Privacy policy

Main page

The controller of the personal data referred to in this Privacy Policy : is UAB “Okredo”, legal entity code 304106783, address V. Gerulaičio g. 10, Vilnius (hereinafter referred to as the "Company", the "Data Controller", or "We").

Who is this privacy policy for?

We care about your privacy and the protection of your personal data; therefore, we process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the "Regulation"), the Law on the Legal Protection of Personal Data and other legal acts regulating the protection of personal data. Therefore, to ensure fair and transparent information about the processing of your personal data, we publish this privacy policy ("Policy").

In this Policy, we describe which of your personal data we collect and for what purposes we process it when you use our services; and/or open data platform www.okredo.com (hereinafter referred to as the "Okredo Platform"), visit our social networking accounts (Facebook, LinkedIn), or otherwise communicate with us. This Policy also contains important information about the protection of your personal data, the rights you have and how to exercise them. Therefore, please take the time to review this Policy and if you have any questions, please do not hesitate to contact us using the contact details provided. Please note that we reserve the right to change this Policy in the future. You will not receive additional notice of any changes and we encourage you to review this Policy periodically.

Basic concepts and processing principles.

Personal data means any information relating directly or indirectly to you where your identity is known or can be established, directly or indirectly, by reference to relevant data (such as name, surname, telephone number, email address, etc.).

Processing of personal data means any operation performed on personal data (including collection, recording, storage, editing, modification, access, retrieval, transmission, archiving, etc.).

The Company complies with the following principles when processing your personal data:

Your personal data shall be processed only to the extent necessary to achieve the relevant clearly defined and legitimate purposes, considering the protection of your privacy.
Your personal data shall be processed accurately, fairly, and lawfully and shall be processed only for purposes that are consistent with the purposes specified before your personal data were collected.
Your personal data is processed in strict compliance with the clear and transparent requirements for the processing of personal data set out in the legislation.
Your personal data shall be processed only in a form which permits identification of your identity for no longer than is necessary for the purposes for which the personal data are processed.
The processing of your personal data is subject to appropriate technical and organizational measures to ensure the security of the personal data, including protection against unauthorized processing and against accidental loss, destruction, and damage.

How do we protect your personal data?

In processing your personal data, we apply appropriate organizational and technical data security measures to protect your personal data against accidental or unlawful disclosure, destruction, alteration, or other unauthorized acts. These measures are chosen considering the risks to your rights and freedoms as a data subject.

In this case, we ensure strict access control to the personal data we process, so we only grant access to the personal data to those employees who need your personal data to carry out their job functions and we monitor how the access granted is used. Access to personal data is secured using passwords at the appropriate level and by confidentiality agreements with the persons who have access to your personal data.

Please note that all Company employees who have access to your personal data are aware of the requirements for the protection of personal data and are obliged to ensure the confidentiality of the personal data processed.

External links on the Okredo platform.

The Okredo Platform may contain links to external websites, such as the websites of our business partners or websites that contain information that is relevant or interesting to you. If you follow such links to any of these websites, please note that the information and/or services provided on these websites are not affiliated with Us. Therefore, we do not accept any responsibility or liability for the services provided and/or personal data processed on these websites. Please note that if you move from the Okredo Platform to external websites operated by third parties, you should review the privacy policies of these websites and familiarize yourself with the processing of personal data on them.

For what purposes and what personal data do we process?

1. Administration of public information about Legal Entities, for the purpose of informing the public:

Publication of general (public) information about legal entities on the Okredo platform (including the personal data of the head of the legal entity).

2. For administering enquiries (i.e., handling your requests, complaints, claims):

3. For direct marketing purposes:

• Ordering a newsletter.

• Marketing of similar goods and/or services.

4. For providing services on the Okredo platform (i.e., placing and fulfilling orders):

• Ordering company reports.

• Monitoring of company developments.

• Certification of companies with the Okredo EUROPEAN BUSINESS MASTERS certificate.

• Publication of debtors (corporate debt information) on the Okredo platform.

