PRIVACY POLICY
1. What is meant by this Privacy Policy?
In this Privacy Policy (hereinafter referred to as the ‘Privacy Policy’), we provide you with information on how Audifina UAB (hereinafter referred to as the ‘Company’, ‘we’, or ‘us’) processes your personal data for the purposes set out in the Privacy Policy, as well as information on your rights and their implementation. Because of the nature of its activities, the Company also acts as a data processor in certain cases. This Privacy Policy does not cover such cases, i.e. this Privacy Policy provides information on how the Company processes personal data in its capacity as a data controller. Hereinafter, any person whose personal data is processed by the Company is referred to as the Data Subject.
2. About the Company
The Company shall mean Audifina UAB, legal entity code 125921757, registered office at A. Juozapavičiaus g. 6, LT-09310 Vilnius, Lithuania, the data on the Company shall be collected and stored in the Register of Legal Entities of the Republic of Lithuania. Contact email for personal data protection matters is info@audifina.lt.
3. What is personal data?
Personal data is any information collected by the Company about a person that can be used to identify the person and is stored electronically or otherwise.
Personal data covers any information, including name, address, IP address, that the Company collects about individuals for the purposes set out in this Privacy Policy or in a separate consent or agreement with the Company.
This data also includes personal information in the public domain that the Company can access when you contact the Company via social media or through active actions on the Company’s social media accounts.
In processing personal data, the Company is guided by Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the ‘General Data Protection Regulation’ (the ‘GDPR’)), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, as well as by the other legal acts regulating personal data protection.
Below you can learn how we process your personal data: what personal data we process, the purpose of the processing, how long we retain it, and what are your rights. You can do this by clicking on your preferred option.
4. What rights do you have and how do you exercise them?
In this section, we provide information about your rights in relation to our processing of your personal data and when you can exercise these rights. If you would like further information about your rights or you want to exercise them, please contact us at the email address provided in this Privacy Policy.
The Company will provide you with information on the action taken following your request for the exercise of your rights without unreasonable delay, but at the latest within one (1) month of receipt of the request. Depending on the complexity of the request and the number of requests received, this deadline may be extended by a further 2 (two) months. In this case, we will inform you within 1 (one) month of receipt of the request of such extension and the reasons behind it. The Company will only refuse to enforce your rights in cases provided for by law.
4.1. The right to access your personal data
We want you to fully understand how we use your personal data so that you do not experience any inconvenience. Information on how we process your personal data is provided primarily in this Privacy Policy (right to be informed). You can contact us at any time to enquire whether we process any of your personal data. If we store or use your personal data in any way, you have the right to access it. To do so, please email us a request to the email address set out in this Privacy Policy, confirming your identity (if such confirmation is required in your specific case).
We expect you to respect the principles of fairness and good sense when making such requests.
4.2. The right to withdraw consent
If you have granted us explicit consent to process your data, you can withdraw it at any time. Withdrawal of the consent shall not affect the lawfulness of the data processing carried out prior to the withdrawal of the consent.
4.3. Additional rights
Below you will find information about additional rights that you may have, which you can exercise by following the procedures described therein.
(a) You have the right to ask us to correct any inaccuracies in the data we collect. In this case, we may ask you to confirm the corrected information.
(b) You have the right to ask us to delete your personal data. This right shall be enforced in the cases provided for in Article 17 of the General Data Protection Regulation (EU) 2016/679.
(c) You have the right to ask us to restrict or stop processing your personal data:
- during the period necessary to verify the accuracy of your personal data when you make a complaint regarding the accuracy of the data;
- when collection, storage or use of your personal data is unlawful, but you choose not to request deletion;
- when we no longer need your personal data, but you need it to establish, exercise or defend a legal claim;
- during the period necessary to determine whether we have any overriding legal basis to continue processing your personal data if you have exercised your right to object to the processing of your personal data.
(d) You have the right to the transfer of data processed by automatic measures and which we have received from you in a structured, commonly used and computer-readable format with your consent or for the purpose of concluding a contract. If you exercise this right, we will transfer a copy of your data to you or to a data controller of your choice upon your request.
(e) You have the right to object to our use of your personal data in accordance with Article 21 of the GDPR. You have the right to object when your personal data is processed on the basis of legitimate interest (for each of the data processing purposes set out in the Privacy Policy, it is indicated on which basis the data is processed) or for direct marketing purposes.
