Privacy policy

General provisions

CONSTRO, UAB, Legal Entity Reg. No. 301538624, registered office address: Lentpjūvės Str. 7A, LT-90117 Plungė, tel.: +370 674 23 333, e-mail: info@constro.eu (hereinafter referred to as ‘the Company’) acknowledges that the protection of personal data is an important issue for our customers, suppliers, partners and other persons whose personal data we process (hereinafter referred to as ‘data subjects’), therefore, we approach issues relating to personal data protection with due responsibility and care, as well as we take all necessary measures to ensure the privacy of data subjects.

The present Privacy Notice provides information of how the Company processes the personal data of data subjects, including the information on the categories of the personal data processed, the collection methods, further processing, and storage term of the personal data, the persons to whom such data are provided, the rights of data subjects and the ways to exercise such rights, as well as other issues relating to personal data processing.

The Privacy Notice is drawn up on the basis of the following legal acts:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as ‘GDPR’ or ‘the Regulation’);
  • Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as ‘LLPPD’);
  • Law on Electronic Communications of the Republic of Lithuania.

How do we collect your data?

The method of collecting your data depends on the services we provide to you or on the nature of our cooperation.

The Company processes the following data:

  • Received directly from a data subject (you), e.g., when you send us inquiries or messages using the specified contacts, sign cooperation agreements with us, or send us your CV, when applying for vacancies;
  • Generated when you use our services, such as when you use our network and services, i.e., when you make a phone call, send a short message (SMS), browse the Internet, visit our websites, Facebook profile, etc.;
  • Received by us from other sources, e.g., on substantiated bases, from other institutions or companies, i.e., banks, publicly accessible registers, credit bureaus (e.g., Creditinfo, UAB), insurance companies, labour exchange, etc.

For what purposes and what personal data do we process? 

Purpose of data collection

Legal basis for data collection

Description of categories of personal data

Data retention term

Conclusion and execution of contracts with customers

Execution of contracts (GDPR, Article 6 (1) (b))

Name, surname, telephone number, place of residence, bank details, personal ID document number, individual activity certificate number, personal identification number, VAT payer ID No., e-mail address, the content of correspondence and the information contained therein.

10 years following the expiry of a contract

Execution of orders in Lithuania

Execution of contracts (GDPR, Article 6 (1) (b))

Name, surname, personal identification number (if a natural person), telephone number, e-mail address and business address of a customer or customer’s representative.

10 years

Order execution analytics

Execution of contracts (GDPR, Article 6 (1) (b))

Business name, Reg. No. (name, surname, and personal identification number, if a natural person) and address of a customer.

5 years

Debt administration

Legitimate interest (GDPR, Article 6 (1) (f))

Name, surname, telephone number, place of residence, bank details, personal ID document number, individual activity certificate number, personal identification number, VAT payer ID No., and e-mail address.

10 years

Accounting of customer invoices

Legitimate interest (GDPR, Article 6 (1) (f))

Name, surname, telephone number, place of residence, bank details, personal ID document number, individual activity certificate number, personal identification number, VAT payer ID No., and e-mail address.

10 years

Search for suppliers

Legitimate interest (GDPR, Article 6 (1) (f))

Name, surname, telephone number, address, position, e-mail address, and photo.

years

Conclusion and execution of contracts with raw material suppliers/service providers

Execution of the contract (GDPR, Article 6 (1) (b))

Name, surname, signature, telephone number, bank details, personal ID document number, individual activity certificate number, personal identification number, VAT payer ID No., e-mail address, and position.

10 years following the expiry of a contract

Accounting of supplier/provider invoices

Legitimate interest (GDPR, Article 6 (1) (f))

Name, surname, telephone number, place of residence, bank details, personal ID document number, individual activity certificate number, personal identification number, VAT payer ID No., and e-mail address.

10 years

Handling complaints and inquiries

Legitimate interest (GDPR, Article 6 (1) (f))

Contact details, content of the application.

5 years after submitting response to the relevant application

Conducting advertising activities and forming an advertising audience in social networks

Legitimate interest (GDPR, Article 6 (1) (f))

User name

Remains in the respective social network

Sending newsletters for direct marketing purposes

Consent, Legitimate interest (GDPR, Article 6 (1) (a, f))

E-mail address, newsletter readability statistics, number, time, and date of openings.

Until withdrawal of consent or for 3 years

Selection of candidates for vacancies

Consent, Legitimate interest (GDPR, Article 6 (1) (a, f))

Name, surname, date of birth, education, work experience, contact information, CV, date of CV submission, interests, and aptitude test results.

Until the end of the selection; if consent is given – for 2 years after the end of the selection

Filming of the Company’s area for property protection, food safety, workplace incident prevention and investigation purposes

Legitimate interest (GDPR, Article 6 (1) (f)) 

All information obtained by filming a person, without audio recording.

14 days, unless the data are used as evidence in an incident investigation or pre-trial investigation

Consequences of failure to provide data

You have the right to refuse to provide your personal data, however, the provision of your personal data is required and necessary to fulfil the purposes specified in this Privacy Notice, therefore, if you do not provide your personal data, the Company may not be able to fulfil the said purposes.

