Privacy policy
Last updated on 28 May 2024
Date of entry into force 28 May 2024
This privacy policy (hereinafter the Privacy Policy) is intended to inform you about the processing of your data, your rights and how to exercise them. Employees shall be informed about the processing of their personal data in accordance with the procedures set out in the Company’s internal documents.
The terms and conditions set out in this Privacy Policy shall apply each time you access our content and/or service, regardless of the device (computer, mobile phone, tablet, TV, etc.) used.
The Privacy Policy may be updated from time to time without prior notice. You can review the current version of our Privacy Policy at any time by visiting our website www.krs.eu (hereinafter the Website).
Who Will Process Your Personal Data?
The data controller responsible for the processing of data described in the Privacy Policy is UAB “KRS” (hereinafter the Company or the Controller), legal entity code 133630961, registered office address Draugystės g. 15A, Kaunas LT-51227, Lithuania.
The Controller is a company active in the construction industry and therefore the processing of personal data is not its main activity. However, in the course of its activities, the Company processes certain personal data.
The Company shall ensure that data collected is processed in accordance with the requirements of the General Data Protection Regulation (hereinafter the Regulation) and the Law on Legal Protection of Personal Data of the Republic of Lithuania. The Company shall process personal data in accordance with the internal documents approved by the Company.
When collecting your data, we are guided by the fundamental principles of the personal data processing. We aim to process data lawfully, fairly and in a transparent manner, for explicit and specified purposes and only to the extent necessary for those purposes. It is important to us that only accurate data are stored, data integrity and confidentiality are ensured and the data are not stored longer than necessary.
How Do We Receive Your Data?
We receive personal data when you:
- submit certain information on our online enquiry form, send your CV, letter of motivation, enquiries using the Company’s contact details or provide information by phone, email or during meetings;
- provide information about yourself in order conclude or perform a contract.
- visit the Company’s website, where certain information about your online visit is collected automatically (essential cookies) or with your consent (analytical, marketing cookies);
- have provided your data to any third parties that, in turn, provide data to the Company in the performance of mutual obligations, legal obligations or on the basis of legitimate interest.
What Data Do We Process, for What Purposes and on What Legal Grounds?
Performance of Contracts With Our Clients
In the performance of contracts with our clients, we process the following personal data: technical data about the building, the land plot, their owners, technical and legal documentation of the construction process (e.g. site transfer and acceptance letters, completion letters or declarations, client’s certificates, building transfer and acceptance letters, etc.), and other documentation necessary for the construction process, which may include the data of natural persons.
The processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract (Article 6(1)(b) of the Regulation) and for compliance with a legal obligation to which the Company is subject (Article 6(1)(c) of the GDPR). Data shall be retained for 10 years after the end of the contract.
Conclusion and Performance of Contracts
The Company’s activities include conclusion of construction machinery and equipment rental contracts. At the time of conclusion of such contracts, the Company receives personal data of the (legal entity) representatives, such as first name, last name, company represented, position, signature, e-mail, contact phone number, power of attorney and its content.
The following data of the legal entity representatives shall be processed when concluding subcontract and cooperation (including joint activity) agreements: first name, last name, address, e-mail, phone number, bank account number, copies of identity documents, job title, signature, information on qualifications and copies of documents confirming the same, mutual communication data, technical documentation of the construction process, transparent worker’s identification (QR) code, basis of business, business prohibitions, etc.
During the conclusion and performance of the contract, the processing of data of the legal entity representatives is necessary for the performance of a contract or in order to take steps prior to entering into a contract (Article 6(1)(b) of the Regulation). After the end of the contract, the Company shall process personal data on the basis of legitimate interest (Article 6(1)(f) of the Regulation). Data contained in the documentation of construction processes or in other documents which are subject to a processing obligation by law shall be processed on the basis of Article 6(1)(c) of the Regulation.
