The data of all data subjects is processed legally, transparently and honestly, with predetermined goals and only to the extent necessary to achieve them. When processing your personal data, we adhere to the General Data Protection Regulations No. 2016/679 (hereinafter – “the GDPR”), the Law of the Republic of Lithuania on the Legal Personal Data Protection in the Republic of Lithuania, as well as recommendations of supervisory authorities and/or personal data processing requirements.
Persons under 14 may not provide any personal data on the websites we manage and/or profiles on social networks. If you are under 14, prior to providing your personal data, you must obtain the legal consent of your representatives (parents, adoptive parents, guardians).
Data manager details
How do we collect your information?
We receive your personal data, i. e., any data about you that allows us to identify you as follows:
- You can provide data (personal) by yourself;
- Your data may be collected automatically;
- In some cases, we receive your personal data from third parties and may collect it from public sources.
You can provide us with your personal data by yourself. This often happens in the following cases:
- When you enter into an agreement with us (sale and purchase, provision of services, etc.);
- When you use our services;
- When you subscribe to our newsletters;
- When you register for our events, exhibitions, courses or other projects;
- When you submit a request, application and/or complaint to us by phone, email or mail.
Your data may be collected automatically. This often happens in the following cases:
- When you submit an application on our websites and profiles on social networks (for example, Facebook, LinkedIn, Instagram, YouTube);
- When you make entries on platforms in social networks (for example, Facebook, LinkedIn, Instagram, YouTube) that we manage;
- When you use our sites (cookies and similar technologies allow us to collect data. For more information about our cookies, see below).
To the extent permitted by applicable laws we may receive your data from third parties. This may be the data provided by our partners, contractors, service providers, as well as the data from your public profiles or databases.
We may associate your data, obtained from you, public and commercial sources with other information that we receive from you or about you.
We may also collect your data in other unspecified cases. You will be additionally informed about this.
What data (personal) do we process?
Even though we try to collect as little information about you as possible, we collect the following information to carry out our activities:
- Your contact details;
- The information necessary for the conclusion and execution of transactions, contracts and other agreements;
- Information about your achievements, professional or other activities relevant to the Vilnius tourism sector development and creating the city image;
- Your face on the photos;
- The information that you provide during telephone conversations with us, in letters, requests or registration forms;
- The information contained in the money transfers you make to us;
- The information necessary to protect the interests of our institution in court or in other institutions;
- Information about your device;
- Information necessary for direct marketing.
As a rule, the information we collect directly from you consists of the following:
Name, surname, gender and other identity data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerance, as well as other information that may be required to purchase/provide goods and/or services.
As a rule, the information that is collected automatically consists of the following:
As a rule, we collect the following information from third parties or public sources:
Name, surname, place of employment/job/business, education, information about your achievements relevant to the Vilnius tourism sector development and creating the city image, place of residence, face on photos.
You may choose not to provide us some information, however, in this case, we may not be able to provide you with our services (for example, if you do not provide the necessary information required to respond to your request, we will not be able to answer you).
Note: the staff of JSC “GO Vilnius” does not ask you to provide your login data, bank card numbers, passwords or any other information, due to the use of which you may suffer financial or any other loss.
Why and on what basis do we process your data?
The above information is processed to achieve the following goals:
- conclusion and execution of transactions, contracts and other agreements;
- realization of our institution owner’s rights, the municipality of Vilnius;
- establishment, maintenance and development of business, professional and/or other legal contacts;
- creation of the image of Vilnius, tourism sector development, as well as attraction of businessmen and talents;
- performance of our duties in accordance with applicable legal acts;
- processing of the internal administrative and accounting records of our institution;
- verification of the quality of services provided by our institution on the internet;
- realization of the interests of our institution in court or in another institution;
- direct marketing.
We inform you that we strive to keep in touch with our customers and provide them with information about the services offered. To do this, we carry out direct marketing by phone and email, providing notifications and news about our services, events, conferences, courses, etc. We have the right to send our customers promotional information about our products or services to the email address that we received during the provision of services or sales of goods. Our clients have the right to immediately or at any time refuse our marketing notifications by letting us know about this decision in any way convenient for them: by email firstname.lastname@example.org, by sending a letter to the address Gynėjų str., 16, LT-01109 Vilnius or using the link in the advertising notice in an email. This refusal will in no way affect our processing of customer data that we carried out before.
In all other cases, to carry out direct marketing, we will process your personal data only by receiving your permission to process it for this purpose. You can cancel this permission at any time by notifying us by any of the methods above.
Your personal data is processed in accordance with one or several legal processing principles:
- compliance with legal requirements;
- the conclusion and execution of transactions, contracts or other agreements concluded with you;
- state interests (unless your personal interests prevail);
- our legitimate interests (unless your personal interests prevail);
- in some cases, your consent.
