Privacy Policy

LP „WitMind“

PRIVACY POLICY

1. GENERAL PROVISIONS

In this Policy, we describe how we collect, use, and otherwise process your personal data, what personal data we process, how we obtain it, for what purposes we use it, to whom we disclose it, and how we ensure effective implementation of your rights as data subjects.

This Policy is prepared in accordance with the following legal acts:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – GDPR);
Republic of Lithuania Law on Legal Protection of Personal Data (hereinafter – LLPD).

The terms and abbreviations used in the Policy:

Terms and Abbreviations	Meaning
We or Company	KŪB “WitMind”, legal entity code 306617659, registered address Paupio g. 50-136, Vilnius.
You	Company’s client, supplier, business partner, client’s, supplier’s, business partner’s employee/representative, website visitor, or any other natural person.
Website	Refers to www.witmind.eu.
Policy	Refers to this privacy policy.

2. PRINCIPLES OF PERSONAL DATA PROCESSING

When processing your personal data, we adhere to the following principles:

Principle of lawfulness, fairness, and transparency, meaning that personal data concerning you are processed lawfully, fairly, and transparently;
Purpose limitation principle, meaning that your personal data are collected for specified, explicit, and legitimate purposes and are not further processed in a manner that is incompatible with those purposes;
Data minimization principle, meaning that your personal data are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
Accuracy principle, meaning that your personal data are accurate and, where necessary, kept up to date. Appropriate measures shall be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Storage limitation principle, meaning that personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
Integrity and confidentiality principle, meaning that personal data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

3. WHAT INFORMATION ABOUT YOU DO WE COLLECT, FOR WHAT PURPOSES, AND ON WHAT LEGAL BASIS?

As the data controller, we collect and further process your personal data for the following purposes:

Purpose of data processing	Legal basis for data processing	Personal data processed
Ensuring communication and collaboration with potential and existing clients, suppliers, business partners	Seeking to take action upon the request of a client, supplier, or business partner before entering into a contract; Protection of the company’s legitimate interests (regarding personal data of clients, suppliers, business partners (legal entities), employees/representatives).	Personal data of potential clients, suppliers, business partners (legal entities) employees, and representatives (name, surname, position, address, telephone number, email address, correspondence, communication content, other provided data) and personal data of potential and existing clients, suppliers, business partners (natural persons) (name, surname, address, telephone number, email address, correspondence, communication content, other provided data).
Ensuring service provision and contract execution	Contract execution; Protection of the company’s legitimate interests (regarding personal data of clients, suppliers, business partners (legal entities) employees/representatives).	Personal data of employees or representatives of clients, suppliers, business partners (legal entities) who have signed contracts or are participating in their execution (name, surname, position, information about granted authorizations, telephone number, email address, contract terms, correspondence, communication content, other provided data) and personal data of clients, suppliers, business partners (natural persons) and their employees/representatives (name, surname, personal identification number, individual activity certificate, business license number, information about granted authorizations, address, telephone number, email address, contract terms, correspondence, communication content, other provided data). When providing services, email addresses of the client’s employees are also obtained, but they are used only for providing services to the client and are deleted after a reasonable period following the provision of the service.
Ensuring accounting management	Compliance with legal obligations applicable to the company (Republic of Lithuania Financial Accounting Law).	Personal data specified in accounting documents include: name, surname, position, telephone number, email address, data related to economic transactions, price, payment terms, and other relevant information.
Ensuring website functionality	Protection of the company’s legitimate interests (ensuring website operation, troubleshooting, etc.).	Technical data such as: information related to IP (Internet Protocol) address, browser and device type, information about previously visited websites, and other identifiers related to the device. When using the website on a mobile device, technical data may include information such as the type of mobile device used, unique mobile device ID, mobile device IP address, operating system, type of internet browser used, unique device identifier, and other diagnostic data.
Organizing and conducting events	Contract execution.	Participant and speaker personal data (name, surname, representing organization, contact details, other provided data).
Protecting the Company’s rights and interests.	Protection of the company’s legitimate interests (having the possibility to collect evidence and address competent authorities in defending its rights and interests).	Personal data of employees or representatives of clients, suppliers, business partners (legal entities) who have signed contracts or are participating in their execution (name, surname, position, information about granted authorizations, telephone number, email address, contract terms, correspondence, communication content, other provided data) and personal data of clients, suppliers, business partners (natural persons) and their employees/representatives (name, surname, personal identification number, individual activity certificate, business license number, information about granted authorizations, address, telephone number, email address, contract terms, correspondence, communication content, other provided data). Payment information (amount paid, services provided, payment terms, and other related information).
Seeking feedback on provided services.	Protection of the company’s legitimate interests (receiving feedback on provided services and improving service quality).	Email address, name, surname of the person (client representative) who filled out the questionnaire.
Sending newsletters or advertisements.	Consent	Email address, name, surname of clients, suppliers, business partners’ employees/representatives.

In the event that you provide us with personal data of other individuals related to you, you must inform these individuals about the processing of their personal data by the Company and undertake to familiarize them with this Policy.

4. HOW ARE YOUR PERSONAL DATA PROCESSED FOR DIRECT MARKETING PURPOSES?

We would like to inform you that upon your consent to the processing of personal data for direct marketing purposes, the Company may use your email address to provide you with offers, news about services provided, information about upcoming events, promotions, or other information, as well as to inquire about your opinion on the services provided.

The Company provides you with a clear, free, and easily implementable opportunity at any time to refuse your consent or revoke your given consent to receive our offers. In each email message sent, we will indicate that you have the right to refuse the processing of personal data or opt out of receiving such messages from us. You have the right to opt out of receiving messages from us by clicking on the respective link in each email message.