4.4. The right to request more information
We hope you will understand that it is very difficult to discuss all possible ways of collecting and using personal data. We endeavour to provide as clear and complete information as possible and we undertake to update this Privacy Policy as and when we change the way we use personal data. However, if you have any questions about our use of your personal data, we will be happy to answer them or provide you with any additional information we may disclose. If you have any specific questions or if you do not understand the information provided, please contact us.
5. Information on the processing of personal data for the purposes of the provision of services or the acquisition of goods or services from other persons
|
Purpose of processing |
Personal data |
Legal basis |
Storage term |
Other remarks |
| Drafting and implementing contracts with suppliers/customers who are natural persons (counterparty data) | Name, personal identification number, address, business license/individual business certificate number (for the service provider), bank account number of the service recipient or the natural person providing the service, and personal data as specified in the documents for the implementation of the contract. | Article 6(1)(b) of the GDPR (contract) | During the term of the contract | Data may be transferred to data processors |
| Drafting and implementing contracts with clients/suppliers that are legal entities (data of counterparties, related parties) | Name, title, basis of representation, email address, telephone number, content of correspondence | Article 6(1)(f) of the GDPR (legitimate interest) | During the term of the contract | Data may be transferred to data processors |
| Provision of auditing and other professional services (third party data) | Personal data contained in documents required for the provision of professional services, such as payroll data during audits, etc. | Article 6(1)(f) of the GDPR (legitimate interest for the proper provision of services, to ensure compliance with the legislation governing the provision of services), Article 6(1)(c) of the GDPR (the totality of the duties set out in the Law on Audit of the Financial Statements of the Republic of Lithuania and in other legal acts) | During the term of the contract | Data may be transferred to data processors |
| Estimation of the preliminary cost of the service (when using the questionnaires on the website) | Name, email address, telephone number, company represented and on whose behalf the request is made. | Article 6(1)(f) of the GDPR (legitimate interest) | 1 year after receipt of the request | Data is transferred to the data processor Google Ireland Limited* |
| Bookkeeping (for the Company itself, not for clients) | Name, details of services received/provided and goods sold, and other personal data provided in invoices and other accounting documents | Article 6(1)(c) of the GDPR (legal obligation) | The data shall be kept within the time limits laid down by the legislation governing the bookkeeping, and in accordance with the General Index of Document Retention Time Limits | Data may be transferred to data processors |
| Archiving | Personal data processed for the purpose of concluding and performing contracts, auditing and providing other professional services | Article 6(1)(c) of the GDPR, the legal obligation set out in points 6.1 and 10.37 of the General Index of Document Retention Time Limits, approved by Order No. V-100 of the Archivist of the Republic of Lithuania of 9 March 2011 | 10 years (after the expiry of the contract) | The data is transferred to the archiving service provider (data processor) |
| Defending your legal claims | Personal data processed for the purpose of concluding and performing contracts, auditing and providing other professional services | Article 6(1)(f) of the GDPR (legitimate interest – defence of legal claims) | 10 years | Data is transferred to courts, public dispute resolution bodies, parties to disputes, lawyers and other legal service providers |
*Google is headquartered in the third country for which the European Commission has not yet adopted a decision on eligibility, but the data of residents of the European Union are processed by the data controller Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). As Google Ireland Limited is our data processor, we recommend that you contact us at the contact details set out in section 2 of this Privacy Policy if you have any complaints or queries about completing the survey via Google Forms. If you would like to learn more about Google’s terms and conditions for processing your personal data, please read Google’s privacy notice.
6. Selection of candidates
We collect and process the following personal data: your workplace, email address, date of birth, address, education, last name, telephone number, first name, preferred job, date of receipt of your CV, information about your personal qualities, your work experience (last workplace, length of employment with the workplace, your last job title, other work experience), information on your knowledge of foreign languages (language, reading, writing, speaking levels), your ability to work with computer programmes, and any other information contained in your CV, letter of recommendation and/or cover letter, your preferred salary, for the purpose of the selection process, on the basis of your consent, which you express to the Company by sending your CV and/or cover letter. If you do not submit your CV and/or cover letter, we will not be able to assess your suitability for the position.