The purposes, principles and personal data that we process are shown in the following table.
|Purpose||Legal basis||Personal data|
|Conclusion and execution of transactions, contracts and other agreements||Conclusion and execution of agreements with you Compliance with legal requirements The legitimate interests of our institution||Name, surname, personal code, gender and other identity data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerances, as well as other information that may be required to purchase/provide goods and/or services|
|The exercise of our institution owner’s rights||Compliance with legal requirements||Any information related to the activities of our institution, i. e., any of your personal data that we process|
|The establishment, maintenance and development of business, professional and/or other legal contacts||The legitimate interests of our institution Compliance with legal requirements State interests||Name, surname, gender, telephone number, email address or other contact details, place of employment/job/business, position|
|Creation of the image of Vilnius, the tourism sector development, as well as attraction of businessmen and talents||Compliance with legal requirements The legitimate interests of our institution State interests||Name, surname, personal code, gender and other identification data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerance, data on achievements relevant to the Vilnius tourism sector development and creating the city image, as well as your face on photos|
|Fulfilment of our duties in accordance with applicable legal acts.||Compliance with legal requirements||This depends on the requirements of the applicable legal acts, the institution request content or other objective reasons|
|Verification of the quality of services provided by our institution on the internet (to improve them and create new content)||The legitimate interests of our institution||IP address, version of the operating system and the device you use to get access to the content, parameters, session time and duration, as well as any information that is stored in cookies that we install on your device, device GPS signal or information about the nearest Wi-Fi access points and mobile towers, which can be transmitted to us, when you use our Website|
|Direct marketing (only if we received your consent or did not receive a message from you prohibiting us from doing so)||Consent The legitimate interests of our institution||Name, surname, email address, telephone number, address of residence, age|
When we cannot be guided by one of the legal grounds set forth in this table, prior to beginning to process your personal data, we will ask for your consent (such cases will be clear, depending on the circumstances and context).
To whom do we transfer your personal data?
Without your prior written consent, we may transfer your personal data only in the following cases:
- to our business partners or companies, providing services at our request, selected in a responsible manner;
- the owner of our institution, the Municipality of Vilnius;
- law enforcement and government agencies;
- to other entities, if this is required by law or to protect our legitimate interests.
The ability of your personal data recipients (individual data managers) to use your data is limited. They may not use this information for purposes not specified in the contract. If we need to use their direct marketing offers, you will be asked for separate consent.
We can also provide your data to data managers who provide services to us (perform work). They are entitled to process your personal data only based on a written contract signed between us and them according to our instructions and only to the extent necessary for the proper fulfilment of contractual obligations. Our data managers help us take all the necessary measures to ensure that they can take appropriate organizational and technical measures to ensure security and maintain the confidentiality of your personal data.
Below is a list of data recipient categories:
Banks; advertising and marketing agencies; the company that controls our institution’s system, as well as other companies involved in software creation, installation and support; communication companies; security companies; the companies providing financial accounting to our institution; mail delivery companies and courier services; legal advice companies; archiving companies; bloggers and other media representatives; accommodation, catering, leisure, event organization companies etc., inextricably linked with the Vilnius tourism sector.
Other parties who may be provided with your personal information we have, when it is necessary to protect our legitimate interests or to comply with the requirements of legal acts: government organizations, the persons conducting a pretrial investigation, courts, etc.
Which countries are your personal data transferred to?
Sometimes we must transfer your personal data to other countries where lower level data protection policies may be applied. In such cases, we do our best to ensure the security of the transferred personal data.
In very rare cases, we may send your personal data to countries outside the EEC. In such cases, we will apply one of the following security measures:
- we sign a contract with the data recipient, based on the standard contractual terms, approved by the European Commission;
- mandatory conditions apply for companies;
- the data recipient is in a country recognized by the European Commission as applying appropriate data protection standards;
- codes of conduct; certification mechanisms;
- we obtain permission from the State data protection inspectorate.
If any of the above security measures are applied, we can use the exceptions provided by Article 49 of the Regulations (for example, transfer your data with your consent), but they can only be used strictly in the cases, formulated in the Regulations.
What do we do to protect your personal data?
We have implemented smart and appropriate physical and technical means to protect the information we collect in order to provide content/services. However, note that, although we take appropriate measures to protect your personal data, not a single website, transaction through the internet, computer system and wireless communications are completely secure.
How long will we store your personal data?
We set your personal data storage term, guided by the requirements of the law, regulations and instructions of the supervising institution and/or another competent institution. If these requirements or instructions are not set, we set your personal data storage term, based on state interest or our legitimate interests, but this term cannot exceed 7 years from the data receipt date (unless, as mentioned above, a longer data storage term is provided by legal acts).
At the end of the data storage term, your data is erased so that it cannot be restored to establish your identity.
