Company internal policy
PROTECTION POLICY OF PERSONAL DATA OF THE COMPANY’S EMPLOYEES AND CUSTOMERS
- The protection policy of personal data of the employees and customers of UAB “DAIKRA” (hereinafter – Policy) regulates the principles of collection, use and storage of the personal data of the employees and customers of UAB “DAIKRA”, provides main technical measures of personal data processing and implementation of the rights of the data subject, as well as organisational measures of data safety, and determines the persons who and for what purposes may access personal data of the employees and the customers.
- Particulars of UAB “DAIKRA”:
2.1. Company number of UAB “DAIKRA” is 302439166.
2.2. Activities of UAB “DAIKRA” (2nd edition of the Classification of Economic Activities):
2.2.1. plumbing, heat and air-conditioning installation, 432200.
2.3. Registered address of the Company: 30-6, Sandėlių str., Klaipėda.
2.4. Company’s manager – Director Dainius Kraynas;
3. The term responsible person used in the Policy shall mean a natural or legal person assigned by the order, contract for services or other contract (save for employment contract) by UAB “DAIKRA” to process personal data of its employees.
PRINCIPLES OF PROCESSING AND PROTECTION OF THE EMPLOYEES’ PERSONAL DATA
4. When processing personal data of its customers and employees, UAB “DAIKRA” has to observe the following principles of the personal data processing and protection:
4.1. personal data shall be collected for lawful and defined purposes in the scope necessary for the employer to collect and store personal data of the employees and customers in order to implement the obligations provided in the legal acts, and the data shall be processed in a manner that is compatible with those purposes;
4.2. when the personal data are collected and processed, the principles of purpose limitation and proportionality should be observed; the employees and customers shall not be required to submit the unnecessary data that are not stored;
4.3. personal data shall be processed accurately, fairly and lawfully. If necessary for processing, the personal data shall be updated regularly; inaccurate or non-exhaustive data shall be rectified, supplemented, deleted, or their processing shall be suspended;
4.4. personal data shall be stored in the manner permitting to identify the employees and customers as data subjects for the term not exceeding the term necessary to achieve the purposes set for collection and processing of the data.
- The personal data shall be collected, processed and submitted to certain authorities in accordance with the laws and legal acts of the Republic of Lithuania. The personal data may be received directly from the employee, customer or by making an official inquiry to the entities, registers and information systems processing and entitled to provide the necessary information.
- The personal data of employees and customers of UAB “DAIKRA” present in the texts of respective documents (contracts, orders, applications, etc.) shall be stored for the specified period in accordance with the Index of General Terms of Document Storage approved by the order of the Chief Archivist of Lithuania.
- Other data of employees and customers shall be stored for the period necessary to attain the purpose of data processing. When personal data are not needed any more for their intended processing purpose, the data shall be destroyed, save for the data that have to be transferred to the archivist in the cases defined in laws.
- UAB “DAIKRA” may transmit the processed personal data to third parties in the cases and in the manner defined in the legal acts.
- The Director of UAB “DAIKRA” shall ensure compliance with the principles of processing and protection of personal data by application of appropriate organisational measures (orders, instructions, descriptions, and recommendations).
COLLECTION AND PROCESSING OF THE OF THE EMPLOYEES’ PERSONAL DATA
- Personal data of the employees and the customers shall be collected and processed for the following purposes:
10.1. conclusion, implementation and accounting of employment and other contracts;
10.2. appropriate implementation of the obligations of UAB “DAIKRA” as an employer, as defined in the legal acts;
10.3. appropriate communication with employees outside the working hours;
10.4. assurance of appropriate work conditions.
- UAB “DAIKRA” shall process the following personal data of the employees for the purpose of conclusion, implementation and accounting of employment contracts:
11.1. names and surnames of employees;
11.2. personal numbers of employees;
11.3. home addresses, personal phone numbers;
11.4. dates of birth;
11.5. numbers of personal identity documents;
11.6. education documents;
11.7. qualification documents of employees (if necessary);
11.8. documents confirming work experience;
11.9. numbers of personal bank accounts, to which wages are transferred;
11.10. certificates about work time in another institution (in case of second employment);
10.11. medical cards.
- UAB “DAIKRA” shall process the following personal data for the purpose of appropriate implementation of its obligations as an employer:
12.1. personal numbers of employees;
12.2. information about marital status of the employees.
- The following personal data shall be processed for the purpose of appropriate communication with employees outside the working hours:
13.1. home addresses;
13.2. personal phone numbers;
13.3. personal e-mail addresses;
13.4. accounts of online communication apps (Messenger, Viber, WhatsApp, Instagram, Facebook, etc.).
- In order to assure appropriate work conditions, UAB “DAIKRA” shall process the information related to the employee’s health that is directly related to the employee’s work functions and possibility to fulfil them in accordance with the legal acts.
- The employees’ personal data shall be stored in personal files and appropriate databases in the scope and for the period necessary to achieve the set goals.
- The employees’ personal data may be processed only by the persons authorized by the director, who need such personal data in order to be able to carry out their functions and only when they are necessary to achieve certain goals.
- The employees shall notify the administration of UAB “DAIKRA” about changes in their personal data.
- Name, surname, and date of birth of a newly employed person shall be received from his/her personal identity documents (personal identity card, passport or another relevant document).
- Home address, settlement account number, personal contact phone number and e-mail address of a newly employed person shall be received from the questionnaire completed by the respective employee.
- The responsible persons entitled to process personal data of the employees and customers are the following:
20.1. the employee assigned by the order of the manager of UAB “DAIKRA” shall process all the data specified in Clauses 10, 11, 12 herein;
20.2. the specialist of the database shall process the data needed for administration of the registers of employees and customers.