5. Representation of the company (i.e., administration of social network accounts and/or other communication in public space).

6. For recruitment purposes (i.e., recruitment and hiring of employees).

More information on the processing of personal data for the purposes mentioned above:

1. Information to the public

• Legitimacy condition(s) for processing: personal data are processed in accordance with the legitimacy condition for processing set out in Article 6(1)(f) of the Regulation (i.e., the Company's legitimate interest in publishing information of a public nature and the public's legitimate interest in knowing). Please note that public information about legal entities is published on the Okredo platform in accordance with the requirements of the Law on Public Information of the Republic of Lithuania.

• Type of personal data processed: The Company publishes the following personal data of representatives of legal entities: name, surname, position.

• Storage period: The company processes (publishes) only relevant information and relevant personal data, therefore the information is stored only for as long as it is relevant and corresponds to the information published in the public registers. Historical information is only stored if it is required by law or for the performance of our activities.

• Source of personal data: We collect and update data about the company (including personal data of the company's manager) from official and approved sources, such as the Register of Legal Entities and (or) register data distributers such as UAB "Debesų Kompiuterija", National Court Administration, the State Social Insurance Fund Board under the SADM (Sodra), the Department of Statistics, and other sources.

2. Administration of enquiries

• Condition(s) of lawfulness of processing: Personal data shall be processed in accordance with the conditions of lawfulness of processing set out in Article 6(1)(a), (c), (f) of the Regulation:

• Where the data subject makes enquiries about matters of interest to him/her using the contacts provided on the Okredo platform, point (a) shall apply, i.e., the data subject making the enquiry consents to the processing of his/her personal data for the purpose of answering the enquiry he/she has made (for the purpose of administering the enquiry).

• Where the enquiry relates to complaints, claims made by data subjects in relation to a possible violation of your rights and/or interests protected by law, then point (c) or (f) applies, i.e., processing is necessary for compliance with an applicable legal obligation; or for the purposes of the legitimate interests of the Company and/or third parties (to assert, enforce, or defend a legal claim).

• Type of personal data processed: the Company processes personal data of the data subjects (who have made the enquiry): name, surname, e-mail address, telephone number (where indicated), as well as the subject of the enquiry and the content of the enquiry (message), complaint or another request.

• Retention period: The above personal data shall be processed for the duration of the examination and/or execution of the enquiry and shall not be retained for more than 30 days from the date of examination and/or execution of the enquiry. We note that information (including personal data) relating to complaints may be retained for up to 10 years, provided that the complaint or request, remark, claim, feedback or other enquiry has not been dealt with or is still being dealt with within that period, and provided that the personal data is necessary to protect our legitimate interests or those of third parties, e.g. in the event of a statutory limitation period or a legal dispute, or where the complaint has been settled by means of a settlement agreement;

• Source of personal data: We receive this data directly from data subjects when they make an enquiry to us.

3. Direct marketing

• Condition(s) of lawfulness of processing: personal data shall be processed in accordance with the conditions of lawfulness of processing set out in Article 6(1)(a), (f) of the Regulation:

• When a data subject subscribes to our Newsletter using the options (functionality) provided on the Okredo platform, then point (a) applies, i.e., the data subject who subscribes to the Newsletter consents to the processing of his/her personal data for the purpose of direct marketing.

• Where the data subject uses the Okredo platform and/or otherwise uses (orders) services provided by the Company, then point (f) applies, i.e., the Company has a legitimate interest in using the email contact details received from its customers for the purpose of marketing its own similar goods or services (Article 69(2) of the Law of the Republic of Lithuania on electronic communications).

• Type of personal data processed:

• When subscribing to the newsletter: email address

• When marketing its own similar products (in accordance with Article 69(2) of the ERO): name, surname, e-mail address and/or telephone number.

• Retention period: the above personal data shall be processed for a period of 1 year from the date of obtaining consent and/or ordering the services, but no longer than the validity of the consent (i.e., until the date of revocation and/or objection).

