Privacy Policy
We are aware of the particular importance of the protection of your personal data and therefore only collect and process your data that is necessary for the performance of our activities. We process personal data lawfully, transparently and fairly, for predefined purposes and only to the extent necessary to achieve the purposes of the processing. When we process personal data, we aim to keep it accurate, secure, confidential, properly stored and protected.
In processing your personal data, we comply with the 2016. 27 April the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”), the Law on Legal Protection of Personal Data of the Republic of Lithuania, as well as the requirements for the processing of personal data set out in other legal acts and/or by the controlling institutions.
1. Who is this document for?
1.1. By reading this privacy policy (“Privacy Policy”), you will learn how and for what purposes we process your personal data, where we obtain it, to whom we provide it and how we store it, and what your rights as a data subject are.
1.2. This Privacy Policy governs the use of our website https://www.abfondas.lt (the “Site”), our account on the social network LinkedIn https://www.linkedin.com/company/ateities-biomedicinos-fondas-labdaros-ir-paramos-fondas/ (“Account”) and the provision of services (e.g., the use of the system accessible through the Customer Area option on the Site), your use of the Site, or other activities carried out by us, the privacy terms in relation to our processing of your personal data and our privacy policy. Please read this Privacy Policy carefully as each time you visit the Website and/or our Account, you agree to the terms of this Privacy Policy. If you do not agree to these terms and conditions, please do not visit our Website and/or our Account or use our services.
1.3 As used in this Privacy Policy, “personal data” means any information from which you can be identified, whether directly or indirectly. Personal data includes, for example, your name, surname, first name, email address, telephone number, location data and internet identifier, characteristics specific to you and other personal data as defined in the GDPR.
1.4. For the purposes of processing personal data as detailed in this Privacy Policy, we do not ask you to provide us with, and we do not process, special categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health data, genetic data, biometric data (for the purpose of specifically identifying you), and information about your sex life in any circumstances.
1.5. Other terms used in the Privacy Policy shall have the meanings set out in the GDPR, the Law on Legal Protection of Personal Data of the Republic of Lithuania, as well as other legal acts.
2. Who are we?
2.1. We are the Ateities Biomedical Foundation, a charity and support fund based in Upės str. 23-1, LT-08128 Vilnius, code 305959325, tel.+37061154664, email. email : erika@abfondas.lt;(“we”).
2.2 In accordance with the provisions of legal acts, we are the controller of your personal data in the cases and to the extent provided in this Privacy Policy.
3. What principles do we follow when processing personal data?
3.1. When we process your personal data, we:
3.1.1. comply with the requirements of current and applicable legislation, including the GDPR;
3.1.2. We process your personal data in a lawful, fair and transparent manner;
3.1.3. we collect your personal data for specified, explicit and legitimate purposes and do not further process it in a manner incompatible with those purposes, except to the extent permitted by law;
3.1.4. we take all reasonable steps to ensure that personal data which are not accurate or complete in relation to the purposes for which they are processed are rectified, supplemented, erased or suspended without delay;
3.1.5. we keep them in such a form that your identity can be established for no longer than is necessary;
3.1.6.we do not provide personal data to third parties and we will not disclose it to any third party, except in the cases specified in the Privacy Policy or in the applicable legal acts;
3.1.7. we ensure that your personal data is processed in such a way as to ensure, by appropriate technical or organisational measures, adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
4. How do we collect your personal data?
4.1. We process your personal data received in the following ways:
4.1.1. When you submit them to us. You provide us with your personal data and other information by using the Website, visiting our Account, writing to us or communicating with our team (by submitting your complaints and/or queries, etc). Please note that if you contact us in writing or by email. by email – we will save your correspondence data.
4.1. 2. When you use any of our Websites and/or our Account. When you use our Website and/or visit our Account on social networks, certain information (e.g. Internet Protocol (IP) address, the type of web browser used, the number of visits, etc.) is collected automatically, as detailed in Section 6 of this Privacy Policy.
