UAB „Audifina“
PRIVACY POLICY
1. What does this Privacy Policy mean?
In this Privacy Policy (hereinafter – Privacy Policy), we provide information on how UAB “Audifina” (hereinafter – Company, we) processes your personal data for the purposes specified in this Privacy Policy, as well as information on your rights and how to exercise them. Depending on the nature of its activities, the Company may, in certain cases, act as a data processor. Such cases are not covered by this Privacy Policy; i.e., this Privacy Policy provides information on how the Company processes personal data when acting as a data controller. Hereinafter, any person whose personal data is processed by the Company is referred to as a Data Subject.
2. About the Company
The Company means UAB “Audifina”, legal entity code 125921757, registered office at A. Juozapavičiaus g. 6, LT-09310 Vilnius, Lithuania. Data about the Company is collected and stored in the Register of Legal Entities of the Republic of Lithuania. Contact email for personal data protection matters: info@audifina.lt.
3. What are personal data?
Personal data is any information collected by the Company about an individual that can be used to identify that individual and is stored electronically or otherwise.
Personal data includes any information, including name, surname, address, IP address, that the Company collects about individuals for the purposes specified in this Privacy Policy or in a separate consent or agreement with the Company.
This also includes publicly available information with which the Company becomes acquainted when you contact the Company via social media or actively engage with the Company’s social media accounts.
The Company processes personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, and other legal acts regulating personal data protection.
Below you can learn how we process your personal data: which personal data we process, for what purposes, how long we store it, and what rights you have. You can access this information by clicking on the section of interest.
4. Your rights and how to exercise them
This section provides information on your rights regarding the processing of your personal data by us and the circumstances under which you can exercise them. For more information about your rights or to exercise them, contact us at the email address specified in this Privacy Policy.
The Company will respond to your request without undue delay, but no later than 1 (one) month from the date of receipt of the request. Depending on the complexity of the request and the number of requests received, this period may be extended by 2 (two) months. In such a case, we will inform you within 1 (one) month from the receipt of your request about the extension and its reasons. The Company will only refuse to exercise your rights in cases provided by law.
4.1. Right to access your personal data
We aim to ensure you fully understand how we use your personal data and avoid any inconvenience. Information about how we process your personal data is primarily provided in this Privacy Policy (right to be informed). You may contact us at any time to inquire whether we process any of your personal data. If we store or otherwise use your personal data, you have the right to access it. To do so, submit a written request to the email address specified in this Privacy Policy and confirm your identity (if such confirmation is required in a specific case).
We expect that you will not abuse this right and will act reasonably and in good faith when making such requests.
4.2. Right to withdraw consent
If you have given us clear consent to process your data, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
4.3. Additional rights
We provide below information about additional rights you may exercise by following the procedures described below.
(a) You have the right to request that we correct any inaccuracies in the personal data we hold. In such cases, we may ask you to confirm the corrected information.
(b) You have the right to request the deletion of your personal data. This right is exercised in the cases provided for in Article 17 of the General Data Protection Regulation (GDPR) (EU) 2016/679.
(c) You have the right to request the restriction of the processing of your personal data, or to request that we refrain from processing it, in the following situations:
- For the period necessary to verify the accuracy of your personal data, when you submit claims regarding data accuracy;
- When the processing, storage, or use of your personal data by us is unlawful, but you choose not to request the deletion of the data;
- When your personal data is no longer necessary to us, but you need it to establish, exercise, or defend a legal claim;
- For the period necessary to determine whether we have a more legitimate ground to continue processing your personal data if you have exercised your right to object to the processing of personal data.
(d) You have the right to data portability of personal data that is processed by automated means and provided by you in a structured, commonly used, and machine-readable format, either with your consent or for the purpose of entering into a contract. Upon your request, we will transfer a copy of your provided data to you or to the data controller you designate.
(e) You have the right, in accordance with Article 21 of the GDPR, to object to our use of your personal data. You may object when your personal data is processed on the basis of legitimate interest (the legal basis for each processing purpose is specified in this Privacy Policy) or for direct marketing purposes.
