Privacy Policy
This privacy policy defines the principles and procedures of personal data processing carried out by UAB Demus Asset Management and the operating conditions of the website www.demus.lt
1. GENERAL PROVISIONS
1.1. UAB “Demus Asset Management” ensures that personal data are processed in a lawful, fair and transparent manner, collected for established and clearly defined purposes and are not further processed in a manner incompatible with those purposes.
1.2. The terms used in this Policy are:
1.2.1. personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is a person whose identity can be directly or indirectly identified, in particular by an identifier such as a first and last name, a personal identification number, location data and an internet identifier, or one by or several characteristics of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
1.2.2. data controller — UAB “Demus Asset Management”, code: 304411219 registered office address: Konstitupr. 18B (Artery, 15th floor), Vilnius;
1.2.3. data subject — Client of the Company — any natural person whose personal data are processed by the Data Controller;
1.2.4. data processing means any operation or sequence of operations performed on personal data or sets of personal data by automated or non-automated means, such as collection, recording, sorting, systematization, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, distribution or otherwise making available to them restriction, deletion or destruction, as well as the juxtaposition or merger with other data.
1.3. The terms, principles and other provisions used in this Policy are in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as GDPR), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, other relevant legal acts Tus.
1.4. The data subject shall be deemed to have read and read this Policy when he voluntarily leaves his or her data (e-mail address and telephone number). On the company's website www.citus.lt.
1.5. We would like to inform you that the Data Controller:
1.5.1. processes personal data in relation to the Data Subject in a lawful, fair and transparent manner (principle of legality, fairness and transparency);
1.5.2. collect personal data for defined, clearly defined and legitimate purposes and do not continue to process personal data in a manner incompatible with those purposes (principle of purpose limitation);
1.5.3. collect only such Personal Data that are adequate, relevant and only necessary for the purposes for which they are processed (principle of data reduction);
1.5.4. processes only accurate Personal Data and updates them if necessary; all reasonable measures are taken to ensure that personal data that are not accurate, taking into account the purposes of their processing, are immediately deleted or rectified (principle of accuracy);
1.5.5. keeps personal data in such a form that the identity of the data subjects can be identified for no longer than is necessary for the purposes for which the personal data are processed (principle of limitation of the duration of storage);
1.5.6. process personal data in such a way that appropriate technical or organisational measures ensure adequate security of personal data, including protection against unauthorised or unlawful processing and against careless loss or destruction (principle of integrity and confidentiality);
1.5.7. The controller is responsible for compliance with the above principles and must be able to demonstrate compliance with them (accountability principle).
1.6. When using third party services, such as visiting the Data Controller's social media accounts, third party terms and conditions may apply. Therefore, when using the services of such third parties, it is recommended that you familiarize yourself with the terms and conditions that apply to them.
2. COLLECTION, PROCESSING, STORAGE OF PERSONAL DATA
2.1. The Data Controller has the right to process the following personal data relating to the Data Subject for the purposes of data analysis of the activities carried out by the Company, including the provision and execution of services/works, purchase, sale and participation in other activities, for the purpose of invoicing purposes, for the purpose of data analysis:
2.1.1. name, surname;
2.1.2. personal identification number or date of birth;
2.1.3. phone number, e-mail address;
2.1.4. The live address of the location;
2.1.5. bank account number (for payment for services);
2.1.6. data on the real estate purchased/sold/owned by the data subject (extract about the object from the Real Estate and Cadastral Register of the Center of VIS Registers);
2.1.7. correspondence by e-mail and social media (not public posts).
2.2. For the purpose of direct marketing, the Data Controller has the right to process the Data Subject:
2.2.1. name, surname;
2.2.2. phone number, e-mail address.
2.3. For the purposes of administering customer requests, providing quality services, the Data Controller has the right to process the Data Subject:
2.3.1. comment;
2.3.2. name, surname,
2.3.3. phone number, e-mail address.
