When processing personal data, we comply with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications and other directly applicable legal acts regulating the protection of personal data, as well as the instructions of the competent authorities.
The protection of personal data is of the utmost importance to us, our customers and other persons whose personal data we process, therefore, we always make every effort to ensure that your personal data is processed with the utmost responsibility and care in order to ensure your privacy and data security.
Personal Data shall mean any information that may be used to identify a person (Data Subject) as well as any information about a person that has already been identified.
Personal Data Processing or Processing shall mean any operation (action) involving personal data or sets of personal data, including, but not limited to, collecting, recording, sorting, organising, storing, adapting, accessing, using, disclosing, transmitting, distributing or otherwise making available, as well as collation or merging with other data, restriction, deletion or other destruction of data.
Data Subject or you shall mean you or any natural person whose Personal Data is processed by MELP.
Data Processor or Processor shall mean a natural person or legal entity acting on behalf of a data controller and authorized to process the data controller’s personal data only in accordance with the data controller’s instructions or as required by the applicable legislation.
Data Controller or Controller shall mean our Customer, natural person or legal entity, who determines the purposes and means of processing the personal data controlled by it. The Data Controller shall have the right to involve other parties to process personal data on its behalf – processors. MELP shall be your Data Controller.
MELP or We shall mean MELP UAB, legal entity code 305615566, registered office address Klevų st. 10, LT-06248, the Republic of Lithuania.
For what purposes and legal bases does MELP process your Personal Data?
MELP may process your Personal Data for a variety of purposes, but we would like to emphasize that in all cases, we process your personal data only for a legitimate purpose and only to the extent necessary to achieve it.
MELP shall process your Personal Data for the following purposes:
- accounting management;
- quality assurance of services provided (e.g. recording of telephone conversations);
- contract conclusion and administration;
- provision of services;
- provision of advice to customers;
- selection and recruitment of employees;
- administration of labour relations;
- protection of the rights and legitimate interests of MELP;
- implementation of legal requirements;
- direct marketing*;
* You have the right to object, and if you agree, you have the right to revoke your consent at any time by informing MELP at the e-mail address provided in Section 9 of this Policy. The data shall be stored until the date of revocation of your consent, but for no longer than 2 years.
MELP shall process your Personal Data on the legal basis defined in the General Data Protection Regulation (EU) 2016/679:
- Where a legal obligation applies, i.e. applicable law obliges us to process your Personal Data;
- In order to conclude and execute the contract concluded with you;
- In pursuit of the legitimate interests of MELP;
- On the basis of the consent given by you to MELP for the processing of your Personal Data.
What Personal Data do we process in MELP?
MELP shall process data belonging to the following main data categories:
- Identity data, such as: name, surname, personal identification number, date of birth, place of birth, identity document data, signature, citizenship, etc.;
- Contact details such as: address, e-mail address, telephone number, etc.;
- Data related to education, such as: level of education, acquired academic degree, educational institutions, etc.;
- Data related to your professional activities, such as: past and present jobs, positions, economic and commercial activities, etc.;
- CV data, such as: all other data that you provide in your CV and/or cover letter, and which does not fall under the other categories of data listed here, etc.;
- Financial data such as: income, bank account number, etc.;
- Health data, i.e. your health details as stated in the employee’s medical record;
- Data related to participation in legal entities, such as: data on the fact that you are a member of the board of the company, you have shares in the respective company, etc.;
To whom do we provide your Personal Data?
Your Personal Data may be transferred to the following entities:
- We may transfer your Personal Data required for the provision of the relevant services to
other service providers (subcontractors), e.g. SMS messaging service providers, website hosting providers, servers and their maintenance providers, IT service providers, e-mail service providers. MELP service providers shall be your Personal Data Processors and shall also be required to comply with the laws governing the processing of personal data. Data Processors shall have the right to process Personal Data only in accordance with the instructions of MELP and only to the extent necessary for the proper performance of the obligations set forth in the contract concluded with MELP. With the help of Data Processors, we take all necessary measures in order to ensure that they have implemented appropriate organisational and technical security measures and maintain the confidentiality of Personal Data;
- To providers of legal, audit and other professional services to MELP; bailiffs executing court enforcement documents, etc.;
- To law enforcement authorities (criminal intelligence authorities, pre-trial investigation authorities, prosecutors, courts or judges) in order to prevent, investigate, detect criminal activities, to institutions providing emergency services for the provision of emergency services, etc., when the transfer of data is obliged by legal acts;
- To other state or municipal institutions to which the provision of data is obliged by legal acts;
- In other cases – only with your consent or request.
