S E C T I O N – I
P E R S O N A L D A T A
P R O C E S S I N G R U L E S
C O N C E P T S
Responsible person – a natural or legal person under a service or other contract, except for an employment contract, appointed by the Company to manage the personal data of Employees/customers;
Company – UAB “YURGA”, 300648523
Other concepts used in these Rules are understood as they are defined in the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data. The key concepts are:
Personal data – any information related to a natural person – a data subject whose identity is known or can be directly or indirectly determined using data such as a personal identification number, one or more physical, physiological, psychological, economic, cultural or social characteristics characteristic of a person character traits.
Data processing – any action performed with personal data: collection, recording, accumulation, storage, classification, grouping, connection, change (addition or correction), provision, publication, use, logical and (or) arithmetic operations, search, dissemination, destruction or other act or set of acts.
Third party – a legal or natural person, excluding the data subject, data controller, data processor and persons who are directly authorized by the data controller or data processor to process data.
S E C T I O N – II
P R I N C I P L E S O F P R O C E S S I N G
P E R S O N A L D A T A O F
E M P L O Y E E S A N D C U S T O M E R S
The company is guided by the following principles when processing personal data of Employees/customers:
- The personal data of employees/customers is processed only to achieve the legal purposes defined in these Rules;
- Personal data of employees/customers is processed accurately, fairly and legally, in compliance with the requirements of legal acts.
- The company processes the personal data of employees/customers in such a way that the personal data is always accurate and is constantly updated in the event of a change;
- The company processes personal data of employees/customers only to the extent necessary to achieve the goals of personal data processing of employees/customers;
- Personal data of employees/customers is stored in such a form that the identity of data subjects can be determined no longer than is necessary for the purposes for which these data were collected and processed;
- Personal data is processed accurately, fairly and legally.
S E C T I O N – III
H O W Y U R G A M A N A G E S
E M P L O Y E E S’ A N D C U S T O M E R S’
P E R S O N A L D A T A
Detailed information on the processing of personal data of customers is provided to customers in a separate consent.
Basic personal data processed:
Clients: first name, last name, phone number, e-mail mail and other.
Employees: social security data, residential address, health information.
Information is collected to conclude an employment contract and to perform work functions
Personal data of employees is processed for the following purposes:
- Conclusion, execution and accounting of employment contracts;
- For the proper performance of the company’s duties as an employer, established in legal acts
- To maintain proper communication with employees outside of working hours.
- To ensure proper working conditions
- Employees’ names and surnames, residential addresses, dates of birth/identity codes, bank account numbers to which wages are deposited are processed for the purposes of concluding, executing and accounting for employment contracts, social security number or identity card number may also be requested
- For the purpose of proper performance of the company’s duties as an employer, established in legal acts (calculation of wages, granting of leave, etc.), information about the marital status of employees is processed.
- For the purpose of proper communication with employees outside of working hours, employees’ residential addresses and personal phone numbers are processed.
- In order to ensure suitable working conditions, the employer, with the employee’s consent, processes information related to the employee’s health status, which directly affects the employee’s work functions and the ability to perform them in accordance with the procedure established by legislation.
Personal data of employees is stored only to the extent and for the time required to achieve the set goals.
S E C T I O N – IV
E M P L O Y E E S A N D C L I E N T S
P E R S O N A L D A T A
C O L L E C T I O N & P R O C E S S I N G
Details of the processing and collection of customers’ personal data are provided to customers in a separate consent.
The identification information of the newly hired employee, such as name, surname, social security number/date of birth, is collected from the personal identification document provided by the employee.
The personal data of employees have the right to be processed only by those persons for whom it is necessary for the performance of functions, and only when it is necessary to achieve the respective goals.
Employees (their positions) and Responsible persons (by separate agreement) who have the right to process personal data of employees are defined in this Procedure.
Employees who have the authority approved by the company manager have the right to process the personal data of employees.
