PRIVACY NOTICE

 

This Privacy Notice (“Notice”) describes how professional law partnership Šenavičius & Partners RESPONSE (“RESPONSE” or “we”) manages personal data of its clients, candidates for employees, website visitors or other individuals (“you“) and ensures protection of such data.

 

We are the controller of your personal data – professional law partnership Šenavičius & partners RESPONSE, legal entity code 305228516, registered address at Rinktinės g. 5, Vilnius, Republic of Lithuania.

 

If you have any questions or requests regarding the processing of personal data carried out by us, you may contact us by email info@response-legal.com or mail address at Rinktinės g. 5, Vilnius, Republic of Lithuania.

 

Since we are continually working on improving the provision of our legal services, this Notice may be updated, as well. Any updates or changes to this Notice will be communicated by publishing an updated version of the Notice on our website. The amendments or changes to the Notice are effective from the update date specified in the Notice unless we have specified a different effective date.

 

For what purposes we process your data?

Processing of personal for the provision of legal services

 

We process the personal data of our clients (their representatives, employees) for the purpose of providing legal services. Such data is processed for the purpose of concluding or executing contracts with our clients.

 

The personal data of RESPONSE clients (their representatives, employees) processed for this purpose, might be:

  • basic personal data (name, surname, personal identification number, date of birth, etc.);
  • contact data (residence address, e-mail address, phone number, etc.);
  • data, obtained from various state registers and other legitimate sources;
  • other data, you provide during the conclusion or performance of mutual contracts and data necessary for the provision of our services.

 

We may also process other natural persons’ data (e.g., personal data relating to another party in court proceedings) in the course of providing legal services. We process such data in accordance with Republic of Lithuania Law on the Bar as well as other legal acts regulating the provision of legal services.

 

In all cases RESPONSE processes personal data of their clients (their representatives, employees) or other persons only to the extent that this is necessary for ensuring proper provision of legal services and execution of legal obligations.

 

The legal basis for the processing of such personal data is the performance of a contract and / or a legal obligation.

 

Personal data of clients (their representatives, employees) is typically retained for 10 years from the execution of contract, unless applicable legal regulations impose a longer period for the retention of relevant personal data.

 

Processing of personal data to implement requirements for identification, money laundering, and terrorist financing

 

In carrying out our activities and providing services, we must comply with the legal requirements applicable to RESPONSE’s activities, including, but not limited to, the requirements for the prevention of money laundering and terrorist financing.

 

For this purpose, we processed the following data of you and / or your representatives:

  • basic personal data (name, surname, personal identification number, date of birth, etc.);
  • contact data (residence address, e-mail address, phone number, etc.);
  • data on current public positions and / or relationships with politically exposed persons, entries in sanctions lists and other registers and data of your managers, shareholders (beneficiaries) (name, surname, social security code, citizenship, address, share of shares, data on current public duties and / or contacts with politically exposed persons, entries in sanctions lists and other registers);
  • financial data (data on the ownership or source of funds or income, payment data and their amounts, etc.) and other financial information that may be processed in accordance with the requirements for the prevention of money laundering and terrorist financing, other.

 

The legal basis for the processing of such personal data is legal obligation.

 

When personal data is collected to fulfil the obligations of prevention of money laundering and terrorist financing, it is stored for 8 (eight) years, in accordance with the Republic of Lithuania Law on Prevention of Money Laundering and Terrorist Financing.

 

Processing of personal data for accounting purposes

 

When processing accounting documents, we do it for the purpose of settlement and other payment formalization and compliance with accounting rules.

 

For this purpose, we can process your name, surname, social security code (if it is mandatory to collect such information), individual activity certificate number, position, workplace, signature (in contracts, documents), address / workplace address, e-mail address, postal address, phone number, account number, name of credit / payment institution, payment data, VAT payer code, information indicated in tax returns, other official tax documents, history of debts, history of their coverage and other information.

 

The legal basis for processing such personal data is the legal obligation, performance of the contract, and our legitimate interest.

 

In this case, the data is stored in accordance with the legal acts regulating financial operations and accounting, as well as pursuant the General Document Retention Time Index approved by Order No. V-100 of the Chief Archivist of the Republic of Lithuania of 9 March 2011. The data that does not fall within the scope of retention of the above-mentioned legal acts shall be retained for the entire period of validity of the contract or cooperation between the parties and for 10 (ten) years after the end of the contract/relations (last contact).

 

Processing of personal data for the purpose of processing your submitted requests, complaints, claims, and disputes

 

You have the right to submit to us a request, complaint, or claim related to our activities, and all this can be examined in judicial and non-judicial procedures.

