Privacy policy

1. Concepts and definitions

1.1. Personal data means any information about an identified or identifiable natural person ("data subject"); an identified or identifiable natural person is a person whose identity can be determined directly or indirectly, in particular, by an identifier such as name and surname, social security code, location data and Internet identifier, or by one or more of that natural person's physical, physiological, signs of genetic, mental, economic, cultural or social identity.

1.2. Personal data processing is any operation or sequence of operations performed by automated or non-automated means on personal data or sets of personal data, such as collection, recording, sorting, systematization, storage, adaptation or modification, output, access, use, disclosure by transmission, distribution or otherwise making it possible to use them, as well as juxtaposition or combination with other data, restriction, deletion or destruction.

1.3. Data Controller – is a natural or legal person, public authority, agency or other body that alone or together with others determines the purposes and means of data processing; when the purposes and means of such data processing are determined by the law of the European Union or a member state, the data controller or the specific criteria for its appointment may be determined by the law of the European Union or a member state.

1.4. A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.

1.5. A third party is a natural or legal person, public authority, agency or other body that is not a data subject, a data controller, a data processor, or persons who are authorized to process personal data on the direct authority of a data controller or a data processor.

1.6. A personal data breach is a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, transfer, storage, or other processing of, or unauthorized access to, personal data.

1.7. Data subject – the person whose data is processed (e.g. the customer who is a natural person, the user of the website or the employees and customers of the customer who is a legal person).

1.8. GDPR - 2016 April 27 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Principles

Tezaurus and the personal data processors we use process personal data in accordance with the following principles:

2.1. legality, impartiality and transparency – data subject data is processed lawfully, fairly and transparently;

2.2. purpose limitation – personal data is collected for specified, clearly defined and legitimate purposes and is not further processed in ways incompatible with these purposes;

2.3. data minimization – personal data are adequate, appropriate and only necessary to achieve the purposes for which they are processed;

2.4. accuracy – personal data is accurate and up-to-date;

2.5. storage duration limitation – personal data must be stored in a form that allows identification of data subjects for no longer than is necessary for the purposes for which personal data is processed, taking into account the applicable legislation;

2.6. integrity and confidentiality – personal data is processed in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful data processing and against accidental loss, destruction or damage.

3. Security of data processing

3.1. Thesaurus takes necessary and risk-appropriate organizational, physical and technological measures to protect personal data. These measures include employee policies and procedures that manage data and IT infrastructure, internal and external networks, and protect all equipment and the Tezaurus site.

3.2. Tesaurus properly trains and provides the necessary information to employees who process personal data.

3.3. Thesaurus may use data processors to process personal data.

4. Lawful basis for processing

4.1. Tezaurus processes personal data for the conclusion of a contract (including a contract with clients - data controllers), to ensure fulfillment, to fulfill legal obligations, due to legitimate interest or on the basis of the data subject's consent.

4.2. Tesaurus processes personal data in order to ensure the performance of the contract when a contract has been concluded and the purpose of the contract cannot be achieved without processing personal data.

4.3. Legal data processing obligations include the processing of all personal data in accordance with relevant laws and regulations, for example, the Labor Code of the Republic of Lithuania, the Law on Financial Reporting of Companies of the Republic of Lithuania, the Law on Accounting of the Republic of Lithuania, the Law on the Audit of Financial Statements of the Republic of Lithuania, the Law on Joint Stock Companies of the Republic of Lithuania, the Civil Code of the Republic of Lithuania, etc.

4.4. When the legal basis for processing personal data is consent, Tezaurus processes only those specific data for which the data subject has given consent. Consent is given freely, specifically and after receiving relevant information. Consent can be withdrawn by the data subject at any time, and it is withdrawn as easily as it was given.

5. Data Controller or Data Processor and Data Collection

5.1. Tezaurus can act as a data controller or processor in various data processing operations. To ensure the rights of data subjects to privacy, Tezaurus adheres to the principle of confidentiality and strictly limits the disclosure of personal data.

5.2. Only Tezaurus authorized persons have the right to change and process personal data.

5.3. Tezaurus processes personal data that is received from the data subject (i.e. the person who provided the personal data) directly or indirectly (through business customers).

6. Types of personal data

Tezaurus, employees of clients, representatives, participants, members of bodies, third parties, employees of related companies, representatives, participants, members of bodies - natural persons and representatives of legal entities whose data is necessary p. 7. for the fulfillment of the specified purposes, personal data:

6.1. Personal identification data: name and surname, personal code (identification code) and/or date of birth; Data on the ID card in the passport, signature.

6.2. Contact details: e-mail postal address, contact telephone number, postal address (place of residence).

6.3. Other directly and/or indirectly received personal data that we process 7 p. to implement the specified purposes, e.g.: number of children, marital status, salary, bank account number, property, health status (typical when providing accounting services to clients).

