fr lt en
fr lt en

Privacy policy

Conres LT, UAB (hereinafter referred to as the Data Controller or the Company) respects the privacy of the visitors to the website www.conres.lt (hereinafter referred to as the Website), the Company’s suppliers of services/goods/works, the buyers of the Company’s services/goods/works (hereinafter collectively referred to as the Buyers/Suppliers) or the Buyers’/Suppliers’ natural persons, the applicants for a job vacancy with the Company (hereinafter referred to as the applicants), and, therefore, recommends that all visitors to the Website, employees of Buyers/Suppliers, Applicants, and selected/recruited persons read our Privacy Policy set out in this Privacy Notice.

The present Privacy Notice explains why we collect your personal data and how we use, store, and otherwise process information about you. Our Privacy Policy also sets forth your rights.

In all cases, when processing your personal data, we comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) (hereinafter referred to as the GDPR), as well as with any other legislation regulating personal data protection.

1. Who are we?

We, Conres LT, UAB (private legal entity, legal entity code – 145751974, registered office address – Tuskulėnų g. 33C, 09219, Vilnius, whose data is registered and stored in the Register of Legal Entities of the Republic of Lithuania, the registry manager – State Enterprise Centre of Registers), are the Data Controller of your personal data, which you have provided through either the Website, e-mail, the automated process, accounting, and document management systems (hereinafter referred to as the DMS), the general data environment (GDA) used by the Company, or personally.

In cases where you use:

  • the Website to contact third parties, i.e., you open a link on the Website to the websites of other third parties, then, in respect of your personal data collected and processed on such third party’s website, the controller of your personal data will be the company concerned;
  • our social media accounts on Facebook and LinkedIn, etc., we process the information you provide through these accounts jointly with the operators of these social networks as joint controllers of your personal data;

in such cases, we recommend that you read the privacy notices[1] of these persons and, if you have any questions about how they collect and process your personal data, contact these data controllers directly.

In case you have any questions or comments regarding the Privacy Policy, or if you wish to make an enquiry or request, or make a complaint regarding the exercise of your rights in relation to the collection and processing of your personal data by us as set out below, please contact our contact person, the Director of Administration Remigijus Matonis, by email [email protected].

2. What are personal data?

Personal data refers to any information about an identified or identifiable natural person (for example: name, address, other contact information, Internet Protocol (IP) address, identity card or passport number, income, education, place of work, etc).

List of data processed by the Data Controller:

2.1. Employees of Buyers/Suppliers (including potential Buyers/Suppliers):

– Data relating to the conclusion and implementation of contracts: full name, signature, work email, work phone number, workplace details;

– The data recorded in the meetings: full name, title, voice recording, video recording, photo image, person’s signature, statements, contact details (email address, phone number);

– When connecting via the DMS or a shared data environment (SDE): full name, work telephone number, work email address, company-issued username for logging in to the systems, access rights granted, IP address from which the DMS is being accessed, and the actions taken by the Buyer’s/Supplier’s employee within the DMS or SDE.

2.2. Company employees (employed persons):

– Identification and contact details: full name, personal identification number, personal telephone number, personal e-mail address, residential address, identity document details, details of education and/or qualifications, salary, participation in pension scheme;

– Image (photo) of an employee;

– Information on the employee’s marital status and children, where this is necessary for the employee’s entitlement to benefits under national law;

– Special data: health data contained in a medical certificate or in a person’s medical record where required by law.

2.3. Website visitors and Applicants:

– Data provided via the Website or by e-mail when applying for a position in the Company or its subsidiaries: e-mail address, full name, telephone number, e-mail address, other data provided by the Applicant;

– When responding to email enquiries: email address, full name, telephone number, and any additional information that you provide when making an email enquiry;

– Using cookies (see section 5.5 of the Privacy Notice).

2.4. People visiting the Company’s headquarters, warehouses, or construction sites.

3. What are your rights in relation to us collecting and processing your personal data and how can you exercise them?

You have the data subject rights set out in Chapter III of the GDPR, Data Subject Rights, i.e., you have the right to obtain information about the processing of your personal data, to have access to the personal data we hold about you, to have your personal data rectified or erased, to object to the processing of your data, or to withdraw the consent you have given (the withdrawal of consent does not affect the lawfulness of the processing of the data prior to the withdrawal of your consent), to restrict the processing of your personal data, as well as the right to data portability (to receive your personal data in a structured form for the purpose of transferring it (without hindrance) to another data controller).

You can exercise your rights by submitting a written request via email to the contact person indicated by us or by submitting a written request to our registered office by post or in person.

