This privacy policy outlines the conditions of processing of personal data of visitors of the website and other data subjects as well as the procedure for the exercise of the rights of data subjects. Personal data is processed by Biomatter Designs, Company Reg. No. 304866380, address of seat: Žirmūnų St. 139A, LT-09120 Vilnius, e-mail: (hereinafter the Controller). 

Please take time to review this privacy policy, and do not hesitate to contact the Controller by telephone, mail, or email in case you have any questions.

The Controller may review and amend the privacy policy at any time, and we therefore recommend that you make sure on a regular basis that you are familiar with the updated (effective) version of the privacy policy. The date of publication of the updated (effective) version of the privacy policy is specified at the top of this webpage. 

The personal data of the websites’ visitors and other data subjects shall be processed pursuant to legislation (including, but not limited, to General Data Protection Regulation), instructions of the supervisory authorities, and by implementing appropriate technical and organisational measures to protect the personal data.

The Controller shall only use the personal data, which you provide or which the Controller collects for the purposes specified in the privacy policy or another privacy notice provided to you and shall not transfer the personal data for processing to other persons, except in cases specified in this privacy policy. In cases stipulated by law, your data may also be transferred to competent authorities. Other cases in which your personal data may be transferred to third parties (the Controller’s partners, data processors, etc.) shall be specified in individual sections of the privacy policy.

The website contain links to websites which are not owned by the Controller. The Controller shall not be responsible for any privacy policies applied by such websites, and we therefore recommend you to be proactive and read the privacy policy applied to a website to which you are redirected.



The website use cookies, which are small text files placed on your device (e.g., desktop computer, mobile phone, tablet) when you browse the website.

We need the cookies on the website to be able to do the following:

  • Ensure the appropriate functioning of the website;

  • Ensure the optimal functioning speed and security of the website;

  • Find out about visits to the website and its individual pages/sections, analyse the website visitor flows (visit date and time, specific browsers used, specific device types used and sizes of the screens of the devices used) and in this manner improve the website on an ongoing basis and satisfy your needs better.

The legal basis for using cookies to process personal data is either Article 6(1)(f) of the GDPR - legitimate interest of the Controller (in case of necessary cookies), or Article 6(1)(a) of the GDPR – your consent to the use of cookies. The legal basis depends on the specifications of the cookies. The specifications of the cookies used by the Controller are provided in the table below.

When visiting the website third-party cookies may also be placed on your device. The Controller may not control their number and functions and has no possibility to get acquainted with the information they collect. Accurate information about the functions of the cookies used by third parties (Facebook, Google, LinkedIn, etc.) and the personal data collected by the third parties can be found in the privacy / cookie policies of these third parties (e.g., Facebook cookie policyGoogle cookie policyLinkedIn cookie policyTwitter cookie policy) or by contacting the contact person of the respective third party that sends the cookies.

You can find out what specific cookies were placed on your device after you visited any of the Controller’s website by checking your browser settings. If you use the Google Chrome browser, information about the placed cookies can be viewed by clicking the button on the left of the address field.

Cookies placed during visits to the Controller’s pages on social media

The Controller administers pages on social networks FacebookLinkedIn, and Twitter (hereinafter Social Pages).

When you visit the Social Pages, the administrators of the social media platforms place cookies on your device, and these cookies collect your personal data. Cookies are placed on your device both in case you are a registered user of the respective social media platform and in case you do not have an account on the respective social media platform. The Controller (Biomatter Designs, UAB) does not have access to the collected personal data and only receives from the administrators of the social media platforms statistical information about visits to the Social Pages. 

If you need any further information on personal data processed for the purpose of administering Social Pages, please read the following:

  • Facebook cookie policy or contact Facebook data protection officer (regarding personal data processed by Facebook).

  • Linkedin cookie policy or contact Linkedin data protection officer (regarding personal data processed by LinkedIn).

  • Twitter cookie policy or contact Twitter via Twitter privacy policy inquiries (regarding personal data processed by Twitter).

You can restrict or block cookies by changing your browser settings. If you do not want website to place any cookies on your device, change your browser settings in such a manner as to ensure that you are notified about cookie placement beforehand or that your browser block all cookies. You will have to adjust your settings for each browser of each of your devices. 

If you block or restrict the use of cookies, you may be unable to avail of certain services or use certain functionalities of the website. 

Comprehensive information about cookies and their operation principles and settings can be found at or another similar website.


Communication tools

To be able to respond to your inquiry and save evidence of correspondence (having legitimate interest to ensure the effective communication and prevent any disputes regarding the provision of services to persons (Article 6(1)(f) of the GDPR), the Controller shall process the following information that you provide: 

  • By communicating via e-mail addresses specified on the website, the following data shall be processed: name, surname, e-mail address, date, time, content of the email, and the following communication with the Controller’s representative.

  • By communicating via contact form provided on the website, the following data shall be processed: name, e-mail address, subject of the message, date, time, content of the message, and the following communication with the Controller’s representative. 

  • By sending a letter to the Controller’s address of seat, the following data shall be processed: name, surname, address, date of receipt of the letter and information provided in the letter.

  • By communicating via Facebook, LinkedIn, or Twitter the following data shall be processed: username, date, time, and content of communication with the Controller’s representative.

