PRIVACY POLICY
What Does This Privacy Policy Mean?
In this Privacy Policy (henceforth – Privacy Policy), we will provide you with information on how Glimstedt Bernotas & Partners Law Firm and its lawyers involved in a given task (henceforth – Glimstedt) process your personal data whenever you visit Glimstedt website at https://www.glimstedt.lt (henceforth – Website), or come to our office, or explore our social media accounts, or contact us by email/phone, including the personal data that Glimstedt receives when carrying out contracts with legal entities as its partners or clients if you are one of their employees or representatives.
About Glimstedt
Glimstedt is located at Jogailos g. 4, LT-01116 Vilnius, Lithuania. Its email address is [email protected].
What Is Personal Data?
Personal data is any information collected by Glimstedt about a natural person and used to identify that person. Such personal data includes, among other things, the person’s first name, last name, address, and IP address.
What Kind of Personal Data Do We Process?
Glimstedt processes your personal data for the following purposes:
- For providing and managing legal services
In order to provide and manage legal services, Glimstedt will process personal data of the person with whom a contract for legal services has been signed (henceforth – Client) (if the Client is a natural person) or personal data of any representatives, employees or other persons engaged by the Client (if the Client is a legal person), i.e., personal data contained in the contract for legal services or the data provided by the Client (e.g. information about the Client’s contracts, relationship with others or correspondence maintained), also the data to be collected by Glimstedt from other sources when providing such legal services (e.g. data extracted from various publicly available sources, such as registers and the like). This data is processed on the basis of a contract and/or in order to take actions at your request prior to signing such contract and/or to comply with legal obligations, and/or on the basis of a legitimate interest.
Special categories of personal data will be processed by Glimstedt for the provision and management of legal services only subject to your explicit consent and/or in order to impose, enforce, or protect your legal demands and/or if you have manifestly made this data available to the public.
Personal data used for the provision and management of legal services will be kept for a period of 10 (ten) years after the Client’s last assignment to Glimstedt, until the 15th day of January of the year that follows unless a longer period for keeping such data has been provided for by the laws and/or regulations.
- For preventing money laundering and terrorist financing
The following personal data will be collected by Glimstedt about its Clients, their representatives, employees, ultimate beneficiaries, or their family members for the prevention of money laundering and terrorist financing (whichever is the case): the person’s first name, last name, email address, phone number, personal identification number, nationality, residential address, identity document details (its name, number, date of validity, country of issue), information on whether the Client or his/her family members are politically exposed persons, their source of income and other data processed by Glimstedt in order to comply with legal obligations and/or on the basis of a legitimate interest.
This personal data will be kept for a period of 8 (eight) years after the Client’s last assignment to Glimstedt, until the 15th of January of the year that follows.
- For sending offers to Clients
Based on your consent, the following personal data will be processed by Glimstedt for giving news and other information about its services, offerings, events, etc. namely, your first name, last name, email address and phone number.
If at the time of making a contract for legal services you did not give your explicit consent to receiving direct marketing communications or tick the “I disagree” box at the bottom of the contract, Glimstedt may, relying on its legitimate interest to communicate with the Client (Article 81(2) of the Law on Electronic Communications), contact you to give news and other information about its services, offerings, events, etc. In that case, personal data (such as full name, job title, email address) of the Client/the Client’s representative will be processed by Glimstedt for direct marketing purposes by sending you communications via email. Each time you receive a direct marketing communication, you will have an option to opt out of such communications by notifying Glimstedt via email or as otherwise specified by us in this Privacy Policy.
Based on your consent, your personal data will be kept by Glimstedt for a period of 5 (five) years after the receipt of your consent, until the 15th day of January of the year that follows. If your personal data is processed by Glimstedt for direct marketing purposes based on a legitimate interest, such data will be kept for the duration of the contract for legal services.
- For making and performing contracts
Glimstedt will process personal data of employees of its suppliers, service providers or partners (as legal persons) or personal data of its suppliers, service providers or partners (as natural persons) in order to perform contracts between Glimstedt and such persons. In that case, the following personal data will be processed: your first name, last name, date of birth, phone number, email address, contents of correspondence, date and other details relating to the contract performance.
Where the personal data of our service providers/their employees is processed, such processing will be made on the basis of our legitimate interest to perform the contract.
