Processing of (personal) data by the entity in charge of the online application process
UAB „Reprise Media“
PRIVACY POLICY
1. GENERAL PROVISIONS
This Privacy Policy (hereinafter the “Privacy Policy”) describes how UAB “Reprise Media” (hereinafter “Reprise Media”, “we”, the “Company”) processes personal data when you:
• visit our website at www.reprise.lt (hereinafter the “Website”);
• submit enquiries to us (via the Website or through other communication channels);
• apply for job positions at the Company;
• are a representative of our clients or business partners and you are contacted, and contracts are concluded and performed with you.
This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legislation. By using the Website or otherwise providing us with your personal data, you confirm that you have read this Privacy Policy and understand how your personal data are processed.
2. DATA CONTROLLER AND CONTACT DETAILS
Data Controller:
UAB “Reprise Media”, legal entity code 304737161, registered office address: Šaltinių g. 12, LT-03214 Vilnius, Lithuania.
Email for general data protection matters: info@reprise.lt.
If you have any questions about this Privacy Policy or about the processing of your personal data, you can contact us using the above contact details.
3. PERSONAL DATA PROCESSED, PURPOSES AND LEGAL BASES
Below we provide information about the processing of personal data, distinguishing it according to the categories of persons (data subjects) with whom we interact in our activities and the purposes and legal bases of data processing specific to each category. The categories are distinguished according to the relationship with us (whether the person is a Website visitor, an enquiry sender, a job applicant, a client’s or partner’s representative, etc.).
The same person may fall into several groups at the same time (for example, be both a Website visitor and a candidate). In such cases, we process the person’s data only to the extent necessary for each of these purposes, always complying with the requirements of the applicable legislation.
If personal data are processed on the basis of consent, you have the right to withdraw your consent at any time. If personal data are processed on the basis of legitimate interests, you have the right to object to such processing at any time, unless we demonstrate that our legitimate interests override your interests, rights and freedoms, or that the data are processed for the establishment, exercise or defence of legal claims (see Section 9).
We do not make decisions based solely on automated processing of personal data, including profiling, which would produce legal effects concerning you or similarly significantly affect you, as understood under the GDPR.
4. SOURCES OF PERSONAL DATA
We normally obtain personal data directly from you when you:
• visit the Website and agree to the use of cookies;
• submit an enquiry, request or complaint;
• apply for a job position;
• communicate with us as a client’s or partner’s representative.
In certain cases we may also obtain data from other sources:
• from the company you represent or colleagues, when you are designated as a contact person;
• from job portals, recruitment agencies;
• from publicly available sources (including professional social networks), to the extent reasonably necessary for contractual relationships or recruitment and proportionate to your rights and freedoms;
• from persons you have indicated as references (only at your request or with your knowledge);
from state authorities or other third parties where this is provided for by law.
5. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies on the Website to ensure its technical functioning, to analyse traffic and, where applicable, to customise content or advertising.
• Strictly necessary cookies are needed for the Website to function properly (for example, to remember your choices, to ensure security). Their use is based on our legitimate interest to ensure the functioning of the Website and does not require your separate consent.
• Analytical and marketing cookies (if they are used) help us understand how visitors use the Website and / or to provide tailored content. The use of these cookies is based on your consent, which is requested via the cookie banner / settings on the Website.
You can manage cookies at any time in your browser settings and / or via the cookie management tool provided on the Website (if available): delete stored cookies, refuse all or part of cookies. Please note that disabling strictly necessary cookies may impair the functioning of the Website.
6. DISCLOSURE AND TRANSFER OF PERSONAL DATA
We may disclose your personal data to:
• our service providers (data processors) who provide IT, server hosting, email sending, cloud, Website maintenance, analytics, employee recruitment or other services and process personal data only in accordance with our instructions and under contracts;
• business partners and clients, to the extent necessary for the conclusion and performance of contracts (for example, when you indicate yourself as a responsible person);
• state authorities and law enforcement authorities, where required by law or justified requests of such authorities;
• lawyers, auditors, consultants, debt collectors, where necessary for the protection of our rights, accounting or audit processes;
• banks, payment institutions or electronic money institutions (when making payments).
Some of our service providers or partners may be established outside the European Economic Area (EEA) or may use servers located in third countries (for example, when using cloud computing services). In such cases, we ensure that data transfers take place only in accordance with the requirements of Chapter V of the GDPR, for example:
• we transfer data to countries in respect of which the European Commission has adopted an adequacy decision; or
• we conclude standard contractual clauses with data recipients and, where necessary, implement additional security measures.