We will respond to your request as soon as possible, but no later than 1 (one) month after receiving your request. This deadline may be extended by 2 (two) months, but we will inform you of the extension and the reasons therefor.

If you are not satisfied with our response or believe that we are processing your personal data in violation of the requirements of the legislation, you have the right to lodge a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, 10312 Vilnius, the Republic of Lithuania; e-mail: [email protected]).

4. How do we process your personal data?

We store and process the personal data you provide to us by taking appropriate technical and organisational measures to protect it against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure, or any other unlawful processing.

Physical access control. In order to prevent unauthorised persons from entering the Company’s premises and any related information security or other incidents, the Company’s premises are equipped with an access control system that recognises and records the entry of the Company’s employees; unauthorised persons (including employees of the Buyers/Suppliers) may only enter the Company’s premises when accompanied by a Company employee.

Protecting electronic data and cybersecurity. The information security measures and DMS systems implemented by the Company ensure the authentication of the Company’s employees when accessing personal data, the control of the processing of information, and the traceability of actions in the event of potential information security incidents. Where employees of Buyers/Suppliers require access to the Company’s DMS to fulfil their contractual obligations, access shall be granted only upon ensuring the identification of such employees and their actions in the DMS shall be recorded.

Your personal data may only be disclosed to third parties where required to do so by applicable law (for example, to public bodies and authorities exercising their functions under the law), or to ensure the proper functioning of the Website or the DMS, our rights, or the safety of our Byers/Suppliers, employees, or resources. We may transfer the processing of your personal data to third parties assisting us in the administration of the Website, DMS, other IT service providers, DMS administrators, cloud service providers, and to our consultants, accounting, legal and auditing service providers, who will process your personal data on our behalf as the controller of your personal data, on our instructions, and only to the extent necessary.  We may also transfer your personal data to our subsidiaries in the cases set out in this Privacy Notice with your consent.

No transfer of personal data to third countries is foreseen. If such a transfer would be necessary, one of the following conditions would be met: (a) the European Union considers the safeguards of such non-EU country to be adequate; (b) we have taken the necessary measures to provide your personal data with adequate safeguards, such as including specific clauses guaranteeing the protection of your personal data in a contract with a non-EU person; or (c) on the basis of specific grounds for transfer (exception), such as the consent of the individual.

5. Why do we process your personal data: what personal data do we collect and process, for what purpose, on what legal basis, and for how long do we store it?

5.1. Personal data of employees of Buyers/Suppliers (including potential Buyers/Suppliers, e.g. in the course of negotiations) are processed on the basis of Article 6(1)(f) of the GDPR (for the purposes of the legitimate interests of the Data Controller, i.e., to carry out the obligations assumed in the contract, and for the purpose of communicating with the Buyer’s/Supplier’s employees to ascertain their capacity to perform the contract and for the purposes of document recording and management and administration, as well as for the purpose of storing/archiving the contract and the documents relating to performance of the contract); (b) (for the performance of a contract), for the purpose of fulfilling a legal obligation to the extent required by applicable accounting law; and (a) (with your consent), if you have consented to video or audio recording and you have chosen to activate the camera or to have your image used in the profile during the meeting. The data referred to in the contract and contract execution documents shall be stored for 10 years after the end of the contract and in accordance with (whichever is longer), recordings of actions recorded in the DMS for 3 months, and email communications for 2 years, unless they are directly related to the conclusion or performance of our contract, in which case we have the right to retain your information for a period of 10 years after the end of the relevant contract.

5.2. Applicants’ personal data are processed on the basis of Article 6(1)(a) of the GDPR (with your consent, for the purpose of organising and administrating the recruitment of persons to fill vacancies in the company or in subsidiaries (where the Applicant has indicated his/her willingness to be considered for a vacancy in a subsidiary), (f) (for the purpose of fulfilling the Data Controller’s legitimate interests in carrying out the selection exercise, negotiating the potential employment relationship), and (b) (at the initiative of the Applicant prior to conclusion of the contract).

Please be informed that you have the right to object to the processing of your personal data for the above purpose. You also have the right to withdraw your consent at any time and to request that we do not use your personal data for the above purpose. Withdrawal of consent shall not affect the lawfulness of the data processing carried out prior to the withdrawal of consent. If you wish to withdraw your consent to the use of your personal data for the above purpose, you may do so by submitting a request to the email address at which you provided the data for the purpose of the competition/selection for the vacancy, or by contacting our contact person as set out in Part 1 of the Privacy Notice.

