MB Jonaičiai ir ko Privacy Policy
- What does this Privacy Policy mean?
This privacy policy (“Privacy Policy”) Privacy Policyis intended to inform data subjects about the processing of personal data by MB “Jonaičiai ir ko”. In the Privacy Policy, we provide our clients, suppliers, and other partners, related individuals, candidates, correspondence contractors, and other data subjects specified in the Privacy Policy with information on how we process your personal data. Hereinafter, any person whose personal data is processed by the Company is referred to as Data subject.
2. About the Company
Company means MB “Jonaičiai ir ko”, legal entity code 124486387, having its registered office at Pilies g. 38-1, LT-01123 Vilnius data about the Company is collected and stored in the Register of Legal Entities of the Republic of Lithuania. Contact email for personal data protection inquiries: [email protected].
3. What is personal data?
Personal data is any information collected by the Company about an individual that can be used to identify the individual and is stored electronically or otherwise.
Personal data includes any information, including name, address, IP address, which the Company collects about individuals for the purposes set out in this Privacy Policy or in a separate consent or agreement with the Company.
This data also includes personal information in the public domain that the Company has access to when you contact the Company via social media or through active actions on the Company’s social media accounts.
When processing personal data, the Company follows the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, and other legal acts regulating personal data protection.
Below you can find out how we process your personal data: what personal data we process, for what purposes we process it, how long we retain it, and what rights you have. You can do this by clicking on the option that interests you.
4. What rights do you have and how to exercise them?
This section provides information about your rights related to our processing of your personal data and the cases when you can exercise these rights. If you want more information about your rights or to exercise them, please contact us at the email address provided in this Privacy Policy.
The Company will provide you with information about the actions taken in response to your request to exercise your rights without undue delay, but no later than 1 (one) month from the receipt of the request. Considering the complexity of the request and the number of requests received, the aforementioned period may be extended by another 2 (two) months. In such a case, we will inform you about the extension and its reasons within 1 (one) month from the receipt of the request. The Company will refuse to exercise your rights only in cases provided by law.
- Right of access to your personal data
We strive to ensure that you fully understand how we use your personal data and do not experience any inconvenience as a result. Information on how we process your personal data is primarily provided in this Privacy Policy (right to be informed). You can contact us at any time to inquire whether we process any of your personal data. If we store or use your personal data in any way, you have the right to access it. To do so, please submit a written request to us at the email address provided in this Privacy Policy and confirm your identity (if such confirmation is required in a specific case).
We expect you to act in good faith and with reasonableness when submitting such requests.
- Right to withdraw consent
If you have given us explicit consent to process your data, you can withdraw it at any time. Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.
- Additional rights
Below you will find information about additional rights that you may have, which you can exercise by following the procedures described below.
- You have the right to request us to correct any inaccuracies in the data we hold. In such a case, we may ask you to confirm the corrected information.
- You have the right to request us to delete your personal data. This right is exercised in cases provided for in Article 17 of the General Data Protection Regulation (EU) 2016/679.
- You have the right to ask us to restrict or not to process your personal data:
- the period of time necessary to verify the accuracy of your personal data when you make a complaint about the accuracy of the data;
- where our collection, storage or use of your personal data is unlawful, but you choose not to request erasure;
- where we no longer need your personal data, but you need it to establish, exercise or defend a legal claim;
- the period necessary to determine whether we have an overriding legal basis to continue processing your personal data if you have exercised your right to object to the processing of personal data.
- You have the right to data portability for data processed by automated means and received from you in a structured, commonly used, and machine-readable format for purposes of consent or contract conclusion. Upon exercising this right, we will transfer a copy of your submitted data to you or a data controller of your choice at your request.
- You have the right to object, as provided in Article 21 of the GDPR, to the processing of your personal data. You have the right to object when your personal data is processed on the basis of legitimate interest (the basis for data processing is indicated for each data processing purpose specified in the Privacy Policy) or for direct marketing purposes.
- Right to request more information
We hope you understand that it is very difficult to discuss all possible ways of collecting and using personal data. We strive to provide the clearest and most comprehensive information and are committed to updating this Privacy Policy when the process of using personal data changes. However, if you have any questions about the use of your personal data, we will be happy to answer them or provide any additional information we can disclose. If you have any specific questions or do not understand the provided information, please contact us.