4.1.3. When we receive your personal data from other persons in accordance with the procedure established by legal acts and/or this Privacy Policy. In those cases where we do not receive data from data subjects, we require that data subjects be informed of the processing of the personal data concerned (the purpose and other conditions and circumstances detailed in this Privacy Policy). In addition, in cases where we are provided with the personal data of a data subject other than ourselves, we require that the data subject is made aware of this Privacy Policy by the person providing the personal data.
4.1. 4. You will always be able to request the rectification of inaccurate personal data and to exercise your other rights as a data subject as set out in this Privacy Policy, the GDPR and other applicable law.
5. What are the purposes and ways in which we process your personal data?
5.1 The exact scope of the personal data we process and how we process it depends on the specific relationship between you and us. We may process your personal data for the following autonomous purposes:
5.1.1. For the purpose of collecting charity/donations.
- Yours, t. y. We process the personal data of donors and recipients (or their representatives) that we receive when you give or receive support in the course of our activities of collecting and organising donations (charity). For this purpose, we may process the following personal data: name, surname, contact details (e.g. email, telephone number), payment information (e.g. bank account number, amount of the transfer, date of the transfer, purpose of the transfer), the content of the communication relating to the collection and organisation of donations (charity).
- The legal grounds for processing: the performance of a contract for the provision or receipt of support/charity with the data subject (donor or recipient) (Article 6(1)(b) of the GDPR), the fulfilment of our legal obligations relating to the organisation of the support/charity (Article 6(1)(c) of the GDPR) and our legitimate interest in concluding contracts for the provision or receipt of support/charity with legal persons (Article 6(1)(f) of the GDPR).
- Processing period: for this purpose, we will process your data within the time limits set out in the General Index of Document Retention Periods approved by the Office of the Chief Archivist of Lithuania, but no longer than 10 years from the end of the agreement with you.
- We receive data from you and from third parties such as financial institutions (banks) when you make a payment. We may transfer data to the entities set out in section 7 of this Privacy Policy and, for example, to beneficiaries (if necessary), financial institutions.
5.1.2. For direct marketing purposes.
- We may process your personal data (name, surname, contact details such as email address or telephone number) for direct marketing purposes.
- Legal basis for processing: your freely given consent (Article 6(1)(a) of the GDPR), or our legitimate interest to provide you with information or news about our activities in case such direct marketing meets the criteria set out in Article 81(2) of the Law of the Republic of Lithuania on electronic communications (Article 6(1)(f) of the GDPR).
- Duration of data processing: the data will be stored for 2 years from the date of receipt of your consent or until its withdrawal, if earlier. If we process the data on the basis of our legitimate interest, the data will be stored and processed for this purpose for 2 years after the end of our contractual relationship.
- We obtain data for this purpose from you. We may transfer data to the entities set out in Section 7 of this Privacy Policy.
5.1.3. For the organisation and publicity of events.
- For the purpose of organising and publicising our events, we may process the following data about you, i.e. y. personal data of event participants: name, surname, contact details (e.g. email, phone number), your image (photo and/or video) and communication for the purposes of organising the event.
- The legal grounds for processing: your consent in relation to the processing of your personal image (Article 6(1)(a) of the GDPR) and our legitimate interest in the smooth and efficient organisation of the event (Article 6(1)(f) of the GDPR).
- Duration of processing: your data will be stored for up to 1 year or until your consent is withdrawn in relation to the processing of your personal image. In individual cases, in accordance with the requirements of the applicable legislation, your personal data may be stored for a longer period.
- We obtain data for this purpose from you. We may transfer data to the entities set out in Section 7 of this Privacy Policy.
5.1.4. For the purpose of contractual relations and communication with our partners.
- Yours, t. y. personal data may be processed by us for the purpose of maintaining contractual relationships and communication with our partners or representatives of our partners (legal entities). For this purpose, we process the following data: your name, surname, contact details (e.g. email, telephone number), other information necessary for the performance of the contract (e.g. bank account number), and the content of your communication with us.