 

For this purpose, we can process your name, surname, personal identification number (if necessary or if the person submits it himself/herself), position, workplace, signature on documents, address, phone number, e-mail address, the content of the request, complaint, demand, claim, procedural documents and attachments submitted with these documents, response to the request, complaint, demand, claim, procedural document and content of the attachments submitted with these responses.

 

The legal basis for processing such personal data is the legal obligation and/or legitimate interest.

 

The data obtained for the purpose specified in this point are stored for the entire period of processing requests, complaints, demands, claims, and disputes in non-judicial procedures and for 3 (three) years after the end of the examination of the request if the requirements of the applicable legal acts do not establish longer terms for the storage of relevant personal data. Documents of legal disputes are stored for the entire period of the dispute examination and 10 (years) after the final decision has entered into force if the requirements of the applicable legal acts do not establish longer terms for storing relevant personal data.

 

Processing of personal data upon your request

 

When you contact us by email, phone or in any other way, RESPONSE will process the personal data you have submitted. The purpose of processing personal data is to manage the requests we receive, as well as to protect our (or other persons’) rights and legitimate interests. The basis for processing such data is RESPONSE’s legitimate interest.

 

Please comply to at least the minimum requirements for the protection of your personal data, i.e. do not provide excess personal data that is not necessary for the purpose sought. Also, please provide only as much personal data as it is necessary for attaining the purpose for which the request or letter is submitted.

 

The personal data submitted by you with your requests may be stored for up to 3 years. However, this retention period may also depend on the content, nature of the personal data submitted to RESPONSE and other circumstances. Given the need to protect RESPONSE (or other persons’) rights and legitimate interests, as well as in other cases indicated in legal acts, your personal data may be stored for a longer period.

 

Processing of personal data for direct marketing purposes

 

RESPONSE may process its clients’ and other persons’ personal data for direct marketing purposes (for example, we may send you newsletters with our offers and legal news, event invitations, send greetings and other information).

 

For this purpose, we may process your contact information: name, surname, e-mail address, phone number, company name.

 

Direct marketing messages shall be sent to persons only with your explicit consent or when you are our client without expressly objecting to processing of your data for direct marketing purposes, for marketing of similar services. In all cases, you have the right at any time (both in advance and at any time thereafter) to object to the processing of your data for direct marketing purposes or to withdraw your consent by emailing us at info@response-legal.com.

 

The storage period of your personal data processed for the purpose of direct marketing is 2 years from the date of receipt of the relevant data unless you refuse for such processing of your personal data before the end of the indicated retention period. Upon the expiry of the indicated period or if you refuse to process personal data for the purpose of direct marketing before the end of this period, RESPONSE will stop processing your data.

 

Processing of personal data of candidates to employees

 

For wanting to join the RESPONSE team, you may contact us and submit your details in the “Career” section of our website. You can also do this by sending information about yourself to our e-mail address at info@response-legal.com. When you apply to join the RESPONSE team and are providing data about yourself (for example, by sending your CV, motivational letter, etc.), we process such personal data for the purpose of selecting the candidates for employees. We process such personal data on the basis of your consent, i. e. when the candidate actively applies to RESPONSE.

 

We recommend that you comply with at least the minimum personal data protection requirements and do not provide redundant information that is not related to the candidacy for joining the RESPONSE team.

 

The personal data provided by you are stored for the entire selection duration and 6 (six) months after the selection (if your consent has been received), unless you withdraw your consent earlier.

 

Processing of personal data for the purpose of organizing events

 

We may organize events or remote seminars for our customers, and in order to improve the quality of such events, we may ask you to evaluate the event or remote seminar.

 

For this purpose, we can process your contact data: name, surname, e-mail address, address, telephone number, company name, position.

 

These data are processed based on the performance of contract or a legitimate interest in fulfilling the contract and are stored for the entire period of organization and execution of the event and 1 (one) year after the day of the event or remote seminar.

 

During the events discussed at this point, we may also take photos or videos and process your image with your consent. In this case, the data is stored during the validity period of the consent, and if the consent to process personal data is withdrawn earlier, then the personal data is stored until the expiration of the consent.

 

Processing of personal data for the purpose of raising awareness about our activities

 

During our activities, we may sometimes publish information about this in promotional messages, such as brochures, visual presentations, social networks, etc.

 

For this purpose, we can process your contact data – name, surname, e-mail address, phone number, company name, position, as well as your opinion and / or other insights on the topic discussed, photo.