6.4. Internet data: data about website visitors' sessions, cookies, log data and IP addresses.

7. Purposes of processing personal data

The purposes of personal data processing referred to in point 6 of this privacy policy are:

7.1. to provide audit services in accordance with the Law on the Audit of Financial Statements of the Republic of Lithuania and other related legal acts;

7.2. to provide accounting services in accordance with the Accounting Law of the Republic of Lithuania and other legal acts and applicable standards;

7.3. provide consulting (legal, tax, financial) services in accordance with the applicable legislation;

7.4. offer tax, legal, financial and other business consulting, accounting, auditing services;

7.5. conduct customer satisfaction surveys (for marketing purposes);

7.6. manage purchase and sales invoices;

7.7. carry out purchases, orders (goods, services);

7.8. carry out internal administration (policies, employment contracts, events, etc.);

7.9. fulfill obligations under contracts with partners;

7.10. to fulfill all legal obligations and related activities.

8. Storage of personal data

8.1. Tezaurus stores personal data only as long as it is necessary to achieve the purpose for which the personal data is processed, except in cases where the applicable legal acts determine otherwise.

9. Third parties and data processors

9.1. Personal data may be transferred if the conditions for transfer to third countries or international organizations set forth in Chapter V of the GDPR and other laws regulating the protection of personal data are met, i.e. an adequate level of protection of transmitted Personal Data is ensured.

9.2. Regardless of access restrictions, Tezaurus provides personal data to an organization or person who (-) has the right to request data in accordance with legislation (for example, the police, a court, a supervisory authority, etc.).

9.3. When providing services, Tezaurus cooperates with business management system developers.

10. Rights of the data subject, information to the subject

10.1. Based on this Tezaurus privacy policy, data recipients/recipient categories: IT, service providers, public institutions, partners.

10.2. The data subject's source of origin: legal entity (e.g.: employer, partner, client), publicly available sources of information (e.g.: websites, public databases of institutions).

10.3. We do not use automated decision-making to process the data subject's personal data.

10.4. The data subject has the right to submit a company request to us regarding:

10.4.1. Information and familiarization with your personal data processed;

10.4.2. Correction of your personal data;

10.4.3. deletion of your personal data;

10.4.4. restriction of the processing of your personal data;

10.4.5. Submission of your personal data in a structured, computer-readable format.

10.5. Requests submitted by the data subject must include: information that would allow Tezaurus to identify you as a data subject; actions requested; personal data in relation to which the following actions are requested.

10.6. Tezaurus will examine the Data Subject's request within 20 working days of its receipt and will inform about the actions taken to fulfill the received request.

10.7. You (the data subject) will be informed in the form in which the request was made.

11. Breach of personal data security

11.1. All data controllers must report data security violations to the State Data Protection Inspectorate in cases where there is a significant risk to the security of personal data.

11.2. According to the Tezaurus privacy policy, personal data security violations must be reported to the State Data Protection Inspectorate of the Republic of Lithuania within 72 hours.

The notice must state:

• Nature of data security breach, categories of data subjects, approximate number, categories and approximate number of personal data records;
• Name and contact details of the Data Protection Officer or other contact person who can provide more information;
• The likely consequences of a breach of personal data security are described;
• Describes the measures taken or proposed to be taken by the data controller to eliminate the breach of personal data security;
• Other information that is not defined in this Tezaurus Privacy Policy, but is provided for in accordance with applicable legislation.

12. Cookies

12.1. The website www.tezaurus.lt managed by UAB Tezaurus auditas and UAB Tezaurus konsultatios uses cookies in order to improve the user's experience on the website and make it possible to use it more smoothly.

12.2. A cookie is a small text file that is automatically saved by a web browser on the user's device.

12.3. Tezaurus uses cookies to collect personalized and aggregated statistical data about the number of visitors to the website and information about the use of the website in order to make its website more user-friendly.

12.4. It is possible to refuse or block cookies on your device, but this may mean that the website may not function properly and all services may become unavailable. To refuse or block cookies, you must change your browser settings.

13. Changes to the Privacy Policy

13.1. Personal privacy is important to Tezaurus, so this Tezaurus privacy policy is updated regularly. The latest version of this privacy policy is always posted on the Tezaurus website.

14. Other Provisions

14.1. Liability for violations of personal data processing arises according to the procedure provided by law. Each party is responsible for damages caused by its wrongful acts.

14.2. All disputes between the parties are resolved through negotiations. If it is not possible to resolve the dispute through negotiations, the disputes are resolved in accordance with the procedure provided by the laws of the Republic of Lithuania in the courts of the Republic of Lithuania.

14.3. When Tezaurus acts as a controller of personal data, this Tezaurus privacy policy, internal documentation and applicable legal acts are followed. When Tezaurus acts as a personal data processor (e.g. provides accounting, consulting services to a client on this order), it follows the written instructions provided by the personal data manager (client), which do not conflict with the legal acts and internal procedures applicable to us.

15. Contact information

15.1. If you have any questions or suggestions related to the processing of personal data, please contact the data controller using the following contact details:

UAB Tezaurus konsultatinos, J. Jasinskio str. 4-17, Vilnius LT-01112

UAB Tezaurus auditas, J. Jasinskio str. 4-15, Vilnius LT-01112