PRIVACY POLICY

1. Purpose

This Privacy Policy (hereinafter – the Policy) sets out the principles, conditions, purposes, and data subject rights related to the processing of personal data by UAB “Miralita” (hereinafter – the Company).

This Policy applies to all individuals whose data the Company collects and processes, regardless of the method of data submission.

2. General information about the Company

Data Controller: UAB “Miralita”

Company code: 302808688

Registered office: Šv. Stepono g. 15-101, Vilnius, LT-01139, Republic of Lithuania

Email: [email protected]

Websites: www.tvariskaita.lt.

3. Definition of personal data

Personal data means any information that directly or indirectly relates to an identified or identifiable natural person.

Personal data includes, but is not limited to: name, surname, position, contact details, personal identification number (if applicable), email address, telephone number, residential address, information on contractual relations, payments, and correspondence with the Company.

4. Purposes of data processing

The Company processes personal data for the following purposes:

4.1. For the purpose of providing and administering services

Processed data:

Client’s or representative’s name, surname, position;
Company name and contact details;
Data contained in documents, contracts, and reports;
Communication records (emails, inquiries, correspondence).

Legal basis:

Performance of a contract (GDPR Article 6(1)(b));
Legitimate interest (GDPR Article 6(1)(f));
Compliance with legal obligations (GDPR Article 6(1)(c)).

Retention period:

Data are retained for 10 years after the execution of the last contract or assignment, unless a longer period is required by law.

4.2. For the purpose of direct marketing

Processed data:

Name, surname, position;
Email address and phone number.

Legal basis:

Data subject’s consent (GDPR Article 6(1)(a));
Legitimate interest in informing existing clients about new services (Electronic Communications Act Article 81(2)).

Data retention:

If processed on the basis of consent – for 5 years from the date of consent;
If processed on the basis of legitimate interest – during the contractual relationship.

Each individual may unsubscribe from marketing communications at any time by clicking the unsubscribe link in the email or contacting [email protected].

4.3. For the performance of contracts with partners and service providers

Processed data:

Names, surnames, positions, and contact details of employees or representatives of legal entities;
Communication and contractual data.

Legal basis:

Contract performance;
Legitimate interest to ensure proper provision of services.

Retention period:

Data are retained during the contract term and 10 years after its termination.

5. Disclosure of personal data to third parties

The Company may disclose personal data to:

State authorities, when required by law;
IT, accounting, or legal service providers, when necessary for contract execution;
Data processors acting on behalf of the Company under concluded agreements.

All recipients are obliged to ensure an appropriate level of data protection in compliance with GDPR.

6. Rights of data subjects

A person whose data are processed by the Company has the following rights:

1. To obtain information on the processing of their data;
2. To access their processed personal data;
3. To request correction of inaccurate or incomplete data;
4. To request deletion of data (“right to be forgotten”), where applicable;
5. To restrict data processing;
6. To object to data processing;
7. To transfer their data to another controller;
8. To withdraw consent, where processing is based on consent.

Requests to exercise these rights must be submitted in writing by email to [email protected].

Responses will be provided no later than 30 calendar days from the date of receipt.

7. Data security measures

The Company applies organisational and technical measures to ensure that:

Data are protected from accidental or unlawful destruction, loss, alteration, disclosure, or access;
Access is granted only to authorised employees;
All processors are bound by confidentiality obligations.

8. Complaints and supervision

If you believe that your personal data are being processed unlawfully, you have the right to lodge a complaint with the State Data Protection Inspectorate

(address: L. Sapiegos g. 17, LT-10312 Vilnius, email: [email protected]),

or contact the Company directly at [email protected].

9. Policy amendments

The Company reserves the right to modify this Privacy Policy without prior notice, taking into account changes in legislation or operational needs.

The updated Policy will be published on the Company’s websites www.tvariskaita.lt .

10. Entry into force

This Privacy Policy enters into force on 1 January 2025 and applies to all data processing activities performed after this date.

11. Processing of supplier, service provider, and partner data

The Company processes personal data of its suppliers, service providers, and partners (both natural and legal persons) to properly perform contracts concluded with them.

Processed data:

Name, surname, date of birth, telephone number, email address, communication content and date, and other contract-related information.

Legal basis:

Contract conclusion and performance (GDPR Article 6(1)(b));
Legitimate interest to ensure proper contractual management (GDPR Article 6(1)(f)).

Retention period:

Personal data are processed during the contract term.

If data are contained in contracts or related documents, they are retained for 10 years after contract termination, unless a longer period is required by law.

12. Social media tools

The Company manages accounts on social media platforms (e.g., LinkedIn, Facebook).

Information provided by users through these platforms is jointly controlled with the social network operators as joint controllers.

We recommend reviewing the privacy notices of each social network to understand how they collect, use, and protect your personal data.

If you have questions about data use on social media, please contact the relevant service providers directly.

13. Inquiries and communication

The Company may process any personal data voluntarily provided by you, including:

when sending emails,
filling out contact forms on the website,
calling by phone,
submitting requests or feedback.

