Multilabo, JSC, legal entity code 302325611, registration address A. Šabaniausko str. 14, LT-08431 Vilnius (hereinafter referred to as the Company or we), respects and protects your privacy and undertakes to process your personal data in a fair and lawful manner.
This privacy policy of the Company (hereinafter referred to as the Privacy Policy) is intended to inform you how the Company processes your personal data, also about the rights you have with regard to the processing of your personal data by the Company.
The Privacy Policy applies to you if your personal data are processed by the Company.
The Privacy Policy can be amended to take into account legislative changes, changes in the activities of the Company and other factors.
If we amend the Privacy Policy, we will inform you about the amendments by publishing the amended text of the Privacy Policy on the Company’s websites www.multilab.lt and www.multilabo.lt (hereinafter referred to as the Website). We advise you to regularly visit our Website and review the relevant Privacy Policy.
Security of your personal data is our priority. Therefore, when we process personal data, we use secure organizational and technical measures that ensure adequate protection of personal data.
For all issues relating to this Privacy Policy, you can contact our Data Protection Officer by e-mail DAP@multilab.lt.
Personal data processed by the Company
The main categories of personal data collected by the Company, without limitation, are:
- Personal identity data, such as first name, surname, personal ID number, date of birth.
- Contact data, such as address of the place of residence, correspondence address, telephone number, e-mail address.
- Data relating to legal entities, such as information on the persons representing the legal entity, the job titles of such persons, their qualification data, contact data.
- Data obtained and/or created when fulfilling requirements of legal acts, such as data obtained with regard to enquiries from law enforcement authorities, notaries public, the tax administrator, courts and judicial officers.
- Data related to the provision of services or sale of goods, such as data on performance of or default on contracts, effective or expired contracts, details of contract terms, requests and complaints filed.
- Video surveillance data, which are data collected by means of video recording.
- Data collected by means of communication and other technical means, such as information received by e-mail, text messages and other means of communication.
Purposes of and basis for personal data processing
The main aims pursued by the Company in the processing of personal data:
- Conclusion and performance of contracts: we process personal data to the extent necessary to conclude and perform contracts;
- Participation in public procurement: when the Company takes part in public procurement procedures, certain personal data may be processed in the fulfilment of a legal duty or pursuing a legitimate interest of the Company;
- Debt management: we process relevant personal data with the aim of managing the customer’s debt, when this is necessary for the performance of a contract or in pursuance of the Company’s legitimate interest in debt management;
- Submission, enforcement, transfer and defence of legal claims: we process personal data for the purposes of the submission, enforcement, transfer and defence of legal claims where this is necessary for the performance of a contract or a legal duty, or pursuing a legitimate interest of the Company in the enforcement of legal claims;
- Management of queries: in order to answer your enquiries, we process your personal data pursuing a legitimate interest of the Company;
- Internal administration (structure management, management of clerical work, finances and accounting): we process personal data in pursuance of a legitimate interest of the Company, also in meeting the requirements of legal acts and in order to achieve internal administrative objectives (proper structure of the Company, management of clerical work, finances and accounting);
- Selection of job applicants: for personnel selection purposes, the Company processes personal data on the basis of consent, expressed by submission of such data by a job applicant to the Company. The Company may collect and process other (additional) personal data of a job applicant upon receipt of separate consent. The Company also acts as the data processor of companies of the Company group in the event when companies of the Company group assign to it to perform the selection of job applicants.
- Video surveillance (protection of assets and persons): the Company carries out video surveillance at the Company’s premises and the approaches to them. The Company performs video surveillance as due to the work specifics it is necessary to ensure the security of assets and persons, while other means or measures are insufficient and/or inadequate to achieve this purpose (the legal basis for data processing is the legitimate interest of the Company to protect its own assets, assets of its employees and clients (visitors) and ensure their safety). The Company also acts as the video data processor in case when companies of the Company group assign to it the organisation of video monitoring of the premises of the companies of the Company group and the approaches to them.
- Direct marketing: we process personal data for the purpose of direct marketing in order to offer our goods and services, share relevant news, invite to events and provide other similar information. Personal data is processed for this purpose only with your consent to such data processing or if you are a client of the Company and do not state an objection to the processing of your data for direct marketing purposes, for the marketing of similar services/goods (in which case the legal basis for the data processing is the legitimate interest of the Company to inform its clients about the services/goods being offered);
- Ensuring and improving the quality of goods and services: in order to improve, develop and raise the quality of the goods and services we offer, on the basis of the legitimate interest of the Company, we collect and analyse personal data which help to improve our services;
Market analysis: the Company processes personal data for the purpose of market analysis, on the basis its legitimate interest, after having ensured adequate technical and organizational measures.
Personal data storage
In any case, we process personal data no longer than necessary for achieving the purpose of data collection.
The storage period for specific categories of personal data is defined with regard to the legitimate interest of the Company or requirements of legal acts (e.g. providing for accounting, archiving requirements, limitation periods, etc.).