Employee data is stored: stored on the company server, binders, company archive. Data is stored for 50 years after the end of the employment contract. All data is protected from unauthorized access.
Employees or other responsible persons who are authorized to process personal data of employees adhere to the principle of confidentiality and keep secret any information related to personal data that they have become familiar with in the course of their duties, unless such information is made public in accordance with the provisions of applicable laws or other legal acts . The obligation to keep personal data confidential also applies after moving to another position, ending the employment or contractual relationship.
Personal data of employees contained in the texts of relevant documents (contracts, orders, requests, etc.) are stored in accordance with the terms specified in the General Document Storage Terms Index, approved by order of the Chief Archivist of Lithuania. Other personal data of employees and former employees are stored for no longer than is necessary to achieve the purposes provided for in this procedure. The terms of personal data storage of individual employees are determined by the Company Manager.
S E C T I O N – V
D A T A S U B J E C T S
The company appoints a responsible person who ensures that the rights of employees and customers as data subjects are ensured, properly implemented and that all information is provided correctly, on time and in a form acceptable to employees.
Rights of employees and customers as data subjects and means of their implementation:
- Know about the collection of your personal data. When collecting personal data of an employee or client, the company must inform these persons what personal data the Employee/client must provide, for what purpose the relevant data is collected, to whom and for what purpose it may be provided and what the consequences of not providing personal data are. Simplified information is provided in Employee/client consents. The employee and the client have the right to get acquainted with their personal data, to demand correction, clarification or addition of incorrect or incomplete personal data. The employee/client may also object to the processing of certain optional personal data.
- Familiarize yourself with your personal data and how it is handled. The employee/client has the right to apply to the Company with a request to provide information about what and for what purpose his personal data is being processed. This information is provided free of charge to the employee/client once a year. If the Employee/client applies for the provision of such information more than once a year, the fee for providing this information cannot exceed the costs of providing such information.
- Demand correction, destruction of your personal data or suspension of processing of your personal domains.
- Do not consent to the processing of personal data. The employee/client has the right to object to the processing of certain optional personal data. Such disagreement can be expressed by not filling out certain sections of the questionnaire or other documents to be filled out, as well as by later submitting a request to stop the processing of optional personal data. The company provides written information on which personal data is processed on an optional basis. The company, upon receiving a request to stop the processing of non-mandatory personal data, immediately stops such processing, unless it contradicts the requirements of legal acts and informs the employee/client about it.
C O O K I E S & C O L L E C T E D
I N F O R M A T I O N
What are Cookies?
Cookies are text files containing small amounts of information that are downloaded to your computer or mobile device when you visit a website or mobile app. They are used to recognize your computer when you move from one website page to another or return to a website or mobile application that you have previously visited. Cookies are widely used to make platforms work or work more efficiently, as well as to provide information to platform owners.
There are two broad categories of cookies:
First-party cookies that YURGA provides directly to your computer or mobile device. They are only used by YURGA to recognize your computer or mobile device when it visits our platform again.
Third-party cookies provided by a third-party service provider on our Platform, which may be used by the service provider to recognize your computer or mobile device when you visit other platforms. Third-party cookies are mostly used for platform analysis or advertising purposes.
Cookies may remain on your computer or mobile device for different periods of time. YURGA uses both “session cookies” and “persistent cookies”. Session cookies exist only when the browser is open and are automatically deleted when you close the browser. Persistent cookies remain after you close your browser and can be used to recognize your computer or mobile device when you reopen your browser and browse the web again.
What cookies does YURGA use?
The Platform provides only the following types of cookies to your computer or mobile device:
Cookie utilization type
Cookies Necessary for Essential Purposes These cookies are necessary to provide you with the services available through this Platform and to use some of its features, such as access to secure areas. Without these cookies, the services you have requested, such as transaction pages and secure login accounts, would not be possible.
These cookies serve various purposes related to the presentation, operation and functionality of this Platform. However, their overall goal is to improve the experience and enjoyment of visitors on this platform.
