The Company "YIT Lietuva" UAB (business ID: 133556411) and other companies in YIT Group
Contact information of the head office:
Karaliaus Mindaugo Ave. 35
LT 52600, Kaunas
Tel. +370 374 523 48
"YIT Lietuva" is responsible for processing of personal data at group level for the purposes and on the legal basis defined in this policy, e.g. group level marketing and sales; sourcing, financial and other administration and business management; customer and supplier relationship management; and analysis and development of products, services, customer and supplier relationships and businesses.
Each company in YIT Group is responsible for processing of personal data for its own purposes on the legal basis defined in this policy, e.g. for the performance of a contract or the management of the customer or supplier relationship. For such purposes, it can process personal data which has been collected for the same purposes by other companies in the group.
2 CONTACT POINTS IN PRIVACY QUESTIONS
For personal data processing, please contact:
"YIT Lietuva" UAB
+370 374 523 48
3 LEGAL BASIS FOR AND PURPOSE OF THE PROCESSING OF PERSONAL DATA
The legal basis for processing personal data are:
Personal data are processed for following purposes:
4 DATA SUBJECTS AND CATEGORIES OF PERSONAL DATA
The Controller processes personal data of the contact persons of its prospective, current, and former business customers, suppliers and business partners. Following categories of personal data are processed for the purposes described above:
Only basic data and marketing data as defined above are processed for the purposes of direct marketing to the contact persons of prospective or former customers.
5 REGULAR SOURCES OF INFORMATION
Personal data are collected directly from the data subject when the data subject is registering or using a web site or other service; sending request for contact or information or filling in a form; purchasing or ordering, contracting, participating events, otherwise interacting with the Controller personally, by phone or digitally.
6 DISCLOSURE AND TRANSFER OF DATA
Controller may disclose personal data to other companies, whose products or services the Controller markets and sells to the customers for example to landlords of business premises and providers of services related to the premises.
Data will not be disclosed to other external parties except when it is necessary to comply with the legal or contractual obligations of the Controller.
Personal data will not be regularly transferred outside the European Union or the European Economic Area. However, if any transfer outside the EU or EEA is necessary, the Controller will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, or by using standard contractual clauses approved by the European Commission.
7 DATA PROTECTION AND RETENTION
Access to personal data will be permitted only to persons who need to process data as a part of their employment or other duties. Digital data is protected by firewalls, passwords and other technical means. All data is kept in locked premises secured with physical access control.
Personal data will be retained as long as it is necessary for the purposes. After the relationship between the Controller and the Company has ended or after the Controller gets informed that the data subject no longer is a contact person of the Company, the personal data will be deleted with following exceptions:
8 ACCESS, RECTIFICATION AND OTHER RIGHTS OF THE DATA SUBJECT
Data subjects have the right to know what kind of personal data has been collected and processed by the Controller. Upon the data subject´s request, we will rectify, remove or supplement any incorrect, unnecessary, incomplete or outdated personal data.
Data subjects are entitled to prohibit the use of the data for direct advertising, telemarketing and other forms of direct marketing, as well as to prohibit the use of the data for use in questionnaires and market research.
Data subjects may also withdraw consents they have given, object to or restrict processing of their data in cases defined by law, and the right to complain to the supervisory authority.
The requests can be submitted to contact persons defined in section 2 above. The Controller may need to ask additional information to confirm the identity of the data subject.