The data of all data subjects is processed legally, transparently and honestly, with predetermined goals and only to the extent necessary to achieve them. When processing your personal data, we adhere to the General Data Protection Regulations No. 2016/679 (hereinafter – “the GDPR”), the Law of the Republic of Lithuania on the Legal Personal Data Protection in the Republic of Lithuania, as well as recommendations of supervisory authorities and/or personal data processing requirements.
Persons under 14 may not provide any personal data on the websites we manage and/or profiles on social networks. If you are under 14, prior to providing your personal data, you must obtain the legal consent of your representatives (parents, adoptive parents, guardians).
Data manager details:
To the extent permitted by applicable laws we may receive your data from third parties. This may be the data provided by our partners, contractors, service providers, as well as the data from your public profiles or databases.
We may associate your data, obtained from you, public and commercial sources with other information that we receive from you or about you.
We may also collect your data in other unspecified cases. You will be additionally informed about this.
Even though we try to collect as little information about you as possible, we collect the following information to carry out our activities:
Name, surname, gender and other identity data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerance, as well as other information that may be required to purchase/provide goods and/or services.
Name, surname, place of employment/job/business, education, information about your achievements relevant to the Vilnius tourism sector development and creating the city image, place of residence, face on photos.
You may choose not to provide us some information, however, in this case, we may not be able to provide you with our services (for example, if you do not provide the necessary information required to respond to your request, we will not be able to answer you).
Note: the staff of JSC “GO Vilnius” does not ask you to provide your login data, bank card numbers, passwords or any other information, due to the use of which you may suffer financial or any other loss.
The above information is processed to achieve the following goals:
We inform you that we strive to keep in touch with our customers and provide them with information about the services offered. To do this, we carry out direct marketing by phone and email, providing notifications and news about our services, events, conferences, courses, etc. We have the right to send our customers promotional information about our products or services to the email address that we received during the provision of services or sales of goods. Our clients have the right to immediately or at any time refuse our marketing notifications by letting us know about this decision in any way convenient for them: by email firstname.lastname@example.org, by sending a letter to the address Gynėjų str., 14, LT-01109 Vilnius or using the link in the advertising notice in an email. This refusal will in no way affect our processing of customer data that we carried out before.
In all other cases, to carry out direct marketing, we will process your personal data only by receiving your permission to process it for this purpose. You can cancel this permission at any time by notifying us by any of the methods above.
Your personal data is processed in accordance with one or several legal processing principles:
The purposes, principles and personal data that we process are shown in the following table.
|Purpose||Legal basis||Personal data|
|Conclusion and execution of transactions, contracts and other agreements||
||Name, surname, personal code, gender and other identity data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerances, as well as other information that may be required to purchase/provide goods and/or services|
|The exercise of our institution owner’s rights||Compliance with legal requirements||Any information related to the activities of our institution, i. e., any of your personal data that we process|
|The establishment, maintenance and development of business, professional and/or other legal contacts||
||Name, surname, gender, telephone number, email address or other contact details, place of employment/job/business, position|
|Creation of the image of Vilnius, the tourism sector development, as well as attraction of businessmen and talents||
||Name, surname, personal code, gender and other identification data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerance, data on achievements relevant to the Vilnius tourism sector development and creating the city image, as well as your face on photos|
|Fulfilment of our duties in accordance with applicable legal acts.||Compliance with legal requirements||This depends on the requirements of the applicable legal acts, the institution request content or other objective reasons|
|Processing the internal administrative and accounting records of our institution||
|Verification of the quality of services provided by our institution on the internet (to improve them and create new content)||
The legitimate interests of our institution
|IP address, version of the operating system and the device you use to get access to the content, parameters, session time and duration, as well as any information that is stored in cookies that we install on your device, device GPS signal or information about the nearest Wi-Fi access points and mobile towers, which can be transmitted to us, when you use our Website|
|Realization of the interests of our institution in court or in other institutions||
|Direct marketing (only if we received your consent or did not receive a message from you prohibiting us from doing so)||
||Name, surname, email address, telephone number, address of residence, age|
When we cannot be guided by one of the legal grounds set forth in this table, prior to beginning to process your personal data, we will ask for your consent (such cases will be clear, depending on the circumstances and context).
Without your prior written consent, we may transfer your personal data only in the following cases:
The ability of your personal data recipients (individual data managers) to use your data is limited. They may not use this information for purposes not specified in the contract. If we need to use their direct marketing offers, you will be asked for separate consent.
We can also provide your data to data managers who provide services to us (perform work). They are entitled to process your personal data only based on a written contract signed between us and them according to our instructions and only to the extent necessary for the proper fulfilment of contractual obligations. Our data managers help us take all the necessary measures to ensure that they can take appropriate organizational and technical measures to ensure security and maintain the confidentiality of your personal data.
Below is a list of data recipient categories:
Banks; advertising and marketing agencies; the company that controls our institution’s system, as well as other companies involved in software creation, installation and support; communication companies; security companies; the companies providing financial accounting to our institution; mail delivery companies and courier services; legal advice companies; archiving companies; bloggers and other media representatives; accommodation, catering, leisure, event organization companies etc., inextricably linked with the Vilnius tourism sector.