For the above purpose, we process the data you provide in your curriculum vitae (hereinafter referred to as CV) and cover letter (your full name, telephone number, email address, details of your education, professional experience, personal qualities, desired job and income, and any other personal data you provide in your CV and/or in the cover letter or in your application message, and in the data you have submitted to us on social media platforms such as LinkedIn, where your application refers to your data on such a platform). For the purpose of recruiting employees for a subsidiary, we transfer the following personal data about you to the relevant subsidiary.

When you apply for a position with us or a subsidiary, you provide us with your data. Such provision of data is based on your free consent, including your consent to the transfer of your personal data to the relevant subsidiary when you apply for a position in the subsidiary. If you have applied for a position only in a specific subsidiary, your personal data processed by us will only be transferred to that subsidiary, and if you have applied for a position in any subsidiary, your personal data will be transferred to the subsidiary or subsidiaries that have a need for candidates who meet the qualifications you have indicated. In such cases, your personal data will be processed jointly by us and the relevant subsidiary as controllers of your personal data. Please note that the relevant subsidiary, as a potential employer, is a separate controller of personal data.

For the purposes of recruitment, we only process the Applicants’ personal data that is relevant to their qualifications, professional competencies, and attributes. We do not collect or process the Applicants’ special personal data (i.e., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data), except as provided by law. Automatic decision-making and profiling are not carried out.

We will store your data until the end of the selection process for the position you have chosen to apply for, and for one year thereafter, unless you consent to storing your data for the purpose of conducting other selections, in which case, and if you have applied for future (unspecified at the time of application) positions, the personal data you have provided will be stored for 5 years for the purpose of offering you a position that matches your qualifications; after this period, the data shall be deleted. If the data you have provided changes during this period, you must inform us; otherwise, under no circumstances shall we be liable for any damage resulting from the fact that you have provided incorrect and/or incomplete personal data or have failed to request the data to be updated and/or amended following a change in data.

If you are selected to work for the company or a subsidiary, we additionally process the following personal data: surname, personal identification number, personal telephone number, personal e-mail address, address of residence, details of identity document, details of education and/or qualifications, in accordance with Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract, and (c) for the fulfilment of a legal obligation to which the controller is subject (for the purpose of notifying the employment relationship to a social security body or a tax administration), information on the employee’s marital status and children, in accordance with Article 6(1)(b) of the GDPR, where such a circumstance is necessary for the employee’s entitlement to the benefits provided for by national law, the employee’s image, with the employee’s consent, for the purpose of identifying the employee, in accordance with Article 6 of the GDPR (1)(a), and for special categories of data, health data contained in a medical certificate or in a personal medical record, where required by law (Article 6(1)(c) and Article 9(2)(b) of GDPR).

If you enter into an employment contract with our company, your personal data shall be stored for the period specified in the Index of General Document Storage Periods approved by the Chief Archivist of Lithuania, but at least until the end of your employment relationship with the company.

5.3. Enquiries submitted to us by email

When you send us an email, we use and process your data: your email address and the content of your enquiry and any other data you have chosen to provide to us (e.g. full name, telephone number, image, including where you are contacting us on behalf of a legal entity, the subject of the email (to the extent that it reflects personal data), the files you have attached to the email). We process the personal data transmitted by email in order to provide you with a response and also on the basis of our legitimate interests in connection with the performance of our business activities, i.e., Article 6(1)(a) of the GDPR,

  • on the basis of your consent to provide us with such data in the context of a voluntary email to us;
  • (b) if you make an enquiry, request, or complaint to us in connection with or in order to enter into a contract between us, for the purpose of performing or concluding the contract;
  • (f) if you have made an enquiry, request, or complaint to us for a reason other than the conclusion or execution of a contract, we have a legitimate interest in administrating the emails we receive and the information contained therein, including for the purpose of using it in the course of our company’s business or in the pursuit of our own legal rights and legitimate interests.

The personal data you have provided by email will be stored for 2 years, after which it will be deleted, except for the personal data referred to in your enquiry which relates to a contract we have entered into, in which case we have the right to store your data for 10 years after the end of the contract in question, or in any other case where the law provides for a longer period for the storage of the relevant documents or other data you have provided to us by email.

  • Video surveillance

Video surveillance of the entrances, emergency exits, common areas (corridors) of the Company’s headquarters (address:  Tuskulėnų g. 33C- 41, Vilnius) or warehouses or construction sites – in all cases, the information on video surveillance is provided in the information table at the video surveillance site; we have the right to process the image of the person who has entered the field of view of the video surveillance cameras as well as other data related to the presence of the person in the relevant room/area (i.e. location, date, time).