In which countries is your Personal Data processed?
MELP may use various service providers who can process your Personal Data on behalf of MELP. Such service providers shall be considered to be Data Processors. The services provided by these persons shall be necessary for us to be able to provide our customers with a wide range of services with the best and most convenient features, as well as to improve the quality of services. Thus, Data Processors, which may process your Personal Data, shall provide a wide range of services, such as: provision of domain database, software, communication, data centre, hosting and cloud services, messaging and many other services. In each case, we shall provide the Data Processor with only as much data as is necessary to provide their services.
When MELP processes your Personal Data, we shall store and process it in the European Economic Area (EEA). We hereby note that no Personal Data shall be transferred to third parties outside the EEA.
In cases where we have to use a Data Processor that processes Personal Data outside the EEA, MELP shall enter into appropriate data processing agreements with the Processor (so-called standard agreement terms and conditions) and ensure that additional security measures are in place in order to ensure an appropriate level of Data Protection.
MELP shall use Amazon Web Service (AWS) data centres located in the Republic of Ireland.
For how long do we process your Personal Data (terms of Personal Data processing)?
MELP shall process your Personal Data for no longer than required by the purposes of the data processing. MELP shall ensure and take all necessary measures in order to make sure that outdated or unnecessary information is not retained, and that Personal Data and other information about Data Subjects are constantly updated and correct.
What rights do you (the Data Subject) have?
As a Data Subject, you shall have the rights provided in the General Data Protection Regulation, the scope and application of which depend on various circumstances.
You shall have the right:
- to apply to MELP in order to receive information on whether your Personal Data is being processed;
- if your Personal Data is processed, you shall have the right to access your Personal Data processed by MELP;
- to apply to MELP for correction of your Personal Data, if after getting acquainted with your Personal Data processed by MELP, you determine that the data is incorrect, incomplete or inaccurate;
- to apply to MELP for deletion of your Personal Data, except in cases when MELP is obliged to retain your Personal Data within the terms provided by legal acts;
- to apply to MELP in order to restrict (suspend) the processing of your Personal Data, except for retention (until the accuracy of your Personal Data is verified and/or corrected), if you have objected to the processing of your Personal Data (pending an assessment of whether MELP has the right to process your Personal Data on other grounds (e.g. on grounds of legitimate interest or law enforcement));
- to apply to MELP with a request to transfer your Personal Data. you shall have the right to request that your Personal Data provided to MELP by yourself or lawfully received by MELP from other Data Controllers and processed by automated means be transferred to you and/or another Data Controller in a structured, commonly used and computer readable format;
- to apply to MELP and express your disagreement with the processing of your Personal Data when the processing of Personal Data is carried out by MELP on the basis of a legitimate interest;
- to apply to MELP and revoke your previous consents to the processing of your Personal Data.
- to demand that you are not subject to a decision based solely on automated data processing,
including profiling, which has legal consequences for you or which has a significant effect on you in a similar way;
- to submit a complaint concerning the processing of your Personal Data to MELP and/or the State Data Protection Inspectorate (www.ada.lt).
Links to third party services and/or third party websites or social networking accounts on the MELP website
Where can you apply concerning issues related to your Personal Data protection or in order to exercise your rights concerning the processing of your Personal Data?
You, as a Data Subject, may apply to MELP for the exercise of your rights in a way convenient for you:
- by e-mail firstname.lastname@example.org (please sign a request concerning the rights related to the processing of Personal Data with a qualified electronic signature);
- by post at Klevų st. 10, Vilnius (please specify the following data in the request: name, surname, personal identification number, service provision address, place of residence, contact telephone, e-mail and provide a copy of the identity document).
In an effort to ensure that your Personal Data or related information is not disclosed to third parties, we shall only process your request once we have identified you. Information on the action we have taken upon receipt of your request shall be provided to you no later than one month from the date of receipt of your request and confirmation of your identity.
If you believe that the actions and/or omissions of MELP may not comply with the requirements of this Policy or the law, please do not hesitate to contact MELP at the contacts listed in this section. We will definitely respond to your questions and requests concerning the processing of Personal Data.
If a solution acceptable to all interested parties cannot be found, you shall have the right to apply to the State Data Protection Inspectorate (www.ada.lt), which is responsible for the supervision and control of legal acts regulating the protection of personal data.
Validity and Amendments of the Policy
This Policy entered into force from 16 June 2021. If we change this Policy, we shall publish an updated and current version of it on the website www.melp.com and, if necessary, notify you of the changes in other ways.