The personal data provided together with inquiries and the subsequent communication between you and the Controller’s representative shall be stored for the period of 1 year after the end of the calendar year the communication have ended.

In case of sending an inquiry via Facebook, LinkedIn, or Twitter accounts, the personal data you provide may be disclosed to the social network administrators and other individuals with whom the administrators of Facebook, LinkedIn, or Twitter managers share personal data. For more information, please read the privacy policies of Facebook and LinkedIn, and Twitter.

Your rights relating to processing of your personal data shall be specified in the PROCEDURE OF THE EXERCISE OF THE RIGHTS section of the privacy policy.


The Controller shall only process the personal data of prospective employees for the purpose of employee selection and employment having legitimate interest to evaluate a candidate’s suitability for the respective position (Article 6(1)(f) of the GDPR).

For the purpose of employee selection and employment, in addition to the data provided by a candidate, the Controller may collect and process in other manners other publicly accessible data of a candidate, related to his qualifications, professional skills and competences, i.e., look for information on the internet, check a candidate’s public profile on LinkedIn or another professional network, etc. The Controller may also contact a candidate’s former employers, specified in the candidate’s CV and (or) public social media accounts, and ask such former employers to provide information about the candidate’s qualifications, professional skills, and competencies.

The Controller shall store the personal data of a candidate, participating in the employee selection procedure organised by the Controller, for the full duration of the selection procedure. The term of storage of the personal data shall only be extended upon receipt of the candidate’s consent to process personal data (Article 6(1)(a) of the GDPR). If a consent to the processing of a candidate’s personal data is not obtained, then, on expiry of the said term, all personal data of the respective candidate (both the data provided by the candidate and the data collected by the Controller) shall be destroyed.

In case a person provides personal data by his or her choice, not by applying to a particular job position (Article 6(1)(a) of the GDPR), personal data provided by the candidate is stored for 3 (three) months from receipt of information unless a person withdraws his or her consent earlier.

Your rights relating to the processing of your personal data shall be specified in the PROCEDURE OF EXERCISE OF THE RIGHTS section of the privacy policy.


Although the Controller does not perform video surveillance on its premises, the Controller is located in the business centre. Administrator of the business centre may have the video cameras installed in the territory and common areas of the business centre. In case you notice any cameras and are unable to find information on the purpose and other conditions of video surveillance, please contact the administrator of the business centre via the contacts provided in its website.


As a data subject you have the following rights:

  • Right of access to your personal data;

  • Right to demand rectification of incorrect, inaccurate or incomprehensive personal data;

  • Right to restriction of the processing of personal data until the legitimacy of the processing is verified;

  • Right to erasure of unlawfully processed personal data;

  • Right to object to the processing of personal data for the purpose of direct marketing, including profiling, and in any other cases when processing is based on the legitimate interest of the Controller; 

  • Right to have your personal data transmitted to another data controller or provided directly to you in a convenient form (this right applies to the data that you provided to the Controller and when the processing is carried out by automated means and is based on your consent or performance of contract);

  • Right to withdraw your consent, without prejudice to the lawfulness of processing of personal data carried out prior to the withdrawal of the consent;

  • Right to lodge a complaint with the State Data Protection Inspectorate (for more information please visit the website of the State Data Protection Inspectorate).

The Controller makes every effort for you to be able to exercise your rights, also to answer any questions you may have about the information provided in this privacy policy. You may submit a request for the exercise of the above-mentioned rights, as well as complaints, notifications, or requests to the contact person of Biomatter Designs, UAB, by email, by mail to Žirmūnų St. 139A, LT-09120 Vilnius, or upon arrival at this address. When submitting the request, please clearly indicate the right you wish to exercise and the extent to which you wish to exercise that right. For example, in case you submit a request of access to your personal data, please indicate which personal data you wish to have access to and what information, listed in Article 15 (1) of the Regulation, you wish to receive.

Please note that the requests submitted by email must be signed by a qualified email signature. In cases when the request is sent to the address of the Controller’s seat, a copy of the notarized identity document (passport, personal identity card) must be submitted together with the request.

The Controller will respond to your request not later than within 30 (thirty) calendar days from the date of receipt of the request. In exceptional cases requiring additional time, the Controller may extend the deadline for submitting the requested data or for examining claims referred to in your request by two further months. You will be notified on the extension of the deadline before the expiration of the original term.

The Controller may refuse to satisfy your request subject to the conditions laid down in the General Data Protection Regulation or other legislation. You will be notified in writing about any refusal to satisfy your request.

If you submit the Controller your rights request, the Controller will process your personal data for the purpose of handling your request. Legal basis for such processing would be legitimate interest pursued by the Controller (Article 6(1)(f) of the GDPR) and compliance with legal obligations of the Controller (Article 6(1)(c) of the GDPR).

Data is stored for the full duration of the administration of any matter relating to the processing of personal data and 10 (ten) years after the end of such administration, unless a longer minimal storage time limit is set by the General Document Retention Time Index confirmed by the 2011-03-09 Decree No. V-100 of the Chief Archivist of Lithuania.


Should you have any questions regarding the privacy policy, please do not hesitate to contact us and request assistance:

UAB Biomatter Designs

Žirmūnų St. 139A, LT-09120 Vilnius 

Tel. +370 614 35792


Privacy policy