Data shall be stored for as long as necessary for the performance of the contract. After the end of the contract, data shall be retained for 10 years to the extent necessary to ensure legitimate interest. The Company shall store the contact details of the parties to the contract for a maximum period of 3 years after the end of the contract.
Recruitment and Selection of Employees
In our website, potential employees may submit enquiries regarding the employee selection process. Our online enquiry form collects the following data from potential employees: first name, last name, e-mail address, mobile phone number.
By contacting the contacts listed on our website, potential employees may provide, and the Company may process, information on education, upgrade training, work experience, language and information technology skills, as well as other information contained in a CV, letter of motivation or other documents submitted by the candidate.
The processing of the candidate’s data is necessary for the performance of a contract or in order to take steps prior to entering into a contract (Article 6(1)(b) of the Regulation). Where the processing extends beyond the selection process, it is carried out on the basis of consent (Article 6(1)(a) of the Regulation).
Data shall be stored for the duration of the selection process or, with consent, for 2 years after selection.
Handling of Enquiries Received
The Company receives enquiries from interested parties by e-mail or post. When receiving requests and enquiries, data of persons submitting such requests and enquiries are collected: first name, last name, e-mail, phone number, address, content of the request or enquiry, and additional data provided by the subjects themselves, which are necessary for the handling of the request.
The data are processed on the basis of the Company’s legitimate interest (Article 6(1)(f) of the Regulation) and retained for 2 years from the date of the request (unless there is a basis for the processing for other legitimate interests or on any other grounds).
Conducting Online Meetings
In its activities, the Company uses online (virtual) meeting platforms such as MS Teams or Zoom. In order to conduct meetings, the Company processes data of persons participating in the meetings: first name, last name, subject of the meeting, IP address of the meeting participants, time of the meeting, data entered in a chat field (including documents uploaded by the participants), and video or audio recordings of the meeting (subject to the participants’ consent).
The data are processed on the basis of the Company’s legitimate interest (Article 6(1)(f) of the Regulation) and, in the case of the recording of a meeting, on the legal basis of consent (Article 6(1)(a) of the Regulation).
Use of Social Networks
The Company has social media accounts to raise its profile and expand its business relationships. The Company does not control information provided when visiting the Company’s social media accounts. The data collected and processed during the use of a social network is the responsibility of the operator of the social network, which provides information in its privacy policy. The Company obtains the following data from the visitors to its social media accounts: public profile data of the visitors, Likes, Follows, Shares and comments.
The processing is necessary for the legitimate interests of the Company (Article 6(1)(f) of the GDPR); consent to the publication of the image (Article 6(1)(a) of the GDPR). The data obtained from a social media account shall not be stored for longer than the period provided for in the privacy policy of the social network operator.
Profiling and Automated Decision-Making
The Company does not engage in profiling and/or automated decision-making in its activities that may present a significant risk to the data subjects.
Use of Cookies on Our Website www.krs.eu
Our website www.krs.eu uses cookies. These are small files that are sent to your device when you visit a website. Cookies help the website to recognize the user’s device (e.g. the next time the user visits the website). Cookies are used to maintain the proper functioning of the website, to improve the website environment, and to collect and analyze visitor statistics in order to ensure the functionality and user-friendliness of the website.
The following cookies may be used on the website:
- Essential cookies that must be present to provide the basic functions of the website, such as access to the page, its security function;
- Preference (non-essential) cookies, which allow us to tailor the website to the visitor’s preferences, e.g. language preference, browsing region, etc.;
- Statistical (non-essential) cookies, which collect and report anonymous information to enable the website operator to take account of visitors’ actions on the website;
- Marketing (non-required) cookies, which allow us to select the content that is relevant to a particular visitor.
Cookies collect the following personal data of the website visitors: IP address, date of login, consent, etc. The personal data collected by means of essential cookies enable the functioning of the website and are processed on the basis of legitimate interest (Article 6(1)(f) of the Regulation). All other cookies are used only with the consent of the website visitor (Article 6(1)(a) of the Regulation).