 

In this case, we process the data based on your consent, and the latter will be stored for 5 (five) years from publication unless you withdraw your consent earlier.

 

Processing of personal data for the purpose of compiling legal ratings

 

For the purpose of compiling legal ratings, we process your data – name, position, contact data (e-mail address and / or phone number), and your assessment (feedback).

 

We process such data based on legitimate interest and store it for 2 (two) years from the date of submission of this information to the legal rating directories.

 

Processing of personal data when you visit the RESPONSE website

 

When you visit the RESPONSE website, we may process your personal data such as the visitor’s IP address, network and location data (if such data is provided). This data is collected with the help of cookies and other similar technologies based on your consent.

 

Cookies are small files (data files) that are sent to the internet browser used and stored on the website visitor’s device (computer, phone, etc.). For this reason, the RESPONSE website can “remember” the website visitor’s actions, options, and operations performed for a certain period of time. Cookies are transferred to the website visitor’s computer the first time they visit our website.

 

Cookies are used to ensure the smooth, secure operation of the website as well as to analyse website visitors’ habits. This allows the website to be better tailored to the needs of its visitors. Some types of cookies (such as necessary cookies) are necessary for the proper functioning of the website.

 

The RESPONSE website uses the following cookies:

Name of the cookie Description and type Moment of creation Expiry date The data used
_cf_bm This “Cloudflare” cookie helps to manage incoming traffic that meets bot-related criteria.

If you want to learn more, |Cloudflare” provides more information about its cookies on the “Cloudflare” website:

https://developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/

Upon the visit of the page. 30 minutes No personal data is collected.
omnisendsessionID The “Omnisend” cookie that assigns a unique session ID to the visitor. This allows the website to obtain data about visitor behaviour for statistical purposes. Upon the visit of the page. Session Unique identifier.
soundestID The “Omnisend” cookie is intended to enable the services provided on the website and ensure their proper functioning. Upon the visit of the page. Session Unique identifier.
wpEmojiSettingsSupports This cookie is part of a set of cookies for content delivery and presentation. Cookies maintain the correct state of font, blog/image sliders, colour themes and other site settings. Upon the visit of the page. Session No personal data is collected.

 

You can control the use of cookies by changing your web browser settings. Each browser is different, so if you don’t know how to change your cookie settings, we recommend that you review its use manuals and instructions. If you do not want cookies to collect information, please opt out of your use of cookies in your browser settings. However, some types of cookies (such as necessary cookies) are necessary for the proper functioning of the website, and if you refuse these cookies the website may lose functionality.

 

More useful information on cookies and how to control and remove them can be found at www.allaboutcookies.org.

 

How do we receive your personal data?

 

We process your data, which:

  • you provide us directly, for example, by communicating with us by e-mail, by mail, participating in events organized by us, etc. Sometimes, additional information is needed to update or verify the information we collect;
  • is provided to us by third parties because your personal data is related to the legal consultation that we prepare for third parties;
  • we receive automatically when you use our website, for example, website visit history, opened links, etc.;
  • we receive from third-party sources, for example, from public registers, state or local government institutions or bodies, our partners, or when we collect information from such sources to help us carry out “Know Your Customer” procedures, for example, sanctions lists, lists of politically exposed persons, etc.;
  • we process personal data in order to offer and provide services to you, to fulfil our contractual obligations, as well as seeking our or third parties’ legitimate interest, following the instructions or obligations of legal acts.

 

Please note that when providing personal data to us, you are responsible for the correctness, completeness, and relevance of such data. If inaccurate, false, or misleading personal data is provided, we have the right to delete such data or limit access to services, etc. If you provide personal data about other persons (e.g., your relatives, employees, etc.), you are responsible for the correctness, completeness, and relevance of such personal data, as well as for the consent of such a person to have in order provide personal data to us. It should be noted that when you provide such data, we may ask you to confirm that you have the right to provide them. If such a person asks us about receiving his / her personal data, we will identify you as the provider of such data.

 

Recipients of your personal data

 

While carrying out our business we use various service providers (data processors), to whom your personal data may be transferred (e.g., providers of accounting services, communications services, server services, couriers, IT services providers, etc.). In any event, your personal data will be transferred to our service providers only to the extent and when it is necessary for the provision of their services.

 

Your data may also be shared with other recipients (e.g., courts, notaries, bailiffs, various public authorities, etc.). By providing your personal data to other data recipients, we seek to ensure that all relevant legislative requirements would be ensured, and your personal data would be protected against loss or unauthorized use.