4.4. Right to request additional information
We hope you understand that it is very difficult to cover all possible methods of collecting and using personal data. We strive to provide clear and comprehensive information and commit to updating this Privacy Policy whenever the personal data processing procedures change. However, if you have any questions regarding the use of your personal data, we will be happy to answer them or provide any additional information that we are able to disclose. If you have any specific questions or do not understand the information provided, please contact us.
5. Information on the Processing of Personal Data for Purposes Related to the Provision of Services or the Purchase of Goods or Services from Other Parties
Purpose of Processing | Personal Data | Legal Basis | Retention Period | Other Notes |
Conclusion and performance of contracts with suppliers/clients who are natural persons (counterparty data) | Name, surname, personal code, address, business certificate/individual activity certificate number (of service provider or recipient), bank account number, data indicated in contract execution documents | GDPR Article 6(1)(b) (contract) | During the validity period of the contract | Data may be transferred to data processors |
| Conclusion and performance of contracts with clients/suppliers legal entities (data of persons related to them) | Name, surname, position, basis of representation, email address, telephone number, content of correspondence | GDPR Article 6(1)(f) (legitimate interest) | During the validity period of the contract | Data may be transferred to data processors |
| Provision of audit and other professional services (third-party data) | Personal data required in documents for professional services, e.g., data on work remuneration accounting during audit, etc. | GDPR Article 6(1)(f) (legitimate interest to properly provide services and ensure compliance with regulatory acts), GDPR Article 6(1)(c) (compliance with legal obligations such as Lithuanian financial statements audit law and other legal acts) | During the validity period of the contract | Data may be transferred to data processors |
| Preliminary evaluation of service prices (when using questionnaires on the company’s website) | Name, surname, email address, telephone number, company represented, inquiry content | GDPR Article 6(1)(f) (legitimate interest) | 1 year from inquiry receipt | Data transferred to data processor Google Ireland Limited* |
| Accounting records maintenance (own company or clients) | Name, surname, information about received/provided services and sold goods, other accounting data recorded in accounting documents including personal data | GDPR Article 6(1)(c) (legal obligation) | Data stored according to terms set by regulatory acts on accounting records and internal document retention schedules | Data may be transferred to data processors |
| Archiving | Personal data processed for the purpose of contract conclusion and execution, audit, and the provision of other professional services | GDPR Article 6(1)(c), legal obligation, as defined by the General Document Retention Periods Index, approved by Order No. V-100 of the Archivist of the Republic of Lithuania on 9 March 2011, paragraphs 6.1. and 10.37 | 10 years (after the contract ends) | Data is transferred to a company providing archiving services (data processor) |
| Defence of Legal Claims | Personal data processed for the purpose of contract conclusion and execution, audit, and the provision of other professional services | GDPR Article 6(1)(f) (legitimate interest – defence of legal claims) | 10 years | Data is transferred to courts, state institutions resolving disputes, parties to the dispute, lawyers, and other entities providing legal services |
* Google centrinė būstinė yra trečiojoje valstybėje, dėl kurios Europos Komisija dar nėra priėmusi sprendimo dėl tinkamumo, tačiau Europos Sąjungos gyventojų duomenis tvarko duomenų valdytojas Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Kadangi Google Ireland Limited yra mūsų pasitelktas duomenų tvarkytojas, skundus ar klausimus, susijusius su anketos pildymu per Google Forms, rekomenduojame teikti 2 Privatumo politikos skyriuje nurodytais mūsų kontaktais. Jei norėtumėte sužinoti daugiau apie Google asmens duomenų tvarkymo sąlygas, susipažinkite su Google privatumo pranešimu.
6. Candidate Selection
We collect and process your personal data, including: workplace, e-mail address, date of birth, address, education, surname, phone number, first name, desired position, date of receipt of your CV, information about your personal qualities, work experience (last workplace, length of service at the workplace, positions held, other work experience), information on foreign language proficiency (language, reading, writing, speaking levels), ability to use computer programs, and other information provided in the CV, recommendation, and/or cover letter; desired salary. This data is collected for the purpose of conducting recruitment based on your consent, which you provide to the Company by sending your CV and/or cover letter. If you do not submit your CV and/or cover letter, we will not be able to assess your suitability for the offered position.
