+370 5 239 3157 
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
General privacy notice
1. What is contained in this Privacy Notice and for whom it is intended?
In carrying out its activities, BALTPOOL UAB (hereinafter referred to as the “Company” or “we”) processes (collects, stores, etc.) your personal data. In processing the afore-mentioned information, the Company is guided by the General Data Protection Regulation of the European Union (hereinafter referred to as the “GDPR”) and other legislation governing the protection of personal data.
In this Privacy Notice for you, we provide basic information concerning the processing of your personal data by the Company, i.e. where we obtain your personal data and to whom we may provide it, for what purposes and on what grounds we process it, what rights you have, how you can exercise them and other relevant information.
2. Who is responsible for the protection of your personal data?
The Company is responsible for the protection of your personal data and is the controller of the afore-mentioned data, which determines the purposes and means of processing information concerning you. The contact details of the Company as data controller are set out in paragraph 11 of this Privacy Notice.
3. Why and what personal data do we collect?
| No. | Why do we collect information concerning you? | What information concerning you do we collect? | Why do we have the right to collect the information you provide? | How long do we use or store information concerning you? |
| 1. | Carrying out of security clearance on candidates applying for management positions | Name, surname, position applied for, date of giving and/or withdrawing consent for security clearance, signature, personal data referred to in Article 16 of the Republic of Lithuania Law on the Prevention of Corruption of and/or Article 17 of the Republic of Lithuania Law on the Protection of Objects of Importance to Ensuring National Security (the scope of the data shall depend on the information provided by the relevant authorities to the Company).
For this purpose, special categories of personal data may also be processed if they have been provided to us by the authorities carrying out the screening of the candidate (the State Security Department of the Republic of Lithuania, the Special Investigation Service of the Republic of Lithuania, the Ministry of the Interior of the Republic of Lithuania). |
We have the right to process your personal data in accordance with the legislation (Article 6(1)(c) of the GDPR).
We have your consent (Article 6(1)(a) of the GDPR) |
a. Where the screening of a candidate provides information leading to a decision not to appoint a person to a post, the personal data will be retained for 3 months after the end of the screening.
b. Where the screening of a candidate provides information that leads to a decision to employ the person, the candidate’s personal data (obtained prior to the conclusion of the employment contract) will be kept for the duration of the employment contract and for 1 year from the termination of the employment relationship. |
| 2. | Conducting a good repute check on members of collegial bodies, the head, deputy head and heads of business units | Name, surname, position held by the person, date of submission and/or revocation of the consent to the good repute check, signature, personal data pursuant to Article 12(4) of the Republic of Lithuania Law on Energy Resource Market and Article 9(4) of the Republic of Lithuania Law on Markets in Financial Instruments. | We have the right to process your personal data in accordance with the legislation (Article 6(1)(c) of the GDPR).
We have your consent (Article 6(1)(a) of the GDPR) |
The personal data obtained in the course of the good repute check in respect of the person shall be stored for the duration of the employment and/or civil contract with the company and for 1 year from the end of the relationship.
|
| 3. | Organising and conducting public procurement | Name, surname, personal identification number or date of birth, address, telephone number, position, other personal data may be possible depending on the subject-matter of the contract and the qualification requirements (criminal record check, fulfilment of tax obligations relating to the subject-matter of the contract, qualification requirements specified in the contract documents), name, surname, personal identification number or date of birth, address, telephone number of the representative of the successful supplier a copy of the certificate of individual activity, a copy of the business licence. The successful supplier may be requested to provide the following: curriculum vitae, copies of diplomas, certificates obtained, number of contracts completed, criminal record, records of settlement of accounts with the State Tax Inspectorate, the State Social Insurance Fund Board etc. | We have the right to process your personal data in accordance with the legislation (Article 6(1)(c) of the GDPR) | a. During the term of the contract and for 5 years from the expiry of the contract.
b. Where no contract has been concluded, 10 years from the completion of the the procurement. |
| 4. | Entering into and performance of contracts with you, and fulfilment of related tax obligations | Name, surname, personal identification number or date of birth, telephone number, e-mail address, bank account number, signature, basis of representation (power of attorney, articles of association, etc.), number, term of the power of attorney, duties, settlement information, settlement period, other information relevant to the conclusion and performance of the contract, depending on the nature of the contract. | We enter into and perform a contract with you (Article 6(1)(b) of the GDPR) | During the term of the contract and for 5 years from the end of the contract. |
| 5. | Internal and external communications to publicise the Company’s activities | In the case of media representatives, name, position, telephone number and e-mail address.
In the case of trainers, other invitees, the name and position. |
We have a legitimate interest in processing your personal data (Article 6(1)(f) of the GDPR) | a. Media representatives (e.g. journalists in charge) – stored as long as they actually work for the media or the responsible department.
b. 5 years from the expiry of the contract. |
| 6. | Managing an internal whistleblowing channel (the Helpline) and conducting internal investigations on the basis of the received information | If the information is not provided anonymously, the data collected shall be the name, surname, telephone number, etc. The person’s name, telephone number, personal identification number, e-mail address, the circumstances of the notification, the date of the notification, the decision to inform about the actions taken and the decisions made. | We have a legitimate interest in processing your personal data (Article 6(1)(f) of the GDPR)
We have the right to process your personal data in accordance with the legislation (Article 6(1)(c) of the GDPR). |
a. If the received information reveals an infringement, for 5 years from the end of the investigation.