 

In addition, we may disclose your personal data in the following cases:

  • if required to do so by the law;
  • seeking to protect our rights or interests (including the case when your personal data is transferred to others for debt recovery purposes).

 

We usually process personal data in the European Economic Area (EEA), but in some cases your personal data may be transferred outside the EEA. In such situations and when data is transferred outside the EEA, we will take all necessary measures stated by law to ensure that your personal data continues to be adequately protected. Your personal data may be transferred outside the EEA only under the following conditions:

  • -standard contractual clauses approved by the European Commission have been signed with the data recipient, or;
  • the recipient of the data is established in a country for which the European Commission has taken an adequacy decision, i.e., the transfer of data to a data recipient in such a country will be treated as a transfer of data within the EU, or;
  • based on Article 49 of the General Data Protection Regulation, you gave your consent to the transfer of your personal data outside the EEA.

 

Third parties’ websites

 

We may provide links on our website to and from partners’ websites, information sources, and related parties. Please note that third-party websites you access by following links on our site have their privacy policies, and we are not responsible for them. Before submitting any of your personal data to another website, you should familiarize yourself with that website’s rules, privacy policy, and other information provided on that website.

 

Please note that our website contains links to the profiles of our lawyers on the social network “LinkedIn”; therefore, when visiting the profiles of our lawyers on the social network “LinkedIn”, the terms of third parties apply. We also inform you that we have accounts on “Facebook” and “LinkedIn”. We draw your attention to the fact that all information that you provide to us using social network tools (including messages, use of “Like” and “Follow” functions, and other communications) is not controlled by us but by the controller of the relevant social network. For the reasons stated in this point, we recommend that you familiarize yourself with the privacy policy of the relevant social network:

Facebook – https://www.facebook.com/privacy/policy/;

LinkedIn – https://www.linkedin.com/legal/privacy-policy.

 

Rights of data subjects

 

As a data subject, you have the following rights:

  • to access your personal data and how it is processed (you have the right to receive confirmation as to whether we are processing your data, as well as the right to access your processed personal data and other related information);
  • to require rectification of incorrect, inaccurate or incomplete data (if you believe that the information, we process about you is inaccurate, incorrect, you always have the right to demand that this information be changed, clarified or corrected);
  • to require deletion of your personal data (in certain circumstances specified in legal acts, for example, when personal data is processed illegally, the basis for data processing has been revoked, etc., you have the right to request that we delete your personal data);
  • to restrict the processing of your personal data (in certain circumstances specified in legal acts, for example. when your personal data is processed illegally, etc., you have the right to request that we limit the processing of your personal data);
  • to require transferring your personal data to another data controller or to provide it directly to you in a form convenient to you (in certain cases, you have the right to transfer to another data controller the data that we process after receiving your consent);
  • to object to processing of your personal data if it is processed on the basis of a legitimate interest, except in cases where there is legitimate interest for such processing or in order to assert, fulfill or defend legal claims;
  • to withdraw your consent to the processing of your personal data. In cases where your personal data is processed based on explicit consent, you have the right to withdraw the given consent to the processing of your personal data at any time.

 

You can exercise your data subject rights listed above by submitting a written request to us to exercise a particular right. Such request can be submitted upon arrival at our registered office address, by regular mail, or by e-mail at info@response-legal.com. Please note that upon receiving your request to implement the right(s) of the data subject, we may ask you to fill out the necessary forms, as well as provide a personal identification document or other information (e.g., confirm your identity with an electronic signature), which will help us to verify your identity. We will provide an answer to the received request no later than one month from the date of receipt of your request (when necessary, this period can be extended by two months). If the examining of the application is extended, then within one month from the day of receiving the application, we will inform you about such an extension. Please note that we do our best to respond to all requests received promptly and free of charge, except in cases where this requires a disproportionately great effort. It should be noted that we may request a reasonable fee if your requests are manifestly unfounded or excessive, in particular, because of their repetitive character.

 

Among other things, please note that the rights mentioned above may be limited in order to ensure the prevention, investigation, detection, or prosecution of criminal offenses or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security, public security, and in other cases specified of restriction of rights defined by the Article 23 of the General Data Protection Regulation.

 

If you believe that your personal data has been processed unlawfully or your rights regarding the processing of personal data have been violated, you have the right to contact the State Data Protection Inspectorate.

 

However, we recommend that you first contact RESPONSE (by email at info@response-legal.com or mail at the address Rinktinės g. 5, Vilnius, Republic of Lithuania) immediately prior to contacting the State Data Protection Inspectorate. In this way, we will together find the most operative and mutually optimal solution to the problem.

 

Date of last update: 01/29/2024.