- The Baltic Institute of Corporate Governance (BICG) appreciates your trust, and therefore we take responsible care of the protection and privacy of your personal data entrusted to us, in accordance with the established legal requirements and the highest security standards.
- While processing your personal data, we undertake to comply with the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as ‘the Law’), Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (hereinafter referred to as ‘the Regulation’) and other provisions of legislation applicable to personal data protection.
WHAT DATA ABOUT YOU WE COLLECT
- The scope of your personal data processing depends on the purpose of personal data processing. The table below describes in detail the scope of personal data that can be processed.
|Data subject||Purpose and basis of personal data processing||Scope of personal data processed|
|Unite the members and represent their interests.
These personal data are processed by providing BICG services to BICG members and/or satisfying other public interests of BICG members.
|Name, surname, address, telephone number, email address, name of the work place and job title, membership fee payer details, date of payment and amount, information related to a BICG member voting at the Meeting of BICG Members and other data of BICG members.
|Ensure the management and control of the debt of the BICG membership fee provided for in the BICG Statutes.
Personal data are processed on the basis of ensuring the BICG membership fee.
|Name, surname, address, telephone number, email address, name of the work place and job title, details of the payer of the event participant’s fee, date of payment of the membership fee by a BICG member, payment amount, amounts payable but unpaid by a member and time limits for payment, other personal data.
|Exercise the BICG right to publish personal data of its members on the BICG website.
Personal data are processed on the basis of the BICG members’ consent.
|Name, surname, position, link to a person’s Linkedin account.|
|Carry out training, programmes, refresher training or other events, or for the purpose of taking action at the request of BICG members prior to such training or events.
Personal data are processed on the appropriate basis of carrying out training, programmes, refresher training or other types of events.
Photos and video material are processed on the basis of a BICG member’s consent.
|Name, surname, telephone number, email address, name of the work place and job title, information on training, training programmes or other events where a BICG member intends to participate or has participated and other information related to a member’s participation in training, programmes or other events (photos , video material).|
Individuals who intend to become BICG members
|Consider the request for BICG membership of a person who intends to become a BICG member.
These data are processed on the basis of a request for membership of individuals who intend to become BICG members.
|Name, surname, address, telephone number, email address, name of the work place and job title, details of a membership fee payer, other data of individuals who intend to become BICG members, to which BICG has access while carrying out its activities or for the processing of which a person’s consent has been given.|
Former BICG members
|Ensure management and control of the debt of a former BICG member.
Personal data are processed on the basis of proper management and control of the debt of a former BICG member.
|Name, surname, address, telephone number, email address, name of the work place and job title, details of a membership fee payer, date of payment of the membership fee by a BICG member, payment amount, amounts payable but unpaid by a member and time limits for payment, other personal data.
Partners or partners’ representatives
|Ensure the conclusion and performance of contracts with partners, communication and securing of BICG interests upon the expiry of contractual relationships.
Personal data are processed on the basis of the proper conclusion and performance of contracts and the proper securing of interests upon the expiry of contractual relationships.
|Partners (natural persons): name, surname, identity code, address, cell phone number, email address, signature, account number at a financial institution, date of payment by partners, payment amount, other personal data of partners to which BICG has access while providing its services to, or receiving services from partners.
Data of partners’ (legal entities’) representatives: name, surname, job title, signature, telephone number, email address, basis of representation, other data of partners’ representatives to which BICG has access.
Participants in training and events
|Organise training for non-BICG members and register them for BICG training, corporate governance refresher training and events of other types.
Personal data are processed on the basis of the proper organisation of, and assured registration for training, corporate government refresher training and events of other types.
Photos and video material are processed on the basis of personal consent.
Name, surname, telephone number, email address, name of the work place and job title, information on training, training programmes or other events where a person intends to participate or has participated and other information related to a person’s participation in training, programmes or other events (photos , video material).
BICG President, members of governing and other bodies, and committees
|Properly perform the duties of BICG as an association laid down in laws and the BICG Statutes, and properly manage BICG.
Purposes of representation and storage of the organisation’s historical records, and other purposes.
Personal data are processed on the basis of the proper performance of the duties of BICG as an association laid down in laws and the BICG Statutes, and the assurance of proper management.
Name, surname, date of birth, telephone number, email address, residence address, job title, work place, photos, professional biography.
Other persons applying to BICG
|Ensure the proper management and processing of, and response to inquiries, and communication with such persons.
Personal data are processed on the basis of the proper management and processing of, and response to inquiries, and communication with such persons.
Name, surname, email address, telephone number, address, signature and other data left by BICG applicants.
- The provision of the above-mentioned personal data is necessary to meet the requirement of the BICG Statutes to unite all its members, pursue a global level transparency and competitiveness of Baltic public, private and state or municipality owned companies through the promotion of corporate governance practices, help with qualification development and control membership fee payments and debt. Failure to provide the personal data required to implement the above purposes will prevent BICG from fulfilling the public interest obligations assigned to the association, and therefore BICG has the right to decline granting BICG membership and/or providing BICG services.
HOW WE PROCESS YOUR PERSONAL DATA
- As part of your personal data processing, we undertake to rely on the following key data processing principles:
7.1 Personal data are collected for explicit and above-mentioned purposes;
7.2 Personal data are processed lawfully, accurately, transparently, fairly and only in a manner that ensures the accuracy, identity and security of the personal data processed;
7.3 Personal data are identical, relevant and limited to what is necessary for their collection and further processing;
7.4 Personal data may be kept up to date regularly;
7.5 Personal data are processed only by those BICG employees or persons who have been granted such a right;
7.6 All information about personal data processed is confidential;
7.7 While processing and storing personal data, we implement organisational and technical measures that ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
- Our suppliers are selected carefully, and we require them to use appropriate tools capable of protecting your confidentiality and ensuring the security of your personal data.