With your consent, we may contact your current employer, and we may contact your former employer based on our legitimate interest (selecting a suitable candidate) and pursuant to Article 5(2) of the Law on Legal Protection of Personal Data of the Republic of Lithuania, in order to verify information about your qualifications, professional skills, and work-related characteristics (for example, work performance, relationships with clients and/or colleagues, performance evaluation, etc.). Based on our legitimate interest (selecting a suitable candidate), we may also collect information from public professional social media profiles. You can withdraw your consent or refuse consent for us to contact your former employer at any time by notifying us at the e-mail address provided in Section 2 of this Policy.
If you do not provide separate consent to process your personal data, after the specific recruitment process concludes, we undertake to delete and/or destroy your personal data within 3 business days following the signing of a contract with the selected candidate or the decision to end the recruitment process, except where separate consent is given to store candidate personal data for a specified period. If your application is not selected, but you have given consent to process your personal data for the purpose of offering employment in the future, we will retain your data based on your consent for 1 year from the end of the recruitment process.
Based on our legitimate interest, we process the personal data of a candidate’s reference person (name, surname, e-mail, phone, information provided) – whether a current or former employer or other reference provider – for recruitment purposes. Our legitimate interest in this case is to select a suitable candidate for the advertised position. This data will be destroyed within 3 days after signing a contract with the selected candidate or the decision to end the recruitment process.
The Company also searches for candidates on LinkedIn and other employee recruitment websites/portals. For the purpose of candidate search on LinkedIn, job portals, and other public sources, the Company processes personal data of potential candidates (persons matching search criteria): first name, surname, and other information provided in the LinkedIn profile or other search platform profile. Personal data is processed based on the Company’s legitimate interest. Data is not stored separately; selected individuals are simply asked for consent to participate in the Company’s recruitment process.
If you voluntarily send us your data in order to be considered for an internship at the Company, the data you provide for the purpose of offering an internship position will be stored for 6 months from receipt (unless a decision to offer the internship is made earlier). Personal data will be processed based on your consent. If no internship position is offered within 6 months, the personal data you provided will be destroyed.
7. Direct Marketing
Individuals aged 14 and over, who have provided their contact information and expressed a wish to receive information about our services, activities, events, etc., will receive commercial offers, newsletters, information about our services, organized events, activity news, and other promotional materials via electronic communication means. For direct marketing purposes, we process the following personal data: e-mail address, phone number, information on sent messages and reactions to them. Personal data for direct marketing purposes will be processed for 3 years from the date of consent. Direct marketing messages are sent (your contact data is processed) based on consent, while information about sent messages and reactions to them is processed based on our legitimate interest to assess marketing effectiveness.
If you are our client and have not objected to receiving information about services similar to those you have purchased, direct marketing messages will be sent based on our legitimate interest. In this case, your personal data for direct marketing purposes will be processed for 1 year from the end of contractual relations.
Personal data processed for direct marketing purposes is transferred to the newsletter service provider MailerLite Limited (company established in Ireland), as well as other data processors necessary to perform direct marketing activities.
You have the right to object or opt out of receiving direct marketing messages at any time by contacting us at the e-mail address provided in Section 2.
8. Protection of Confidential Company Information and Business Continuity
To protect the Company’s legitimate interests, ensure the continuity of its operations, and safeguard the Company’s information systems from hacking, data theft, viruses, harmful websites, malware, copyright violations via technical and internet access, and from network overload, the Company may review employee correspondence with contractors and information stored on Company electronic devices. To achieve these objectives, the Company processes the following personal data of its employees and persons sending or receiving employee e-mails: e-mail address, sender or recipient first name and surname, date, and content of information contained in electronic work tools.
