cannot exercise the rights granted. When permitted by law, You can:
- access Your personal data, i.e. to receive a notification confirming whether the Company processes Your personal data and, if processed, to request access to the data processed and related information;
- submit a request to us to correct inaccurate, incorrect personal data or to supplement it when it is not complete;
- submit to us a request to delete Your personal data, which we have if this can be justified by one of the reasons provided for in Article 17(1) of the GDPR;
- submit a request to us to restrict the processing of Your personal data, where one of the cases provided for in Article 18(1) of the GDPR applies.
- object to the use of data when we process Your data for the legitimate interests of the Company and (or) third parties;
- submit to us a request for the transfer (receipt) of data that You have provided to us under the contract or with Your consent to the processing of data and which we process by automated means in a commonly used electronic form;
- object to a fully automated decision, including profiling, if such decision-making may have legal consequences or similar significant effects on You;
- revoke the consent given to us to process Your personal data when we use the data on the basis of Your consent;
- lodge a complaint with a supervisory authority, in particular in the Member State where You have Your habitual residence or the place where the alleged infringement of the GDPR has occurred and to seek judicial remedies. In the Republic of Lithuania, the supervisory authority is the State Data Protection Inspectorate (L. Sapiegos str. 17, Vilnius; e-mail: [email protected]), but first we recommend You to contact us and we will try to solve all Your requests together with You.
10. How can You exercise Your rights?
In order to exercise Your rights referred to in point 9 of this Privacy Notice, You must:
- personally present a request to exercise the rights of the data subject (hereinafter – Request) to the Company’s headquarters at Ozo str. 12A-1, Vilnius together with the Request, a document confirming personal identity must be submitted);
- send a Request to the Company or the Personal Data Protection Expert by e-mail [email protected]
- submit to the Company or the personal data protection expert by post, at Ozo str. 12A-1, Vilnius (the Request must be accompanied by a copy of the identity document, certified by a notary or other procedure established by legal acts).
When submitting an application through a representative, the application must be accompanied by a document confirming the representation or a copy thereof certified in accordance with the procedure laid down by legal acts.
11. How will we inform You of changes to the Privacy Notice?
We may update or change this Privacy Notice at any time. Such updated or amended Privacy Notice will be effective from the date of its posting on our Website.
When we update the Privacy Notice, we will inform You of what we consider to be material changes by posting them on the Website. You can look at the “Updated” date at the bottom to see when the Privacy Notice was last updated.
12. Does Your website leave cookies on my computer or device?
Yes, we use cookies as shown in the table below. Cookies are small text files stored in Your device (e.g. computer, mobile phone, tablet) browser when You browse websites. Other technologies, including data we store on Your browser or device, identifiers associated with Your device and other software, may be used for similar purposes. Cookies are used extensively to make websites work or work better and more efficiently. The Cookie Policy can be found here.
13. How to contact the Company or Personal Data Protection Expert?
If You have any questions, comments or complaints about how we collect, use and store information about You, or if You wish to exercise Your rights as a data subject, You can contact:
13.1. Company, address: Ozo str. 12A-1, Vilnius, phone. +370 659 00748, e-mail: [email protected];