EN
LT
Contact us

Privacy policy

1. What does this Privacy Policy mean and who does it apply to?

This Privacy Policy (hereinafter referred to as the “Policy”) defines the basic conditions and rules for the processing of personal data by MB “HR business partner”, legal entity code 306656509, headquartered at A. Mackevičiaus g. 73A, 44201 Kaunas, Republic of Lithuania, email info@hrbusinesspartner.lt, phone number +370 699 67075, applied to data subjects (employees of the Company’s clients (legal persons); candidates; visitors/users of the website www.hrbusinesspartner.lt (hereinafter referred to as the “Website”); buyers and participants of trainings/seminars; partners; representatives of service providers, etc.). When processing personal data, we responsibly comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications, and other directly applicable legal acts regulating the protection of personal data, as well as instructions from competent authorities. This Policy does not apply to links provided on the website www.hrbusinesspartner.lt to third-party websites, so we recommend separately checking the privacy policies applicable on those websites.

2. How does the Company obtain your personal data?

We process your personal data when you:

  • submit inquiries and your personal data through the Company’s Website www.hrbusinesspartner.lt;
  • contact the Company via email at the email address provided by the Company;
  • participate in training/seminars organized by us;
  • apply for open job positions we are recruiting for;
  • provide personnel management services to your employer;
  • agree to the installation of cookies on your device;
  • agree to receive direct marketing offers, i.e., our newsletters, by entering your email address into the subscription field;
  • or provide or consent to the receipt of information from third parties in other ways.
3. What personal data do we process and for what purposes?

For the purpose of providing personnel management services to clients (legal entities), the following personal data of clients’ (legal entities’) employees are processed by the Company:

  • when signing a contract – the name of the represented company, the manager’s name and surname;
  • in cooperation with the client, their employees – name, surname, position, phone number, email address, in relevant cases, salary;
  • information required for the employment of employees – personal identification number, address, number of underage children (if the person raises them alone – for the calculation of days off), personal account information;
  • records of meetings (video/audio) (only with the prior consent of the subject and duly informing them in advance).

For the purpose of candidate selection for open job positions, the following candidate personal data is processed:

  • name, surname, phone number, email address, information in the CV: photo, work experience, education, certifications, language proficiency, etc.

For the purpose of organizing training/seminars, the following personal data of training/seminar participants is processed:

  • name, surname, email address, Facebook profile;
  • records of training/seminars (only with the prior consent of the subjects and duly informing them in advance).

For the administration and response to inquiries submitted through the Website, the following personal data of Website visitors is processed:

  • name, email address, phone number, and free text for the question(s).

For the purpose of communication/collaboration with partners/suppliers/subcontractors regarding the services they provide, the following personal data of representatives of partners/suppliers/subcontractors is processed:

  • name, surname, contact information (phone, email address), bank account for billing purposes;
  • name of the represented company, manager’s name and surname;
  • data provided during correspondence (content of correspondence).

For the purpose of direct marketing, the following personal data of data subjects is processed:

  • name, surname, postal address.

When a visitor logs in or visits the Company’s Website, the following technical personal data is automatically collected and processed:

  • IP address;
  • login date and time;
  • name and URL of the webpage connecting to our Website;
  • operating system data of the visitor’s device;
  • information about the visitor’s internet service provider;
  • geographic location data of the visitor;
  • other related technical information.

The data subject is responsible for ensuring that the personal data provided by them are accurate, correct, and comprehensive. If their provided personal data change, they must immediately inform the Company about it. The Company will not be liable for any damage caused to the individual and/or third parties due to incorrect, inaccurate, and/or incomplete personal data provided by the Data Subject or failure to request data supplementation and/or modification due to changes.

4. What are the legal bases for lawful processing of personal data and how long is it stored?

Legal bases for lawful processing of personal data:

  • consent (e.g., for candidates; making video/audio recordings; newsletter subscribers; training/seminar participants; individuals consenting to the use of cookies for personal data processing);
  • legitimate interest – responding to your inquiries, providing information you inquire about, etc.;
  • fulfillment of legal obligations (e.g., accounting, archiving, etc.);
  • contract performance (e.g., for service provision/purchase of training/seminars, etc.).