For example, some of these cookies allow visitors to specify language, product or other platform preferences.
These cookies are used to collect information about how visitors use our Platform.
The information collected does not identify any individual visitor and is aggregated. This includes the number of visitors to our platform, the platforms that referred them to our platform and the pages they visited on our platform.
We use this information to help us manage the Platform more efficiently, to gather broad demographic information and to monitor the level of activity on the Platform.
When you visit our Platform or click on advertisements or advertising areas on the Platform, these cookies are used to provide you with advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an ad and to help measure the effectiveness of advertising and promotions.
They are usually hosted by advertising networks with our permission. They remember that you have visited the platform and this information is shared with other organizations such as advertisers.
Social Cookies These cookies allow users to share pages and content through third-party social media and other platforms. The companies serving these cookies may also use your information to provide targeted advertising on other platforms.
We will collect information about your computer or mobile device, including, where possible, your IP address, operating system, login time and browser type. We use this information to better understand how visitors use our Platform and for internal reporting purposes. We anonymize and will share this information with advertisers, sponsors or other companies.
The Platforms use third parties, such as network advertisers and ad exchanges, to serve you ads on the Third Party Platforms when you leave our Platforms, and we use third party analytics and other service providers to measure and report to us and/or the third party.
S E C T I O N – VII
P E R S O N A L D A T A
S E C U R I T Y A S S U R A N C E
Access rights to personal data and authorizations to process personal data are granted, deleted and changed by order of the Head of the Company.
When protecting personal data, the company implements and ensures appropriate organizational and technical measures to protect personal data from accidental or illegal destruction, alteration, disclosure, as well as from any other illegal processing.
The company ensures proper storage of documents and data files, takes measures to prevent accidental or illegal destruction, alteration, disclosure of personal data, as well as any other illegal processing. Copies of documents containing personal data of employees must be destroyed in such a way that these documents cannot be reproduced and their contents cannot be identified.
In the company, only those persons who have been authorized to access such data have the right to access personal data, and only when it is necessary to achieve the goals set forth in these Rules.
The company ensures the security of the premises where personal data is stored, proper placement and review of technical equipment, compliance with fire safety rules, proper network management, maintenance of information systems and the implementation of other technical measures necessary to ensure the protection of personal data.
The company takes measures to prevent accidental or illegal destruction, alteration, disclosure of personal Data, as well as any other illegal processing, by properly and securely storing the documents and data files entrusted to it.
If the data processing employee or other responsible person doubts the reliability of the installed security measures, he must contact his immediate supervisor to evaluate the available security measures and, if necessary, initiate the purchase and installation of additional measures.
Employees or other responsible persons who automatically process personal data or from whose computers access to areas of the local network where personal data are stored use the passwords assigned to them. Passwords are changed when certain circumstances arise (for example: when the employee changes, when there is a threat of hacking, when there is a suspicion that the password has become known to third parties, etc.).
An employee working on a specific computer and accessing personal data can only know his password. Passwords are stored in a safe or other safe place and used only in case of necessity.
Upon detection of personal data security violations, the Company takes immediate measures to prevent illegal processing of personal data.
Non-compliance with these Rules, taking into account the severity of the violation, when the employee did not comply with them, may be considered a violation of work duties, for which employees may be subject to liability, provided for in the Labor Code of the Republic of Lithuania.
S E C T I O N – VIII
F I N A L R E M A R K S
These Rules are reviewed and updated in the event of changes in the legal acts that regulate the processing of personal data.
Employees and other responsible persons are familiarized with these Rules by signature or by electronic means and must comply with the obligations set forth therein and follow the principles set forth in these Rules when performing their work functions. At the customer’s request, they are given the opportunity to familiarize themselves with these Rules.
The company has the right to partially or completely change these Rules. Employees and other responsible persons are informed of the changes by signature or by electronic means.