Legal basis: legitimate interest (GDPR Article 6(1)(f)) to ensure quality service and respond to inquiries.

Retention period:

Personal data received in inquiries are retained for 2 years from the date of receipt.

If a contract is later concluded, such data are stored under section 4.1 of this Policy.

14. Principles of data processing

The Company processes personal data in accordance with the following principles:

Lawfulness, fairness, and transparency – data are collected lawfully and transparently;
Purpose limitation and proportionality – only data necessary for stated purposes are processed;
Accuracy – data are kept accurate and up to date;
Storage limitation – data are stored only as long as necessary;
Integrity and confidentiality – data are protected from unauthorised access or disclosure.

The Company implements organisational and technical data protection measures, including access control, encryption, backups, and employee confidentiality obligations.

15. Disclosure to third parties

Personal data may be disclosed to the following recipients, where necessary:

1. Public authorities (courts, bailiffs, tax offices, municipalities) as required by law;
2. The Company’s lawyers, accountants, and employees responsible for service provision;
3. The Company’s partners and service providers (IT, translation, courier, audit, accounting, and consulting companies);
4. Data processors acting on behalf of the Company under contract and only to the extent necessary.

All processors are bound by confidentiality and data protection obligations in compliance with GDPR.

16. Rights of Data Subjects

Any person whose personal data are processed by the Company has the following rights:

1. To obtain information about the processing of their personal data;
2. To access the data processed by the Company;
3. To request the correction of inaccurate or incomplete data;
4. To request the deletion of data (“right to be forgotten”) where there are no legal obstacles;
5. To restrict the processing of personal data;
6. To object to the processing of personal data;
7. To transfer data to another data controller;
8. To withdraw consent, if the processing is based on consent.

Requests for the exercise of rights must be submitted in writing by email to [email protected].

The Company undertakes to provide a response no later than 30 calendar days from the date of receipt of the request.

17. Submission of Complaints

If you believe that your rights have been violated, you have the right to:

Submit a complaint to the State Data Protection Inspectorate

(L. Sapiegos g. 17, LT-10312 Vilnius, email: [email protected]); or

Contact the Company directly by email at [email protected].

18. Right to Access Processed Data

You have the right to contact the Company at any time to find out whether the Company processes your personal data.

If the Company does process or otherwise uses your personal data, you have the right to access such data and obtain information about the purposes, sources, legal basis, and recipients of the processing.

To exercise this right, you must submit a written request by email to [email protected].

For the purpose of fulfilling your request, the Company may ask you to confirm your identity.

When submitting a request, you must act in accordance with the principles of fairness and reasonableness.

19. Right to Withdraw Consent

If you have given the Company explicit consent for the processing of your personal data, you have the right to withdraw that consent at any time by submitting a request by email to [email protected].

Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

20. Right to Obtain Additional Information

The Company strives to ensure that all individuals clearly understand how their personal data are processed.

If you have any questions or doubts regarding the scope of data processing, you have the right to request additional information by emailing [email protected].

The Company undertakes to update this Privacy Policy whenever there are changes in data processing procedures or legal regulations.

21. Additional Rights

In accordance with the General Data Protection Regulation (GDPR), you also have the following additional rights:

1. Right to rectification – to request that the Company correct inaccurate or incomplete personal data.
2. Right to erasure (“right to be forgotten”) – to request the deletion of your personal data in the cases provided for in Article 17 of the GDPR.
3. Right to restriction of processing – to request that your personal data be processed only to a limited extent.
4. Right to object – to object, under Article 21 of the GDPR, to the processing of your personal data.
5. Right to data portability – to receive the personal data you have provided to the Company in a structured, commonly used format or to request that they be transferred to another controller.

22. Procedure for Exercising Rights

To exercise your rights, please submit a written request by email to [email protected].

The Company will respond to received requests, complaints, or inquiries in writing in accordance with the requirements and deadlines established by law.

A response will be provided no later than 30 (thirty) calendar days from the date of receipt of the request.

If you contact the Company, it may process the personal data you provide (name, surname, email, telephone number, date, and content of correspondence) in order to properly process your request.

In certain cases, the Company may ask for additional information or a document confirming your identity.

The Company may contact you by post, email, or telephone.

Please notify the Company immediately if your contact details change.

23. Complaints

If you are not satisfied with the Company’s response or believe that your data are processed unlawfully, you may contact:

State Data Protection Inspectorate

L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania

Email: [email protected]

Website: www.vdai.lrv.lt

24. Responsibility

Data subjects must ensure that the personal data provided to the Company are accurate, correct, and complete.

If any data change, the person must immediately inform the Company via email [email protected].

The Company is not liable for losses arising from inaccurate or outdated information provided by the data subject.

25. Amendments

The Company reserves the right to amend this Policy at any time.

The updated version enters into force upon publication on the Company’s website.

We recommend reviewing the Policy periodically to ensure you are aware of its current version.

Last updated: July 4, 2025