- The legal grounds for processing: performance of a contract with the data subject (partner) (Article 6(1)(b) GDPR) and our legitimate interest in concluding contracts with partners (legal entities) (Article 6(1)(f) GDPR).
- Processing period: for this purpose, we will process your data within the time limits set out in the General Index of Document Retention Periods approved by the Office of the Chief Archivist of Lithuania, but no longer than 10 years from the end of the agreement with you.
- We receive data from you and from third parties such as financial institutions (banks) when you make a payment. We may transfer data to the entities identified in Section 7 of this Privacy Policy.
5.1.5. To improve our website and services in order to offer better and more tailored services to you.
- We use your personal data, including the personal data we receive from your use of our Website and your visit to our Account, to improve and develop the Website and to offer you better and more personalised services. For this purpose, we receive data from you (through the use of cookies when you use the Website) and/or from other parties (including, but not limited to, social network managers through their use of cookies).
- Legal basis for processing: your freely given consent (Article 6(1)(a) of the GDPR), or our legitimate interest in ensuring the proper functioning of the Website (only in relation to essential cookies) (Article 6(1)(f) of the GDPR).
- For more detailed information about the categories and specifics of the personal data processed for this purpose and how we use cookies and similar technologies, please see Section 6 of this Privacy Policy.
5.1.6. for the purpose of monitoring the quality of our performance and the use of other functionalities of the Website and for the purpose of ensuring communication with us (handling of complaints and/or requests and communications from you).
- When you contact us (or we contact you after receiving your request), we process the following in writing, by email, or by post. information received by post, via the Website or other communication, which may include personal data such as: date and time of contact, subject of the contact, name, surname, e-mail address, name, address, email address, etc. mail, phone number, social network account name, social network photo, date of contact, details of the company involved, content of the complaint and/or enquiry, date, time and duration of the call, other communication information voluntarily provided by the person making the request / collected in the course of the enquiry/complaint.
- Legal basis for processing: performance of our contract with you (Article 6(1)(b) of the GDPR), as well as our legitimate interest in evaluating feedback from our customers for the purpose of improving the quality of our operations and services (Article 6(1)(f) of the GDPR).
- Duration of data processing: for this purpose, we keep your data for 2 years from the date of recording. If the relevant data relates to a contract you have entered into with the Management Company as a client (investor) of the Management Company, then the data will be stored for 10 years from the end of the contract.We obtain the data from you, we may create personal data ourselves in the course of a query or analysis of a complaint (e.g., after receiving your complaint, we contact our employees regarding the actual circumstances of the complaint and record them, etc.), from third parties: distributors, compliance service providers or other persons engaged for the performance of our activities.We provide or transfer data to persons providing Site administration services, legal services, compliance services.
5.1.7. For the purpose of recruiting candidates to join our team.
- If you contact us about joining our team, we may process your personal data for this purpose: the data you provide in your CV or in the questionnaire you fill in, the data collected during the communication, such as: name, surname, email address, etc. Postal address, telephone number, city, gender, date of birth, education, fields of activity, professional (including volunteering) experience, professional projects undertaken, foreign languages spoken, link to LinkedIn social network account.
- Legal basis for processing: for the purpose of concluding an agreement (employment contract) for you to join our team (Article 6(1)(b) GDPR).
- Duration of processing: we will keep the data processed for this purpose for no longer than 30 calendar days from the date on which the specific selection has been completed and/or we have informed you that there is no longer an opportunity to join our team, unless we have received your separate consent to keep the data for another purpose (i.e. administration of the Candidate Database) for a longer period of time, in which case the personal data will be kept for the period of time specified at the time of the receipt of the consent (normally 1 year from the date of the date of your giving your consent).We obtain the data from you, from third parties (e.g. legal entities providing recruitment services, current or former employers with a legitimate basis).We provide or transfer data to Legal Services Providers, Compliance Services Providers.