HOW LONG WE STORE YOUR PERSONAL DATA
- Personal data processed for other purposes are stored until the date of withdrawal of a person’s consent to the processing of the personal data or as long as data processing is necessary for BICG’s legitimate interest, or if the obligation of data processing is envisioned for BICG by other laws.
- The storage of personal data for longer than specified in the Rules may only take place if:
11.1 it is necessary to enable BICG to defend itself against claims, protests or actions and exercise its rights;
11.2 there are reasonable grounds for suspecting an illegal act which is under investigation;
11.3 personal data are necessary for the proper settlement of a dispute or complaint;
11.4 there are other grounds provided for in legislation.
ENTITIES WE CAN TRANSFER YOUR PERSONAL DATA TO
12.1 public authorities, bodies, organisations, courts and other third parties when required by applicable law;
12.2 a third party providing services to BICG, including legal, financial, tax, business management, personnel administration, accounting advisers, etc.;
12.3 partners for contract performance purposes (e.g. training organisers, executors and other providers);
12.4 other third parties with your consent for any specific submission of such data;
12.5 in other cases where this is necessary for the proper implementation of legislation in force.
- We provide your personal data to entities entitled to receive information only to the extent necessary for the proper implementation of purposes for which the personal data are transferred and/or the fulfilment of requirements of applicable laws.
WHAT SOURCES WE COLLECT YOUR DATA FROM
- We receive personal data directly from you (in the manner you choose: by sending us an email, providing data in written form, etc.), by your representative, by officially requesting the necessary information from entities and authorities which process and having the right to provide such information, by collecting information from public sources or receiving such data on a contractual basis.
- We can combine data from one source with those from another source. This is only done to ensure data accuracy.
PROCEDURE FOR IMPLEMENTING YOUR RIGHTS
- You have the following rights related to personal data:
16.1 The right to receive information on who processes your personal data, to whom they are transferred, the purposes for which they are processed and their storage periods;
16.2 The right to request the rectification of your personal data;
16.3 The right to object to the processing of your personal data;
16.4 The right to personal data portability (ask for your personal data in a normal, computer-readable and interoperable format and/or transfer your data to another Data Controller);
16.5 The right to request the deletion of your personal data in the event that excessive personal data are processed or on other grounds laid down in the Regulation;
16.6 The right to require restriction of data processing if the grounds for that are defined in the Regulation;
16.7 The right to withdraw the consent given to BICG;
16.8 Other rights provided for in the Regulation and legislation.
- You can exercise your rights by contacting us and submitting an appropriate written request. Such a request may be filed at the BICG office, or by post, courier service or email.
- When submitting a request, the Data Subject must confirm his/her identity:
18.1 When submitting a request, the Data Subject must present a valid document confirming the identity to the employee of the association who registers the request;
18.2 When submitting a request by post, a copy of a valid identity document certified by a notary public or a copy of this document approved under some other procedure prescribed by law must be submitted together with the request;
18.3 When submitting a request by electronic means, the Data Subject must sign it with the electronic signature or otherwise confirm his/her identity in the manner prescribed by law.
- You can exercise your rights yourself or have them implemented through a representative. If a representative applies to BICG, he/she must indicate in the request the name, surname, place of residence, contact details, the principal’s name, surname and place of residence, information on the data subject’s right the representative wishes to make use of and the extent of such use, and attach a document or its copy confirming the representation as certified by a notary public or a copy of this document approved under some other procedure prescribed by law.
- A request submitted outside the requirements provided for in this Policy is not considered. BICG will inform the applicant of the reasons for any refusal to consider the request.
- A request that complies with the requirements of this Policy will be examined and your requested rights will be implemented by BICG, except in cases provided for by law, to ensure:
21.1 Public order, crime prevention, investigation, detection or prosecution;
21.2 Important economic or financial interests of the state;
21.3 The prevention, investigation and identification of violations of official or professional ethics;
21.4 The protection of the rights and freedoms of the data subject or other persons;
21.5 On other grounds provided for in legislation.
- We will respond to your request within 30 calendar days of the date of receipt of your request. This time limit may be extended by a further 60 calendar days upon prior notice if your request concerns a large volume of personal data or due to the complexity of implementation or other objective reasons necessitating a longer time limit. The answer is provided in the same form as the request, unless there is a request for the exercise of rights by electronic means or the answer in electronic format is chosen due to the large volume of information.
- If you think that we process your data in breach of the requirements of data protection legislation, please first contact us directly for an amicable resolution of the situation. If you are not satisfied with the way we propose to resolve the problem, or if you think that we will not take the necessary action at your request, you will have the right to apply to the State Data Protection Inspectorate or a competent Lithuanian court.
- You can contact the State Data Protection Inspectorate and file a complaint by choosing one of the following methods:
24.1 By electronic means, signing complaints with a qualified electronic signature;
24.2 Using the National Data Protection Inspectorate’s Electronic Services System /go.php/lit/Prisjungti/37;
24.3 By post to: L. Sapiegos str. 17, 10312 Vilnius;
24.4 Personally at the State Data Protection Inspectorate at: L. Sapiegos str. 17, 10312 Vilnius.
HOW YOU CAN CONTACT US
- For all issues related to data processing, you can contact us as follows: by email: info.at.bicg.eu