• Source of receipt of personal data.

4. Purpose of processing personal data:

• The personal data is processed in accordance with the conditions for the lawfulness of the processing set out in Article 6(1)(a), (b), (f) of the Regulation:

• Where a data subject registers on the Okredo Platform (i.e., creates an account) but does not place any orders or enter any contracts for the provision of services in this account, then point (a) applies, i.e., the data subject has consented to the processing of his/her data for the purpose of the administration of his/her account by registering on the Okredo Platform.

• Where a contract is concluded directly with the data subject, then point (b) applies, i.e., the processing is necessary for the performance of a contract to which the data subject is a party, or for the purpose of acting at the data subject's request prior to the conclusion of the contract.

• Where the contract is concluded with a legal person, then point (f) shall apply, i.e., the processing is necessary for the purposes of the legitimate interests of the Company (conclusion and/or performance of a contract);

• Where the provision of paid and/or free services relates to the provision/disclosure of information about a legal person (including personal data), then point (f) applies, i.e., the processing of the data is necessary for the Company's legitimate interest in providing/disclosing information of a public nature and/or the public's legitimate interest in knowing).

• Type of personal data processed. The Company processes the following personal data:

• Data relating to natural persons of clients/customers: name, surname, e-mail address, telephone number (optional data).

• Data of representatives of legal persons of customers/clients: name, surname, e-mail address, telephone number (optional), position and information of the company represented.

• Retention period: The above personal data shall be processed for the duration of the contract (order) and for 10 years after the expiry of the contract. When the data subject (i.e., a registered user of the Okredo platform) does not place any orders and does not enter any service contracts, then this account is considered active, and the personal data contained therein are stored for 1 year from the last login to the account.

• Source of personal data: We receive this data directly from data subjects when they register their account on the Okredo platform (i.e., the data is collected on the registration form).

5. Representation of the company

• Processing legality condition(s): Personal data are processed in accordance with the processing legality conditions set out in Article 6(1)(a), (f) of the Regulation:

• Where a data subject communicates with Us using social networks and/or visits accounts administered by Us, then point (a) shall apply, i.e., the data subject providing the communication gives consent to the processing of the personal data he/she provides.

• The accounts managed by the Company on the social networks (including personal data) shall be processed in accordance with point (f), i.e., the processing is necessary for the purposes of the legitimate interests of the Company (i.e., for the purpose of the Company's proper representation, communication, and advertising in the public domain).

• Type of personal data processed: The Company processes personal data of social network users on the accounts it manages: name; information about the communication on the account ("like", "follow", "comment", "share", etc.); photos (profile and/or with the Company's name on them); the message sent; the information about the message (time of receipt of the message, the content of the message); the information about the message (the time of the message, the content of the message, the content of the message, the content of the message, the content of the message, the content of the message, the content of the message, the content of the message, the content of the message, the content of the message, the content of the message, the content of the message, the content of the message, etc.).

6. Employment purpose

• Legitimacy condition(s) for data processing: applicants' personal data is processed in accordance with the legitimacy condition for processing set out in Article 6(1)(a) of the Regulation, i.e. by applying for a job in the Company and submitting his/her personal data to us for this purpose, the applicant is giving his/her consent to the processing of his/her application for employment with the Company, to the assessment of his/her suitability for employment with the Company, and to the communication and/or communication with him/her on the progress of the recruitment process.

• Type of personal data processed: the Company processes the data of individuals who wish to be employed by the Company and who have provided data about themselves (CV (curriculum vitae) and/or cover letter):

• Name, surname, date of birth, place of birth, address, e-mail address, telephone number, educational degree, program, year of study, institution, location, name of former employers, period of employment at former employers, positions held at former employers, responsibilities, functions from previous employers, foreign languages spoken and their level, information on ability to work with computer programs, information on seminars or other qualifications, training (name, date, institution), information on the type of job the candidate wishes to do, preferred place of work (city/position), preferred salary, hobbies, personal qualities, or other data and motives, and any other ("supplementary") information contained in the CV, the content of which is beyond the Company's influence;

• Also, the candidate's cover letter or references and the information contained therein on the candidate's performance/performance of job functions, competences, personal qualities, the contact details of the person recommending the candidate (e-mail address, telephone number) and/or the comments/assessment of the recruiter.