7. RETENTION PERIODS OF PERSONAL DATA
We store personal data no longer than necessary to achieve the specified purposes or as required by law. For example:
• Website visitors’ and enquiry data
- technical log records are generally stored for up to 1 year, unless they are needed for a longer period for security incident investigation or legal disputes;
- data related to a specific enquiry (emails, form content) are stored for up to 1 year from the final response, unless the information is prospectively needed for contractual relations or for the defence of legal claims;
• Candidates’ data
- for a specific recruitment: until the end of the recruitment process and no longer than 6 months after its completion, so that we can defend ourselves against potential claims regarding the recruitment process;
- if you give separate consent for data retention for future recruitment: up to 2 years from receipt of the data or until you withdraw your consent (whichever occurs first);
• Client and partner representatives’ data
- are stored for the duration of the contract and up to 10 years after the end of the contract, taking into account limitation periods for claims and the retention requirements for accounting documents;
• Direct marketing data
- are stored for up to 2 years from your last active action (for example, opening a newsletter, clicking a link) or until you withdraw your consent (if this occurs earlier).
After the expiry of the specified periods, the data are securely destroyed or irreversibly anonymised, unless they are needed for a longer period due to ongoing disputes, investigations or other legitimate requirements.
8. PROTECTION OF PERSONAL DATA
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorised access, including:
• access control on a “need to know” basis;
• the use of secure servers and encrypted communication channels (for example, HTTPS);
• regular software updates and protection measures against malware;
• staff training on data protection and confidentiality obligations;
• contracts with service providers ensuring an appropriate level of data protection.
Although we strive to ensure a high level of protection, no system can guarantee absolute security. If there is a reasonable suspicion of a breach of the security of your data, we will take the necessary steps, including investigating the incident, mitigating its consequences and, where required by the GDPR, notifying the supervisory authority and / or you.
9. YOUR RIGHTS
As a data subject, you have the following rights under the GDPR, subject to statutory exceptions:
• The right to access your personal data and obtain information about its processing;
• The right to request the rectification of inaccurate or incomplete personal data;
• The right to request the erasure of personal data (“right to be forgotten”) where the conditions set out in the GDPR are met;
• The right to request restriction of processing of personal data in certain cases (for example, where you contest the accuracy of the data or object to processing);
• The right to data portability where data are processed on the basis of your consent or a contract and by automated means;
• The right to object to the processing of data based on our legitimate interests, including profiling where applied; in such a case, we will no longer process the data unless we demonstrate compelling legitimate grounds which override your interests;
• The right to withdraw your consent at any time where the data are processed on the basis of your consent (for example, for direct marketing), without affecting the lawfulness of processing carried out before the withdrawal. Consent may be withdrawn by contacting us by email at info@reprise.lt;
• The right to object at any time to being subject to direct marketing, including profiling to the extent that it relates to such direct marketing, which can be done simply by unsubscribing from the newsletter or sending us an email.
To exercise your rights, you can contact us at any time by email or via the other contact details indicated in Section 2. We will examine requests and respond within 1 month, and in complex or numerous cases this period may be extended by a further 2 months, of which you will be informed.
If you believe that your personal data are processed in violation of the GDPR or other data protection legislation, you have the right to:
• contact us and, where possible, resolve the issue amicably;
• lodge a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, 10312 Vilnius, Lithuania, email ada@ada.lt, https://vdai.lrv.lt/lt/).
10. CHANGES TO THE PRIVACY POLICY
We reserve the right to update this Privacy Policy periodically, for example, in the event of changes in legislation, our activities, technologies used or case law.
We will inform you about significant changes by updating the information on the Website and indicating the date of the update and, in some cases, by other means (for example, by email if this would be related to your position as a data subject).
We recommend that you periodically read this Privacy Policy and familiarise yourself with its latest version.
This Privacy Policy applies from the date of its publication on the Website and replaces previous versions of the privacy policy of UAB “Reprise Media” available on the website www.reprise.lt.
PRIVACY POLICY
1. GENERAL PROVISIONS
This Privacy Policy (hereinafter the “Privacy Policy”) describes how UAB “Reprise Media” (hereinafter “Reprise Media”, “we”, the “Company”) processes personal data when you:
• visit our website at www.reprise.lt (hereinafter the “Website”);
• submit enquiries to us (via the Website or through other communication channels);
• apply for job positions at the Company;
• are a representative of our clients or business partners and you are contacted, and contracts are concluded and performed with you.
This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legislation. By using the Website or otherwise providing us with your personal data, you confirm that you have read this Privacy Policy and understand how your personal data are processed.
2. DATA CONTROLLER AND CONTACT DETAILS
Data Controller:
UAB “Reprise Media”, legal entity code 304737161, registered office address: Šaltinių g. 12, LT-03214 Vilnius, Lithuania.
Email for general data protection matters: info@reprise.lt.
If you have any questions about this Privacy Policy or about the processing of your personal data, you can contact us using the above contact details.