Data collected for the purpose of protecting confidential information and safeguarding the Company’s information systems from hacking, data theft, viruses, harmful websites, malware, and copyright violations, is retained solely for the purpose of defending legal claims for 4 years, in accordance with Article 1.125(9) of the Civil Code of the Republic of Lithuania. In defending legal claims, data may be provided to data recipients (data controllers) such as courts, law enforcement authorities, state institutions resolving disputes, parties to the dispute, lawyers, and other providers of legal services.
9. Protection of Legitimate Interests
Based on its legitimate interest to protect its rights, including in the case of civil disputes, the Company processes the names, surnames, personal identification numbers, case circumstances, and other case-related information, as well as publicly available information of persons involved in the case or their employees. The data may be transferred to law enforcement authorities, lawyers, or bailiffs executing recovery actions. Data will be destroyed 1 year after the final resolution of the case and the full satisfaction of the Company’s claims (if the claims are satisfied).
10. Internal Company Administration (Exercise of Shareholder Rights)
For internal administrative purposes (upon receiving a shareholder’s request to exercise the right to information), the Company may transfer any personal data (recorded in documents provided to the shareholder) to the shareholder. The transfer is performed to fulfill a legal obligation applicable to the Company (Article 6(1)(c) of the GDPR), and personal data is processed only until it is transferred to the shareholder.
11. Contacting Us
There are several ways to contact the Company: by phone, e-mail, social media accounts, the contact form on the website, or by sending a letter to the Company’s registered address. All messages are received, reviewed, and responded to by us. When you contact us, we may process the data you provide, such as e-mail address, first and last name (if provided), username (if the request is sent via a social media account), workplace (if provided), and the date, time, recipient, sender, and content of sent and received messages (when the message is addressed to you).
This data will be processed to respond to your inquiries and review your suggestions. If you do not provide your contact details, it will not be possible to communicate with you.
Correspondence is retained for 1 year from the date the message is received, except for information that must be retained for longer periods as specified in the Privacy Policy or legal acts.
All personal data you provide when communicating with us is used solely for the purposes described above and for reviewing messages as well as managing communication flows. We undertake not to use your personal data in any publication that could identify you without your explicit consent.
Please note that we may need to contact you by mail, e-mail, or phone. Please inform us of any changes to your personal data.
12. Website and Cookies
Our website uses cookies. A cookie is a small file made up of letters and numbers that we record on your browser or the hard drive of your computer with your consent. We use different cookies for different purposes. Cookies also help us distinguish you from other users of the website, ensuring a better browsing experience and allowing us to improve the website.
Most browsers allow you to reject all cookies, and some browsers allow you to reject only third-party cookies. You can use these options. However, please note that blocking all cookies will negatively affect your experience on the website, and without cookies, you will not be able to use all the services offered on the website. More detailed information is available at AllAboutCookies.org or
www.google.com/privacy_ads.html.
We may use the types of cookies described below; however, a detailed and up-to-date list of cookies in use is provided further down.
| Cookie Name | Data Processing Purpose / Function | Expiry Time | Cookie Type (Essential, Functional, Analytical, Marketing) |
| cookie_notice_accepted | To read whether cookies can be placed. | 1 day | Functional |
| pll_language | To save language settings. | 1 year | Functional |
Essential Cookies
These cookies are necessary for our website to function. The legal basis for using such cookies is Article 73(4) of the Republic of Lithuania’s Law on Electronic Communications. These cookies are essential for the website’s operation and cannot be disabled in our systems. They are usually used to respond to your actions on the website, such as starting to browse or selecting your privacy settings. These cookies do not store any personally identifiable information about you and are deleted as soon as you leave the website.
Analytical and/or Performance Cookies
These cookies allow us to count website visits and monitor visitor traffic in order to improve the website’s performance. They help us understand which pages are most or least visited and how visitors navigate the website. For this purpose, we use Google Analytics. The data collected is not accessible to any third party. Information collected by these cookies is anonymous and is not used to identify you or influence your browsing experience while visiting the website. If you do not consent to the use of these cookies, your visits will not be recorded in the statistics. The legal basis for processing data collected by these cookies is your consent.
Commercial Cookies
These cookies, used by us and third parties, are intended to display offers or other marketing information that may interest you. We use cookies that collect data about your browsing history and determine your interests to show you relevant marketing content. The legal basis for processing data collected by these cookies is your consent.