With your consent, we will contact your current employer, and your former employer on the basis of our legitimate interest (to select a suitable candidate) and on the basis of Article 5(2) of the Law on the Legal Protection of Personal Data of the Republic of Lithuania, for the purpose of verifying information about your qualifications, professional abilities and business qualities (such as your performance at work, your relations with your clients and/or colleagues, the evaluation of your work, etc.). We will also collect information from public professional social media profiles on the basis of our legitimate interest (selecting the right candidate). You may withdraw your consent or, if applicable, object to us contacting your former employer at any time by notifying us at the email address set out in Section 2 of the Policy.
In the event that you do not express your explicit consent to the processing of your personal data at the end of a specific job selection, we undertake to delete and/or destroy your personal data within 3 working days after the signing of the contract with the successful candidate or the adoption of the decision to terminate the selection process, unless there is a separate consent to the retention of the candidate’s personal data for a specified period. If you are not selected but have given your consent to the processing of your personal data for the purpose of offering you a job in the future, we will keep the data for 1 year from the end of the selection process on the basis of your consent.
On the basis of our legitimate interest, we will process data about the person (name, email, telephone number, information provided by the person) indicated by the candidate – a former or current employer or a person providing a recommendation, and the information provided by him/her – for the purpose of selecting a candidate. In this case, it is in our legitimate interest to select the right candidate for our position. We will delete this data within 3 days after the signature of the contract with the successful candidate or the decision to end the selection.
The Company also searches for candidates on LinkedIn and other job search sites/portals. For the purpose of searching for candidates on LinkedIn, job portals and other public sources, the Company processes the following personal data of potential candidates (persons meeting the search criteria): name, other information provided in the profile on LinkedIn or other search platform. The processing of personal data is based on the legitimate interest of the Company. Personal data is not stored individually and those selected are simply asked for their consent to participate in the Company’s selection process.
If you send us your data on your own initiative in order to be offered a traineeship at the Company, we will keep the data you provide for the purpose of offering you a traineeship for 6 months from the date of its receipt (unless the decision to offer you a traineeship is made earlier). Personal data will be processed on the basis of your consent. If we do not offer you a trainee position in our Company within 6 months, we will delete the personal data you have provided.
7. Direct marketing
We will send commercial offers, newsletters, information about our services, events, news about our activities and other promotional material by electronic means to persons aged 14 or older who have provided their contact details and have expressed an interest in receiving information about our services, activities, events etc. For the purpose of direct marketing, we will process the following personal data about you: email address, telephone number, information about the messages sent and the response to them. Your data will be processed for the purpose of direct marketing for a period of 3 years from the date of your consent. Direct marketing messages are sent (your contact details are processed) on the basis of consent, and information about the messages sent and the response to them is processed on the basis of our legitimate interest in assessing the effectiveness of marketing.
Unless you are our customer and have expressed an objection to receiving information about services we provide that are similar to those you have purchased, we will send direct marketing communications on the basis of our legitimate interest. In this case, we will process your personal data for the purpose of direct marketing for a period of 1 year after the end of the contractual relationship.
For the purpose of direct marketing, the personal data processed is transferred to the data processor supplying the newsletter programme, MailerLite Limited (a company established in Ireland), as well as to other data processors necessary for the purpose of direct marketing.
You have the right to object to or opt-out of receiving direct marketing communications at any time by contacting us at the email address set out in Section 2.
8. Protecting confidential information of the Company and business continuity
In order to ensure its legitimate interest in the protection of the Company’s confidential information, the continuity of the Company’s business, the protection of the Company’s information systems against hacking and data theft, viruses, malicious websites, malware, copyright infringement through technical and internet access and the protection of the computer network against heavy loads, the Company may review the correspondence of its employees with contractors and the information stored in the electronic equipment of the Company. For these purposes, the Company processes the following personal data of its employees and of persons who send or receive emails from its employees: the email address, the name of the sender or recipient, the date, and the content of the information contained on the electronic devices.
Data collected for the purpose of protection of confidential information and protection of the Company’s information systems against hacking and theft of data, viruses, dangerous web pages, malware, infringement of copyright through technical and internet access and computer network against heavy loads, shall be stored for the purpose of defence of legal claims for a period of 4 years, in accordance with the provision laid down in the Article 1.125(9) of the Civil Code of the Republic of Lithuania. In defending legal claims, data may be made available to recipients (data controllers) such as courts, law enforcement authorities, public authorities settling disputes, litigants, lawyers and other entities providing legal services.
