Glimstedt is located at Jogailos g. 4, LT-01116 Vilnius, Lithuania. Its email address is [email protected].
What Is Personal Data?
Personal data is any information collected by Glimstedt about a natural person and used to identify that person. Such personal data includes, among other things, the person’s first name, last name, address, and IP address.
What Kind of Personal Data Do We Process?
Glimstedt processes your personal data for the following purposes:
- For providing and managing legal services
In order to provide and manage legal services, Glimstedt will process personal data of the person with whom a contract for legal services has been signed (henceforth – Client) (if the Client is a natural person) or personal data of any representatives, employees or other persons engaged by the Client (if the Client is a legal person), i.e., personal data contained in the contract for legal services or the data provided by the Client (e.g. information about the Client’s contracts, relationship with others or correspondence maintained), also the data to be collected by Glimstedt from other sources when providing such legal services (e.g. data extracted from various publicly available sources, such as registers and the like). This data is processed on the basis of a contract and/or in order to take actions at your request prior to signing such contract and/or to comply with legal obligations, and/or on the basis of a legitimate interest.
Special categories of personal data will be processed by Glimstedt for the provision and management of legal services only subject to your explicit consent and/or in order to impose, enforce, or protect your legal demands and/or if you have manifestly made this data available to the public.
Personal data used for the provision and management of legal services will be kept for a period of 10 (ten) years after the Client’s last assignment to Glimstedt, until the 15th day of January of the year that follows unless a longer period for keeping such data has been provided for by the laws and/or regulations.
- For preventing money laundering and terrorist financing
The following personal data will be collected by Glimstedt about its Clients, their representatives, employees, ultimate beneficiaries, or their family members for the prevention of money laundering and terrorist financing (whichever is the case): the person’s first name, last name, email address, phone number, personal identification number, nationality, residential address, identity document details (its name, number, date of validity, country of issue), information on whether the Client or his/her family members are politically exposed persons, their source of income and other data processed by Glimstedt in order to comply with legal obligations and/or on the basis of a legitimate interest.
This personal data will be kept for a period of 10 (ten) years after the Client’s last assignment to Glimstedt, until the 15th of January of the year that follows.
- For sending offers to Clients
Based on your consent, the following personal data will be processed by Glimstedt for giving news and other information about its services, offerings, events, etc. namely, your first name, last name, email address and phone number.
Based on your consent, your personal data will be kept by Glimstedt for a period of 5 (five) years after the receipt of your consent, until the 15th day of January of the year that follows. If your personal data is processed by Glimstedt for direct marketing purposes based on a legitimate interest, such data will be kept for the duration of the contract for legal services.
- For making and performing contracts
Glimstedt will process personal data of employees of its suppliers, service providers or partners (as legal persons) or personal data of its suppliers, service providers or partners (as natural persons) in order to perform contracts between Glimstedt and such persons. In that case, the following personal data will be processed: your first name, last name, date of birth, phone number, email address, contents of correspondence, date and other details relating to the contract performance.
Where the personal data of our service providers/their employees is processed, such processing will be made on the basis of our legitimate interest to perform the contract.
If you make a contract with Glimstedt as a natural person, your personal data will be processed by us in order to perform the contract.
Such personal data processing will continue for as long as the contract runs. If your personal data appears in the contract, such data will be kept for 10 (ten) years after the end of the contract.
- Glimstedt dokas
Whenever you use Glimstedt dokas, Glimstedt will processes your personal data jointly with UAB Adminiculum (corporate ID number 124717075, registered office address Jogailos g. 4, LT-01116 Vilnius) acting as a joint controller.
The following personal data of natural persons will be processed by Glimstedt jointly with Adminiculum UAB in order for you to use the services of Glimstedt dokas: your first name, last name, self-employment certificate number, email address, address, phone number, account name and password. This personal data is processed in order to perform a contract and/or on the basis of a legitimate interest to provide services and will be stored for 10 (ten) years after the end of the contract while the account name and the password will be stored for 2 (two) years from the date of the last log-in to the account. If you are a legal person’s representative, we will process your contact details, namely, your first name, last name, email address and phone number on the basis of our legitimate interest to provide services and will keep such data for 10 (ten) years after the end of the contract.
- For organising events
The following data will be processed by Glimstedt to organise events or webinars: the person’s first name, last name, phone number, place of work, job title, email address. This data is processed on the basis of a contract/a legitimate interest to perform the contract. We may also take photographs or videos during such events and process your image on the basis of your consent. This data will be stored for 5 (five) years after the event.
- For external communication
The following data will be processed in connection to Glimstedt business presentations, including leaflets, visual presentations, social media sites: your photo, first name, last name, place of work, job title. This data is processed on the basis of your consent and will be stored for 5 (five) years after the receipt of your consent, until the 15th day of January of the year that follows.
