UAB “Penkių kontinentų komunikacijų centras” (hereinafter – the “Company”) cares about your personal data privacy and protection and is therefore committed to respecting and safeguarding your personal information.
This Privacy Policy explains how the Company collects, uses (processes), and stores personal data, how it organizes such data, and what your rights are.
When processing customers’ personal data, the Company complies with the Law on the Legal Protection of Personal Data of the Republic of Lithuania, the General Data Protection Regulation (EU) 2016/679 (GDPR), the Law on Electronic Communications of the Republic of Lithuania, and other directly applicable legal acts governing personal data protection, as well as the instructions of competent authorities.
This Privacy Policy applies only in cases where a person uses the Company’s products and/or services or visits the websites: www.penki.lt, mano.penki.lt, mail.penki.lt, shop.penki.lt.
When collecting and processing your personal data, the Company, among other things, follows these fundamental data processing principles:
Personal data is collected only for clearly defined and legitimate purposes;
Personal data is processed only lawfully and fairly;
Personal data is kept accurate and up to date;
Personal data is stored securely and no longer than required for the defined purposes or by law;
Personal data is processed only by those Company employees who are authorized to do so according to their job functions.
Data is processed only if one or more lawful bases apply:
(I) to ensure the provision of services under a contract (to perform the contract or to take steps at the request of the data subject prior to entering into a contract);
(II) with the data subject’s consent;
(III) where processing is required to fulfill a legal obligation applicable to the Company;
(IV) where processing is necessary to protect the vital interests of the data subject or another natural person;
(V) where personal data must be processed for the legitimate interests of the Company or a third party.
When processing and storing personal data, the Company implements organizational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as any other unlawful processing. Access to the personal data processed by the Company is granted only to those employees and service providers who need it to perform their functions or to provide services to the Company.
The Company processes your data:
that you provide when communicating with the Company’s employees or when you have legal relations, purchase services, register to receive services, subscribe to newsletters, or request information;
that is generated when you use the Company’s network and services (e.g. when you send an email or visit the Company’s website);
that we receive from other sources, such as other service providers or publicly available registers.
You are not obliged to provide any personal data; however, if you choose not to, the Company may not be able to provide you with certain services.
By submitting your personal data, you are responsible for the accuracy, correctness, and completeness of the data provided. If your personal data changes, you must inform the Company immediately. The Company will not be liable for any damage caused to you and/or third parties due to incorrect and/or incomplete personal data or failure to request data updates or corrections.
Important. If you provide data of other persons related to you, such as family members, employees, guarantors, etc., you must inform them about the transfer and processing of their personal data by the Company and ensure that they are familiar with this Privacy Policy.
When conducting recruitment, we process the following personal data of candidates: name, surname, address, contact details, CV, salary expectations, results of general aptitude tests (if performed), social media profiles.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)), consent (GDPR Art. 6(1)(a)), Company’s legitimate interest to review social media profiles (GDPR Art. 6(1)(f)).
Retention period: Until the end of recruitment.
When providing internet, television, and telephony services, we process the following personal data of customers (natural persons) and representatives of customers (legal entities):
Customers (natural persons): name, surname, email, phone number, address, personal identification number, contract metadata (e.g. contract date, city, contract number, ordered services), signature;
Representatives of legal entities: name, surname, signature, proof of representation, position.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)) and the Company’s legitimate interest to process the personal data of representatives of legal entities (GDPR Art. 6(1)(f)).
Retention period: 10 years after the end of the contractual relationship.
To ensure the functionality of the customer self-service portal, we process the following personal data of customers (natural persons): name, surname, email, phone number, encrypted password.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)).
Retention period: 10 years after the end of the contractual relationship.
For the purpose of printing and sending invoices for provided services, we process the following personal data of customers (natural persons and representatives of legal entities): name, surname, address, customer code, provided services, payable amounts.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)) and the Company’s legitimate interest to process the personal data of representatives of legal entities (GDPR Art. 6(1)(f)).
Retention period: 10 years.
We process personal data provided in reviews (e.g. name, review, date) to obtain feedback about service quality, analyze user experience, and, with your explicit consent, publish reviews on our website, social media, or advertising materials.
We process personal data provided during registration (e.g. name, surname, contact details, preferred date/time) to coordinate appointment times, provide service-related information, and ensure proper organization of services.
For payment administration purposes, we process the following personal data of customers (natural persons and representatives of legal entities): name, surname, personal code, services, customer number, account, address, information related to ordered goods/services.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)) and the Company’s legitimate interest to process the personal data of representatives of legal entities (GDPR Art. 6(1)(f)).