3. PERSONAL DATA PROCESSED, PURPOSES AND LEGAL BASES
Below we provide information about the processing of personal data, distinguishing it according to the categories of persons (data subjects) with whom we interact in our activities and the purposes and legal bases of data processing specific to each category. The categories are distinguished according to the relationship with us (whether the person is a Website visitor, an enquiry sender, a job applicant, a client’s or partner’s representative, etc.).
The same person may fall into several groups at the same time (for example, be both a Website visitor and a candidate). In such cases, we process the person’s data only to the extent necessary for each of these purposes, always complying with the requirements of the applicable legislation.
Category of data subjects | Data processed | Purposes | Legal bases |
Website visitors | IP address, visit data, browser and device information, browsing history, cookies data (see Section 5 for more details) | Ensuring the functioning of the Website, security, analysis and improvement | Article 6(1)(a) of the GDPR (consent) or Article 6(1)(f) of the GDPR (legitimate interest to ensure the security of the Website and convenient use) |
Persons submitting enquiries | Name, surname, contact details, content of the enquiry, documents, communication history If you do not provide contact details (for example, email address), we will not be able to respond to your enquiry | Responding to enquiries, administration of requests and complaints, communication | Article 6(1)(a) of the GDPR (consent, given voluntarily by submitting an enquiry) and / or Article 6(1)(f) of the GDPR (legitimate interest to respond to received enquiries and to administer them) |
Job applicants (via the Website, email, job portals, social networks or other means) | Name, surname, contact details, CV, cover letter, education, experience, skills, professional profiles (for example, LinkedIn, portfolio website), work samples, references, other information provided voluntarily. Certain application data (for example, name, surname, contact details, CV) are necessary so that we can assess your candidacy. If you do not provide this information, we will not be able to consider your candidacy for a specific position. Other information provided by candidates (for example, cover letter, work samples, etc.) is voluntary, but failure to provide it may limit our ability to fully assess your suitability for the position. | Selection process, evaluation of applications, decision on employment | Article 6(1)(b) of the GDPR (taking steps prior to entering into a contract) and / or Article 6(1)(f) of the GDPR (our legitimate interest to select the most suitable candidate) |
Candidates for future recruitment | Application documents | Administration of future recruitment processes | Article 6(1)(a) of the GDPR (consent) |
Client and partner representatives | Name, surname, position, employer, contact details, signature, communication history, information necessary for the performance of the contract (for example, responsible persons, project information, agreements) | Conclusion and performance of contracts, protection of legitimate interests | Article 6(1)(b) of the GDPR (taking steps prior to entering into a contract, performance of a contract) and Article 6(1)(f) of the GDPR (legitimate interest to bring, exercise, defend or contest legal claims) |
Recipients of direct marketing | Name, surname, email, telephone number, information on preferences | Direct marketing | Article 6(1)(a) of the GDPR (consent, for example by ticking the relevant box, subscribing to a newsletter, etc.) and / or Article 6(1)(f) of the GDPR (legitimate interest to promote the acquisition of our services when you are our client and the direct marketing relates to similar services we provide) |
We do not make decisions based solely on automated processing of personal data, including profiling, which would produce legal effects concerning you or similarly significantly affect you, as understood under the GDPR.
4. SOURCES OF PERSONAL DATA
We normally obtain personal data directly from you when you:
• visit the Website and agree to the use of cookies;
• submit an enquiry, request or complaint;
• apply for a job position;
• communicate with us as a client’s or partner’s representative.
In certain cases we may also obtain data from other sources:
• from the company you represent or colleagues, when you are designated as a contact person;
• from job portals, recruitment agencies;
• from publicly available sources (including professional social networks), to the extent reasonably necessary for contractual relationships or recruitment and proportionate to your rights and freedoms;
• from persons you have indicated as references (only at your request or with your knowledge);
from state authorities or other third parties where this is provided for by law.
5. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies on the Website to ensure its technical functioning, to analyse traffic and, where applicable, to customise content or advertising.
• Strictly necessary cookies are needed for the Website to function properly (for example, to remember your choices, to ensure security). Their use is based on our legitimate interest to ensure the functioning of the Website and does not require your separate consent.
• Analytical and marketing cookies (if they are used) help us understand how visitors use the Website and / or to provide tailored content. The use of these cookies is based on your consent, which is requested via the cookie banner / settings on the Website.
You can manage cookies at any time in your browser settings and / or via the cookie management tool provided on the Website (if available): delete stored cookies, refuse all or part of cookies. Please note that disabling strictly necessary cookies may impair the functioning of the Website.