Other parties who may be provided with your personal information we have, when it is necessary to protect our legitimate interests or to comply with the requirements of legal acts: government organizations, the persons conducting a pretrial investigation, courts, etc.
Sometimes we must transfer your personal data to other countries where lower level data protection policies may be applied. In such cases, we do our best to ensure the security of the transferred personal data.
In very rare cases, we may send your personal data to countries outside the EEC. In such cases, we will apply one of the following security measures:
If any of the above security measures are applied, we can use the exceptions provided by Article 49 of the Regulations (for example, transfer your data with your consent), but they can only be used strictly in the cases, formulated in the Regulations.
We have implemented smart and appropriate physical and technical means to protect the information we collect in order to provide content/services. However, note that, although we take appropriate measures to protect your personal data, not a single website, transaction through the internet, computer system and wireless communications are completely secure.
We set your personal data storage term, guided by the requirements of the law, regulations and instructions of the supervising institution and/or another competent institution. If these requirements or instructions are not set, we set your personal data storage term, based on state interest or our legitimate interests, but this term cannot exceed 7 years from the data receipt date (unless, as mentioned above, a longer data storage term is provided by legal acts).
At the end of the data storage term, your data is erased so that it cannot be restored to establish your identity.
As a rule, the following personal data storage terms are established:
|Personal data||Storage period|
|Data related to the conclusion and execution of transactions, contracts and other agreements||10 years after expiration/termination of a transaction, contract or agreement|
|Payment details||10 years after a transaction|
|Data related to registration forms for our events, conferences, exhibitions, courses or other projects||Up to 7 years after submitting the registration form|
|Data in the applications, statements and/or claims provided to us by phone, email or mail||Up to 1 year from the request/application/claim receipt or their execution|
|Information about your achievements, professional or other public activities relevant to the development of the Vilnius tourism sector and creation of the city image||The data is periodically checked and stored as long as it is relevant to the development of the Vilnius tourism sector and creation of the city image . The data may be erased earlier, if you notify us that you do not wish it to be stored (if your interests prevail)|
|Your photos||While your consent is valid or if you are a public person, while the publication of your photos is relevant to the development of the Vilnius tourism sector and creation of the city image. The data may be erased earlier, if you notify us that you do not wish it to be stored (if your interests prevail)|
|Your data is related to the potential or existing protection of our interests in court or another institution||Until the claim limitation or the claim/complaint submission period expires and/or until the court decision’s effective date|
|Personal data processed with your consent, except for your consent to the use of your photos||Up to 2 years from receipt of your consent, if it not revoked before|
|Records (logs) of IT systems||1 year|
Even if you declare your desire to terminate the contract and refuse our services, due to requirements that may arise in the future, we will need to continue to store some of your personal data until the storage period expires. The data will also be stored so that, if necessary, we can provide you with the necessary information, so that we have a properly recorded history of our relations and can answer your questions related to our communication.
Depending on the situation and additional conditions approved by GDPR you have the following rights:
We always strive to properly enforce your rights and respond promptly to any possible violation of them, so, if you have any questions, regarding your personal data that we process, we ask you to contact us first. We also note that, in all cases, you are entitled to file a complaint with the State Data Protection Inspectorate at any time.
We give you the opportunity to exercise your rights in a convenient way. You can do this by calling this phone number – +370 686 57232, by emailing us at email@example.com or by using any links listed at the bottom of the advertising content provided to you.
Your rights will be exercised subject to prior personal confirmation of your identity (subject to the provision of an identification document: an identification card or passport) or via electronic communication (for example, using an electronic signature).
|Your right||Some restrictions|
|The right to know||Before the beginning of your personal data processing, you are entitled to receive concise, simple and understandable information about your data processing.|
|The right to review||
This right means that you can ask us to provide the following:
We will provide the above information with the condition that it does not violate the rights and freedoms of others.
|The right to request to correct||Applies, if your personal data is not exhaustive or clear.|
|The right to “be forgotten”||
|The right to limit||
This right may be exercised while we analyse the situation, i. e.:
|The right to transfer data||This right can be exercised, if you provide your data and we process it automatically based on your consent or an agreement concluded with you.|
|The right to disagree||This right can be exercised, if the data is processed to protect public interest or data processing is necessary to protect the legitimate interests of the data owner or third party. When processing your personal data on this basis, we must prove that the data is processed for valid legitimate reasons that are more important than your interests.
You may also at any time disagree with your personal data processing for direct marketing purposes, including profiling, as far as direct marketing is concerned.
|The right to withdraw consent||To cancel your consent to the processing of your personal data at any time, if it is processed, based on your consent.|
|The right to file a complaint with the State Data Processing Inspectorate||The data subject has the right to contact the institution responsible for the supervision and control of legal acts regulating the personal data protection – the State Data Processing Inspectorate (A. Juozapavičiaus str., 6, 09310 Vilnius, email: firstname.lastname@example.org, phone (8 5) 271 2804).
More information available at: www.ada.lt
We may not create conditions for you to exercise the above rights when, in cases provided for by law, it is necessary to ensure the prevention of crimes, violations of professional or professional ethics, ensure the investigation progress and the criminal identification, as well as protect the rights and freedoms of the data subject and other persons.
By analysing this data, we can improve our Website and make it more convenient to use.