Facebook and LinkedIn Icon Plugins
This page uses Facebook, Instagram, and LinkedIn icon plugins.
13. Social Media
Information you provide to us via social media (including messages, use of “Like” and “Follow” buttons, and other communication) is controlled by the social network operator.
Our website provides links to our accounts on social media platforms (hereinafter – Social Accounts). We currently manage the following Social Accounts:
- Audifina UAB account on Facebook;
- Audifina UAB account on LinkedIn;
Information on Social Accounts is processed for account management purposes based on your consent. Information on Social Accounts is not stored separately (when data is processed for account management purposes, it may be retained if needed for other purposes, e.g., to protect rights).
When you visit Social Accounts, social network administrators place cookies on your device, which collect personal data. Cookies are placed whether you are a registered social network user or do not have an account on that social network. We do not have access to the personal data collected and can only obtain statistical information on Social Account visits from social network administrators.
We recommend reading the privacy statements of third parties and contacting the service providers directly if you have any questions regarding how they use your personal data.
14. Data Transfer to Third Countries
Social network data controllers (Facebook, LinkedIn) are established in third countries for which the European Commission has not issued an adequacy decision.
Personal data of EU residents posted on Facebook is processed by the data controller Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Information on how you can exercise your rights as a data subject is available at: https://lt-lt.facebook.com/privacy/explanation/. If you have complaints about Meta Platforms Ireland Limited’s processing of your personal data or the exercise (or non-exercise) of your rights as a data subject, you have the right to lodge a complaint with the supervisory authority of Meta Platforms Ireland Limited – the Irish Data Protection Commission – or with the State Data Protection Inspectorate.
Personal data of EU residents posted on LinkedIn is processed by the data controller LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). Information on how you can exercise your rights as a data subject is available at https://lt-lt.facebook.com/privacy/explanation/ f you have complaints about LinkedIn Ireland Unlimited Company’s processing of your personal data or the exercise (or non-exercise) of your rights as a data subject, you have the right to lodge a complaint with the supervisory authority of LinkedIn Ireland Unlimited Company – the Irish Data Protection Commission – or with the State Data Protection Inspectorate.
15. Data Collection and Disclosure
We collect your data from you, your devices, job candidates, our employees, and our contractual partners.
We disclose information about you to our engaged data processors (IT service providers, marketing service providers, etc.).
In addition, we may disclose information about you:
if required by law;
in connection with a potential sale of the Company’s business or part of its assets, disclosing your personal data to a prospective buyer of the business or part of it;
upon selling the Company’s business or a substantial part of its assets to third parties.
Except for the cases specified in this Privacy Policy, we do not provide your personal data to any third parties.
The list of recipients or categories of recipients specified in the Privacy Policy may change. If you wish to be informed about changes to the recipients of your personal data, please notify us at the email address indicated in this Privacy Policy, stating in the message: “I wish to receive information about changes to the recipients of my personal data, name, surname.”
16. Security of Your Personal Data
Your personal data will be processed in compliance with the General Data Protection Regulation (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable laws. While processing your personal data, we implement organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
17. Complaints
If you believe that your rights as a data subject are or may be violated, please contact us immediately at the email address provided in this Privacy Policy. We ensure that upon receiving your complaint, we will contact you within a reasonable period and inform you about the progress of the investigation and subsequently about the results.
If the investigation results do not satisfy you, you have the right to file a complaint with the supervisory authority – the State Data Protection Inspectorate: https://vdai.lrv.lt/.
18. Responsibility
You are responsible for the confidentiality of the data you provide and for ensuring that the data you submit to us is accurate, correct, and complete. If your submitted data changes, you must immediately inform us by email. Under no circumstances will we be liable for any damage caused to you due to providing incorrect or incomplete personal data or failing to notify us of its changes.
19. Changes to the Privacy Policy
We may update or amend this Privacy Policy at any time. If you wish to receive an updated version of the Privacy Policy, please notify us at the email address indicated in Section 2.