The purpose of the processing of personal data is to process the data collected (recorded) by means of the video surveillance system in order to ensure the protection of the Company’s premises or the information entrusted to the Company, including the protection of the personal data processed and the protection of the property on the premises. Data processing is based on a legitimate interest (Article 6(1)(f) of the GDPR) and/or a legal obligation (Article 6(1)(c) of the GDPR), where such processing is provided for by legislation (e.g., the description of the requirements for the physical security of classified information and the procedures for the implementation thereof, approved by the Government of the Republic of Lithuania by the Resolution No 820 On the Implementation of the Republic of Lithuania Law on State Secrets and Official Secrets of 13 August 2018).

Access to video surveillance data is granted to the Company’s service providers (data processors) when it is necessary for the provision of a specific service (e.g., to provide IT (data storage), security services).

The storage period for personal data captured by a video surveillance system is up to 60 days, after which the data is automatically deleted. Upon the expiration of the storage period, the video (and related data) is automatically destroyed (erased), unless a request for video data has been received or there are grounds to believe that an offence, criminal offence, or other unlawful act has been committed or is likely to have been committed (prior to the completion of the request or the relevant investigation and/or proceeding).

5.5. Cookies

We provide public access to the Website, maintain and improve it, and ensure that its functions work properly. For these reasons, we use cookies.

5.5.1. What are cookies?

A cookie is a small text file that a website stores on your device (computer, mobile phone, tablet) when you visit it. Depending on your browser, this information is stored either in small individual files or in a common file of cookies from different websites. Cookies are widely used to make websites work or perform better and more efficiently.

The information provided by cookies is anonymous and cannot identify the exact visitor (i.e., the collection of data does not identify the user personally).

5.5.2. Why do we use cookies?

We use cookies to ensure the proper functioning of the Website and its functions; to continuously collect information about the Website visitors’ actions on the Website in order to improve the Website and the functionality thereof; to monitor and analyse the traffic trends on our Website; for statistical purposes in order to assess the Website’s traffic and the popularity of the individual contents of the Website; to carry out more effective marketing; to remember the language of the Website chosen by you; and to provide you with proper information about the cookies that we have on our Website.

The legal basis for such processing of personal data is Article 6(1)

  • (f) of the GDPR – the legitimate interest in the use of essential cookies required for the proper functioning of the Website and its functions;
  • (a) your consent to the use of functional, analytical, and advertising cookies.

When you visit the Website, you will be presented with a message asking you to indicate whether and which cookies you accept.

5.5.3. What types of cookies do we use?

Strictly necessary cookies are cookies designed to ensure the smooth functioning of the Website in order to enable basic functions of this Website, such as ensuring a secure login or adjusting consent preferences. These cookies do not store any personally identifiable information.

Functional cookies help you perform certain functions, such as sharing website content on social media platforms, collecting feedback, and other third-party functions.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on indicators such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyse key performance indexes on the website to help provide a better visitor experience.

Advertising cookies are used to serve visitors tailored ads based on previously visited pages and to analyse the effectiveness of advertising campaigns.

5.5.4. Cookie storage periods

Cookies can be long-term, meaning they are stored on the user’s device and are not automatically removed when the browser is closed, or session cookies, which are removed as soon as the browser is closed. You can control the use of cookies by changing your browser settings.

Long-term cookies will be stored on your computer until they expire or until you delete them. The expiry date of a specific cookie is indicated in the notice on the use of cookies when you are asked for your consent after visiting the Website.

A visitor to the Website may delete cookies from his/her device by clearing his/her browsing history in his/her browser or by blocking cookies in his/her browser; however, blocking or deleting cookies may interrupt the visitor’s access to, and operation of, certain features and functions of the Website, which could make the browsing experience ineffective or impossible. Furthermore, this may result in the loss of certain saved information (e.g. saved website preferences).

6. Applying and updating the Privacy Policy

The Company’s Privacy Policy and related legal relations set out in the present Privacy Notice are governed by the law of the Republic of Lithuania.

The Privacy Notice shall be reviewed at least once every two years or in the event of changes in legislation and updated as necessary.

Amendments or changes to the Privacy Notice shall take effect from the date of their publication on the Website. The present Privacy Notice (the Privacy Policy set out herein) is publicly available on the Website and is effective as of 1 February 2025.

[1]E.g., Facebook Privacy Policy https://www.facebook.com/privacy/policy; LinkedIn Privacy Policy https://www.linkedin.com/legal/privacy-policy