5. Information on the processing of personal data for patient registration purposes
Purpose of the management | Data Subject | Personal data | Legal basis | Storage period |
Registration for a doctor’s appointment via the e-pacientas.lt platform | Patient or potential patient (if registering for a first consultation) | Name, surname, personal identification number, date of birth, personal identification number, phone number, email address, date and time of the scheduled appointment, doctor with whom the appointment is made | GDPR Articles 6(1)(a) and 9(1)(a) (consent given at the time of registration of the visit) | Personal data provided for registration purposes are stored until the scheduled visit, but may be processed for longer periods for other purposes (for example, if the same personal data are subsequently processed for the purpose of providing healthcare services). |
!!! To register for an appointment via the e-pacientas.lt platform, you must create an account on the e-pacientas.lt platform. The e-pacientas.lt platform is administered not by us, but by a third party – UAB “Softdent”, which acts as an independent data controller in the case of registration and other related personal data processing. Before registering and submitting your personal data to UAB “Softdent”, please carefully review UAB “Softdent”‘s privacy policy and other information related to personal data processing. If you do not wish to create an account, register in another way – by phone, email, or in person at the clinic.
When personal data is processed for the purpose of registering for a doctor’s appointment, UAB “Softdent” acts as our engaged data processor. | ||||
Register for a visit by phone | Patient or potential patient (if registering for a first consultation) | Name, surname, personal identification number, telephone number, date and time of the scheduled visit, doctor you are registered with | GDPR Articles 6(1)(a) and 9(1)(a) (consent given at the time of registration of the visit) | Personal data provided for registration purposes are stored until the scheduled visit, but may be processed for longer periods for other purposes (for example, if the same personal data are subsequently processed for the purpose of providing healthcare services). |
Registration for an appointment via email | Name, surname, personal identification number, email address, date and time of the appointment, doctor with whom the appointment is made | |||
Registration for an appointment at the clinic | Name, surname, personal identification number, email address or phone number, date and time of the appointment, doctor with whom the appointment is made | |||
6. Processing of personal data related to the conclusion and execution of contracts with suppliers, partners, etc.
Purpose of the management | Personal data | Legal basis | Storage period | Other comments |
Conclusion and execution of contracts with suppliers, partners, etc. (natural persons) | Name, surname, date of birth, address, business license/individual activity certificate number (service provider), information about provided services, bank account number | Article 6(1)(b) GDPR (contract) | During the term of the Agreement
| The data is transferred to data processors that provide server rental and other administration services. |
Conclusion and execution of contracts with suppliers, partners, etc. (legal entities) | Name, surname, position, basis of representation, email address, phone number, content of correspondence | Article 6(1)(f) GDPR (legitimate interest) | During the term of the Agreement | The data is transferred to data processors that provide server rental and other administration services. |
Bookkeeping | Name, surname, details of services received/provided and goods sold, and other personal data in invoices and other accounting documents | Article 6(1)(c) GDPR (legal obligation) | The data shall be kept within the time limits laid down by the legislation governing the keeping of accounting records, and in accordance with the General Index of Document Retention Periods | The data is transferred to data processors that provide server rental and other administration services. |
Archiving | Data processed for the purpose of concluding and executing contracts with suppliers, partners, etc. (both natural and legal persons) | GDPR Article 6(1)(c), legal obligation, provided in the General Document Retention Schedule approved by the Chief Archivist of Lithuania on March 9, 2011, Order No. V-100, point 10.37 | 10 years (after contract expiry) | The data is transferred to data processors that provide server rental and other administration services. |
Defending legal claims | Data processed for the purpose of concluding and executing contracts with suppliers, partners, etc. (both natural and legal persons) | Article 6(1)(f) GDPR (legitimate interest – defence of legal claims) | 10 years (after contract expiry) | Data transfer courts, public dispute resolution bodies, litigants, lawyers and other legal service providers.
The data is transferred to data processors that provide server rental and other administration services. |
7. Candidate selection
For the purpose of candidate selection, we process the following personal data of candidates: name, surname, workplace, email address, phone number, address, education, desired job, date of receipt of the CV, information about your personal qualities, work experience (last workplace, work experience at the workplace, held positions, other work experience), information about foreign language skills (language, reading, writing, speaking levels), ability to work with computer programs, other information provided in the CV, recommendation, and/or cover letter; desired salary. Personal data is processed based on your consent, which you express by sending your CV and/or cover letter to the Company. If you do not submit your CV and/or cover letter, we will not be able to assess your suitability for the offered position.
With your consent, we will contact your current employer, and we may contact your former employer based on our legitimate interest (to select a suitable candidate) and Article 5(2) of the Law on Legal Protection of Personal Data of the Republic of Lithuania to verify information about your qualifications, professional skills, and personal qualities (e.g., work results, relationships with clients and/or colleagues, your work evaluation, etc.). You can withdraw your consent or object to us contacting your former employer at any time by notifying us at the email address specified in Policy point 2.