- The employees entitled to process the employees’ personal data and other responsible persons entitled to access the employees’ personal data (director, accountant of UAB “DAIKRA”) shall observe the confidentiality principle and keep in secret any information related to personal data that was learnt in the course of implementation of work duties, unless such information is public according to the current laws or other legal acts. The duty to protect personal data shall survive transfer of the employee to another position, termination of employment or contractual relations.
RIGHTS OF THE SUBJECT OF PERSONAL DATA
- Rights of employees as data subjects and their implementation measures:
22.1. When collecting personal data of an employee or a customer, UAB “DAIKRA” shall inform such employee or customer what personal data the employee or customer has to submit, for what purpose such data are collected, for what purpose and to whom they could be transmitted, and what the consequences of failure to submit personal data are;
22.2. The employee and the customer shall have the right to access gratuitously their personal data held by UAB “DAIKRA” and to receive the information, from what sources and what personal data were collected, for what purpose and to whom they are transmitted. Upon receipt of the data subject’s request, UAB “DAIKRA” shall submit in writing the requested data not later than within 20 business days after receipt of the respective request or state the reasons justifying the refusal to satisfy such request;
22.3. If, upon access to own personal data, the employee or the customer determines that they are incorrect, non-exhaustive or inaccurate, such person shall address the director of UAB “DAIKRA” (in writing, orally or in another form). UAB “DAIKRA” has to check, specify, supplement or rectify the incorrect, non-exhaustive or inaccurate personal data and/or suspend processing of such personal data, save for their storage;
22.4. The employee or customer shall have the right to oppose to processing of certain personal data, the processing of which is not compulsory. Such refusal may be expressed without completing all the boxes in the questionnaire for the employee or the customer or other additional documents, also by submitting the application for cancellation of processing of certain personal data, the processing of which is not compulsory. Upon receipt of the request to terminate processing of certain personal data, the processing of which is not compulsory, UAB “DAIKRA” shall cancel such processing immediately, unless it contradicts to the requirements of legal acts, hence notifying the employee thereof.
MEASURES SAFEGUARDING PROTECTION OF PERSONAL DATA
- The right to access personal data of the customer and consents to process the personal data shall be granted, waived and amended by the order of the director of UAB “DAIKRA”.
- UAB “DAIKRA” shall safeguard appropriate storage of the documents and data media and shall undertake measures to prevent incidental or unlawful destruction, modification, disclosure of personal data, or any other unlawful processing. The employees processing personal data have to store the documents and data media appropriately and safely and avoid making unnecessary copies. The copies of the documents containing personal data of the employees or customers shall be destroyed in such a manner as to make it impossible to recognise such documents or to restore their content.
- Only the persons authorised to access personal data of the employees of UAB “DAIKRA” may access them and only when it is necessary to achieve the goals specified in this Policy.
- UAB “DAIKRA” shall assure safety of the premises where the personal data are stored, appropriate layout and maintenance of technical equipment, compliance with the fire safety rules, appropriate management of the network, maintenance of the information systems, and implementation of other technical measures necessary to safeguard protection of personal data.
- If an employee or another responsible person doubts reliability of the installed safety measures, such person shall address his/her direct supervisor asking to assess the available safeguards and, if necessary, to initiate acquisition and installation of additional measures.
- The responsible persons who process personal data in the automated manner or from whose computers it is possible to access the areas of the local network, where personal data are stored, shall use the passwords generated according to the appropriate rules. The passwords shall be changed periodically at least once in 6 months and if certain circumstances arise (e.g., the employee is replaced, in case of threat of break-in, suspicion that the password has been learnt by third parties, etc.). It is recommended for such persons to use a screensaver protected by a password in such computers.
- The computerised files held in the employees’ computers, where the personal data are stored, cannot be accessible to the users of other computers.
- The antivirus programme has to be updated continuously in the computers.
- The responsible person using certain computer may know only own password. The employee shall give the password in the sealed envelope to the responsible person of UAB “DAIKRA”. The passwords shall be kept in a strongbox or other safe place ad used only in indispensable cases.
- The assigned employee or another responsible person shall make copies of personal data kept in the computers at least once in 6 months.
- The documents of the employees and their copies, financing, accounting and accountability, archival and other files containing personal data shall be kept in the cabinets or strongboxes. The documents containing personal data shall not be kept in publicly accessible places.
- If violations of safety of personal data are identified, UAB “DAIKRA” shall undertake immediate actions to prevent unlawful processing of personal data.
- The employees processing personal data and having access to the personal data processed by UAB “DAIKRA” shall familiarize with this Policy under signature and thus undertake to keep the personal data confidential unless they are made publicly known.
- The Policy shall be reviewed and updated at least once in 5 years or when the legal acts governing processing of personal data change.
- All the persons employed by UAB “DAIKRA”, who process personal data of the employees and customers of UAB “DAIKRA” collected and stored in UAB “DAIKRA” or who learn them in the course of their work shall comply with this Policy.
- The employees of UAB “DAIKRA” shall be familiarised with the Policy under signature or by using electronic means.
- UAB “DAIKRA” shall have the right to modify this Policy completely or partially. The employees and other responsible persons shall be familiarised with the amendments under signature or by using electronic means.
- Non-compliance with the Policy may be regarded as a disciplinary violation, for which the liability provided in the Labour Code of the Republic of Lithuania may be imposed on the employees, depending on the severity of violation in question.
- The representative elected by the employees of UAB “DAIKRA” was informed about this Policy. This person has been consulted on adoption of the Policy.