5.1.8. For the purpose of resolving legal claims and disputes.
- We may also process all of the above personal data for the purpose of asserting, exercising or defending legal claims. For this purpose, we will process personal data on the basis of our legitimate interest to assert, exercise or defend legal claims (Article 6(1)(f) GDPR). We will process them for this purpose until the end of the relevant legal proceedings (e.g. the resolution of a claim, the entry into force of a court or arbitration decision) and, in the case of a final decision by a court or other dispute resolution body as a result of the relevant legal proceedings, for a period of 1 year from the date of such decision.
5.1.9. For other purposes where we are required to process your personal data by law or where there is a legitimate interest or other lawful basis for the lawful processing of personal data.
6. How do we use cookies?
6.1. We collect information about you by using cookies and similar technologies. Cookies are small files that are temporarily stored on your device’s hard drive and allow you to be recognised on subsequent visits to the Website, social networks, to save personal browsing history, preferences, customise content, to speed up searches, to create a user-friendly and friendly environment, and to make it more efficient and reliable. Cookies are a common practice on websites that make it easier to use the website.
6.2. We may collect the information specified in Section 5.1.5 of this Privacy Policy by means of cookies through the Website. as detailed in point 6.6. Para.
6.3. We use the information we receive through cookies to:
6.3.1. to ensure the functionality of the Site;
6.3.2. so that we can improve and develop the Website to better meet your needs;
6.3.3. for the development of services and analysis of the use of the Website;
6.3.4. organising and carrying out targeted marketing.
6.4 We may, without prejudice to the law, combine information obtained through the use of cookies with information obtained about an individual by other means (e.g. information about the use of the Website with other personal data provided by you or obtained from other sources).
6.5 Please note that the Website and social networks may use cookies such as:
6.5.1. essential (technical) cookies – these are cookies that are necessary for the operation of the Website;
6.5.2. Functional cookies – these are cookies that, although not essential to the operation of the Website, significantly improve its performance, quality and visitor experience;
6.5.3. analytical (statistical) cookies – these are cookies used to prepare a statistical analysis of the browsing habits of visitors to the Website; the data collected by these cookies is used anonymously;
6.5.4. Targeting or advertising cookies – these are cookies that are used to show you offers or other information that may be of interest to you.
6.6 For information about the cookies used on the Website, their purpose, validity and data used, please click here:
| Name | Purpose | Duration of use |
|---|---|---|
| cookie_notice_accepted_abfondas | Cookie consent pack. Saves your cookie preferences (so you don’t have to ask again) | 2 months. |
| _ga | “Google Analytics collects information about user behaviour on the website based on this cookie and is used to store statistical information. To differentiate between users. | 2 years |
| _gid | “Google Analytics collects information about user behaviour on the website based on this cookie and is used to store statistical information. To differentiate between users. | 24 hours. |
| _giat | “Google Analytics collects information about user behaviour on the website based on this cookie and is used to store statistical information. To differentiate between users. | 1 min. |
6.7 You can consent to the use of cookies on our Website by clicking “I agree” on the link (bar) about cookies on the Website. Please note that all cookies (other than essential cookies) are only enabled when you give your consent.
6.7 You may withdraw your permission for us to use cookies at any time. You can do this on the Website by changing your browser settings so that it does not accept cookies. How you do this depends on the operating system and web browser you use. For detailed information on cookies, their use and the possibility to refuse them, please visit http://AllAboutCookies.org or http://google.com/privacy_ads.html.
6.8. In some cases, in particular the disabling of technical and functional cookies, the refusal to accept cookies or their deletion may slow down the speed of your browsing on the Internet, restrict the functioning of certain functions of the Website, or block access to the Website.
6.9. For details about external websites (such as social networks), please refer to Section 10 of this Privacy Policy.
7. Who do we disclose your personal data to?
7.1. We may share your personal data with third parties (data processors) that provide services to us and act on our behalf (e.g. companies that provide website hosting services, IT service providers, etc.). We ensure that the processing of personal data by such third parties is carried out only on our lawful instructions and in accordance with the requirements of the GDPR and other applicable law, and that the personal data is transferred to them only when and to the extent necessary to provide the relevant services.
