Last Updated: 18-11-2024
1. Overview
This Privacy Policy (the “Privacy Policy”) is designed in order to provide you the explanations on how your personal data is being processed when you visit our website www.lithuaniahq.com (the “Website”) or use the services (the “Services”) introduced on the Website.
IN MY MIND LIMITED, legal entity code C94216, registered at Punchbowl Centre, Elija Zammir Street, San Giljan, STJ3154, Malta (the “Company” or “we”) process your personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR“) and other applicable laws.
By contacting us via options available on the Website or by using this Website and the Services you confirm you have read, understood and accepted this Privacy Policy.
2. Purposes and retention period of your personal data processing
- Customer service. For this purpose we process your personal data so that we could provide you the necessary consultation based on your expressed request and / or answer any inquiry you may have. We may process your personal data throughout the provision of the support services and for 3 (three) years after our last actual contact with each other (e.g., our last e-mail to you answering your request). If during our communication you request specific Services and we agree to start working on that, then your personal data collected for the purpose of providing support services will be further processed for the purpose of performance of the contracts;
- Performance of the contracts. For this purpose we collect your personal data in order to be able to provide the agreed Services in the most efficient and effective manner. We may process your personal data for as long as it is necessary in order to provide the required Services and as required by retention requirements in applicable laws and regulations, therefore, your personal data will be processed throughout our continues contractual relationship and stored after this relationship ends for up to 5 (five) years. In case we have not entered into contractual relationship, your personal data will be processed for 3 (three) years after our last actual contact with each other, except in cases where a longer period is established by laws and / or other regulations.
- Direct marketing. For this purpose we process your personal data in order to update you on the scope of the Services we are able to offer, upcoming events or latest news we think you may be interested in. We may process your personal data throughout our continues contractual relationship or for 3 (three) years counted from the moment you expressed your consent to such processing, except in cases in which you decided to revoke your consent earlier or express your wish no longer to receive our newsletters.
- Recruitment. For this purpose we process candidate’s personal data in order to assess his / her skills and qualifications in relation to the desired position, communicate during the ongoing recruitment process, keep records about its process and conclude a contract with the selected candidate. When executing recruitment personal data of candidates that won’t be selected as future Company’s employees will not be processed longer than 6 (six) months after the deadline of the recruitment for the concrete position they applied for.
- Administrating and improving the Website. For this purpose we may process some of your personal data in order to ensure Website functions properly and provides you with the best experience. For more information check our Cookie Policy.
If you do not provide the Company with the personal data necessary in order to achieve the above indicated purposes, the Company may not be able to keep a contact with you, continue contractual relationship, provide Services or perform other related functions.
3. Personal data we collect
The personal data we may process about you depends on your use of the Website, the type of Services you are willing to get from. Therefore, the personal data we may collect about you, could include but is not limited to the following categories:
- Personal information (such as first name, last name, birth date/personal code);
- Contact data (such as phone number, address, e-mail);
- Information about your desirable Services (such as Services you are interested in, your personal needs);
- Financial data (such as payment confirmation for the requested services)
- Communication data (such as correspondence, chats, date, time);
- History data (such as time-stamped correspondence and provision / execution of the required Company’s services);
- Recruitment data (such as resume (CV), data on candidate’s education and qualification, career social network profile (i.e., LinkedIn), candidate’s assessment data)
- Information related to your use of the Website (such as browser and device data (IP address(es), time zone, time, data, browser information, screen resolution, electronic device‘s operational system information, location data (country (code), city), internet service provider (ISP), etc.) and usage data (time spent on the Website, pages visited, links clicked, etc.)).
4. Ways how we get your personal data
The Company collects your personal data directly from you or from the third parties when:
- you contact us;
- you use our Website.
5. Legal basis for personal data processing
We process your personal data based on at least one of the following grounds:
- you have given a consent;
- your personal data processing is necessary for the performance of a contract or in order to take steps at the request of you prior to entering into a contract;
- your personal data processing is necessary for compliance with a legal obligation to which the controller is a subject;
- your personal data is necessary for the purpose of the legitimate interests pursued by us or the third party.
