Privacy Policy

This Privacy Policy provides information on how UAB “IDIOMA”, legal entity code 300588738, registered office address at P. Lukšio 32, LT-08200 Vilnius (hereinafter – the Company) processes personal data.

The provisions of this Privacy Policy apply to individuals whose data is processed by the Company:

  • Clients who use, have used, intend to use, or are otherwise connected to the services provided by the Company (hereinafter – Clients);
  • Individuals who contact the Company with requests or inquiries directly or via remote communication methods, including by phone or email;
  • Individuals who visit the Company’s websites, etc.

Definitions

The terms and abbreviations used in this Privacy Policy have the following meanings:

  • Personal Data – any information related to an identified or identifiable natural person (e.g., name, surname, contact details, etc.).
  • Individual – a natural person (data subject) whose data is processed (e.g., the Company’s clients, individuals who contact the Company with requests or inquiries, users of the Company’s websites, self-service sites, and other portals/pages managed by the Company, etc.).
  • Data Processing – any action performed on personal data (e.g., collection, recording, storage, access, transfer, etc.).
  • Services – any goods and services provided by the Company.

Other terms used in this Privacy Policy are understood as defined in data protection regulations (General Data Protection Regulation (EU) 2016/679 (hereinafter – the Regulation), the Republic of Lithuania’s Personal Data Legal Protection Law, and other relevant regulations).

Purposes and Legal Basis for Personal Data Processing

The Company processes Personal Data only for specific purposes, based on the legal grounds established in the applicable laws:

  • when it is necessary for the performance of a contract with the individual;
  • when the individual has given consent for processing their data for one or more specific purposes;
  • when the Company is required to process Personal Data to comply with legal obligations;
  • when processing Personal Data is necessary for the legitimate interests of the Company.

Use of Your Personal Data

Personal data submitted on this website will be used for the purposes outlined in this Privacy Policy or in relevant sections of this website. We may use your personal information for the following purposes:

  • To manage the website;
  • To improve your browsing experience by tailoring the website to your personal needs;
  • To send you newsletters that we believe may be of interest to you (you can inform us at any time if you no longer wish to receive such newsletters);
  • To provide third parties with statistical information about our users, without identifying any specific user.

Without your explicit consent, we will not share your personal data with third parties for direct marketing purposes.

In all of the above cases, the Company processes Personal Data only to the extent necessary to achieve the specific legitimate purposes, in compliance with personal data protection requirements.

Scope of Processed Personal Data (Categories)

The main categories of Personal Data processed by the Company for the purposes and legal grounds mentioned above are as follows:

  • Identity Data – name, surname, personal code, date of birth, etc.;
  • Contact Data – address, phone number, email address, etc.;
  • Data related to the provision of Services, the conclusion and execution of contracts – contract details, data obtained from communication with individuals via self-service websites or remote communication methods (e.g., phone, email, mobile apps), etc.;
  • Payment Data – amounts owed to the Company, outstanding debts, payment history, etc.;
  • Financial Data – information regarding third-party liabilities and debts, used by the Company to assess the client’s solvency before providing services;
  • Video and audio recording data – video data captured at the Company’s locations, recorded phone conversations, etc.;
  • Cookie Data – information about the user’s location, interests, behavior on the Company’s website or self-service site, etc. (for detailed information on cookies used by UAB “IDIOMA”, please refer to the Cookie Policy);
  • Other data processed by the Company based on legal requirements.

Collection of Personal Data

The Company processes Personal Data provided by individuals, which is collected when clients use the services of the Company, or when it is obtained from other sources (e.g., state or private person-managed registers) or third parties, as necessary, based on contract, consent, legal obligations, or the legitimate interests of the Company.

Usually, Clients’ data is stored within the European Union or the European Economic Area (EU/EEA). In cases where Clients’ data needs to be transferred outside of the EU/EEA, this is only done when at least one of the following conditions is met:

  • The European Commission has recognized that the country to which the data is transferred ensures an adequate level of personal data protection;
  • A data processing agreement has been made based on the standard contractual clauses approved by the European Commission;
  • Codes of conduct are adhered to, and other protection measures are applied in accordance with the Regulation.

Data Retention

Purpose of Personal Data Processing | Retention Period

Personal Data of callers processed for inquiry resolution purposes | 2 months from the date of the recorded conversation Personal Data of Clients processed for direct marketing purposes | 5 years from the date of consent or until the Client withdraws consent Personal Data of Clients processed for contract execution purposes | During the term of the contract and 10 years after the contract ends

The Company processes Personal Data no longer than required by the specified data processing purposes or as prescribed by applicable laws, in cases where a longer retention period is defined.

The Company uses criteria for determining the data retention period, which comply with legal obligations and take into account the individual’s rights.

Security Measures

The Company ensures the confidentiality of Personal Data according to the requirements of applicable laws and implements appropriate technical and organizational measures to protect Personal Data from unauthorized access, disclosure, accidental loss, alteration, destruction, or any other unlawful processing.

Automated Decision Making and Profiling

The Company does not process personal data for automated decision-making, as specified in Article 22 of the Regulation. The Company conducts profiling (i.e., automated processing of personal data to evaluate certain personal aspects), but this does not result in legal consequences or similar significant effects on the individual. Profiling is used to manage unwanted or irrelevant marketing offers, categorizing clients based on the types of services they use.

Rights of Individuals

Individuals contacting the Company have the right to:

  • Access the Personal Data processed by the Company;
  • Request correction of inaccurate or incomplete Personal Data;
  • Request deletion of Personal Data or suspension of processing, except for storage, when data processing is unlawful or the data is no longer needed to achieve the purposes for which it was collected;
  • Receive Personal Data provided by the individual in a structured, commonly used, and machine-readable format;
  • Request deletion of their Personal Data when it is processed unlawfully or no longer necessary for the purposes for which it was collected;
  • Limit the processing of their Personal Data according to applicable laws;
  • Object to the processing of their Personal Data and (or) withdraw consent for data processing at any time.

Implementation of Rights

Individuals can contact the Company for the execution of their rights at P. Lukšio 32, LT-08200 Vilnius, by phone: +370 655 66223, or by email.

To implement their rights under the Regulation, the individual must submit a completed request form in person, by mail, through an authorized representative, or by electronic means.

The individual must verify their identity when submitting the request.

If the request is unreasonable or disproportionate, the Company may refuse to act on the request.

The Company will respond within one month of receiving the request, indicating the actions taken based on Articles 15-22 of the Regulation. The time limit may be extended by up to two months, depending on the complexity of the request or the number of requests.

The Company may refuse to provide the requested information if:

  • The personal data was collected directly from the individual and that information has already been provided to them;
  • The personal data was obtained from a source other than the individual;
  • Providing the requested information is impossible or would require disproportionate effort;
  • The data must remain confidential due to professional secrecy obligations under EU or Lithuanian law.

Obligations of Individuals

By providing their personal data to the Company, individuals confirm that they are aware of the conditions for the processing of personal data outlined in this Privacy Policy, agree to the Company processing their personal data, and ensure that the data provided is accurate and correct. The Company is not responsible for the submission and processing of excessive data provided by the individual through carelessness.

The individual must inform the Company about any changes in the provided data or other related information.

Validity and Amendments of the Privacy Policy

This Privacy Policy presents the main provisions of personal data processing. Additional information on how the Company processes personal data may be provided in the Company’s contracts, other documents, the website, or remote customer service channels.

If there are changes in legal requirements and/or the Company’s processes or services, the Company has the right to unilaterally amend and/or supplement this Privacy Policy. The Company will notify about changes by publishing the updated version on its website.