Who do we provide your data to?

The Company uses only those data processors to process data who ensure compliance with the GDPR and the same level of personal data security, as established by the Personal Data Protection Policy of the Company.

Below is a list of categories of data recipients used by the Company:

  • Companies within the CONSTRO Group;
  • Our professional advisors and auditors;
  • Banks, transport organizations or other legal entities and/or natural persons, if the transactions concluded between us and them require bank financing, cargo transportation and/or the provision of another type of service;
  • Notaries Public, if a contract concluded with you requires a notarial form;
  • Bailiffs, entities providing legal and/or debt collection services, entities taking over the claim right to debt; managers of joint debt data files;
  • Companies providing data centre, hosting, cloud, website administration and related services, companies creating, providing, supporting and developing software, companies providing information technology infrastructure services and communication services;
  • Companies providing advertising and marketing services;
  • Companies providing archiving, physical and/or electronic security, asset management and/or other business services;
  • Other third parties: to the extent relating to the sales, mergers, acquisitions or reorganization of all or part of our business, or to similar changes;
  • State authorities: State Tax Inspectorate, Centre of Registers (Registrų Centras), State Social Insurance (Sodra), Labour Exchange, etc. according to the procedure prescribed by law;
  • Law enforcement authorities: at their request or at our initiative, if there are suspicions that a criminal act has been committed, as well as to courts and other dispute resolution institutions; tax administrators.

Data transfer to third countries

Privacy Notices of social network administrators:

Facebook: https://lt-lt.facebook.com/privacy/explanation;

Facebook cookie policy: https://lt-lt.facebook.com/policies/cookies/;

Instagram data policy: https://help.instagram.com/155833707900388;

Linkedin: https://www.linkedin.com/legal/privacy-policy;

Privacy Notices of messaging and statistics tracking service providers:

Google Analytics:  https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20160909.html

How do we protect your data?

How do we protect your dataIn order to ensure a level of security corresponding to the risk when processing data, the Company has implemented appropriate technical and organizational measures. In selecting and implementing the appropriate technical and organizational measures to ensure the security of data processing, the Company follows the ENISA guidelines, good practices relating to information security, as well as the guidelines and recommendations prepared by the State Data Protection Inspectorate.

What rights do you have?

In accordance with the provisions of the GDPR, you, as a data subject, may exercise the following rights:

  1. The right to access personal data, i.e., to submit a request for information on whether your personal data are processed and, if so, you have the right to access your personal data that are processed.
  2. The right to have personal data rectified, i.e., to submit a request for rectification of your personal data upon finding out that your personal data we process are incorrect, incomplete or inaccurate.
  3. The right to have personal data erased (‘right to be forgotten’), i.e., to submit a request to erase your personal data if you believe that your data are processed unlawfully or unfairly.
  4. The right to restrict data processing, i.e., to submit a request to restrict (stop) the processing of your personal data, except for the storage of such data, e.g., in the event where: you have requested the rectification of your personal data (the restriction to be applied within a period during which the accuracy of your personal data is checked and/or the relevant data are rectified); it has been determined that your personal data are processed unlawfully and you do not consent to the erasure of the data; you have objected to the processing of your personal data, etc.
  5. The right to data portability, i.e., to submit a request to transfer your personal data, that are processed by automated means, to you and/or another data controller in a structured, commonly used and machine-readable format.
  6. The right to object to data processing, i.e., to express objection to the processing of your personal data where the data are processed on the legal basis of the legitimate interest of the Company or public interest.
  7. The right to demand that you are not subject to a decision based on solely automated data processing, including profiling, which produces legal effects on you or similarly significantly affects you.
  8. The right to withdraw the consent given to us regarding the processing of your personal data at any time, e.g., you can unsubscribe from direct marketing messages at any time by clicking the ‘Unsubscribe from the list’ option.
  9. You have the right to refuse to provide your personal data, however, the provision of your personal data is required and necessary for fulfilling the purposes specified in this Privacy Notice, therefore, if you do not provide your personal data, the Company may not be able to fulfil the said purposes.

How to exercise your rights?

You can exercise your rights taking the following steps:

  1. By sending us a free-form application via e-mail to: dap@contsro.eu. The application has to be signed using a valid electronic signature or a notarized copy of your personal ID document has to be submitted along with the application, so that we can verify your identity.
  2. By sending your application via registered mail to the following address: Lentpjūvės Str. 7A, LT-90117 Plungė, Lithuania, indicating that the letter is addressed to the Data Protection Officer. The application has to be signed. A notarized copy of your personal ID document has to be attached to the application.

The application should be legible, signed, and must contain the data subject’s name, surname, place of residence and other data required to maintain the desired communication method, as well as the information concerning the data subject’s rights that the data subject wishes to exercise and the extent to which he or she wishes to exercise them.

In exceptional cases, if there are doubts as to the identity of the data subject, we reserve the right to request additional information to help us verify the identity of the applying person, e.g., we may ask you to answer additional questions relating to our cooperation, submit notarized documents, etc.