6. Personal data recipients
We may disclose your personal data under initiative of our own or upon respective request to the below indicated personal data recipients which are also obliged to comply with the requirements of GDPR, laws and other mandatory legal requirements:
- third party services providers which we outsource for the purpose of execution specific functions (e.g. IT services, document management services, etc.);
- professional advisors (legal, financial, etc.);
- courts, attorneys, bailiffs, national and local authorities;
- other service providers which services may include, or which are engaged in personal data processing executed by the Company.
Personal data may also be provided to other recipients if:
- the Company has to comply with a legal obligation to which it is a subject; or
- such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with the European Union or Member State law; or
- the data requesting party has a legitimate interest to request for such information.
Most of the time the Company process your personal data within the European Economic Area ("EEA"). Whenever the Company needs to transfer your personal data outside EEA, it ensures such a transfer complies with GDPR requirements, such as:
- the personal data transfer is made to the country which the European Commission has acknowledged as ensuring the adequate level of protection;
- the personal data transfer is made subject to appropriate safeguards designated by law (such as standard data protection clauses);
- the personal data transfer is made in relation with the binding corporate rules approved by competent supervisory authority;
- other security measures under GDPR has been complied.
7. Security measures
The Company takes various security ensuring technologies and procedures in order to protect your personal data against unauthorised or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage, etc. This includes legal, organisational, technical, and physical security measures, such as the latest security systems, working only with trustworthy service providers, ability to detect cyber security attacks and other threats to the integrity of the Website. However, no transmission of information via email or other telecommunication channels through the internet could be fully secured. Therefore, you should take due care when you are sharing confidential information via e-mail or other telecommunication channels.
8. Cookies
Cookies are small information files that your device browser finds on the Website and stores in your device. In order to get to know more about cookies, please read our Cookie Policy.
9. Your data protection rights
You have certain legal rights in relation to the processing of your personal data:
- the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, if so, access to the personal data and the information regarding its processing as set out in article 15 of GDPR;
- the right to obtain from us without undue delay the rectification of inaccurate personal data as set out in article 16 of GDPR;
- the right to obtain from us the erasure of personal data concerning you without undue delay as set out in article 17 of GDPR;
- the right to obtain from us restriction of processing as set out in article 18 of GDPR;
- the right to data portability as set out in article 20 of GDPR;
- the right to object at any time to processing of your personal data as set out in article 21 of GDPR;
- the right not to be subject to an automated individual decision-making, including profiling, as set out in article 22 of GDPR.
This Privacy Policy does not deprive you of any other legal rights you may enforce under the applicable law.
You may be able to exercise your rights only after the Company has successfully identified you. If the Company is not sure about the identity of the person sending the request, the Company may not provide the requested information to him / her, unless his / her identity is confirmed.
You may be provided with information related to the exercise of your rights free of charge. However, your request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular because of their repetitive character.
The Company shall provide you with information on the actions taken upon receipt of your request for the exercise of your rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for 2 more months, depending on the complexity and number of requests. If you have submitted the request by electronic means, the information shall also be provided by electronic means.
If you consider that your personal data is being processed in violation of your rights and legitimate interests in accordance with applicable law, you shall have the right to file a complaint against the processing of personal data to the Office of the Information and Data Protection Commissioner of the Republic of Malta.
10. Final provisions
If you have any questions regarding this Privacy Policy or if you want to execute your rights you may contact us via e-mail: info@lithuaniahq.com.
This Privacy Policy shall be viewed and applied in accordance with GDPR and other applicable laws.
The Company reserves the right to revise this Privacy Policy from time to time in order to correspond with the changes of its business practice or applied legal requirements. The revised Privacy Policy will be effective upon the posting of it on the Website and you have a sole responsibility to review it. Your continued use of the Website and Services following any such revisions to the Privacy Policy will constitute your acceptance of such changes.