9. Protection of legitimate interests
The Company shall, on the basis of its legitimate interest to defend its rights, including in the event of civil disputes, process names, personal identification numbers, circumstances of the case, other information related to the case, and publicly available information of the persons involved in the proceedings or of their employees. The data may be transferred to law enforcement authorities, lawyers or bailiffs carrying out debt recovery. The data shall be destroyed 1 year after the final settlement of the proceedings and the full settlement of the Company’s claims (if any).
10. Internal administration of the Company (exercising shareholders’ rights)
For the purpose of internal administration (following a shareholder’s request for the exercise of the right to information), the Company may transfer to the shareholder any personal data (which is recorded in the documents provided to the shareholder). The transfer is made in fulfilment of a legal obligation to which the Company is subject (Article 6(1)(c) of the GDPR), and the personal data shall be processed only until it is transferred to the shareholder.
11. Contact us
There are several ways you can contact the Company: by phone, email, social media accounts, the contact form on the website or by sending a letter to the Company’s registered office address. We receive, review and respond to all reports ourselves. If you contact us, we may process the data you provide to us, i.e. email address, name (if provided), username (if the request is sent via a social networking account), workplace (if provided), the date and time of sent and received messages, the recipient, the sender (in the case a message is addressed to you), and the content.
Such data will be processed in order to answer your questions and consider your suggestions. If you do not provide your contact details, it will not be possible to contact you.
Correspondence is stored for 1 year from the date of message receipt, except for information for which other time limits are specified in the Privacy Policy or in legal acts.
Any personal data you provide when you interact with us is only used for the purposes set out above and for viewing messages and administering and managing communication flows. We undertake not to use your personal data in any publication in such a way that your identity can be established without your explicit consent.
Please note that we may need to contact you by post, email or telephone. Please notify us of any changes to your personal data.
Our website uses cookies. A cookie is a small file made up of letters and numbers that we place on your browser or on the hard drive of your computer with your consent. We use different cookies for different purposes. Cookies also help us to distinguish you from other users of the website, thus ensuring a more pleasant experience and enabling us to improve the website.
Most browsers allow you to reject all cookies, and some browsers allow you to reject only third party cookies. Therefore, you can take advantage of these opportunities. However, please note that blocking all cookies will have a negative impact on the use of the website and without cookies you will not be able to use all the services provided on the website. For more information, visit AllAboutCookies.org or www.google.com/privacy_ads.html.
We may use the types of cookies described below, but a detailed and up-to-date list of the cookies we use can be found HERE.
| Name | Description | Creation / Expiry times |
| CMSSESSIDX | A standard cookie used to manage the user’s session. | Upon opening the website/ until the user closes the website |
| cookiesAgree | A cookie which records whether you have consented to the use of cookies on our website. | From the time of consent/until it is deleted |
| cookiesLevelX | A cookie identifying the types of cookies you have accepted on our website. | From the time of consent/until it is deleted |
| _ga | This cookie is used by Google Analytics to assess the purpose of the user’s visit, generate reports on the website activity to website operators, and improve user’s experience when browsing on the website. | From the time of consent/
2 years. |
| _gat | This cookie is used by Google Analytics to collect statistical information about the website traffic. | Upon the first visit to the website/ until the end of the session |
| _gid | This cookie is used by Google Analytics to distinguish you from other users. | Upon the first visit to the website/
2 days |
Strictly essential cookies.
These cookies are essential for our website to work. The basis for the use of such cookies is Article 73(4) of the Law on Electronic Communications of the Republic of Lithuania. These cookies are essential for the operation of the website and cannot be disabled on our systems. They are usually used in response to what you do on the website, such as starting to browse or choosing your privacy settings. These cookies do not store any personally identifiable information about you and are deleted as soon as you turn off the website.
Analytical and/or performance cookies.
These cookies allow us to count the number of visits to the website and to monitor the flow of visitors to the website so that we can improve the performance of the website. They allow us to know which pages of the website are the most or least visited and to monitor how visitors navigate the site. We use Google Analytics for this purpose. The data collected is not accessible to any other party. The information collected by cookies is anonymous and is not intended to identify you or influence your browsing experience while you are on the website. If you do not accept the use of these cookies, you will not be included in the visitor statistics. The processing of data collected by these cookies is based on your consent.
