The personal data of the websites’ visitors and other data subjects shall be processed pursuant to legislation (including, but not limited, to General Data Protection Regulation), instructions of the supervisory authorities, and by implementing appropriate technical and organisational measures to protect the personal data.
We need the cookies on the website to be able to do the following:
Ensure the appropriate functioning of the website;
Ensure the optimal functioning speed and security of the website;
Find out about visits to the website and its individual pages/sections, analyse the website visitor flows (visit date and time, specific browsers used, specific device types used and sizes of the screens of the devices used) and in this manner improve the website on an ongoing basis and satisfy your needs better.
You can find out what specific cookies were placed on your device after you visited any of the Controller’s website by checking your browser settings. If you use the Google Chrome browser, information about the placed cookies can be viewed by clicking the button on the left of the address field.
Cookies placed during visits to the Controller’s pages on social media
When you visit the Social Pages, the administrators of the social media platforms place cookies on your device, and these cookies collect your personal data. Cookies are placed on your device both in case you are a registered user of the respective social media platform and in case you do not have an account on the respective social media platform. The Controller (Biomatter Designs, UAB) does not have access to the collected personal data and only receives from the administrators of the social media platforms statistical information about visits to the Social Pages.
If you need any further information on personal data processed for the purpose of administering Social Pages, please read the following:
You can restrict or block cookies by changing your browser settings. If you do not want website to place any cookies on your device, change your browser settings in such a manner as to ensure that you are notified about cookie placement beforehand or that your browser block all cookies. You will have to adjust your settings for each browser of each of your devices.
Comprehensive information about cookies and their operation principles and settings can be found at http://www.allaboutcookies.org or another similar website.
To be able to respond to your inquiry and save evidence of correspondence (having legitimate interest to ensure the effective communication and prevent any disputes regarding the provision of services to persons (Article 6(1)(f) of the GDPR), the Controller shall process the following information that you provide:
By communicating via e-mail addresses specified on the website, the following data shall be processed: name, surname, e-mail address, date, time, content of the email, and the following communication with the Controller’s representative.
By communicating via contact form provided on the website, the following data shall be processed: name, e-mail address, subject of the message, date, time, content of the message, and the following communication with the Controller’s representative.
By sending a letter to the Controller’s address of seat, the following data shall be processed: name, surname, address, date of receipt of the letter and information provided in the letter.
By communicating via Facebook, LinkedIn, or Twitter the following data shall be processed: username, date, time, and content of communication with the Controller’s representative.
The personal data provided together with inquiries and the subsequent communication between you and the Controller’s representative shall be stored for the period of 1 year after the end of the calendar year the communication have ended.
In case of sending an inquiry via Facebook, LinkedIn, or Twitter accounts, the personal data you provide may be disclosed to the social network administrators and other individuals with whom the administrators of Facebook, LinkedIn, or Twitter managers share personal data. For more information, please read the privacy policies of Facebook and LinkedIn, and Twitter.
PERSONAL DATA OF THE PROSPECTIVE EMPLOYEES
The Controller shall only process the personal data of prospective employees for the purpose of employee selection and employment having legitimate interest to evaluate a candidate’s suitability for the respective position (Article 6(1)(f) of the GDPR).
For the purpose of employee selection and employment, in addition to the data provided by a candidate, the Controller may collect and process in other manners other publicly accessible data of a candidate, related to his qualifications, professional skills and competences, i.e., look for information on the internet, check a candidate’s public profile on LinkedIn or another professional network, etc. The Controller may also contact a candidate’s former employers, specified in the candidate’s CV and (or) public social media accounts, and ask such former employers to provide information about the candidate’s qualifications, professional skills, and competencies.
The Controller shall store the personal data of a candidate, participating in the employee selection procedure organised by the Controller, for the full duration of the selection procedure. The term of storage of the personal data shall only be extended upon receipt of the candidate’s consent to process personal data (Article 6(1)(a) of the GDPR). If a consent to the processing of a candidate’s personal data is not obtained, then, on expiry of the said term, all personal data of the respective candidate (both the data provided by the candidate and the data collected by the Controller) shall be destroyed.
In case a person provides personal data by his or her choice, not by applying to a particular job position (Article 6(1)(a) of the GDPR), personal data provided by the candidate is stored for 3 (three) months from receipt of information unless a person withdraws his or her consent earlier.
Although the Controller does not perform video surveillance on its premises, the Controller is located in the business centre. Administrator of the business centre may have the video cameras installed in the territory and common areas of the business centre. In case you notice any cameras and are unable to find information on the purpose and other conditions of video surveillance, please contact the administrator of the business centre via the contacts provided in its website.
PROCEDURE OF EXERCISE OF THE RIGHTS
As a data subject you have the following rights:
Right of access to your personal data;
Right to demand rectification of incorrect, inaccurate or incomprehensive personal data;
Right to restriction of the processing of personal data until the legitimacy of the processing is verified;
Right to erasure of unlawfully processed personal data;
Right to object to the processing of personal data for the purpose of direct marketing, including profiling, and in any other cases when processing is based on the legitimate interest of the Controller;
Right to have your personal data transmitted to another data controller or provided directly to you in a convenient form (this right applies to the data that you provided to the Controller and when the processing is carried out by automated means and is based on your consent or performance of contract);
Right to withdraw your consent, without prejudice to the lawfulness of processing of personal data carried out prior to the withdrawal of the consent;
Right to lodge a complaint with the State Data Protection Inspectorate (for more information please visit the website of the State Data Protection Inspectorate).
Please note that the requests submitted by email must be signed by a qualified email signature. In cases when the request is sent to the address of the Controller’s seat, a copy of the notarized identity document (passport, personal identity card) must be submitted together with the request.
The Controller will respond to your request not later than within 30 (thirty) calendar days from the date of receipt of the request. In exceptional cases requiring additional time, the Controller may extend the deadline for submitting the requested data or for examining claims referred to in your request by two further months. You will be notified on the extension of the deadline before the expiration of the original term.
The Controller may refuse to satisfy your request subject to the conditions laid down in the General Data Protection Regulation or other legislation. You will be notified in writing about any refusal to satisfy your request.
If you submit the Controller your rights request, the Controller will process your personal data for the purpose of handling your request. Legal basis for such processing would be legitimate interest pursued by the Controller (Article 6(1)(f) of the GDPR) and compliance with legal obligations of the Controller (Article 6(1)(c) of the GDPR).
Data is stored for the full duration of the administration of any matter relating to the processing of personal data and 10 (ten) years after the end of such administration, unless a longer minimal storage time limit is set by the General Document Retention Time Index confirmed by the 2011-03-09 Decree No. V-100 of the Chief Archivist of Lithuania.
UAB Biomatter Designs
Žirmūnų St. 139A, LT-09120 Vilnius
Tel. +370 614 35792