Retention period: 10 years.
Data sources: Payment service providers.
Data recipients: Payment service providers.
For debt collection purposes, we process the following personal data of debtors: name, surname, address, personal code, date of birth, phone number, email, debt amount and basis.
Legal basis: Company’s legitimate interest to collect debts (GDPR Art. 6(1)(f)).
Retention period: 10 years after full settlement.
Data recipients: Debt collection agencies.
For order administration purposes, we process the following personal data of customers: name, surname, address, email, phone number, information related to ordered goods/services.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)) and the Company’s legitimate interest to fulfill a contract with a legal entity (GDPR Art. 6(1)(f)).
Retention period: 10 years.
For accounting purposes, we process the following personal data of customers, suppliers, and vendors: name, surname, personal code, residence address, email, phone number, customer number, services.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)), the Company’s legitimate interest to fulfill a contract with a legal entity (GDPR Art. 6(1)(f)).
Retention period: 10 years.
Data recipients: State Tax Inspectorate, State Social Insurance Fund Board, debt collection agencies.
For customer service purposes, we process the following personal data: email, password, services, payment history, invoice number, contract number, address.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)), the Company’s legitimate interest to fulfill a contract with a legal entity (GDPR Art. 6(1)(f)).
Retention period: During service provision. Inactive accounts are deleted after 1 year.
To ensure service quality and to conclude, terminate, amend or extend contracts, we record telephone conversations and process the following personal data of callers: phone number, call recording, call metadata (date, time, duration, start and end time).
Legal basis: Data subject’s consent (GDPR Art. 6(1)(a)) and the Company’s legitimate interest in call recording (GDPR Art. 6(1)(f)).
Retention period: Calls related to contract confirmation are stored for 10 years. Other calls are stored for 3 months.
To respond to inquiries submitted by email or through the Company’s website, we process the following personal data: name, email, phone number, inquiry metadata (time, date), content of the inquiry.
Legal basis: The Company’s legitimate interest to respond to inquiries (GDPR Art. 6(1)(f)).
Retention period: 3 years.
To maintain business relationships and conclude contracts, the Company processes the following personal data of business contact persons: name, surname, position, email, phone number, proof of representation, employer, signature.
Legal basis: Performance of a contract with the data subject (GDPR Art. 6(1)(b)) and the Company’s legitimate interest to process the personal data of representatives of legal entities (GDPR Art. 6(1)(f)).
Retention period: 10 years after the end of the relevant contract.
For direct marketing purposes, we process the following personal data of persons who subscribe to marketing communications: name, surname, email, represented company (for legal entity representatives), information on email engagement.
Legal basis: Data subject’s consent (GDPR Art. 6(1)(a)) and the Company’s legitimate interest to analyze newsletter engagement and send direct marketing to existing customers who have not objected (GDPR Art. 6(1)(f)).
Retention period: 5 years from the date of consent or during the customer relationship if offers or surveys are sent based on legitimate interest unless you object.
To increase Company awareness, the Company, together with social media administrators, manages accounts on social networks. The information you provide on social media or that is collected when you visit the Company’s profiles is controlled by the social media platforms. Therefore, we recommend reviewing the privacy policies of the respective platforms.
The Company, as an administrator of social media accounts, selects appropriate settings based on its target audience and business objectives. Social media platform operators may limit the ability to change certain settings, and therefore the Company cannot influence what information about you is collected by the social media platform.
Legal basis: The Company’s legitimate interest to increase awareness (GDPR Art. 6(1)(f)).
Retention period: As specified in the privacy policies of the social media platforms.
Joint controllers: Social media platform operators.
To find new clients, we process the following personal data provided by partners: name, surname, email, phone number, position, company.
Legal basis: The Company’s legitimate interest to develop business and acquire new customers (GDPR Art. 6(1)(f)).
Retention period: 10 years from the date of data submission.
To improve the website, provide and personalize marketing offers, collect and analyze visitor statistics, and ensure website functionality, the Company uses cookies, plugins, and similar technologies.
Legal basis: Data subject’s consent (GDPR Art. 6(1)(a)) for non-essential cookies and the Company’s legitimate interest to ensure the functionality of the website (GDPR Art. 6(1)(f)).
Retention period: Depends on the specific cookie.
Detailed information on cookies is available in the Cookie Notice on www.penki.lt, which you can always access by clicking the cookie icon at the bottom-left corner of the page.