As a rule, the following personal data storage terms are established:
|Personal data||Storage period|
|Data related to the conclusion and execution of transactions, contracts and other agreements||10 years after expiration/termination of a transaction, contract or agreement|
|Payment details||10 years after a transaction|
|Data related to registration forms for our events, conferences, exhibitions, courses or other projects||Up to 7 years after submitting the registration form|
|Data in the applications, statements and/or claims provided to us by phone, email or mail||Up to 1 year from the request/application/claim receipt or their execution|
|Information about your achievements, professional or other public activities relevant to the development of the Vilnius tourism sector and creation of the city image||The data is periodically checked and stored as long as it is relevant to the development of the Vilnius tourism sector and creation of the city image . The data may be erased earlier, if you notify us that you do not wish it to be stored (if your interests prevail)|
|Your photos||While your consent is valid or if you are a public person, while the publication of your photos is relevant to the development of the Vilnius tourism sector and creation of the city image. The data may be erased earlier, if you notify us that you do not wish it to be stored (if your interests prevail)|
|Your data is related to the potential or existing protection of our interests in court or another institution||Until the claim limitation or the claim/complaint submission period expires and/or until the court decision’s effective date|
|Personal data processed with your consent, except for your consent to the use of your photos||Up to 2 years from receipt of your consent, if it not revoked before|
|Records (logs) of IT systems||1 year|
Even if you declare your desire to terminate the contract and refuse our services, due to requirements that may arise in the future, we will need to continue to store some of your personal data until the storage period expires. The data will also be stored so that, if necessary, we can provide you with the necessary information, so that we have a properly recorded history of our relations and can answer your questions related to our communication.
What are your rights?
Depending on the situation and additional conditions approved by GDPR you have the following rights:
- to know (be informed about your data processing (the right to know);
- to review your data that we process and how it is processed (the right to review);
- to request to correct or, based on the personal data processing purposes, to supplement your non-exhaustive personal data (the right to request to correct);
- to request to erase your personal data (the right to “be forgotten”);
- to require us to limit your personal data processing (the right to limit);
- to require transfer of the data provided to us (the right to transfer data);
- to disagree with your personal data processing at any time, when processing is carried out to fulfil public interests, to fulfil our legitimate interests or legitimate interests of a third party, as well as when personal data is processed for direct marketing purposes, including profiling (the right to disagree);
- to cancel your consent to your personal data processing, if it is processed, based on your consent.
We always strive to properly enforce your rights and respond promptly to any possible violation of them, so, if you have any questions, regarding your personal data that we process, we ask you to contact us first. We also note that, in all cases, you are entitled to file a complaint with the State Data Protection Inspectorate at any time.
We give you the opportunity to exercise your rights in a convenient way. You can do this by calling this phone number – +370 686 57232, by emailing us at email@example.com or by using any links listed at the bottom of the advertising content provided to you.
Your rights will be exercised subject to prior personal confirmation of your identity (subject to the provision of an identification document: an identification card or passport) or via electronic communication (for example, using an electronic signature).
|Your right||Some restrictions|
|The right to know||Before the beginning of your personal data processing, you are entitled to receive concise, simple and understandable information about your data processing.|
|The right to review||This right means that you can ask us to provide the following: A confirmation that we process your personal data; A list of your personal data processed; A list of goals and legal grounds for processing your personal data; A confirmation that we send data to third countries. If this fact is confirmed, the information about what security measures were applied; The source of your personal data; The information about whether profiling is applied; A data storage notification. We will provide the above information with the condition that it does not violate the rights and freedoms of others.|
|The right to request to correct||Applies, if your personal data is not exhaustive or clear.|
|The right to “be forgotten”||Applies, if: The information we have is no longer needed to achieve the stated goals; We process data based on your consent; We process data based on legitimate interests. After obtaining your consent, it is established that your interests prevail; The information was obtained by illegal means.|
|The right to limit||This right may be exercised while we analyse the situation, i. e.: If you dispute the accuracy of the information; If you object to the processing of your personal data, when it is carried out based on legitimate interests; We use the information illegally, but you object to its deletion; We no longer need the information, but you need to keep it for trial.|
|The right to transfer data||This right can be exercised, if you provide your data and we process it automatically based on your consent or an agreement concluded with you.|
|The right to disagree||This right can be exercised, if the data is processed to protect public interest or data processing is necessary to protect the legitimate interests of the data owner or third party. When processing your personal data on this basis, we must prove that the data is processed for valid legitimate reasons that are more important than your interests.You may also at any time disagree with your personal data processing for direct marketing purposes, including profiling, as far as direct marketing is concerned.|
|The right to withdraw consent||To cancel your consent to the processing of your personal data at any time, if it is processed, based on your consent.|
|The right to file a complaint with the State Data Processing Inspectorate||The data subject has the right to contact the institution responsible for the supervision and control of legal acts regulating the personal data protection – the State Data Processing Inspectorate (L. Sapiegos str. 17, Vilnius 10312, email: firstname.lastname@example.org, phone (8 5) 271 2804).More information available at: www.ada.lt|
We may not create conditions for you to exercise the above rights when, in cases provided for by law, it is necessary to ensure the prevention of crimes, violations of professional or professional ethics, ensure the investigation progress and the criminal identification, as well as protect the rights and freedoms of the data subject and other persons.
Cookies, signals and similar technologies
- to identify you as a previous visitor to a particular website;
- to preserve the history of your visit to a website and adjust its content;
- to ensure the smooth operation of the Website;
- to control the duration and frequency of visits to collect statistics on the number of visits to the Website.
By analysing this data, we can improve our Website and make it more convenient to use.