5. WHERE DO WE OBTAIN YOUR PERSONAL DATA FROM?

We usually obtain your personal data directly from you, when you provide them to us or when you visit and use the website www.witmind.eu.

We may obtain your personal data from other individuals (Company clients, suppliers, business partners, etc.) if these individuals have the right to provide such personal data to us.

6. TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?

In certain cases provided by law, we may provide your personal data to courts, bailiffs, pre-trial investigation institutions, state authorities. In case of a need to protect the violated rights or legitimate interests of the Company, we may provide your personal data to lawyers, legal advisers.

When providing services or cooperating with you, if necessary to achieve the specified objectives, the Company may share your personal data with other partners, suppliers, IT service providers, etc.

The Company may disclose personal data to data processors – service providers selected by the Company (companies providing information system maintenance, website hosting services, data storage services, etc.). Selected service providers process personal data on behalf of the Company and only according to the Company’s instructions.

7. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

If your personal data are transferred outside the European Economic Area (EEA), we will take necessary actions to ensure that your personal data are processed securely and in accordance with this Policy, and we will ensure that they are protected and transferred in compliance with legal requirements for personal data. This can be done in various ways, for example:

the country to which we send personal data has been approved by the European Commission as providing an adequate level of protection;
the recipient has signed or the terms of service agreement with the recipient include standard contractual clauses approved by the European Commission;
special authorization from the supervisory authority has been obtained. Personal data may be transferred to a third country by taking other measures that ensure appropriate protection, as provided by the GDPR, or based on derogations.

8. HOW LONG DO WE STORE YOUR PERSONAL DATA?

We will store your personal data for as long as necessary for the purposes for which they were collected and processed, but not longer than required by applicable laws and other regulations. After this period, personal data will be deleted/destroyed in a manner that prevents their reproduction.

If the laws of the Republic of Lithuania do not set any specific retention period for personal data, we will determine this period taking into account the legitimate purpose of data storage, legal basis, and principles of lawful processing of personal data.

Key terms of personal data processing:

until your consent is valid and for a reasonable period after the withdrawal of consent (to protect the legitimate interests of the Company);
in the case of contract conclusion and execution, the contract is stored for 10 years after the termination of the contract.

We also inform you that in some cases your personal data may be stored for a longer period of time:

if necessary to defend against claims, complaints, or lawsuits and to enforce our rights;
in case of reasonable suspicions of unlawful activity under investigation;
personal data are necessary for the proper resolution of a dispute or complaint;
other legal grounds specified in legislation.

9. SECURITY OF YOUR PERSONAL DATA

Your personal data will be processed in compliance with the GDPR, ADTA, and other legal requirements. When processing your personal data, we implement organizational and technical security measures that ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, as well as from any other unlawful processing.

10. YOUR RIGHTS

You have the right to familiarize yourself with data. If we process your personal data, you have the right to request to familiarize yourself with your personal data. If your requests are excessive, especially if they are sent repeatedly, we may refuse to fulfill the request or charge a reasonable fee, taking into account the administrative costs of providing the information. We will assess whether the request is excessive.
You have the right to withdraw consent. If you have provided us with clear consent for the processing of your data, you can withdraw it at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.
You have the right to request data correction. You have the right to request correction or updating of your personal data at any time, especially if your personal data is incomplete or incorrect.
You have the right to request data deletion. When we no longer have a legal basis for processing your personal data, you can request that we delete your personal data. If your personal data is no longer necessary for us and we are not obliged by law to keep it, we will delete it.
You have the right to request restriction of data processing. In certain cases, you have the right to request restriction of the processing of your personal data (for example, when your personal data is no longer necessary for us, but you need it to establish, exercise, or defend a legal claim).
You have the right to data portability. By exercising this right, we will transfer a copy of your provided data to you or to your chosen data controller upon your request.
You have the right to object to data processing. Under certain circumstances, you have the right to object to specific processing of your personal data (for example, for marketing purposes).
You have the right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint directly with the State Data Protection Inspectorate if you believe that your personal data is being processed in violation of your rights and legitimate interests as provided for in applicable laws. You can follow the complaint handling procedure established by the State Data Protection Inspectorate, which you can find at this link: https://vdai.lrv.lt/lt/veiklos-sritys-1/skundu-nagrinejimas.
If you wish to exercise any of these rights, please contact us via email at info@witmind.eu. For security reasons, we may not be able to process your request if we are not sure about your identity, so we may ask you to prove your identity.
We will execute or refuse your requests, stating the reasons for refusal, within 30 (thirty) calendar days from the date of the request, in accordance with our internal rules and the General Data Protection Regulation (GDPR). This period may be extended to 60 (sixty) calendar days, taking into account the complexity and number of requests. We will inform you of such an extension within 30 (thirty) calendar days from the date of receiving the request, along with the reasons for the delay.
We may refuse to satisfy your request if exceptions and restrictions on the data subject’s rights as provided for in the GDPR apply, or if your request is deemed clearly unfounded or disproportionate. If we refuse to satisfy your request, we will provide the reasons for such refusal in writing.

11. HOW CAN YOU CONTACT US?

If you have any questions, comments, or requests regarding the information provided in this Policy, please contact us by sending an email to: info@witmind.eu or by mail to Paupio g. 50, Vilnius, LT-11341.

12. FINAL PROVISIONS

We constantly work to improve and enhance our services, so from time to time, we may change this Policy. You can always find the latest and most relevant version of the Policy on our Website.