Commercial cookies.
These cookies are used by us and by third parties to display offers or other promotional information that may be of interest to you. We use cookies to collect data about your browsing history and to identify your areas of interest so that we can show you relevant marketing information. The processing of data collected by these cookies is based on your consent.
Plugins for Facebook and LinkedIn
This page uses plugins for Facebook, Instagram and LinkedIn.
13. Social media
The information you provide us on social media (including notifications, use of the Like and Follow fields, and other communications) shall be controlled by the social network manager.
Our website provides links to our social media accounts (hereinafter referred to as ‘Social Accounts’). We currently administer the following Social Accounts:
- Audifina UAB account on Facebook;
- Audifina UAB account on LinkedIn;
We process the information contained in social accounts for the purpose of administering the accounts on the basis of your consent. We do not separately store information contained in Social Accounts (where the data is processed for the purpose of administering the Social Accounts, but the data may be stored if it needs to be processed for another purpose, such as the protection of rights).
When you visit Social Accounts, social network administrators add cookies to your device that collect personal data. Cookies are stored both if you are a registered user of a social network or if you do not have an account with that social network. We do not have access to the personal data we collect about you and can only obtain statistical information from the administrators of the social networks about the usage of Social Accounts.
We encourage you to read third-party privacy notices and contact service providers directly if you have any questions about how they use your personal information.
14. Transfer of data to third countries
Controllers of social media networks (Facebook, LinkedIn) are established in third countries for which the European Commission has not adopted an eligibility decision.
The data of European Union residents published on Facebook is processed by the data controller Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Information on how you can exercise your rights as a data subject can be found at: https://lt-lt.facebook.com/privacy/explanation/. If you have any complaints about Meta Platforms Ireland Limited processing of your personal data or the exercise (or non-exercise) of your rights as a data subject, you have the right to lodge a complaint with the supervisory authority in charge of Meta Platforms Ireland Limited, either the Irish Data Protection Commission or the National Data Protection Inspectorate.
The data of European Union residents published on the LinkedIn is processed by the data controller LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). For information on how you can exercise your rights as a data subject, please contact https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. If you have any complaints about LinkedIn Ireland Unlimited Company processing of your personal data or the exercise (or non-exercise) of your rights as a data subject, you have the right to lodge a complaint with the supervisory authority in charge of LinkedIn Ireland Unlimited Company, either the Irish Data Protection Commission or the National Data Protection Inspectorate.
15. Obtaining and disclosing data
We receive your data from you, your devices, job applicants, our employees and our contractors.
We disclose information about you to the data processors we use (IT service providers, marketing service providers, etc.).
In addition, we may disclose information about you:
- if we have to do so by law;
- when you intend to sell the Company’s business or part of its assets by disclosing your personal data to a potential buyer of the business or part of it;
- in the event of a sale of the Company’s business or a substantial part of its assets to a third party.
Except as provided in this Privacy Policy, we do not provide your personal data to any third parties.
The list of recipients or categories of recipients specified in the Privacy Policy is subject to change, therefore, if you wish to be informed about changes in the recipients of your personal data, please notify us by sending us an e-mail to the e-mail address specified in this Privacy Policy, indicating in the message text ‘I wish to be informed of changes in the recipients of my personal data, name’.
16. Security of your personal data
Your personal data will be processed in accordance with the General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other statutory requirements. When processing your personal data, we implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure or any other unlawful processing.
17. Complaints
If you believe that your rights as a data subject have been and/or may be violated, please contact us immediately at the email address provided in this Privacy Policy. We ensure that as soon as we receive your complaint, we will contact you within a reasonable period of time to inform you of the progress of the investigation and the outcome.
If you are not satisfied with the results of the investigation, you can file a complaint with the supervisory authority, the State Data Protection Inspectorate: https://vdai.lrv.lt/
18. Liability
You are responsible for maintaining the confidentiality of the data you provide to us and for ensuring that the data you provide to us is accurate, correct and complete. If the data you have provided changes, you must inform us immediately by email. In no event shall we be liable for any damage caused to you as a result of your provision of incorrect or incomplete personal data or your failure to inform us of any change in such data.
19. Changes to Privacy Policy
We may update or change this Privacy Policy at any time. If you would like to receive an updated Privacy Policy, please notify us at the email address listed in Section 2.