Privacy policy
GENERAL INFORMATION
UAB Pagautė, legal entity code 300053454, registered address - Fabijoniškių g. 5C-1031, Vilnius (hereinafter – Data Controller) this privacy policy (hereinafter – Privacy policy) sets out the conditions for the processing of personal data when using the website managed by the Data Controller www.pagaute.lt (hereinafter – Website). The conditions set out in the Privacy policy apply every time you visit the site, regardless of the device (computer, mobile phone, tablet, television, etc.) you are using.
It is very important that you read the Privacy policy carefully, as by visiting the Data Controller's Website, you agree to the terms described in this Privacy policy each time. If you do not agree with these terms, please do not visit our site, use our content and/or services.
The Data subject, by providing their personal data (including data directly or indirectly provided by visiting the website and using its services), agrees and does not object to the Data Controller managing and processing them for the purposes and procedure specified in this Privacy policy, as well as in the consent of the Data subject and as provided for in legal acts.
Representative – the person representing the Data Controller's partners (service providers), both natural and legal persons.
The Data subject in this Privacy policy is considered to be the Representative, Inquirer, Client, Candidate, Callers or any other natural person whose personal data is processed by the Data Controller.
Inquirer – a natural person interested in the services provided by the Data Controller, or wishing to contact the Data Controller on other matters.
Candidate - the person participating or intending to participate in the personnel selection carried out by the Data Controller.
Client - a person who has entered into a contract with the Data Controller for the provision of accounting services.
Caller – a person calling the contact phone number listed on the Website regarding the provision of services and/or other matters.
The Data Controller will collect personal data in compliance with the requirements of applicable European Union and Republic of Lithuania laws as well as the instructions of supervisory authorities. All reasonable technical and administrative measures will be applied to protect the data collected about Data subjects from loss, unauthorized use, and changes.
Individuals under the age of 16 may not provide any personal data through the Data Controller's Website. If you are a person who is under 16, you must obtain consent from your parents or other legal guardians before providing personal information.
This Privacy policy has been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter - General Data Protection Regulation), the Republic of Lithuania Law on Legal Protection of Personal Data, and other legal acts of the European Union and the Republic of Lithuania. The terms used in the Privacy policy are understood as defined in the General Data Protection Regulation and the Law on Legal Protection of Personal Data of the Republic of Lithuania.
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
Information you provide directly.
Information about how you use our Website.
If you visit our Website, we also collect information that reveals the characteristics of our services or automatically generated visit statistics. Read more about it in Cookie Policy.
Information from third-party sources
We may receive information about you from public and commercial sources (as permitted by applicable laws) and link it to other information we receive from you or about you. We may also receive information about you from third-party social networking services when you connect to them, such as through Facebook accounts.
Other information we collect
We may also collect other information about you, your device, or your use of our website content with your consent.
You may choose not to provide us with certain information, but in that case, you may not be allowed to use the services we offer.
PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF HANDLING INQUIRIES
Processing of personal data for the purpose of providing services or other inquiries regarding Inquirers, including Callers. The Data Controller processes the following personal data of Inquirers, including Callers:
First name;
Last name;
Date of birth;
Phone number;
Email address.
Inquirer data is not shared with third parties.
Personal data is processed based on consent expressed by providing their personal data (Article 6(1)(a) of the General Data Protection Regulation).
PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SERVICE PROVISION
The Data Controller processes the personal data of representatives of natural or legal persons when executing service provision agreements:
Client employees and clients/suppliers – individuals: First name, last name, date of birth, personal identification number (Republic of Lithuania resident's personal code or foreign national's personal code or other identification number), age, address of residence/declared place, phone number, email address, information about an individual indicated by the employee that can be contacted in exceptional cases, personal employee information required to obtain work tools and benefits (e.g., clothing, shoe size when a uniform is issued, vehicle license plate number, if provided the possibility to park a vehicle in a controlled parking lot, passport copy with visa (in case of foreign nationals), driver's license copy, work permits, residence permits, documents for a national D visa, contracts and information regarding subsidies, personal data indicated in internship agreements, personal data indicated in service provision agreements, personal data indicated in car rental and/or loan agreements, financial conditions and salary information, additional/motivational benefits, information about worked hours, business trips, vacations, and other absences, military service documents, agreements, consents, photographs, job titles, information about performed job functions, resumes (CV), adaptation plans, employee evaluations (after the probationary period, annual evaluations, etc.), information on disciplinary penalties, bank account number to which salary is paid, social security number, information related to health condition directly affecting job functions and ability to perform them according to legal requirements, information about working capacity and incapacity, information about additional health insurance, life insurance, payments to pension funds, information about single parents, about employee children/adopted children, about children's disability to obtain benefits and to ensure additional guarantees to parents raising children (copies of birth certificates/extracts, information about children's disability, and other related legal documents/decisions, information about education, qualifications, information about deductions from the Employee's salary, various certificates, information about summons to court, information about summons to perform public duties, information about the death of close relatives and marriage (for obtaining benefits), other Personal data when laws or the specifics of the Client's work require the Client to process them and processing is transferred to the Data Processor as well as other information related to the execution of the Main contract.
Client representatives: first name, last name, relationship with the client, phone number, email address.
Data is obtained directly from Clients or their representatives, with their consent, when executing a contract with the Client, or as required by law, transferred to the following recipients: VMI, SODRA.
