Privacy Policy
Vilnius University Foundation Privacy Policy
The Vilnius University Foundation (hereinafter also referred to as the Foundation) respects your privacy, so we strive to inform you in a clear and transparent way about how we (Paramos fondas Vilniaus universiteto fondas; company code: 304222713; address: Universiteto g. 3, 01513 Vilnius, Lithuania) collect, use and store your personal data, and ensure a fair and transparent process for the processing of personal data at the Foundation. We would like to encourage you to read this Privacy Policy, because every time you use or express your intention to use the tools provided by the Foundation, both while browsing the Foundation’s website (www.vuf.lt) and visiting the Foundation’s premises, and in other cases where your personal data are processed, the terms of this Privacy Policy will apply. If you still have questions after this, please do not hesitate to contact us in one of the ways listed in the “Contact Information” section. https://www.vuf.lt/privatumo-politika – kontaktine-informacija&lang=lt
General Provisions
The Foundation processes the personal data of all persons who have provided their own or that of related persons (such as family members) on the basis of contractual and other legal relationships.
- Your personal data are processed in accordance with:
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- the Republic of Lithuania Law on Legal Protection of Personal Data;
- the Republic of Lithuania Law on Electronic Communications;
- other legislation governing the protection of personal data;
- the instructions/recommendations of the supervisory authority and other competent authorities.
Definitions
Personal data – any information that we receive directly from you or from other sources that is directly or indirectly related to you and which allows you to be identified.
Data processing – any action or set of actions performed on personal data, such as collection, recording, storage, grouping, merging, modification, publication, retrieval, deletion, and so on.
Automatic data processing – data processing actions performed by electronic means, i.e. various means of information and communication: computers, telephones, tablets, video recorders, cameras, and so on.
Data subject – this is you and every person whose personal data are processed by the Foundation.
Controller – the Vilnius University Foundation, which establishes the purposes and means of personal data processing.
Processor – an organisation that processes personal data on behalf of the Vilnius University Foundation.
Support project – a support project initiated by the Vilnius University Foundation for the benefit of Vilnius University. During a support project, funds are collected in a special bank account opened for that purpose.
Partner – a natural or legal person, a donor, who has provided non-financial support (products, services, inheritance, etc.) to the Vilnius University Endowment Fund or to any Vilnius University Foundation support project.
List of partners – a public list on the Foundation’s website with the names of natural and legal persons, donors, who have provided non-financial support (products, services, inheritance, etc.) to the Vilnius University Endowment Fund or to any Vilnius University Foundation support project.
Sponsor – a natural or legal person, a donor, who has provided financial support to the Vilnius University Endowment Fund or to any support project being implemented by the Vilnius University Foundation.
List of sponsors – a public list on the Foundation’s website with the names of natural and legal persons, donors, who have provided financial support to the Vilnius University Endowment Fund or to any Vilnius University Foundation support project. Sponsors are listed in donation brackets according to the amount donated, which is not disclosed.
Donation brackets – five brackets that sponsors are listed in according to the amount donated. The exact size of the donation is not disclosed. The donation brackets are as follows: (a) EUR 1-99; (b) EUR 100-999; (c) EUR 1,000-9,999; (d) EUR 10,000-99,999; (e) EUR 100,000-1,000,000.
Endowments – funds transferred to and managed by the Foundation, which are separated from its other assets for an indefinite period and used for investment, the income from which the Foundation allocates to Vilnius University in accordance with the principles of endowment separation, efficiency, inviolability of capital, public benefit and operational transparency. The Investment Board is responsible for investing the endowments of the Vilnius University Foundation.
Other terms used in this Privacy Policy shall be construed as defined in the General Data Protection Regulation and other legislation governing the protection of personal data.
What Personal Data do We Process and for what Purposes?
The Vilnius University Foundation collects, uses, stores and otherwise processes information about you that is necessary for these basic purposes:
For the Purpose of Fundraising and Publicising the Donor
For the purpose of fundraising, in accordance with the Foundation’s Articles of Association, the Republic of Lithuania Law on Charity and Sponsorship and other legislation, we collect, use and store data about donors, applying the principles of transparency and openness. We collect and store the data that you give us in the process of providing support: name(s); surname(s); legal person name(s); e-mail address; amount of support; familiarisation with and consent to the Rules for Providing Support and the Privacy Policy; the decision to provide support anonymously; relationship with Vilnius University and its department; method of payment.
The name(s) and surname(s) or company name(s) of financial support providers, sponsors, are published on the Foundation’s website, listed in donation brackets according to the amount donated, which is not disclosed.