We will store your personal data for as long as necessary to achieve and implement the purposes set out in this Privacy Policy, taking into account the nature of the services provided to you or the nature of cooperation, unless longer retention of personal data and related documents is required by applicable regulatory acts and is necessary (e.g., mandatory accounting and other document retention periods, etc.) or conditioned by the legitimate interests defense in judicial or other state institutions by the data controller. We ensure and take all necessary measures to avoid storing outdated or unnecessary information about you and to ensure that your data is constantly updated and accurate. The storage periods of your personal data are as follows:

  • data provided in the Website query is stored for 1 (one) year from the date of the query submission;
  • personal data of newsletter subscribers for direct marketing purposes is actively used for 2 (two) years from the date of consent, i.e., from the date of entering your email address into the subscription field, and is stored passively (in archive) for another 1 year after the expiration of the consent term or its revocation date;
  • personal data of training/seminar participants is stored for 1 (one) year from the end of the training/seminar;
  • personal data of training/seminar buyers is stored for 1 (one) year from the date of purchase;
  • personal data of candidates for open job positions is stored until the end of the selection process, and after that, the personal data of non-selected candidates are deleted, unless they have given separate consent and their data will be processed for the purpose of future job position offers, in which case their data will be stored for the period specified in the consent;
  • meeting video/audio recordings (with prior consent) are stored for 1 (one) year from the recording date;
  • training/seminar recordings (with prior consent) are stored for 2 (two) months from the end of the training/seminar.
5. Who may your personal data be disclosed to?

Your personal data may be accessed only by a limited circle of our employees/contractors and subjects providing IT/communication/consultation/audit/legal services on behalf of our company, and only to the extent necessary to implement proper processing of your personal data, with strict requirements for confidentiality of information applying to all these individuals. For the purposes set out in this privacy policy, we may transfer or provide access to your data to:

  • data processors who provide services and process your data on our behalf, as instructed and ordered by us (e.g., IT service providers, etc.). Note that our data processors handle your data strictly according to our clear instructions, committing to ensure proper protection of the data we entrust to them, confidentiality, and security requirements through organizational and technical measures, as specifically discussed in contracts concluded between us and service providers regarding data processing;
  • entities entitled to receive information according to legal requirements (e.g., courts, state and municipal institutions, etc.), only to the extent necessary to properly fulfill the requirements of applicable laws.

In case your personal data is transferred to a third country and (or) international organization, we will inform you in advance and ensure that the data is transferred in compliance with applicable legal requirements.

6. Security of Your Personal Data

Your personal data will be processed in accordance with the General Data Protection Regulation (GDPR), the Law on Personal Data Protection of the Republic of Lithuania, and other requirements established by law. When processing your personal data, we implement organizational and technical measures that ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, as well as from any other unlawful processing.

7. Exercising your rights as a data subject

We guarantee the implementation of the following rights upon your request/inquiry:

  • to know (to be informed) about the processing of your personal data;
  • to have access to your personal data that we process;
  • to request the rectification or completion, clarification of inaccurate, incomplete personal data;
  • require the destruction of personal data when it is no longer necessary for the purposes for which it was collected;
  • require the destruction of personal data if the processing is unlawful or where you withdraw or withhold your consent to the processing of personal data, which is necessary;
  • to object to the processing of personal data or to withdraw your prior consent;
  • require the provision, where technically feasible, of your personal data collected pursuant to your consent or for the performance of a contract in an easily readable format, or request that it be transferred to another controller.

To exercise your rights, please send us an email to: info@hrbusinesspartner.lt. Upon receipt of your request, we will ask you to provide proof of identity, as well as any additional information we require in connection with your request. We will respond to your request no later than 30 calendar days from the date of receipt of your request and the submission of all the documents necessary to respond. You may complain about our actions and decisions to the competent supervisory authority, the State Data Protection Inspectorate (www.vdai.lt). However, we recommend that you contact us before making a formal complaint so that we can find a suitable solution to the problem. If you have any request regarding the processing of your data or a related question, please contact us at info@hrbusinesspartner.lt or by telephone at +370 699 67075.