2.4. Retention of personal data:
2.4.1. personal data in relation to the main activities carried out by the Company, i.e. real estate development, construction, maintenance, operation, purchase-sale and related areas, are stored for 10 (ten) years. This deadline is due to possible inspections initiated by various public authorities (VMI, SODRA, etc.), which may start 5 (five) years after the conclusion of a specific contract (e.g. contract) and request data for the previous 5 (five) years;
2.4.2. data obtained for the purpose of direct marketing (i.e. offering data subjects to buy/sell/otherwise partially or fully transfer real estate relevant to them, to contribute to real estate projects being developed) shall be stored for 5 (five) years from the date of receipt of the data;
2.4.3. for the purpose of the administration of requests, personal data are stored for 1 (one) year from the date of receipt of the data;
2.4.4. for the purpose of invoicing, personal data are stored in accordance with the legal requirements applicable to accounting.
2.5. The data subject may at any time submit a request to withdraw consent to the processing of his personal data by sending an e-mail to the address: info@demus.lt or by visiting the Company's office at the address: Konstitupr. 18B (Artery, 15th floor), Vilnius.
2.6. The controller has the right to collect personal data from:
2.6.1. directly from the Data Subject;
2.6.2. from publicly available sources, i.e. publicly available data of business partners and/or their representatives, the Company has the right to collect in publicly available systems (social networks, public databases, etc.) when preparing to publish relevant tenders, develop projects, etc.
2.7. The company has implemented a database that includes all real estate brokers operating in Lithuania. Their data shall be made publicly available and publicly available. Each time the Company sends relevant requests to brokers, emails provide them with the opportunity to refuse to receive relevant offers of cooperation in the future.
2.8. The Data Controller undertakes not to disclose the processed Personal Data to third parties, except in the following cases:
2.8.1. if there is consent of the Data Subject to such disclosure of personal data;
2.8.2. when the data is provided to Data Processors providing accounting, Internet system servicing, payment and other services;
2.8.3. when data are provided to Data Processors - persons related to the Data Controller, as well as persons cooperating with the Data Controller in the development, construction, maintenance, operation, purchase and sale of real estate and related fields, as well as those who provide services/perform works at the request of the Data Controller, for example to banks/companies, which help to carry out settlement operations. The ability of these persons to use the data is limited, they cannot use this information for purposes other than the provision of services/performance of works for the Data Controller;
2.8.4. to other parties when required by law or necessary to protect the information society services provided;
2.8.5. when the data are provided for the performance of other relevant actions in compliance with the obligations provided for by the legislation.
2.9. Cases in which the Data Controller may disclose the Data Subject's information to other parties:
2.9.1. in order not to violate the law or in response to a mandatory requirement of judicial proceedings;
2.9.2. in order to confirm the legality of their actions;
2.9.3. in order to protect the Data Controller, his rights, property or to ensure their security;
2.9.4. any related third party in the event of a merger, transfer or bankruptcy of companies;
2.9.5. in other cases with the consent or legal request of the Data Subject.
2.10. By submitting personal data, the Data Subject grants the Data Controller the right to collect, collect, systematize, use and process for the purposes provided for in this Policy all personal data that you provide directly or indirectly while visiting the Website.
2.11. The data subject is responsible for ensuring that the data provided are accurate, correct and complete. Entering knowingly incorrect data is considered a violation of the Policy. If the data provided changes, the Data Subject must immediately correct them, and if there is no possibility to do so, inform the Data Controller about it. Under no circumstances will the Data Controller be liable for damage caused to the Data Subject and/or third parties as a result of the Data Subject providing incorrect and (or) incomplete personal data or failing to request the addition and/or amendment of the data in the event of their change.
2.12. The Data Controller does not collect sensitive information about the Data Subject.
2.13. The Data Controller does not carry out automatic decision-making or profiling based on information about the Data Subject.
2.14. The Data Controller shall not share the Personal Data of the Data Subject with entities located outside the European Economic Area.
3. COOKIES
3.1. The Data Controller uses cookies on its Website in order to properly process information about Data Subjects (hereinafter referred to as “Visitors”) when they visit the Data Controller's Website.
3.2. Cookies are files that store information on the hard drive of the Visitor's computer or in a search engine. They can be used to determine the visit to the Data Controller's website, to see the history of visits and to adapt the content accordingly.
3.3. Cookies are also used to ensure the most convenient viewing of the website, its smooth operation, allow to monitor the duration and frequency of visits and to collect statistical information on the number of visitors to the website. In addition, they help to improve the functioning of the Website and implement improvements and adapt the Website to the optimal needs of its Visitors.