Your consent to the use of non-essential cookies can be revoked at any time by changing your browser settings. You can always change your cookie preferences by clicking on the link at the bottom of the home page. Withdrawal of consent to the use of non-essential cookies may result in a slowdown of the website and the loss of some functionality of the website.
Our website uses the following cookies:
Use of Third-Party Plug-Ins
The Company’s website uses third-party social plug-ins. Third-party plug-ins allow visitors to the Company’s website to be directed to the Company’s social media accounts, account chat box, notifications (news), etc.
Third-party plug-ins on the Company’s website are marked with the logos of social networks or internet service providers, such as Facebook, LinkedIn, Google, Google Maps, etc.
When you click on plug-ins and continue to use the content from social networks or other service providers, the plug-in operators may collect certain data (such as cookies) about you. The Company cannot control the use of third-party plug-ins or the amount of data obtained during further browsing and does not process such data. We recommend that you read the privacy notices of the plug-in operators before using the plug-ins provided on the Company’s website and accessing the third-party content.
Who Will Receive Your Data?
The Company guarantees the confidentiality of the data, but in certain cases, in order to ensure the security of the data transfer, the personal data processed may be transferred to the following categories of recipients:
- authorities to which the transfer is necessary in order to protect the Company’s legal interests, to establish claims or comply with the authorities’ requirements in accordance with the procedure established by law, or to fulfil the Company’s legal obligations;
- auditors, notaries, lawyers, bailiffs or other legal service providers;
- social network operators;
- insurers;
- processors.
The Company shall ensure that it only enters into data processing agreements with trusted entities. Processors shall only carry out processing in accordance with the controller’s instructions and only to the extent that it is necessary to achieve the purposes set out. Processors are obliged to implement appropriate organizational and technical security measures to ensure confidentiality.
The Company does not transfer the personal data processed outside the European Union or the European Economic Area. In cases where the transfer is necessary to achieve the purposes set out, the Company may transfer the data to the third countries where it implements at least one of the following measures:
- the European Commission has recognized that the country to which the data is transferred ensures an adequate level of protection of personal data;
- a contract has been concluded in accordance with the standard terms and conditions approved by the European Commission;
- compliance with the codes of conduct or use of other safeguards under the Regulation;
- obtaining the data subject’s consent to the transfer of data outside the EU/EEA.
What Rights Do You Have?
Data subjects have the following rights:
- Right to information on data processing. You have the right to be fully informed about the processing of your data, i.e. purposes for which your data are collected, legal grounds of processing, the period of storage and the recipients.
- Right of access to personal data processed. You have the right of access to personal data processed and their use.
- Right to rectification. You may request that inaccurate or incomplete data be corrected or supplemented.
- Right to be forgotten. You have the right to request the erasure of your personal data when they are no longer necessary for the purposes previously set out. This right can also be exercised in cases where you consider that the processing is unlawful (e.g. after withdrawing your consent and where there are no other grounds).
- Right to object to processing and withdraw consent. You can object to processing of your data, for example where there is no consent for marketing purposes or where consent is withdrawn.
- Right to restriction of processing. You have the right to request the suspension of processing, for example in cases where it is necessary to revise the data processed, or in the event of a dispute about the processing, or in the event of disagreement with the further processing of data.
- Right to data portability. You may receive your personal data in a structured, commonly used and machine-readable format and, where technically feasible, transmit those data to another controller.
- Right to complain. In case of possible violations regarding the processing of your personal data, you have the right to file a complaint with the competent supervisory authority – the State Data Protection Inspectorate, at L. Sapiegos g. 17, Vilnius, e-mail: ada@ada.lt, website https://vdai.lrv.lt or you can assert your rights in court.
- Right to compensation. In the event of unlawful processing of personal data, you have the right to claim compensation for the damage caused.
You can contact us on all issues related to your personal data, including exercising of your rights, by email: info@krs.eu or by phone: +370 37 454464.