1. General provisions
1.2. Personal data shall be processed in observance of the General Data Protection Regulation No 2016/679 (hereinafter – Regulation) of the European Union, the Law of the Republic of Lithuania on Legal Protection of Personal Data and other legal acts of the Republic of Lithuania.
1.3. Personal data shall be processed in observance of the data processing principles specified in the Regulation.
2. Purposes of processing and use of personal data
2.1. Identification of a person. The appropriate identification of the data subject is necessary in the context of ensuring the provision of services of specialists to customers when using the information system.
2.2. Determining the person’s qualification. Determining appropriately the data subject’s qualification is necessary in the context of ensuring the quality of services provided by specialists.
2.3. Settlement guarantees. The appropriate organisation of payments for services ensures financial obligations of both the specialists and their customers.
2.4. Information. Data collected in the system are used for the implementation of the portal’s objectives – for informing specialists about requests submitted by customers and for informing customers about offers provided by specialists.
2.5. Fulfilment of legal obligations. Personal data are alsoprocessed in order to implement legal obligations established in the Regulation and laws of the Republic of Lithuania.
3. Personal data being processed
Actus Legale shall collect and accumulate the following data:
- Date of birth and personal code (for accounting of settlements);
- E-mail address;
- Phone number;
- Residence address;
- Information about employment and professional experience;
- Information about education, acquired qualification, educational institutions;
- Information about workplace;
- Information about price of provided services;
- Details of settlement accounts with banks;
- Data about social networks used by the person.
In order to ensure the possibility of a more convenient and effective website browsing and to provide the information specified in this policy, the following cookies are used on the website:
- ‘lang’ – system language setting, valid for 2 (two) months;
- ‘ss-pid’ – permanent session identification, valid for 30 (thirty) days;
- ‘ss-id’ – temporary session identification, valid until closing the browser or for 1 (one) hour after the last request;
- ‘ss-opt’ – session indicator, which shows the user session duration, valid until closing the browser;
- ‘.AspNetCore.Antiforgery’ – protection against CSRF attacks, valid until closing the browser;
- ‘.AspNetCore.Cookies’ – system cookie, valid until closing the browser;
- ‘.AspNetCore.Mvc.CookieTempDataProvider’ – system cookie, valid until closing the browser;
- ‘_cfduid’ – together with cookies ‘CloudFlare’, ‘_biz_flagsA’,‘_biz_nA’, ‘_biz_pendingA’, ‘_biz_uid’ – valid for 1 (one) year, ‘_biz_sid’ – valid for 30 (thirty) minutes;
- ‘mp_XXXXX_mixpanel’ – Mixpanel’s system identifier, valid for 1 (one) year;
- ‘_ga’ – Google Analytics statistics processing cookie, valid for 2 (two) years;
- ‘_gid’ – Google Analytics statistics processing cookie, valid for 24 (twenty-four) hours;
- ‘_gat’ – Google Analytics statistics processing cookie, valid for 1 (one) minute.
5. Implementation of data subjects’ rights
5.1. A data subject shall have all rights established in the Regulation:
- the right to know (be informed) about processing of his personal data;
- the right to access his personal data being processed;
- the right to have his personal data rectified;
- the right to obtain the erasure of his personal data;
- the right to restrict the processing of his personal data;
- the right to object to the processing of his personal data;
- the right to personal data portability.
5.2. In order to implement his rights, the data subject shall submit a request.
5.3. The request shall be signed and shall include the data subject’s forename, surname, the information about the right the data subject wishes to implement and the extent of such right, as well as the information about the manner in which the data subject wishes to receive the response.
5.4. Where the data subject does not indicate the manner of receiving the response, the information to him shall be provided in the manner selected by Actus Legale.
5.5. Actus Legale shall have the right to request the data subject to clarify the submitted request where it has to process large amounts of information related with the data subject and has no possibility to provide all such information.
5.6. Actus Legale shall have the right to refuse providing the data subject with the requested information or carrying out the actions where:
- the data subject’s request is unfounded or of an excessive character;
- the information requested is already available to the data subject;
- provision of the information requested by the data subject proves to be impossible or would involve disproportionate effort, working time and financial costs;
- personal data must be stored according to requirements of legal acts;
- where this would result in the infringement of other persons’ rights and legitimate interests.
5.7. Actus Legale shall examine the data subject’s request within 30 (thirty) calendar days and shall inform about the actions carried out or refused to be carried out:
- the data subject;
- Data recipients related to the request, where they have been provided with the data subject’s personal data. The data recipients shall not be informed where this would involve disproportionate costs or would be inexpedient.
6. Personal data storage time limits
6.1. Personal data of data subjects shall be stored for:
- not more than 5 (five) years after the year in which the account was deleted;
- Where data storage is regulated by imperative provisions of legal acts – for the period fixed by legal acts of the Republic of Lithuania.
6.2. Upon expiry of the data storage time limit, the data shall be deleted. Where the data are deleted on this ground, the data subject shall not be additionally informed.
7. Procedure of handling requests and settlement of disputes
7.1. The data subject shall have the right to lodge a complaint against Actus Legale’s acts (omissions) whereby the rights or legitimate interests of the data subject are infringed.
7.2. The complaint shall be lodged with Actus Legale. The complaint may also be sent by e-mail.
7.3. Verbal or written referrals of persons which do not contain any complaints about acts (omissions) of Actus Legale, but by which the persons ask for explanations, provision of other information or requested documents shall not be treated as complaints.
7.4. Actus Legale must examine the received complaint and respond to the data subject within 30 (thirty) calendar days.
7.5. The data subject shall have the right to appeal against acts (omissions) of Actus Legale with the State Data Protection Inspectorate (address – A. Juozapavičiaus g. 6, 09310 Vilnius, Lithuania, e-mail: firstname.lastname@example.org) within 3 (three) months after the date on which the response is received from Actus Legale or within 3 (three) months after the last date of the time limit for submission of the response.
7.6. The data subject may appeal against acts (omissions) of the State Data Protection Inspectorate before the court.
8. Final provisions
8.3. Disputes arising in the process of use of the system of Actus Legale shall be settled in accordance with the procedure set forth by laws of the Republic of Lithuania.
8.4. Requisites of Actus Legale are published in the section ‘Contacts’.