7.2. In addition, personal data may be transferred to relevant recipients/independent third parties, i.e. y. independent controllers, where this is necessary to ensure the proper performance of the purposes of the processing of personal data referred to above or for the fulfilment of statutory obligations (for example, professional advisors, public bodies acting in their official capacity).
7.3. Third countries. We do not transfer your personal data to third countries (outside the EU/EEA) unless it is deemed necessary. We may transfer your personal data outside the EU/EEA if we have your explicit consent to do so, or if it is necessary and appropriate safeguards will be in place under the GDPR, such as an adequacy decision or standard contractual clauses. We make every effort to ensure that the GDPR requirements are complied with when transferring data in this way and implement appropriate measures to ensure that your personal data is secure. For more information on such measures, please contact us directly on the above telephone number or email. to the following postal address.
8. How long do we keep your personal data?
8.1. We will not keep your personal data for longer than the purposes of processing or the law requires, unless a longer retention period is specified in the law.
8.2. We aim not to store outdated, irrelevant personal data, so that only relevant information is stored when it is updated (e.g. when information is revised, changed, etc.). Historical information is protected where required by law or to protect our legitimate interests.
8.3. Privacy Policy 5.1. Point 4.1 specifies the time limits for the retention of your personal data separately for each purpose of processing your personal data.
9. How do we protect your personal data?
9.1. Unfortunately, the transmission of information over the internet is not completely secure. Although we take great care to protect your personal data, we cannot guarantee 100% data security when you transmit data to the Website – you assume the risks associated with the transmission of data to the Website.
9.2. We implement appropriate technical and organisational measures that comply with the GDPR to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or use, as well as against all other forms of unlawful processing.
9.3. If we become aware of a personal data breach that may pose a serious threat to your rights or freedoms, we will inform you immediately upon becoming aware of it and after we have identified the information accessed.
9.4. Among other things, the website uses a Letsencrypt.org SSL certificate:
9.4.1.The identity of the website is confirmed;
9.4.2. All data transmitted between the server and the browser is encrypted;
9.4.3. Data integrity and originality are ensured;
9.4.4. For more information visit https://letsencrypt.org.
10. External websites
10.1. The website may contain links to external websites, such as those of our business partners or websites on which we have accounts, which advertise our services. If you follow such links to any of the websites, please note that these websites and the services available through them have their own separate privacy policies and that we do not accept any responsibility or liability for these policies or for the personal data, such as contact or location data, collected through these websites or services. We recommend that you review these policies before submitting personal data on these websites or using any services.
11. What rights do you have?
11.1. When processing personal data, we ensure your rights in accordance with the GDPR and the Law on Legal Protection of Personal Data of the Republic of Lithuania. As a data subject you have the following rights:
| Right to be informed and right of access to personal data | You have the right to receive information about the processing of your personal data in a transparent, comprehensible and easily accessible form, in clear and plain language. This is set out in this Privacy Policy. If you are unclear about any part of this Privacy Policy, you are welcome to contact us using the contact details provided above. You also have the right to obtain our confirmation as to whether your personal data is being processed and, if it is being processed, to obtain information about how we process your personal data. |
| Right to have personal data rectified | You have the right to request that we correct inaccurate or incomplete personal data. |
| The right to have personal data erased (“right to be forgotten”) | You have the right to ask us to erase or delete personal data if there is no longer a valid reason for us to continue processing it, if the personal data is no longer necessary for the purposes for which it was collected or processed, if you withdraw the consent on the basis of which the personal data has been processed and there is no other lawful basis for its processing, or if there is any other ground as set out in Article 17 of GDPR. Please note that Article 17(3) of the GDPR provides for exceptions to the above cases where processing of personal data is necessary. If such exceptions apply in your case, we will inform you accordingly. |
| Right to request restriction of processing of personal data | You have the right to request that we restrict (or stop) the processing of your personal data if:
You object to the processing of your personal data in accordance with the following procedure, pending verification that our legitimate reasons override your legitimate reasons. |
| Right to data portability | You have the right to receive your personal data that you have provided to us in a structured, commonly used and computer-readable format, and to have that data transferred to another controller if:
You also have the right to request that we transfer your personal data directly to another controller if this is technically feasible. |
| Right to object | You have the right to object at any time to the processing of your personal data which is processed for the performance of a task carried out in the public interest or in our legitimate interest. In this case, we will no longer process your personal data unless we can demonstrate legitimate grounds for processing your personal data which override your interests, rights and freedoms, or if this is necessary for the establishment, exercise or defence of legal claims. |
| Right to withdraw consent | If your personal data is processed on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent carried out before the withdrawal of consent. |
11.2. We will endeavour to guarantee the exercise of your rights as a data subject and to provide all the conditions for the effective exercise of those rights, but we reserve the right not to comply with your requests where necessary to ensure:
11.2. 1. meeting the legal obligations imposed on us;
11.2.2. national security or defence;
11.2.3. public order, the prevention, investigation, detection or prosecution of criminal offences
11.2. 4. important economic or financial interests of the State;
11.2. 5. preventing, investigating and detecting breaches of official or professional ethics;
11.2.6. protecting your rights and freedoms or the rights and freedoms of others.
11.3. You may submit claims relating to the exercise of your rights to us in person, by post or by electronic communication. Upon receipt of your request, we may ask you to provide proof of identity, as well as other additional information we need in connection with your request.
11.4. Once we have received your request, we will respond to you no later than 30 calendar days from the date of receipt of your request and the submission of all the documents necessary to provide the response.
11.5. If we deem it necessary, we will suspend the processing of your data, with the exception of storage, until your request is resolved. If you withdraw your consent, we will immediately cease processing your personal data for the specific purposes, except for the purposes set out in 11.2 of this Privacy Policy. in accordance with point 4.1 and the cases provided for by law, i.e. y. where we are obliged to continue to process your data by applicable law, legal obligations to which we are subject, court decisions or binding instructions from other authorities.
11.6. If we refuse to comply with your request, we will clearly state the reason for such refusal.
11.7. If you disagree with our actions or our response to your request, you may complain about our actions and decisions to the competent supervisory authority.
12. Who can you complain to?
12.1. If you believe that your rights under the GDPR/other applicable data protection legislation have been infringed, you can lodge a complaint with a supervisory authority. The supervisory authority in Lithuania is the Lithuanian State Inspectorate for Data Protection (Lietuvos valstybinė danych apsaugos inspekcija), address L. Sapiegos g. 17, 10312 Vilnius, Lithuania, e-mail. e-mail: ada@ada.lt, website: https://vdai.lrv.lt/.
12.2. Before submitting a complaint to a supervisory authority, we would be grateful if you could contact us with your concerns. We will do our utmost to resolve your issue promptly and carefully.
13. Information about the website and its owners
13.1. The Site, the materials, code, design, Site domain name, all copyrights, trademarks, databases, names and other intellectual property or other property relating to the Site and/or the materials contained therein are owned entirely by us, with the exception of intellectual property (trademarks, logos, etc.) relating to our partners or suppliers, and are protected by national and international laws and regulations on intellectual property protection.
13.2. You may not, without our express permission, copy, fix, reproduce, perform, display, publish, transmit, sell, process, make available, license, modify, republish, edit, broadcast, retransmit, or otherwise communicate, publicly display or perform, adapt, distribute, or use in any form or by any means, the material on the Site, or the source code, or any part thereof, or any derivative works based on the material.
14. How will this Privacy Policy be amended?
14.1.Any changes to our Privacy Policy will be posted on the Website. In the event of a material change and/or need, we will notify you. The new Privacy Policy terms may also be posted on the Site and you may need to read and agree to them in order to continue using the Site and/or our services.
14.2. This Privacy Policy was last updated in 2022. 13 July
15. How to contact us?
15.1. For any questions regarding this Privacy Policy, please send or contact us at the contact details set out in Section 2 of this Privacy Policy.