The Data Controller may provide personal data of Clients and other Data subjects to Data Processors not specified in this Privacy policy, who provide services (perform works) to the Data Controller and process personal data of Clients and Data subjects on behalf of the Data Controller. Data Processors have the right to process personal data only according to the instructions of the Data Controller and only to the extent necessary to properly fulfill the obligations established in the contract. When engaging data processors, the Data Controller takes all necessary measures to ensure that data processors have implemented appropriate organizational and technical security measures and maintained the confidentiality of personal data.
The basis for processing personal data for the purpose of service provision is: consent of the data subject, execution of a contract with the Data subject, legal obligation of the Data Controller (Article 6(1)(a), (b), and (c) of the General Data Protection Regulation).
PROCESSING OF PERSONAL DATA FOR RECRUITMENT PURPOSES
The Data Controller processes the personal data voluntarily provided by the Candidate for recruitment purposes to the extent that personal data has been provided.
Data is obtained directly from Candidates and/or from third parties providing job advertisement websites. This data is not shared with third parties.
Candidate data is processed based on consent expressed by providing their data and considering their data submission as active consent to process their personal data for a specific recruitment (published or otherwise known to the Candidate) and/or request prior to entering into a contract (Article 6(1)(a) and (b) of the General Data Protection Regulation).
PROCESSING OF PERSONAL DATA FOR THE EXECUTION OF CONTRACTS WITH PARTNERS/SUPPLIERS
The Data Controller, in cooperation with partners (service providers), processes such personal data of representatives of natural or legal persons:
First name;
Last name;
Personal code;
Address;
Authorization;
Authorization period;
Represented person (relationship with the represented person);
Position;
Phone number;
Email.
Data is obtained directly from Representatives and is not shared with third parties.
Personal data is processed based on the legitimate interest of the Data Controller (Article 6(1)(f) of the General Data Protection Regulation).
WHAT DO WE DO TO PROTECT YOUR INFORMATION?
Personal data is protected from loss, unauthorized use, and changes. We have implemented organizational and technical measures to protect all information we collect for the purpose of providing our services. We remind you that while we take appropriate actions to protect your information, no website, operation performed over the internet, computer system, or wireless connection is completely secure.
The Data Controller applies different retention periods for personal data, following the requirements of legal acts and considering the purposes of processing personal data.
Retention periods for personal data:
Purpose of processing personal data | Retention period |
Processing personal data of Data subjects for the purpose of fulfilling inquiries | 1 year from the date of inquiry completion. Except where the Data subject requests to purchase goods or services from the Data Controller. Then a general 10-year term applies. |
Processing of personal data for the purpose of service provision | 10 years from the last contact |
Processing of Candidates’ personal data for the purpose of recruitment | 4 months after the Candidate is hired. Longer retention of Candidates' resumes and other data requires the Candidate's consent. |
Processing of Representatives' personal data for the purpose of executing contracts with partners | During the term of the contract and 10 years after the deal's conclusion |
|
|
Exceptions to retention periods may be established as long as they do not violate the rights of Data subjects, comply with legal requirements, and are properly documented.
Upon expiration of established terms, if they have not been extended, the data will be destroyed in such a way that it cannot be reproduced.
YOUR RIGHTS
A Data subject whose data is processed in the activities of the Data Controller has the following rights:
· To know (to be informed) about the processing of their data (the right to know);
· To access their data and how it is processed (the right to access);
· To request correction or, depending on the purposes of processing personal data, to supplement incomplete personal data (the right to rectify);
· To have their data erased or to stop the processing of their data (except for storage) (the right to erasure and the right to be forgotten);
· To have the right to require that the Data Controller restrict the processing of personal data for one of the legitimate reasons (the right to restrict);
· To have the right to data portability (the right to transfer) ;
· To object to the processing of their personal data when such data are processed or intended to be processed for direct marketing purposes, including profiling, as it relates to such direct marketing;
· To lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.
Any request or instruction related to the processing of personal data may be submitted by the Data subject to the Data Controller in writing by one of the following means: delivered directly to the address Fabijoniškių g. 5C-1031, Vilnius; by mail: Fabijoniškių g. 5C-1031, Vilnius; by email: info@pagaute.lt.
Upon receiving such a request or instruction, the Data Controller shall provide a response, and carry out the actions specified in the request or refuse to do so no later than one month from the date of the request. If necessary, the indicated period may be extended for two more months, depending on the complexity and number of requests. In such case, within one month from the date of receipt of the request, the Data Controller informs the Data subject about such extension, providing the reasons for the delay.
The Data Controller may not create conditions for Data subjects to exercise the rights listed above, except when declining to process personal data for direct marketing purposes, where it is necessary under the law to ensure the prevention, investigation, and detection of crimes, violations of professional or ethical standards, as well as the protection of the rights and freedoms of the Data subject, the Data Controller, or other persons.
THIRD-PARTY WEBSITES, SERVICES, AND PRODUCTS ON OUR WEBSITES
The Data Controller's website may contain advertisements for third-party services, links to their websites and services, which are not controlled by the Data Controller, such as a link to the Data Controller's Facebook profile. The Data Controller is not responsible for the security and privacy of the information collected by third parties. You should read the privacy policies applicable to third-party websites and services you use.
If you provided data about yourself using Facebook, we understand that you agree that we may contact you using the provided phone number and email to offer services.
FINAL PROVISIONS
Amendments or changes to the Privacy policy take effect from the day of their publication on the Website.
When, following an amendment or change to the Privacy policy, the Data subject uses the Website and/or services provided by the Data Controller, it is considered that the Data subject does not object to such amendments and/or changes.
CONTACT US
If you have any questions regarding the information provided in this Privacy policy, please feel free to contact us by email at info@pagaute.lt.
Updated 2025-08-29