• Retention period: Personal data provided by applicants shall be retained for a maximum period of 1 month from the date of the end of the selection process for a specific job (where the applicant is applying for a specific job); and/or 1 year from the date of receipt of the data (where the applicant submits his/her data to the Company for the purpose of applying for future selections.

• Source of receipt of personal data: We receive this data directly from data subjects when they apply for employment with the Company and send their data. Please note that letters sent by applicants should not contain information of a private nature (i.e., personal life), so we recommend that you protect your own privacy and think carefully about what personal data you may provide before sending your CV to us.

Who can your personal data be provided to?

We guarantee that your personal data will not be sold, provided, or otherwise transferred to third parties without lawful basis or used for purposes other than those for which it was collected. We will not use your personal data in any way other than in accordance with this Privacy Policy. However, we reserve the right to provide information about you if we are required to do so by law or if we are requested to do so by lawful law enforcement authorities or prosecuting authorities.

If necessary, we may disclose the data collected about you to the following third parties (data processors), i.e., service providers (e.g., technical service providers in the performance of our contracts with these service providers, including the performance of services for sending newsletters); and/or service providers whose services we normally use for data storage, telecommunications, and hosting purposes on the Okredo platform.

Please note that the above service providers are limited in their ability to use your data for purposes other than providing services to us, i.e., the data will only be transferred to the extent necessary for the performance of a specific personal data processing contract.

What rights do you have and how can you exercise them?

Data subjects whose personal data we process have the right to:

• request access to and a copy of their personal data.

• request the rectification or restriction of inaccurate or incomplete personal data.

• request the erasure or restriction of personal data that are excessive or unlawfully processed.

• to object to the processing of his/her personal data.

• to request the transfer of his/her personal data provided in a structured, computer-readable format.

• the right to withdraw his or her consent at any time where the processing is based on the data subject's consent (pursuant to Article 6(1)(a)). Withdrawal of the data subject's consent shall not affect the lawfulness of the processing prior to the withdrawal of consent.

• lodge a complaint with the State Data Protection Inspectorate ([email protected]).

The Company does not use solely automated processing, including profiling, for the purpose of making decisions based on the processing of data that could lead to legal consequences for you or similarly affect you significantly.

The data subject may exercise his/her rights by submitting a written request to the Company in person (to an employee of the Company), by mail, through a representative or by electronic means: by e-mail: [email protected], or in writing: V. Gerulaičio st. 10, Vilnius.

When submitting a request, the data subject must confirm his or her identity in one of the following ways:

• by submitting the request to an employee of the Company, together with a valid personal identification document.

• by submitting the request by post or by courier, enclosing a copy of a valid identity document certified in accordance with the procedure established by law.

• by submitting the application electronically, authenticated by electronic means of communication which allow proper identification of the person (e.g., mobile signature, qualified electronic signature, etc.).

Upon the receipt of your request regarding the exercise of the rights of data subjects, we will provide you with a reply without delay, but at the latest within 1 month from the date of the request. This period may be extended by a further two months if necessary, depending on the complexity and number of requests. You will be informed of any such extension in the first month. The information you request will be provided free of charge. However, if we see that your requests are manifestly unfounded or disproportionate, in particular because of their repetitive content, we have the right to charge a reasonable fee (i.e., to request reimbursement of administrative costs) or to refuse to act on such a request from the data subject.

A response will be provided in the manner chosen in your request. If you do not specify in your request the method by which you wish to receive the response, the response will be sent to you in the same way as the request was made.

Any further questions?

For any questions you may have regarding the services provided by the Company and/or this Policy, please contact us by email at: [email protected], or by post at V. Gerulaičio st. 10, Vilnius.