If you make a contract with Glimstedt as a natural person, your personal data will be processed by us in order to perform the contract.
Such personal data processing will continue for as long as the contract runs. If your personal data appears in the contract, such data will be kept for 10 (ten) years after the end of the contract.
- For organising events
The following data will be processed by Glimstedt to organise events or webinars: the person’s first name, last name, phone number, place of work, job title, email address. This data is processed on the basis of a contract/a legitimate interest to perform the contract. We may also take photographs or videos during such events and process your image on the basis of your consent. This data will be stored for 5 (five) years after the event.
- For external communication
The following data will be processed in connection to Glimstedt business presentations, including leaflets, visual presentations, social media sites: your photo, first name, last name, place of work, job title. This data is processed on the basis of your consent and will be stored for 5 (five) years after the receipt of your consent, until the 15th day of January of the year that follows.
- Social media sites
Information communicated to Glimstedt on our social media sites (including notifications, use of “Like” and “Follow” buttons or other communication) will be controlled by us jointly with social media managers as joint controllers.
Currently, we maintain the following accounts:
- on Facebook – Glimstedt Lithuania; their privacy policy is available at https://www.facebook.com/privacy/explanation
- on YouTube – Glimstedt Lithuania; their privacy policy is available at https://policies.google.com/privacy
- on Linkedin – Glimstedt Lithuania; their privacy policy is available at https://www.linkedin.com/legal/privacy-policy
Please read the third-party privacy policy and contact the service providers directly if you have questions on how they use your personal data.
- Career
The following data will be processed by Glimstedt to handle the database of job candidates: the person’s first name, last name, date of birth, phone number, place of work, email address, place of residence (address), education, knowledge of foreign languages, preferred job, preferred salary, personal characteristics, work experience: last place of work, length of service in the company, position held, other work experience; other information given in the curriculum vitae/the recommendation letter and/or in the motivation letter.
This data is processed on the basis of our legitimate interest to select the right candidate.
If you do not give your explicit consent to the processing of your personal data after the end of the candidate selection, we undertake to delete and/or destroy your personal data within 5 (five) business days after signing a contract with the selected candidate.
- Enquiries
All other personal data that you may provide to us at any time during your interactions with us – whether by email or by completing a request form online or by phone or by visiting Glimstedt office will be processed on the basis of our legitimate interest to provide services and will be kept for a period of 2 (two) years after the receipt of your enquiry, until the 15th day of January of the year that follows, and once you have entered into a contract with Glimstedt, such data will be kept as described in the section entitled “For providing and managing legal services” of this Privacy Policy.
How Is Your Personal Data Processed?
Your personal data will be processed in accordance with the General Data Protection Regulation (henceforth – GDPR), the Law of the Republic of Lithuania on Legal Protection of Personal Data, the Law of the Republic of Lithuania on the Bar Association as well as with other legal requirements. We will process your personal data responsibly and securely. When identifying personal data processing measures and during such processing, Glimstedt will implement appropriate technical and organizational measures required by law to ensure that your personal data is protected from accidental or unlawful destruction, damage, modification, loss, disclosure, or any other kind of illegal handling. We will adopt proper measures considering the risks involved in such personal data processing.
Who Can We Disclose Your Personal Data to?
Personal data received by us when providing legal services may be transferred to the following persons for the purpose of providing such legal services, namely: (i) to courts, bailiffs, national/local authorities, institutions and/or organisations, or (ii) to our legal partners abroad or certain professionals (such as auditors, engineers, property appraisers, bankers, stockbrokers, translators) specified in the contract for legal services signed with the Client, or (iii) to those against whom we are representing the Client, or (iv) to our other lawyers and/or staff or companies/individuals providing services to Glimstedt, or (v) to other third parties, including IT service providers, translators, couriers, etc. if it is reasonably required for the purposes stated in this Privacy Policy.
We may disclose your personal data to data processors who provide services/perform works for us (e.g. IT service providers, auditors, lawyers, advisors) and by whom your data will be processed on behalf of Glimstedt as a data controller.
Such data processors will be allowed to process your personal data based solely on our instructions and only to the extent necessary. We will take all requisite steps to ensure that all data processors engaged by us implement appropriate organizational and technical measures to ensure safety and confidentiality of your personal data.
Your data may be transferred to public bodies or institutions or other persons who are statutorily entrusted with certain responsibilities.
