This personal data processing Agreement (hereinafter referred to as the “Agreement”) governs the processing of personal data performed by UAB Interneto vizija, acting as the Data Processor on behalf of its client, acting as the Data Controller.
1. The Agreement governs the rights and obligations of the Data Controller and the Data Processor in the processing of personal data processed by the Data Processor for the purpose of the provision of the Services specified in the Special Part of the Agreement to the Data Controller.
2. Personal data is processed for the period of validity of this Agreement.
3. Obligations of the Data Controller:
3.1. Ensure that personal data transferred to the Data Processor during the execution of the Agreement and the contract is collected and processed lawfully by the Data Controller;
3.2. To implement the rights of the Data Subject;
3.3. Upon request of the Data Processor, assist him in the processing of personal data.
4. The Data Controller undertakes:
4.1. To select the technical and organizational measures for the protection of personal data in accordance with the nature of data and the level of risk of their handling, and to ensure their continuous and uninterrupted operation;
4.2. To ensure that appropriate technical and organizational measures for the protection of personal data are implemented in such a way that data processing complies with the requirements of the law and guarantees the protection of the rights of the Data Subject;
4.3. to refrain from using personal data for purposes other than the execution of the Contract and this Agreement, to take measures to prevent accidental or unlawful destruction, alteration, disclosure of personal data, as well as any other unlawful processing;
4.4. To refrain from disclosing and transferring, or making personal data available to any person by any means;
4.5. Upon noticing security violations of personal data (actions or omissions that could cause or endanger the security of personal data), to notify the Data Controller thereof at the latest within 24 hours from the discovery of a breach of personal data security;
4.6. To guarantee confidentiality both during the validity period of the Contract and the Agreement, and after the expiration of the validity of the Contract and the Agreement;
4.7. To take all measures required by Article 32 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
4.8. To use the subVendors for the processing of data specified in the Special Section of the Agreement;
4.9. by using the subVendors for the processing of data specified in the Special Section of the Agreement, to ensure that it will perform all obligations of the Data Processor as set forth in this Agreement;
4.10. To provide the Data Controller with all assistance necessary to fulfil the rights of the Data Subject in accordance with requests submitted by the Data Subject;
4.11. To help the Data Processor to comply with the obligations laid down in Articles 32-36 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, having regard to the nature of the data and the information available to the Data Processor;
4.12. Immediately notify the Data Controller if, in the opinion of the Data Processor, the Data Controller’s order violates the provisions of the legislation;
4.13. at the latest within 8 working hours of the notification, to respond to vadovams@iv.lt to reports of employees of the Data Controller of suspicious activity.
5. In the event of a conflict between the provisions of this Agreement and this Contract, the provisions of this Agreement shall be followed.
6. The Agreement is subject to the laws of the Republic of Lithuania.
7. Any disputes arising from this Agreement shall be settled in the courts of the Republic of Lithuania.
8. Annex to the Agreement – Special Part.
1. The purpose of personal data processing is the provision of the ossified services of Data Processor to the Data Controller – website hosting, e-mail, design, and server rental services.
2. Categories of Data Subjects:
2.1. Data Controller staff;
2.2. Data Controller’s clients and their representatives;
2.3. Data Controller suppliers, other partners and their representatives;
2.4. Other persons whose personal data are stored by the Data Controller on the server provided by the Data Processor.
3. Categories of personal data processed:
3.1. Full name;
3.2. Personal number;
3.3. E-mail address;
3.4. Telephone number;
3.5. Position title;
3.6. Photos;
3.7. Other personal data stored by the Data Controller on the server provided by the Data Processor.
4. Data management activities – monitoring and maintenance of servers that may contain personal data, and making backup copies of their data and their storage in the backup repository will not be longer than the backup service provided to the Data Controller.
5. Data sub-processor – UAB Rakrėjus, company registration number 303126701.
6. Country of storage of personal data – Republic of Lithuania.