If you do not express your separate consent to process your personal data for a longer period, upon the completion of a specific job selection, we commit to deleting and/or destroying your personal data within 3 working days after signing a contract with the selected candidate or deciding to end the selection. If your candidacy is not selected, but you have given consent to process your personal data for the purpose of offering a job in the future, we will retain the data based on your consent for 1 year from the end of the selection.
Based on our legitimate interest, we will process data (name, surname, email, phone, information provided by the person) about the person indicated by the candidate – former or current employer or person providing a recommendation – for the purpose of candidate selection. In this case, our legitimate interest is to select a suitable candidate for the sought position. We will destroy this data within 3 days after signing a contract with the selected candidate or deciding to end the selection.
9. Recording of telephone conversations
To ensure quality service to individuals and preserve evidence of agreements, the Company records its employees’ conversations with interlocutors and processes such personal data of interlocutors: name, surname, voice, content of the telephone conversation, date and time, phone number from which the call was made or received. Telephone conversations are recorded both when you call us and when our employees call you. The recording of telephone conversations is based on your consent. You will be informed that the telephone conversation will be recorded before each telephone conversation with our employees. If you do not agree with the recording of telephone conversations, please contact us in another convenient way – by email or by visiting our clinic address. Telephone conversation recordings are stored 3 months from the date of their recording.
Telephone records are passed on to the data processors we use and may also be disclosed to law enforcement authorities, courts, public dispute resolution bodies, litigants, lawyers and other legal service providers if necessary.
10. Protection of the Company's confidential information and business continuity
To ensure the protection of the Company’s confidential information, business continuity, protect the Company’s information systems from hacking and data theft, viruses, dangerous websites, malicious software, copyright infringement through technical and internet access, and computer network from heavy loads, the Company may review its employees’ correspondence with contractors and information stored on the Company’s electronic equipment. To achieve these goals, the Company processes such personal data of its employees and individuals who send or receive employees’ emails: email address, sender or recipient’s name, surname, date, content of information on electronic work tools.
Data collected for the purpose of protecting confidential information and the Company’s information systems from hacking and data theft, viruses, dangerous websites, malicious software, copyright infringement through technical and internet access, and computer network from heavy loads, is stored for the purpose of defending legal claims for 4 years, considering the provision established in Article 1.125(9) of the Civil Code of the Republic of Lithuania. In defending legal claims, data may be provided to such data recipients (data controllers) as courts, law enforcement agencies, state institutions resolving disputes, dispute parties, lawyers, and other legal service providers.
11. Protection of legitimate interests
A company has a legitimate interest in enforcing its rights, including in civil disputes in the event of civil disputes, process the data of the persons involved in the case or their employees names, surnames, personal identification numbers, case circumstances, other information related to the case, publicly available information. Data may be transferred to law enforcement agencies , for lawyers or bailiffs executing recovery. Data is destroyed after 1 one year after the final settlement of the case and full satisfaction of the Company’s claims (if claims are satisfied).
12. Contact us
A company has a legitimate interest in enforcing its rights, including in civil disputes in the event of civil disputes, process the data of the persons involved in the case or their employees names, surnames, personal identification numbers, case circumstances, other information related to the case, publicly available information. Data may be transferred to law enforcement agencies , for lawyers or bailiffs executing recovery. Data is destroyed after 1 one year after the final settlement of the case and full satisfaction of the Company’s claims (if claims are satisfied).
13. Website, cookies
There are several ways you can contact the Company: by phone, email, through social media accounts, the contact form on the website, or by sending a letter to the Company’s registered address. We receive, review, and respond to all messages ourselves. If you contact us, we may process the data you provide to us, i.e., email address, name, surname (if provided), username (if the inquiry is sent via a social media account), workplace (if provided), date and time of sent and received messages, recipient, sender (when the message is addressed to you), content.
Such data will be processed to answer your questions and review your suggestions. If you do not provide your contact details, it will not be possible to contact you.
Correspondence is stored for 1 year from the receipt of the message, except for information for which other retention periods are specified in the Privacy Policy or legal acts. If you have informed us of a news item and we have published it, the data of communication with you will be stored as long as we publish the publication created based on your message.
All personal data you provide when communicating with us is used only for the purposes mentioned above and to review messages and manage communication flows. We commit not to use your personal data in any publications in a way that would allow your identity to be determined without your explicit consent.
Please note that we may need to contact you by mail, email, or phone. Please inform us of any changes to your personal data.