In addition, we may disclose your personal data in the following cases:
- if required to do so by law
- seeking to protect our rights or interests (including the case when your personal data is transferred to others for debt recovery purposes).
Any transfer by Glimstedt of your personal data to a third country or an international organisation may take place only if one of the following conditions is complied with: (i) such transfer is made to a country, in respect of which an adequacy decision has been made; (ii) such transfer is made subject to appropriate safeguards envisaged by law; (iii) derogations envisaged by law apply to such data transfer where it cannot be made pursuant to subparagraphs (i) and (ii) above.
Cookies
A cookie is a small piece of data that a server sends to the user’s web browser to be stored on the browser.
What Are Your Rights?
Below, please find information about your rights associated with the processing of your personal data by Glimstedt and about how such rights may be exercised. If you want more information about your rights or want to exercise them, please contact us at the email address given in this Privacy Policy.
- Right of access to your personal data
In order for you to understand how we use your personal data and to suffer no inconvenience on that account, you may contact us at any time to ask whether any of your personal data is being processed by us. If your personal data is stored or used by us in whatever way, you have the right of access to such data. In order for you to exercise such right, please send us a written request at the email address given in this Privacy Policy. We may ask you to confirm your identity so that your request could be granted. Please observe the principles of reasonableness and good faith when submitting such request.
- Right to withdraw consent
If you have given us consent to your personal data processing, you may withdraw such consent at any time by sending us an email letter to the email address given in this Privacy Policy.
- Right to request more information
We hope you understand that it is very difficult to discuss all possible ways how personal data may be collected and used. Therefore, we endeavour to provide as clear and complete information as possible and undertake to update this Privacy Policy if changes are made to the way such personal data is used. Nevertheless, if you have any questions regarding your personal data use, we will be happy to answer them or to provide you with further information that we are allowed to disclose. Please contact us if you have any specific questions or have not understood the information presented in this Privacy Policy.
- Additional rights
Below, please find information about your additional rights that may be exercised by you as follows:
- You have the right to request us to correct any inaccuracies in your personal data. In that case, we may ask you to confirm the information corrected.
- You have the right to request us to erase your personal data. This right may be implemented in the cases described in Article 17 of the GDPR.
- You have the right to request us to restrict/refrain from processing your personal data.
- You have the right to data portability if processing of such data is carried out by automated means and we have obtained such data from you based on your consent or for the purpose of concluding a contract. If you opt to exercise this right, we will transmit at your request a copy of the data submitted by you.
- You have the right to object to processing of your personal data pursuant to Article 21 of the GDPR.
How Can You Exercise Your Rights?
To enforce your rights, you may submit requests, complaints or claims to us in writing in any of the following ways:
- by sending an email to [email protected]
- by sending a letter to Jogailos g. 4, LT-01116 Vilnius, Lithuania
- by arriving to Glimstedt office at Jogailos g. 4, LT-01116 Vilnius, Lithuania
We will respond to your request, complaint or claim in writing in accordance with the applicable laws and will do our best to provide you with the necessary information within the shortest time possible but in no event later than within 30 (thirty) days after receiving your request.
Whenever you contact us, we may process the following data you have submitted to us, namely, your first name, last name, email address, phone number, date, and the text of the communications as specified in this Privacy Policy. Please note that we may need to contact you by regular post or email or phone. Please let us know if your personal data changes.
If having received your request or complaint or claim we have doubts about your identity, we may ask you to produce an identity document.
If we fail to provide you with the necessary information and/or should you have complaints about how your personal data is being processed, you may approach the Lithuanian State Data Protection Inspectorate (www.vdai.lrv.lt) by filing a complaint.
Responsibility
You are responsible for ensuring that the information provided by you is accurate, correct, and complete. You should immediately notify us by email if changes are made to the data you have submitted. Therefore, we will not be held liable for any damage resulting from your failure to provide correct or complete personal data or to give us notice of changes made to such data.
Changes in Our Privacy Policy
Glimstedt may update or amend this Privacy Policy at any time. Such updated or amended Privacy Policy will take effect from the date of being published on the Website. You should check the Website occasionally to make sure that you find the current version of the Privacy Policy acceptable.
Each time our Privacy Policy is updated, we will inform you of all changes that we deem significant by posting them to the Website. The “Update date” given below shows when the Privacy Policy was last updated.
Update date: 1 December 2023