The name(s) and surname(s) or company name(s) of non-financial support providers, partners, are published on the Foundation’s website, listed as partners.
All donors are published on the Foundation’s website, aside from those who expressed a wish to provide support anonymously during the process of providing support. If your donation exceeds EUR 500 and you choose to remain anonymous, your name(s) and surname(s) or company name(s) will not be published in the list of sponsors on the Foundation’s website, but the Foundation, in compliance with the laws of the Republic of Lithuania, will specify you in the activity reports, which are published on the Foundation’s website.
Donors (sponsors and partners) published on the Foundation’s website may be made public in the media and other communication channels used by the Foundation (social media, newsletters, press releases, etc.).
The Foundation undertakes to send, to the e-mail specified by the donor, a letter of thanks, a certificate attesting to the support, the Foundation’s activity reports, and other information that is not considered direct marketing. The Foundation is not responsible for certificates and/or activity reports not received if an incorrect e-mail address was provided.
For Financial Settlement Purposes
For the purpose of financial settlement with natural persons and legal persons performing services or individual activities, the data of responsible persons are processed: the data subject’s name(s), surname(s), national identity number, contact telephone numbers, current account number (for natural persons/beneficiaries), e-mail address, organisation or institution represented, position, academic degree, identity document data used for identification.
For the Purpose of Supervision and Monitoring of Electronic Communications Traffic
For the purpose of supervision and monitoring of electronic communications traffic, based on the implementation of legal requirements, user actions are automatically recorded in action logs. On the basis of the requirements of the Law on Electronic Communications, the data specified in Annex 1 to this Law are processed in order to ensure the availability of data for the investigation, detection and prosecution of serious and grave crimes as defined in the Criminal Code of the Republic of Lithuania.
For the purposes of organising events and all related activities
For the purposes of organising events and all related activities, (such as accommodation for guests, sending invitations, identification of guests, etc.), the following data are processed on the basis of concluded agreements: name, surname, national identity number, personal telephone numbers, current account number (for natural persons/payers), personal e-mail address, place of work, date of birth, institution (work or study), department of the institution (work or study), position, pedagogical and academic titles, degree, identity document data used for identification of the event participant, data on services provided, identity document data used for identification, place of accommodation, place of residence, in case of parking – car number and model, data on related accommodation services provided, data on related event services provided.
For Direct Marketing Purposes
For the purposes of direct marketing, on the basis of consent of the data subject, the following data are collected and processed in order to inform you about the Foundation’s ongoing and future projects, investment results, events, services provided and goods offered: name(s), surname(s), e-mail address, telephone number(s), address(es), work or research institution (department of the institution), languages (when sending information in different languages).
Please be informed that you that you have the right to refuse direct marketing communications at any time by e-mailing us about your decision or by clicking the “Unsubscribe” link in the direct marketing communication.
How are Your Personal Data Obtained?
- The Foundation processes your personal data, which are:
- received directly from you (when you provide support, participate in the Foundation’s events, visit the www.vuf.lt website, communicate with the Foundation’s employees or representatives, visit the Foundation’s premises, etc.);
- obtained from other sources;
- generated automatically to the extent provided by applicable legislation (by visiting a website and/or social media account, using apps).
We would like to draw your attention to the fact that if you provide us with the data of other persons related to you (such as family members), you must inform these persons about the processing of their personal data at the Foundation and undertake to acquaint them with this Privacy Policy.
- The Foundation receives your personal data from other sources, such as:
- donors (their representatives), when they provide data on close family members or persons related by kinship;
- legal entities, if you are the head/representative, employee or authorised person of a legal entity;
- third parties and/or publicly available sources, to the extent provided by applicable legislation (such as the social media site LinkedIn).
Who is Your Data Disclosed to?
Personal data may be disclosed to the following parties:
- enterprises providing services upon the request of the Foundation e.g. Lithuanian postal services;
- banks carrying out settlement operations for the Foundation;
- other organisations and state institutions (State Social Insurance Fund, State Tax Inspectorate), when it is required by law or when it is necessary in order to protect our information society services;
- We may disclose your personal data to other parties in the following cases:
- in order not to violate the law or in accordance with the mandatory requirement of the legal process (e.g. after receiving a legal order or a search warrant or any other court decision);
- to confirm the legality of our operations;
- to protect the rights, property or security of the Foundation;
- in other cases upon your consent or your lawful request.