14. Social media
Our website uses cookies and other tracking technologies. A cookie is a small file composed of letters and numbers that, with your consent, we store in your browser or on your computer’s hard drive. We use different cookies for different purposes. Cookies also help us distinguish you from other website users, thus ensuring a more pleasant website experience and allowing us to improve the Website.
Most browsers allow you to reject all cookies, and some browsers allow you to reject only third-party cookies. So you can take advantage of these options. However, please note that blocking all cookies will have a negative impact on the use of the Website, and without cookies, you will not be able to use all the services provided on the Website. More detailed information is available at AllAboutCookies.orgOrwww.google.com/privacy_ads.html.
We may use the types of cookies described below, but you can find a detailed and up-to-date list of the cookies we use HERE.
Cookies are absolutely essential.
These cookies are necessary for our website to function. The basis for using such cookies is Article 73(4) of the Law on Electronic Communications of the Republic of Lithuania. These cookies are necessary for the website’s operation and cannot be turned off in our systems. They are usually set in response to actions you take on the website, such as starting to browse or selecting your privacy settings. These cookies do not store any personal information that can identify you and are deleted as soon as you turn off the website.
Analytical and/or performance cookies.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. We use “Google Analytics” for this purpose. The collected data is not accessible to any other party. The information collected by cookies is anonymous and is not intended to identify you or influence your browsing experience while visiting the site. If you do not agree to the use of these cookies, you will not be included in the visit statistics. The basis for processing the data collected by these cookies is your consent.
Commercial cookies.
These cookies, used by us and third parties, are intended to show offers or other advertising information that may interest you. We use cookies that collect data about your browsing history and determine your areas of interest so that we can show you relevant marketing information. The basis for processing the data collected by these cookies is your consent.
Facebook Icons Plugin
This page uses the Facebook Icons plugin.
15. Data transfer to third countries
The controller of the social media network Facebook is based in the United States.
The data of European Union residents published on the Facebook social network is processed by the data controller “Meta Platforms Ireland Limited” (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Information on how you can exercise your rights as a data subject can be found at this address: https://lt-lt.facebook.com/privacy/explanation/If you have any complaints about Meta Platforms Ireland Limited’s processing of your personal data or the exercise (or non-exercise) of your rights as a data subject, you have the right to lodge a complaint with the supervisory authority in charge of Meta Platforms Ireland Limited – the Irish Data Protection Commission or the State Data Protection Inspectorate.
16. Data receipt and disclosure
We receive your data from you, your devices, job applicants, our employees, and our contractors.
We disclose information about you to the data processors we use (IT service providers, etc.). For example, to the provider of the e-pacientas.lt platform, Softdent UAB, providers of rental services for servers where personal data is stored, etc.
In addition, we may disclose information about you:
- At your request;
- if that’s what we have to do by law;
- when you intend to sell the business or part of its assets by disclosing your personal data to a potential buyer of the business or part of the business;
- the sale of the Company’s business or a substantial part of its assets to a third party.
The list of recipients or categories of recipients specified in the Privacy Policy may change, so if you wish to be informed about changes in the recipients of your personal data, please notify us at the email address provided in this Privacy Policy, indicating ” in the text of the letter. I would like to be informed about changes in the recipients of my personal data, name, surname“.
17. Security of your personal data
Your personal data will be processed in accordance with the General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal requirements. In processing your personal data, we implement organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as any other unlawful processing.
18. Complaints
If you believe that your rights as a data subject are or may be violated, please contact us immediately at the email address provided in this Privacy Policy. We assure you that upon receiving your complaint, we will contact you within a reasonable time and inform you about the progress of the complaint investigation, and later about the outcome.
If you are not satisfied with the results of the investigation, you can lodge a complaint with the supervisory authority, the State Data Protection Inspectorate: https://vdai.lrv.lt/.
19. Liability
You are responsible for the confidentiality of the data you provide and that The data you provide to us should be accurate, correct, and complete. If the data you provided changes, you must promptly Available at to inform us about it by email. notify us by email. We will not be liable for any damage incurred by you due to providing incorrect or incomplete personal data or failing to inform us of changes.
20. Changes to the Privacy Policy
We may update or change this Privacy Policy at any time. Websites lvisitors can find the current version of this Privacy Policy by clicking on each page of the website the link to the Privacy Policy on each page of the websiteą. After making significant Privacy Policy changes, we will strive to take additional actions to draw your attention to the changes (we will publish a news item discussing the Privacy Policy changes, inform about the changes with a separate information banner on the website, etc.). If you wish to receive the updated Privacy Policypersonally, please notify us at the email address provided in section 2.