Data sources
We process personal data you provide, for example, by applying for goods we sell, services we provide and buying them or using our services, by filling in various questionnaires, by submitting enquiries, requests or claims, we also process personal data that we capture on the Company’s website.
Personal data may also be obtained from other sources:
- Law enforcement authorities, state institutions, authorities and other registers (databases), including, but not limited to, from the State Social Insurance Fund Board under the Ministry of Social Security and Labour, the National Health Insurance Fund under the Ministry of Health, the State Tax Inspectorate under the Ministry of Finance of the Republic of Lithuania, the Public Procurement Office, state enterprise the Centre of Registers, judicial officers, notaries public;
- Contracting authorities and other suppliers participating in public procurements;
- Partners of the Company (e.g. manufacturers of equipment distributed by the Company, companies involved during public procurement procedures, etc.);
- Companies of the Company group;
- Documents intended for us and submitted by natural persons or legal entities for the purpose of meeting the contractual or legal requirements (e.g. certificates, etc.);
- Legal entities, when you are a representative, employee, founder, shareholder, participant, owner, authorized person, etc. of these legal entities.
We can obtain your personal data by monitoring our technological tools and services, including e-mail correspondence, and by pooling the available information about you obtained from various sources.
Data processors and recipients
Personal data collected for the purposes mentioned above may be transferred to recipients such as:
- Public institutions and authorities, other persons carrying out the functions assigned to them by law (e.g. law enforcement authorities, judicial officers, notaries public, tax administration authorities);
- Contracting authorities and suppliers participating in public procurements;
- Manufacturers of equipment and other products distributed by the Company;
- Companies of the Company group;
- Debt collection companies, to which claims to debts are assigned or which are instructed to perform debt collection actions on behalf of the Company;
- Courts, tribunals, arbitration, other out-of-court dispute resolution bodies, notaries public and bankruptcy administrators;
- Insurance companies and brokers;
- Auditors, legal, financial, business and other consultants;
- Other third parties, subject to consent that may be obtained in a particular case.
For the processing of personal data, the Company may involve data processors, to whom personal data are disclosed to the extent necessary for the provision of their services, including entities providing data centre, hosting, cloud computing, Website administration, information technology infrastructure and related services, as well as providers of security, archiving, advertising, marketing, personnel search, communication services. In such cases, the Company takes necessary measures to ensure that such data processors process personal data in accordance with instructions of the Company and the applicable legal acts and demands the implementation of appropriate measures to ensure the security of personal data.
Territory where personal data are processed
As a general rule, we process personal data within the territory of the European Union/European Economic Area (hereinafter referred to as the EU/EEA). In certain cases, personal data may be transferred and processed outside the EU/EEA.
Personal data may be transferred and processed outside the EU/EEA where the transfer is necessary for the conclusion and performance of a contract or you have given your consent, and where appropriate safeguards are in place.
Appropriate safeguards are as follows:
- a contract has been concluded which includes standard contractual clauses adopted by the European Commission or other approved clauses, codes of conduct, certificates, etc., approved in accordance with the General Data Protection Regulation (EU) 2016/679;
- the European Commission has decided that a country outside the EU/EEA where the recipient of the personal data is located ensures adequate personal data protection;
- the recipient is certified in accordance with the requirements of the data protection agreement between the EU and the United States of America (the USA) (also known as the “Privacy Shield”) (applicable to recipients located in the USA).
Your rights and their implementation
You have the right at any time, upon making a request to the Company:
- to access your personal data that the Company processes and to be informed how they are processed;
- to demand rectification of incorrect, inaccurate or incomplete data, erasing your personal data or restricting the processing of your personal data when personal data are processed without complying with legal requirements or when there is another lawful basis for this;
- to demand to transfer your personal data to another data controller or provide directly to you in a convenient form (applicable to those personal data that you submitted and that are processed by automated means on the basis of a contract or consent);
- to object to processing of your personal data if they are processed on the basis of a legitimate interest, unless there are lawful reasons for such processing or such data are processed for the purpose of making, pursuing or defending legal claims;
- in cases where your personal data are processed on the basis of separate consent, you have the right to withdraw your consent to your personal data processing at any time.
We are making every effort to respect your rights and to answer the questions you may have regarding the information contained in this Privacy Policy. You can exercise your rights indicated above, as well as you can file your complaints, requests or notifications by contacting us in one of the following ways:
- sending an e-mail letter at DAP@multilab.lt and/or
- by submitting a written request to Multilabo, JSC, A. Šabaniausko str. 14, LT-08431 Vilnius, Lithuania.
The Company undertakes to answer your request within 1 month after its receipt. This time limit may be extended for 2 more months, if necessary, taking into account the complexity and number of requests.
You can withdraw your consent given to the Company to collect and process your personal data for direct marketing purposes at any time by sending a letter at the e-mail address DAP@multilab.lt. You can also unsubscribe from newsletters sent by the Company by clicking on the link “Unsubscribe”, which is at the end of each newsletter.
You have the right to lodge a complaint with the State Data Protection Inspectorate if you believe that the Company processes your personal data improperly.