Foundation may engage the following data processors in personal data processing: enterprises providing data centre, hosting, cloud computing, website administration and related services, enterprises providing document archiving services, enterprises providing advertising and marketing services, enterprises creating, providing, supporting and developing software, enterprises providing IT infrastructure services, enterprises providing communication services, enterprises providing consultations, enterprises carrying out analysis of internet searches or activity of the internet and providing services. Our aim is that service providers should comply with the General Data Protection Regulation, laws, Foundation Privacy Policy and other mandatory requirements of legal acts. The relations between the Foundation as the data controller and a particular data processor are specified in a written agreement or written terms, except in cases when such relations are determined by law or other legal acts.
Which Countries are Your Personal Data Processed in?
We normally process and store your personal data within the territory of the European Union (hereinafter referred to as the EU) and the European Economic Area (hereinafter referred to as the EEA), but your personal data may occasionally have to be transferred to other countries outside the EU and the EEA where lower levels of data protection may apply. In such cases, the Foundation shall make every effort to ensure the security of the personal data transmitted.
When the Foundation transfers personal data to countries outside the EU and the EEA, one of the following security measures applies:
- a contract is signed with the personal data recipient based on the standard contractual clauses approved by the European Commission;
- the personal data recipient is established in a country recognised by a decision of the European Commission as applying adequate standards of personal data protection;
- permission from the State Data Protection Inspectorate.
Profiling and Automated Decision-Making
In certain cases, the Foundation uses profiling and automated decision-making.
If you have given your consent to the processing of Personal Data for the purpose of direct marketing and you have not revoked this consent, the Foundation will profile your personal data, i.e. perform automated processing of personal data in order to provide you with the offer and/or service that best suits your interests after evaluating such data.
What do we do to Protect Your Information?
We follow these principles when collecting and processing personal data transferred by you to Vilnius University Foundation or lawfully received from other persons:
- Your personal data are processed lawfully, fairly and in a transparent manner (principle of ‘lawfulness, fairness and transparency’)
- Your personal data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of ‘purpose limitation’).
- Your personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of ‘data minimisation’)
- Your personal data processed are accurate and, where necessary, kept up to date (principle of ‘accuracy’).
- Your personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (principle of ‘storage limitation’).
- Your personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of ‘integrity and confidentiality’).
- We have put in place smart and appropriate physical and technical measures to protect the information we collect for providing content / services. Keep in mind, however, that while we take reasonable steps to protect your information, no website, online operation, computer system, or wireless connection is completely secure.
How Long do We Store Your Data?
We store your personal data to the extent necessary to achieve the stated purpose. Once the stated purpose has been achieved, your personal data will be deleted, except in cases when applicable legislation obliges the Foundation to store personal data for a period specified therein.
For direct marketing purposes, your personal data is stored for five years from the date of its receipt or renewal, or until the withdrawal of consent to the processing of personal data. After the data retention period, we reserve the right to ask you again if we can continue to process your data.
Other specific retention periods for your personal data depend on the legal basis for the processing of your personal data.
Your rights
You, as the data subject whose personal data are processed by the Foundation, have the following rights:
- to ask the Foundation to provide information about your personal data processed by the Foundation and the purposes of processing;
- to ask to rectify incorrect, incomplete or inaccurate personal data and/or suspend the processing of such personal data when after checking you establish that the data are incorrect, incomplete or inaccurate;
- to restrict your personal data processing until the lawfulness of their processing is checked upon your request;
- to request to erase personal data (the right to be forgotten);
- to object to the processing of your personal data for direct marketing purposes, including profiling;
- to ask for your personal data to be transferred to another data controller or to be provided directly to you in a commonly used form (it applies to the personal data provided by yourself and processed by automated means upon consent or upon concluding and implementing a contract);
- to withdraw your consent without affecting the use of your personal data executed before the withdrawal of consent.
- to file a complaint with the State Data Protection Inspectorate if you believe that your personal data is being processed in violation of your rights and legitimate interests in the field of personal data protection. More information is available at www.vdai.lrv.lt.
The Foundation may not provide the data subjects with the conditions for exercising the above rights in the cases laid down in laws when it is necessary to ensure prevention, investigation and detection of criminal offences, violations of official or professional ethics as well as protection of the rights and freedoms of the data subject or other persons.
How will You Execute Your Right?
- In order to exercise their rights, data subjects submit a personal written request or complaint relating to the personal data processing issues to email-vufondas@vuf.lt addressed or to
headquarters in Universiteto g. 3 Vilnius. - The request or complaint must contain a return address for correspondence. Requests and complaints sent by unregistered post or lacking a return address are investigated in line with general procedures but not replied to in writing.