6. DISCLOSURE AND TRANSFER OF PERSONAL DATA
We may disclose your personal data to:
• our service providers (data processors) who provide IT, server hosting, email sending, cloud, Website maintenance, analytics, employee recruitment or other services and process personal data only in accordance with our instructions and under contracts;
• business partners and clients, to the extent necessary for the conclusion and performance of contracts (for example, when you indicate yourself as a responsible person);
• state authorities and law enforcement authorities, where required by law or justified requests of such authorities;
• lawyers, auditors, consultants, debt collectors, where necessary for the protection of our rights, accounting or audit processes;
• banks, payment institutions or electronic money institutions (when making payments).
Some of our service providers or partners may be established outside the European Economic Area (EEA) or may use servers located in third countries (for example, when using cloud computing services). In such cases, we ensure that data transfers take place only in accordance with the requirements of Chapter V of the GDPR, for example:
• we transfer data to countries in respect of which the European Commission has adopted an adequacy decision; or
• we conclude standard contractual clauses with data recipients and, where necessary, implement additional security measures.
7. RETENTION PERIODS OF PERSONAL DATA
We store personal data no longer than necessary to achieve the specified purposes or as required by law. For example:
• Website visitors’ and enquiry data
- technical log records are generally stored for up to 1 year, unless they are needed for a longer period for security incident investigation or legal disputes;
- data related to a specific enquiry (emails, form content) are stored for up to 1 year from the final response, unless the information is prospectively needed for contractual relations or for the defence of legal claims;
• Candidates’ data
- for a specific recruitment: until the end of the recruitment process and no longer than 6 months after its completion, so that we can defend ourselves against potential claims regarding the recruitment process;
- if you give separate consent for data retention for future recruitment: up to 2 years from receipt of the data or until you withdraw your consent (whichever occurs first);
• Client and partner representatives’ data
- are stored for the duration of the contract and up to 10 years after the end of the contract, taking into account limitation periods for claims and the retention requirements for accounting documents;
• Direct marketing data
- are stored for up to 2 years from your last active action (for example, opening a newsletter, clicking a link) or until you withdraw your consent (if this occurs earlier).
After the expiry of the specified periods, the data are securely destroyed or irreversibly anonymised, unless they are needed for a longer period due to ongoing disputes, investigations or other legitimate requirements.
8. PROTECTION OF PERSONAL DATA
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorised access, including:
• access control on a “need to know” basis;
• the use of secure servers and encrypted communication channels (for example, HTTPS);
• regular software updates and protection measures against malware;
• staff training on data protection and confidentiality obligations;
• contracts with service providers ensuring an appropriate level of data protection.
Although we strive to ensure a high level of protection, no system can guarantee absolute security. If there is a reasonable suspicion of a breach of the security of your data, we will take the necessary steps, including investigating the incident, mitigating its consequences and, where required by the GDPR, notifying the supervisory authority and / or you.
9. YOUR RIGHTS
As a data subject, you have the following rights under the GDPR, subject to statutory exceptions:
• The right to access your personal data and obtain information about its processing;
• The right to request the rectification of inaccurate or incomplete personal data;
• The right to request the erasure of personal data (“right to be forgotten”) where the conditions set out in the GDPR are met;
• The right to request restriction of processing of personal data in certain cases (for example, where you contest the accuracy of the data or object to processing);
• The right to data portability where data are processed on the basis of your consent or a contract and by automated means;
• The right to object to the processing of data based on our legitimate interests, including profiling where applied; in such a case, we will no longer process the data unless we demonstrate compelling legitimate grounds which override your interests;
• The right to withdraw your consent at any time where the data are processed on the basis of your consent (for example, for direct marketing), without affecting the lawfulness of processing carried out before the withdrawal. Consent may be withdrawn by contacting us by email at info@reprise.lt;
• The right to object at any time to being subject to direct marketing, including profiling to the extent that it relates to such direct marketing, which can be done simply by unsubscribing from the newsletter or sending us an email.
To exercise your rights, you can contact us at any time by email or via the other contact details indicated in Section 2. We will examine requests and respond within 1 month, and in complex or numerous cases this period may be extended by a further 2 months, of which you will be informed.
If you believe that your personal data are processed in violation of the GDPR or other data protection legislation, you have the right to:
• contact us and, where possible, resolve the issue amicably;
• lodge a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, 10312 Vilnius, Lithuania, email ada@ada.lt, https://vdai.lrv.lt/lt/).
10. CHANGES TO THE PRIVACY POLICY
We reserve the right to update this Privacy Policy periodically, for example, in the event of changes in legislation, our activities, technologies used or case law.
We will inform you about significant changes by updating the information on the Website and indicating the date of the update and, in some cases, by other means (for example, by email if this would be related to your position as a data subject).
We recommend that you periodically read this Privacy Policy and familiarise yourself with its latest version.
This Privacy Policy applies from the date of its publication on the Website and replaces previous versions of the privacy policy of UAB “Reprise Media” available on the website www.reprise.lt.