- Social media sites
Information communicated to Glimstedt on our social media sites (including notifications, use of “Like” and “Follow” buttons or other communication) will be controlled by us jointly with social media managers as joint controllers.
Currently, we maintain the following accounts:
The following data will be processed by Glimstedt to handle the database of job candidates: the person’s first name, last name, date of birth, phone number, place of work, email address, place of residence (address), education, knowledge of foreign languages, preferred job, preferred salary, personal characteristics, work experience: last place of work, length of service in the company, position held, other work experience; other information given in the curriculum vitae/the recommendation letter and/or in the motivation letter.
This data is processed on the basis of our legitimate interest to select the right candidate.
If you do not give your explicit consent to the processing of your personal data after the end of the candidate selection, we undertake to delete and/or destroy your personal data within 5 (five) business days after signing a contract with the selected candidate.
How Is Your Personal Data Processed?
Your personal data will be processed in accordance with the General Data Protection Regulation (henceforth – GDPR), the Law of the Republic of Lithuania on Legal Protection of Personal Data, the Law of the Republic of Lithuania on the Bar Association as well as with other legal requirements. We will process your personal data responsibly and securely. When identifying personal data processing measures and during such processing, Glimstedt will implement appropriate technical and organizational measures required by law to ensure that your personal data is protected from accidental or unlawful destruction, damage, modification, loss, disclosure, or any other kind of illegal handling. We will adopt proper measures considering the risks involved in such personal data processing.
Who Can We Disclose Your Personal Data to?
We may disclose your personal data to data processors who provide services/perform works for us (e.g. IT service providers, auditors, lawyers, advisors) and by whom your data will be processed on behalf of Glimstedt as a data controller.
Such data processors will be allowed to process your personal data based solely on our instructions and only to the extent necessary. We will take all requisite steps to ensure that all data processors engaged by us implement appropriate organizational and technical measures to ensure safety and confidentiality of your personal data.
Your data may be transferred to public bodies or institutions or other persons who are statutorily entrusted with certain responsibilities.
In addition, we may disclose your personal data in the following cases:
- if required to do so by law
- seeking to protect our rights or interests (including the case when your personal data is transferred to others for debt recovery purposes).
Any transfer by Glimstedt of your personal data to a third country or an international organisation may take place only if one of the following conditions is complied with: (i) such transfer is made to a country, in respect of which an adequacy decision has been made; (ii) such transfer is made subject to appropriate safeguards envisaged by law; (iii) derogations envisaged by law apply to such data transfer where it cannot be made pursuant to subparagraphs (i) and (ii) above.
A cookie is a small piece of data that a server sends to the user’s web browser to be stored on the browser.
What Are Your Rights?
- Right of access to your personal data
- Right to withdraw consent
- Right to request more information
- Additional rights
Below, please find information about your additional rights that may be exercised by you as follows:
- You have the right to request us to correct any inaccuracies in your personal data. In that case, we may ask you to confirm the information corrected.
- You have the right to request us to erase your personal data. This right may be implemented in the cases described in Article 17 of the GDPR.
- You have the right to request us to restrict/refrain from processing your personal data.
- You have the right to data portability if processing of such data is carried out by automated means and we have obtained such data from you based on your consent or for the purpose of concluding a contract. If you opt to exercise this right, we will transmit at your request a copy of the data submitted by you.
- You have the right to object to processing of your personal data pursuant to Article 21 of the GDPR.
How Can You Exercise Your Rights?
To enforce your rights, you may submit requests, complaints or claims to us in writing in any of the following ways:
- by sending an email to [email protected]
- by sending a letter to Jogailos g. 4, LT-01116 Vilnius, Lithuania
- by arriving to Glimstedt office at Jogailos g. 4, LT-01116 Vilnius, Lithuania
We will respond to your request, complaint or claim in writing in accordance with the applicable laws and will do our best to provide you with the necessary information within the shortest time possible but in no event later than within 30 (thirty) days after receiving your request.
If having received your request or complaint or claim we have doubts about your identity, we may ask you to produce an identity document.
If we fail to provide you with the necessary information and/or should you have complaints about how your personal data is being processed, you may approach the Lithuanian State Data Protection Inspectorate (www.vdai.lrv.lt) by filing a complaint.
You are responsible for ensuring that the information provided by you is accurate, correct, and complete. You should immediately notify us by email if changes are made to the data you have submitted. Therefore, we will not be held liable for any damage resulting from your failure to provide correct or complete personal data or to give us notice of changes made to such data.
Update date: 20 July 2021