I. GENERAL PROVISIONS
1. The purpose of the Rules for the Processing of Personal Data (hereinafter – the Rules) at UAB Vertex, legal entity No. 120320756, address Baltupio st. 14, Vilnius, 08304, Lietuva (hereinafter – the Company) is to regulate the processing of personal data.
2. The Rules were drawn up in accordance with provisions of the EU General Data Protection Regulation (hereinafter – the Regulation or GDPR) and other legal acts governing protection and processing of data.
3. The terms used in the Rules shall be understood in accordance with the definitions contained in the Regulation and other legal acts.
4. Data controller and processor – UAB Vertex, legal entity No. 120320756, address Baltupio st. 14, Vilnius, 08304, Lietuva.
5. The Rules shall be applicable to and shall be binding on the Company and all employees working for the Company.
II. PRINCIPLES FOR DATA PROCESSING
6. In Company’s activities personal data shall be processed in accordance with the following principles:
6.1. data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (the principle of lawfulness, fairness and transparency shall be respected);
6.2. ata shall be collected for specified, explicit and legitimate purposes established before data collection and not further processed in a way incompatible with those purposes (the principle of purpose limitation shall be respected);
6.3. only adequate, relevant data and data limited to the minimum necessary in relation to the purposes for which they are processed shall be processed (the principle of data minimisation shall be respected);
6.4. processed data shall be accurate and kept up to date; inaccurate or incomplete data must be rectified, supplemented, erased or their further processing must be suspended, every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (the principle of accuracy shall be respected);
6.5. data shall be kept in a form which permits identification of data subjects for no longer than it is necessary for the purposes for which the personal data were collected and are processed (the principle of storage period limitation shall be respected);
6.6. data shall be processed in the way that appropriate data security is ensured by implementing corresponding technical and organisational measures, including protection from unauthorised data processing or unlawful data processing, accidental loss, destruction or damage (the principle of integrity and confidentiality shall be respected).
III. PURPOSES AND SCOPE OF THE PROCESSING OF PERSONAL DATA
7. he Company shall keep records of personal data processing activities which it is responsible for. Records about personal data processing activities shall be made by the Company in Annex No. 1 to 6 of the Rules
7.1. General Data records of employees (Annex No. 1);
7.2. Data records of candidates for employment (Annex No. 2);
7.3. Sensitive data records of employees (Annex No. 3);
7.4. Data records of Flirts platform users (Annex No. 4);
7.5. Data records of potential clients (Annex No. 5);
7.6. Records of details of suppliers / contractors (Annex No. 6).
8. Records of data processing shall be inspected and updated constantly, however, at least once a calendar year in order to reflect the real situation with personal data processing at the Company.
IV. FUNCTIONS, RIGHTS AND OBLIGATIONS OF THE COMPANY
9. The Company shall have the following rights:
9.1. to draw up and adopt internal legal acts governing the processing of personal data;
9.2. to decide on supply of personal data;
9.3. to appoint a person or a unit responsible for protection of personal data;
9.4. to authorise other persons to process personal data.
10. The Company shall have the following obligations:
10.1. to ensure compliance with the personal data processing requirements set forth by the Regulation and other legal acts governing the processing of personal data;
10.2. to implement the rights of the data subject under the procedure established by applicable legal acts;
10.3. to ensure protection of personal data by implementing appropriate organisational and technical measures to protect personal data;
10.4. to choose a data processor providing sufficient guarantees in respect of the technical security measures and organizational measures to protect personal data and ensuring compliance with those measures, as well as to conclude contracts with data processors. To instruct the data processor regarding processing of video data. To be aware of planned contracts with data subprocessors and to provide prior written consent concerning their appointment.
11. The Company shall perform the following functions:
11.1. it shall determine the purpose and the scope of the processing of personal data;
11.2. it shall organise installation of the systems and equipment required for the processing of personal data;
11.3. it shall award access rights and authorisations to process personal data;
11.4. it shall analyse technological, methodological and organisational issues related to the processing of personal data and shall adopt resolutions required for ensuring proper processing of personal data;
11.5. it shall render methodological assistance to employees and data processors concerning issues of the processing of personal data;
11.6. it shall organise trainings for employees on issues of legal protection of personal data;
11.7. it shall perform other functions, required for implementation of rights and obligations of the data controller.