b. If the received information has not led to an infringement, 3 years from the end of the investigation. |
| 7. | Dealing with complaints, proposals or requests received from you | Name, surname, email address, telephone number, signature, date of referral, referral number (registration number) and the information contained therein, the outcome of the examination, and, if the person making the request, complaint or proposal has been contacted by e-mail, the personal data recorded in the communication. | We have a legitimate interest in processing your personal data (Article 6(1)(f) of the GDPR) | 3 years from the date of receipt of the request, complaint or proposal. |
| 8. | Seeking to ensure the efficient and secure operation of our website (use of technical cookies to support the user session) | Unique identifier | We have a legitimate interest in processing your personal data (Article 6(1)(f) of the GDPR) | Until the website window is closed (information is automatically deleted when the browser is switched off) |
| Cookie name | Purpose | Validity |
| PHPSESSID | To support a user session | Valid until the browser is switched off |
| _ga | Used by Google Analytics application to obtain visitor traffic data, browsing time, browser | Valid for 2 years |
| _gid | Used by Google Analytics application to obtain visitor traffic, browsing time, browser | Valid until the browser is switched off |
| pll_language | Used to remember the language of the page so that the language is selected automatically on your next visit. | Valid for 1 year |
| __cfduid | Used to store settings for DataTables | Valid for 24 hours. |
| 1P_JAR | Used for the purposes of tracking users and tailoring advertising | Valid for 24 hours. |
When we receive personal data from you, please to provide only the information that is necessary to fulfil the purposes set out above. Please do not provide any other information, such as: political opinions, nationality, religion, etc.
4. Where do we receive your personal data from?
Most of the information you provide to us is provided by you, but we may also receive some of your personal data from the legal entities for which you work (e.g. companies within the EPSO-G UAB group) or which you represent (e.g. suppliers with whom we contract).
5. Who can we transfer your personal data to?
We may transfer your personal data to our partners, service providers, as well as to the entities listed below, only to the extent necessary to achieve the purposes set out in paragraph 3 above and as permitted by the applicable law:
- banks carrying out settlement operations;
- courts, supervisory, law enforcement and other public authorities;
- companies providing data centre, hosting, cloud, website administration and related services, companies that develop, support and develop software, companies that provide IT infrastructure services, companies that provide communication services.
Where we transfer personal data to other third parties as processors engaged by us, before engaging them we make sure that they have appropriate technical and organisational measures in place to ensure the secure processing of personal data and an adequate level of data protection in accordance with the applicable European Union legislation.
6. Will your personal data be transferred outside the European Economic Area?
Currently, the Company does not transfer your personal data to third countries (outside the EEA[1]). In the event that it becomes necessary to transfer your personal data outside the EEA for the purposes set out in this Privacy Notice, we will comply with the requirements of the GDPR and will inform you of such transfer of personal data.
7. How do we protect your personal data?
In order to ensure that information concerning you is protected against unauthorised access, disclosure, accidental loss, alteration or destruction, or other unauthorised processing, we have put in place and apply an appropriate level of technical and organisational data security measures to protect the security of your personal data.
8. What rights do you have?
The GDPR and other laws grant you rights, set out the cases in which you can exercise them, the procedure you must follow, and the exceptions in which cases you cannot exercise the granted rights. Where permitted by law, you have the following rights:
- the right to know (be informed) about the processing of your personal data;
- the right of access to your personal data processed;
- the right to rectification of your personal data;
- the right to erasure of your personal data (“right to be forgotten”) if this can be justified on one of the grounds set out in Article 17(1) of the GDPR;
- the right to restriction of processing of your personal data. You can request for restriction of processing of your personal data where one of the cases provided for in Article 18(1) of the GDPR applies;
- the right to object to the processing of your personal data;
- the right to withdraw your consent to the processing of your personal data where we process your personal data on the basis of consent.
If you believe that in processing of your personal data the Company violates data protection legislation, you have the right to lodge a complaint with the State Data Protection Inspectorate by mail to L. Sapiegos g. 17, LT-10312, Vilnius, Lithuania, or via the Internet (https://vdai.lrv.lt).
9. How can you exercise your rights?
To exercise your rights as set out in paragraph 8 of the Privacy Notice, you must:
- send a request to the Company or the Personal Data Protection Expert by e-mail to [email protected].
- deliver the application to the head office of the Company at Žalgirio g. 90-100, Vilnius, in person. The application must be accompanied by a personal identification document;
- send the application to the Company or the Personal Data Protection Expert by registered mail to Žalgirio g. 90-100, Vilnius.
10. How will we inform you of amendments to this Notice?
We may update or amend this Privacy Notice at any time. Such updated or amended Privacy Notice shall be effective as of the date of making it available on our website.
If we update the Privacy Notice, we will inform you of what we consider to be material changes by publishing them on the website. You can look at the “Date Updated” date at the bottom to see when the Privacy Notice was last updated.
11. Contact details of the controller and the Personal Data Protection Expert
If you have any questions, comments or complaints about how we collect, use and store information concerning you, or if you wish to exercise your rights as a data subject, you can contact the Company by e-mail [email protected], Žalgirio g. 90-100, Vilnius, tel. +370 5 239 3157.
Contact details of the Company’s Personal Data Protection Expert: [email protected]
This Privacy Statement has been reviewed on: 21/12/2023
[1]The EEA, or European Economic Area, is made up of the Member States of the European Union including Iceland, Norway and Liechtenstein.