3.4. Websites and social network accounts operated by the Data Controller enable the Data Subject to provide information directly to the Data Controller (for example, by subscribing to a newsletter on the Website). The following information is obtained directly from the Data Subject:
3.4.1. e-mail address.
3.5. Indirectly, the following information is obtained:
3.5.1. information on the use of the Data Controller's websites (for example, the following information can be collected);
3.5.2. device information, i.e. IP address, operating system version and parameters of the device used by the Data Subject to access the content/goods;
3.5.3. login information, i.e. The time and duration of the session used by the Data Subject, the terms of requests that the Data Subject enters on the Data Controller's websites and any information stored in cookies that are set on the Data Subject's device;
3.5.4. location information, i.e. the GPS signal of the device or information about the nearest WiFi access points and mobile communication towers, which can be transmitted to the Data Controller to the Data Subject using the content of the Data Controller's websites;
3.5.5. information from third-party sources.
3.6. The Controller may obtain information about the Data Subject from public and commercial sources (to the extent permitted by applicable law) and link it to other information it receives from the Data Subject or about the Data Subject.
3.7. Information about the Data Subject may also be obtained by the Data Controller from third-party social networking services when the Data Subject accesses them, for example through accounts on the Facebook network.
3.8. The Data Controller may collect information about the Data Subject, its device or use of the content of the Websites with the Data Subject's consent.
3.9. The Data Subject may choose not to provide the Data Controller with certain information (e.g. information required for subscription or marketing), but in this case the Data Controller will not be able to provide the Data Subject with the latest offers, to promptly contact the Data Subject when it has the most appropriate offer for the Data Subject.
3.10. The processing of data using cookies does not allow direct or indirect identification of the Website Visitors.
3.11. A website visitor can delete cookies from their computer or block them in their web browser, but some of the functionality of the website may not work or function incorrectly in this case.
4. RIGHTS OF DATA SUBJECTS
4.1. The Data Controller guarantees the exercise of the rights of the Data Subject and the provision of any relevant information at the request or request of the Data Subject:
4.1.1. know (be informed) about the processing of your personal data;
4.1.2. get acquainted with their personal data and how they are processed;
4.1.3. request rectification, destruction of your personal data or suspension, other than storage, of the processing of your personal data;
4.1.4. object to the processing of personal data, including direct marketing;
4.1.5. request erasure of personal data (“right to be forgotten”);
4.1.6. request the transfer of your personal data, that is, to allow access to your personal data in a form where personal data will be provided in a commonly used and computer-readable format;
4.1.7. the right to lodge a complaint with the State Data Protection Inspectorate.
4.2. The Data Controller may not create conditions for the Data Subjects to exercise the above rights when, in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of crimes, violations of official or professional ethics, as well as the protection of the rights and freedoms of the Data Subject or other persons.
4.3. A data subject who has submitted a document confirming his identity or confirming his identity in accordance with the procedure established by legislation or by means of electronic communication (if they allow proper identification of the person), has the right at any time, after submitting a request to the Data Controller, to access his data processed by the Company free of charge and to receive information from which sources and what personal data his personal data were collected, for what purpose they are processed, to which recipients the data are available and were provided within 1 (one) year. Likewise, the Data Subject has the right to demand the rectification of incorrect, incomplete, inaccurate personal data, to demand the suspension, other than storage, of the processing of his personal data, when the data is processed in violation of the laws and the conditions of this Policy.
4.4. The Data Subject may submit a request for the exercise of his or her aforementioned rights at the Company's office, at the address: Konstitupr. 18B (Artery, 15th floor), Vilnius., by filling in the application form, or by sending such a request by e-mail to the address: info@demus.lt.
4.5. To the extent that the processing of personal data is based on consent, the Data Subject has the right to withdraw consent at any time, without prejudice to the legality of data processing based on consent prior to the withdrawal of consent, as provided for in the provisions of the Policy.
4.6. The website (s) or social media accounts of the Data Controller may contain links to their websites and services, which are not under the control of the Data Controller. The controller is not responsible for the security and privacy of information collected by third parties. The Data Subject must exercise caution and read the privacy provisions applicable to third-party websites and services used by the Data Subject.
4.7. If the Data Controller is not satisfied with the response or believes that the Controller processes personal data without complying with legal requirements, the Data Subject has the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.
