Personal Data Processing Policy

Our aim is to keep you fully informed about the processing of your personal data, whether you interact with us in person, electronically (for example, through our website) or in any other way you choose. This document applies to you if your data is processed by Socialinės ir teisinės pagalbos labdaros ir paramos fondas.

This Personal Data Processing Policy of Socialinės ir teisinės pagalbos labdaros ir paramos fondas
(the ‘Policy’) is intended to inform you about the purposes and grounds on which we process your personal data, where we obtain your personal data, to whom we provide it and for how long we store it, what security measures we use, and how you can exercise your rights as a data subject. This is to ensure fair and transparent processing of personal data.

Please take the time to review this Policy. If you have any questions, please contact us using one of the following methods. We update the Policy regularly and encourage you to review this document periodically.

Your personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (the ‘General Data Protection Regulation‘ or ‘GDPR‘), the Republic of Lithuania Law on Legal Protection of Personal Data, and other legal acts regulating the legal protection of personal data and the activities of financial institutions and the services they provide.

Table of Contents

Definitions

Personal data means any information relating directly or indirectly to the data subject, i.e. you, such as: name, surname, telephone number, bank account number, details of payments made and received, health data, etc.
Foundation means Socialinės ir teisinės pagalbos labdaros ir paramos fondas, legal entity code 303820387, having its registered office at Švitrigailos g. 11K-109, Vilnius, Lithuania.
Processing means any operation which is performed on personal data, including collection, recording, organisation, structuring, storage, adaptation or alteration, consultation, use, disclosure, erasure or destruction.
Processor means a natural or legal person which processes personal data on behalf of the Controller.
Controller means a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data subject (you) means a natural person whose personal data we process. This may include not only you, but also your family members or third parties in the cases set out in this Policy.
Customer means a natural person or a representative of a legal person who uses, has used or intends to use the services of any of the Foundation.
Other terms used in the Policy shall be understood as defined in the General Data Protection Regulation or in the laws governing the legal protection of personal data and the activities of financial institutions.

Contact details of the Controller

If you have any questions regarding the processing of your personal data, please contact the Foundation by email to [email protected], or by mail to Švitrigailos g. 11K-109, Vilnius, Lithuania.

Data we process (categories of data subjects)

The Foundation processes the data of the following data subjects (natural persons) in the course of its activities:

Customers and their legal representatives;
Customer family members.
Payers;
Other persons who provide us personal data on the website or otherwise

Important. Article 14 of the General Data Protection Regulation provides for cases in which we, as a data controller, are not obliged to inform data subjects whose personal data we have obtained not directly from them about the processing of their data, including situations where providing such information is impossible or would require disproportionate effort (for example, where we have no direct relationship with the third party or do not know their contact details). Therefore, if you provide us with personal data relating to third parties, we recommend that you inform them of this Policy.

Data we process about you (categories of data)

In this section, we list the main categories of personal data processed by the Foundation. However, given the specific nature of our activities, it is not possible to list all data categories we process in the Policy, therefore the list below is not exhaustive. The scope of the data processed may vary depending on the purposes for which the Foundation processes the data of that person.

We process the following personal data:

personal identification data, such as name, surname, personal identification number, date of birth, data and copies of personal documents (passport, ID card, driving licence), photograph, nationality;
contact details such as telephone number, email address, nicknames in the social networks, registration address;
payment data, such as the name of the sender, account number, purpose of the payment, amount and currency of the payment, payer identification code, details of payment instruments (e.g. bank card, account, Apple Pay, Google Pay, etc.)
special categories of data such as:

data about your sexual orientation or gender identity.

Important. When indicating the purpose of payment, please do not include special categories of personal data in this field, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, health data, or data concerning a person’s sex life or sexual orientation.

For what purposes and on what legal grounds do we process your personal data?

In order to provide you the legal, psychological or other assistance according to your request.
In order to contact you, to provide you with consultations on the services you use, to respond to your requests, claims, etc., we process your contact details and other data related to your request, inquiry or claim. We process this data on the basis of a legal obligation, the performance of a contract or legitimate interest, depending on the nature of your request.
In order to ensure the quality of our services, including remote services, we record and store your contact details.

for the purpose of processing your payment in accordance with your stated intention
for legal compliance (e.g., tax reporting, anti-money laundering if applicable)
for data security and fraud prevention
for legal claims

Where do we obtain your personal data from?

We process your personal data that is provided by you only. We don’t collect any personal data in other ways.

Who do we provide your personal data to?

We provide your personal data to the following recipients on the basis of a legal obligation (legal requirements) to

payment and digital wallet service providers and other service providers involved in your transaction with us (e.g. to process a payment, personalise a payment card, add a payment card to a digital wallet of your choice, etc);

Lithuanian courts, arbitration or other dispute resolution bodies, where they have the right to

Transfer of personal data to third countries

We process and store your personal data within the territory of the European Union (EU) or the European Economic Area (EEA).

How long do we process your personal data?

We process your personal data for no longer than is necessary for the purposes for which it was collected.

The time limits for processing data may be laid down in specific legislation applicable to our activities. After the purpose of the processing has expired, we retain the data on the basis of legitimate interest to assert, exercise or defend legal claims.

Retention periods for data processing:

we process data collected in the course of providing our services for a period of 10 years after the end of our service is provided to you.

Personal data security

We use a variety of security technologies and procedures to protect your personal information from unauthorised access, use or disclosure.

What are your rights?

You have the following rights:

the right to have access to personal data processed by the Foundation;
the right to have incorrect, inaccurate or incomplete data corrected;
the right to restrict the processing of your personal data until the lawfulness of the processing has been verified at your request;
the right to request erasure of personal data where this can be based on one of the conditions set out in the GDPR;
the right to object to the processing of personal data where the processing is carried out in our legitimate interests;
the right not to be subject to a fully automated decision where such decision-making has legal consequences or a similar significant effect on you. This right does not apply where such decision-making is necessary for the purpose of entering into or performance of a contract with you, is permitted by law, or where you have given your explicit consent. In the case of an automated individual decision, you have the right to ask us to review the decision by submitting a written request;
the right to request the transfer of your personal data to another controller or to have the data provided directly to you in a form that is convenient for you (applies to personal data provided by you and processed by automated means on the basis of consent);
the right to withdraw the consent you have given, without affecting the lawfulness of the processing of your personal data carried out prior to the withdrawal of your consent;
the right to lodge a complaint with the State Data Protection Inspectorate (for more information, see www.vdai.lrv.lt) if you believe that your personal data has been processed in violation of your rights or legitimate interests.

How can you exercise your data protection rights?

You may submit a request for the exercise of the rights set out above, as well as complaints, messages or requests relating to data protection (the ‘Requests’) by email to [email protected], or by mail to Švitrigailos g. 11K-109, Vilnius, Lithuania.

Validity and changes to the Privacy Policy

This Policy entered into force on 10 December. It may be amended to take account of changes in legislation and in our operations. We will notify you of changes on the website www.comingoutspb.org