To administer the “Live Chat” feature on the Company’s website, we process the following personal data: name, mobile phone, chat topic, question, metadata (time, date).
Legal basis: The Company’s legitimate interest to respond to inquiries (GDPR Art. 6(1)(f)).
Retention period: 1 year.
To register and investigate personal data breaches, we process the following data: name, surname, and any other personal data related to affected individuals necessary for breach investigation.
Legal basis: The Company’s legitimate interest to register and investigate personal data breaches (GDPR Art. 6(1)(f)).
Retention period: 10 years from the date of breach registration.
To document Company board meetings, we record and process the following data: name, surname, email address, audio and/or video recording, meeting content.
Legal basis: The Company’s legitimate interest to ensure meeting documentation accuracy (GDPR Art. 6(1)(f)).
Retention period: 10 years after the meeting date.
To organize virtual meetings and ensure convenient and secure communication, we process the following data: participant name, surname, email, meeting topic, participants’ IP addresses, device technical information, meeting start and end times, recordings (if necessary), chat data (if needed).
Legal basis: The Company’s legitimate interest to organize and conduct virtual meetings securely (GDPR Art. 6(1)(f)).
Retention period: Data is processed as long as necessary for the organization and management of virtual meetings.
We may provide your personal data, taking into account the legal basis for data provision and ensuring data security, to:
State institutions, law enforcement agencies, and other persons in accordance with the laws of the Republic of Lithuania or when data provision is necessary to assert, exercise, or defend the Company’s legal claims;
Auditors, consultants, notaries, bailiffs;
State Enterprise Centre of Registers;
State institutions and agencies;
State Tax Inspectorate;
Social media administrators;
In case of disputes – legal service providers, attorneys;
Other group companies;
Data processors.
The Company engages data processors who will process personal data according to our instructions and to the extent necessary for data processing purposes. When engaging data processors, we ensure that they also implement appropriate organizational and technical measures to protect personal data and maintain confidentiality.
With your consent, we may also provide your personal data to other recipients.
We may also disclose your data to protect your vital interests (e.g. if you feel unwell in our premises and we need to call for medical assistance).
If we disclose your personal data to any other recipients not specified in this Privacy Policy, we will inform you no later than at the time of disclosure, unless we have already provided such information earlier.
As a general rule, we process and store personal data within the European Union (EU) or European Economic Area (EEA). However, we may transfer personal data outside the EU/EEA when it is necessary to achieve the purposes for which the data was collected and processed.
We transfer your personal data outside the EU/EEA in compliance with GDPR Chapter V requirements if at least one of the following applies:
The European Commission has recognized that the country to which data is transferred ensures an adequate level of data protection;
A contract is in place containing Standard Contractual Clauses approved by the European Commission;
Codes of conduct or other safeguards under the GDPR are followed;
We have obtained a separate and explicit consent from the data subject for such transfer.
The Company does not perform profiling or automated decision-making that would have significant consequences for you or a major impact on you.
As a data subject, you have the following rights:
Right to information: You have the right to receive information about how your personal data is processed.
Right of access: You may request access to your personal data processed by the Company.
Right to rectification: You may request correction or supplementation of inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”): You may request deletion of your personal data if it is no longer necessary for the purposes for which it was collected or processed, or if processing is unlawful, or if you have withdrawn your consent and there is no other legal basis for processing.
Right to object and withdraw consent: You may object to the processing of your personal data in certain cases, such as for direct marketing. You may also withdraw consent at any time if processing is based on consent.
Right to restrict processing: You may request temporary suspension of processing in certain cases (e.g. to verify data accuracy or if you object to processing).
Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another data controller where technically feasible.
Right to lodge a complaint: If you believe your rights have been violated, you may lodge a complaint with the State Data Protection Inspectorate (L. Sapiegos g. 17, Vilnius, email: ada@ada.lt, website: https://vdai.lrv.lt) or with the competent court.
Right to compensation: If you suffer damages due to unlawful processing of your personal data, you have the right to claim compensation.
You may submit requests related to the exercise of your data protection rights by:
Visiting the Company’s office at Kareivių g. 2, LT-08248 Vilnius, Lithuania;
Sending an email to info@penki.lt;
Sending a letter by post to the Company’s office address: Kareivių g. 2, LT-08248 Vilnius, Lithuania.
Būkite pirmieji ir sužinokite apie specialius pasiūlymus ir naujienas iš PENKI!
Nurodykite savo kontaktus, ir mes su Jumis susisieksime.
Nurodykite savo kontaktus, ir mes su Jumis susisieksime.