We will respond to your application no later than within 30 (thirty) calendar days of the date of receipt of the application. In exceptional cases requiring additional time, we will have the right to extend the deadline for submitting the requested data or examining other requests specified in your application by up to 60 (sixty) calendar days of the date of your application, having notified you accordingly.

The Company has the right to refuse to consider the data subject’s application, if the Company determines that the requests are clearly unfounded or disproportionate, primarily due to their repetitive content.

In the event of failure to find a mutually acceptable solution, you have the right to apply to the State Data Protection Inspectorate (vdai.lrv.lt), which is a body responsible for the supervision and control over compliance with the legal acts governing personal data protection.

Where to apply for issues relating to personal data?

If you have any questions regarding the information provided in this Privacy Notice or the protection of your personal data and the exercise of your rights in the Company, including notifications of any observed personal data violations, please contact the Data Protection Officer of the Company using the most convenient for you communication method of any those given below:

 

What cookies and how do we use?

A cookie is a small text file that a website saves to the browser of your computer or mobile device when you visit the website. Thanks to it, the website is able to ‘remember’ your actions and options (such as registration name, language, font size and other display options) for a certain time, so that you do not have to re-enter them every time you visit the website or browse through its various pages.

The information collected by cookies allows us to ensure a better browsing experience for you, as well as to learn more about the behaviour of the website users, to analyse trends and improve the website.

Cookie categories by purpose:

- Strictly necessary cookies are cookies without which the website would not be able to function.

- Performance cookies collect information on how you use the website and help improve its operation. For example, performance cookies can show which pages you visit most often, how much time you spend on a page, which products you open to view, as well as help register any disruptions to the page. Although these cookies track your activity on our website, they collect information without identifying you directly. Performance cookies do not collect any information for marketing purposes and do not track your activity on other web pages.

- Functional cookies allow our website to remember you and your choices and provide better and specifically for you customized features. For example, to personalize a certain web page, to provide other functional options of your choice and to remember, if you have been to the site before, to no longer show you the messages intended for those who visit the site for the first time. These cookies do not collect any information for marketing purposes and do not track your activities on the website or on other web pages.

- The purpose of using marketing and advertising cookies is to be able to show you the offers and advertisements that are of relevance to you and in line with your interests, to limit the number of times you can see the same offers and advertisements on websites, and to assess the effectiveness of the advertising campaign by tracking your clicks. The advertisements may be displayed not necessarily on the website – they may be displayed to you on other pages even after you have left the website. These cookies collect information for marketing purposes and track your activities not only on the website, but also on other web pages.

List of the cookies used on the website:

Cookie name

Owner

Nature of the cookie

Expiry term

Data processing purpose

 pll_language

 Polylang

 Functional

 Permanent

Saves the language selection.

 Google Fonts API

 Google Fonts

 Functional

Expires after each session

This cookie is associated with the Google Fonts library and is used to store information about the fonts used on the website. Scans the user's IP address.

 __utmt_player

 Vimeo

 Statistics

 10 minutes

Designed to store and monitor audience reach.

 vuid

 Vimeo

 Functional

 2 years

Designed to store user’s browsing history.

 cmplz_statistics

 Complianz

 Statistics

 365 days

This cookie is associated with the Complianz plugin and is designed to store information about whether the user has consented to the use of cookies for statistics purposes.

 cmplz_consented_services

 Complianz

 Functional

 365 days

This cookie is associated with the Complianz plugin and is designed to store information about whether the user has consented to the use of cookies for marketing purposes.

 cmplz_marketing

 Complianz

 Marketing

 365 days

This cookie is associated with the Complianz plugin and is designed to store information about whether the user has consented to the use of cookies for marketing purposes.

 cmplz_policy_id

 Complianz

 Functional

 365 days

This cookie is associated with the Complianz plugin and is designed to store cookie policy identifier information.

cmplz_banner-status

 Complianz

 Functional

 365 days

This cookie is associated with the Complianz plugin and is designed to store information about whether the user's consent to the use of cookies is set or not in the browser.

 cmplz_functional

 Complianz

 Functional

 365 days

This cookie is associated with the Complianz plugin and is designed to store information about whether the user has consented to the use of cookies for functionality purposes.

 

You can choose to accept cookies or refuse certain cookies at any time by changing your browser settings. If you do not want cookies to be stored on your computer or other device, you can choose to receive a notification in your browser settings before any cookie is saved. You can also set your browser to reject all or some cookies immediately, as well as you can remove any cookies that have already been saved on your computer or other device. Please note that in this case you will have to select the settings separately for each browser and device you use.

Each browser uses a different method for customizing settings. If necessary, use the help function of your browser to select the settings correctly.

Changes to the Privacy Notice

The Privacy Notice may be modified at the discretion of the Company or upon changes in the requirements of applicable legal acts.

The applicable version of the Privacy Notice is published on the website, and we recommend reading the latest version to keep updated.

The last update of the Privacy Notice: 2023 m. July 19 d.

TOP