- The request must be legible and signed, must contain the data subject’s name, surname, residence address and other contact details to maintain communication of the preferred form, information specifying the data subject’s right and the requested scope of its implementation.
- A data subject may exercise his/her rights personally or through a legally authorized representative.
- If a representative applies on behalf of the represented data subject, he/she must provide his/her name, surname, place of residence, contact details for communication, as well as the represented individual’s name, surname, place of residence, information specifying the data subject’s right and the scope of exercising requested and attach a document confirming representation or a copy of the document approved in accordance with the procedures set by legal acts. The representative’s request must satisfy the same requirements as set out for the request of the individual represented.
We will provide a reply to your request within 30 (thirty) calendar days from the date of the receipt of the request. In exceptional cases which require additional time, we will notify you and will have the right to extend the period for the provision of requested data or investigation of other requirements listed in your request for up to 60 (sixty) calendar days from the date of your enquiry.
The information requested will be provided to you free of charge. In cases when your requests are unjustified or disproportionate due to their repetitive content, the University may refuse to take action upon your request.
nces, violations of official or professional ethics as well as protection of the rights and freedoms of the data subject or other persons.
Cookies
To ensure the quality of services provided and the operation of the website, we use cookies on the Foundation webpage and collect information about the use of services. Cookies are small files containing information that a website stores on your computer or mobile device when you visit the site. They help us to recognize you as a previous visitor of the Foundation website, store your history and to provide the suitable content to you. Furthermore, cookies allow to ensure the stable activity of the website, monitor visit duration and frequency, and to collect statistical information regarding the number of website visitors. By analyzing these data, we can make improvements on the website and render it more convenient for your use.
We collect the data of our website visitors in accordance with the Republic of Lithuania Law on Legal Protection of Personal, the Republic of Lithuania Law on Electronic Communications, other related legal acts and directions of controlling authorities.
By browsing the Foundation website www.vuf.lt, you agree to the storing of cookies on your computer or other device. You can always withdraw your consent by changing your browser preferences and deleting installed cookies.
We have to draw your attention to the fact that the Foundation websites may contain links to social networks and webpages of other enterprises or organisations. The Foundation privacy and cookies policy applies only when you are visiting the website of the Foundation and its divisions. The Foundation does not take responsibility for the content of the webpages of the third parties or their principles of privacy protection. If you use a link on the Foundation website to access other websites, you have to check their privacy policy.
When administering the websites and diagnosing disruptions in the work of the Foundation webpage servers we record the visitors’ computer IP addresses and operations on the webpages. The IP address is a unique code identifying a computer in the networks. This code and the sequence of operations on webpages may be used to identify a visitor and collect different statistical information. This information is collected in compliance with the requirements of cyber security and information security regulation.
When you subscribe to the Foundation newsletters, we collect the basic information necessary for the identification of the user that you provide in the registration form, i.e., name, surname, email address and IP address.
We safeguard the data collected about the visitors of the Foundation websites against loss, unlawful use and alterations. The Foundation employees sign a written commitment not to disclose or disseminate information obtained in their work about the website visitors to the third parties.
The Foundation website uses technical cookies which have been designed and are used directly (without interference of the third parties) for the transfer of this website information through the electronic communication network. Technical cookies are not used for any other purposes. This data processing does not allow to identify you directly or indirectly. The Foundation retains the right to disclose anonymous statistical information to the third parties. List of cookies used on the Foundation webpage: JSESSIONID; wc_cart_hash_#; wc_fragments_#; messagesUtk; _ga; _gat; _gid; tk_ai; __hmpl; __hssc; __hssrc; __hstc; __ptq.gif; embed/v3/counters.gif; HUBLYTICS_EVENTS_53; hubspotutk; r/collect; mailerlite:webform:shown:1821656
Contact information
If you have any questions regarding the information provided in this Privacy Policy or the protection of your personal data and the implementation of your rights in the Vilnius University Foundation, please contact us in any way convenient for you:
- el. mail: vufondas@vuf.lt;
- by phone: +370 (5) 219 3000
- in writing to the address: Universiteto str. 3, 01513 Vilnius, Lithuania
Final provisions
This Privacy Policy may be renewed in order to correct errors or to comply with the new legal acts or technical requirements. The latest version of this Privacy Policy will always be available on the University website. In case of updates of the provisions of the Privacy Policy which we consider essential, you will be informed about them on the internet website and by other means. This Privacy Policy was updated on 27/05/2020