The Foundation processes the personal data of all persons who have provided their own or that of related persons (such as family members) on the basis of contractual and other legal relationships.
- Your personal data are processed in accordance with:
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- the Republic of Lithuania Law on Legal Protection of Personal Data;
- the Republic of Lithuania Law on Electronic Communications;
- other legislation governing the protection of personal data;
- the instructions/recommendations of the supervisory authority and other competent authorities.
Personal data – any information that we receive directly from you or from other sources that is directly or indirectly related to you and which allows you to be identified.
Data processing – any action or set of actions performed on personal data, such as collection, recording, storage, grouping, merging, modification, publication, retrieval, deletion, and so on.
Automatic data processing – data processing actions performed by electronic means, i.e. various means of information and communication: computers, telephones, tablets, video recorders, cameras, and so on.
Data subject – this is you and every person whose personal data are processed by the Foundation.
Controller – the Vilnius University Foundation, which establishes the purposes and means of personal data processing.
Processor – an organisation that processes personal data on behalf of the Vilnius University Foundation.
Support project – a support project initiated by the Vilnius University Foundation for the benefit of Vilnius University. During a support project, funds are collected in a special bank account opened for that purpose.
Partner – a natural or legal person, a donor, who has provided non-financial support (products, services, inheritance, etc.) to the Vilnius University Endowment Fund or to any Vilnius University Foundation support project.
List of partners – a public list on the Foundation’s website with the names of natural and legal persons, donors, who have provided non-financial support (products, services, inheritance, etc.) to the Vilnius University Endowment Fund or to any Vilnius University Foundation support project.
Sponsor – a natural or legal person, a donor, who has provided financial support to the Vilnius University Endowment Fund or to any support project being implemented by the Vilnius University Foundation.
List of sponsors – a public list on the Foundation’s website with the names of natural and legal persons, donors, who have provided financial support to the Vilnius University Endowment Fund or to any Vilnius University Foundation support project. Sponsors are listed in donation brackets according to the amount donated, which is not disclosed.
Donation brackets – five brackets that sponsors are listed in according to the amount donated. The exact size of the donation is not disclosed. The donation brackets are as follows: (a) EUR 1-99; (b) EUR 100-999; (c) EUR 1,000-9,999; (d) EUR 10,000-99,999; (e) EUR 100,000-1,000,000.
Endowments – funds transferred to and managed by the Foundation, which are separated from its other assets for an indefinite period and used for investment, the income from which the Foundation allocates to Vilnius University in accordance with the principles of endowment separation, efficiency, inviolability of capital, public benefit and operational transparency. The Investment Board is responsible for investing the endowments of the Vilnius University Foundation.
What Personal Data do We Process and for what Purposes?
The Vilnius University Foundation collects, uses, stores and otherwise processes information about you that is necessary for these basic purposes:
For the Purpose of Fundraising and Publicising the Donor
The name(s) and surname(s) or company name(s) of financial support providers, sponsors, are published on the Foundation’s website, listed in donation brackets according to the amount donated, which is not disclosed.
The name(s) and surname(s) or company name(s) of non-financial support providers, partners, are published on the Foundation’s website, listed as partners.
All donors are published on the Foundation’s website, aside from those who expressed a wish to provide support anonymously during the process of providing support. If your donation exceeds EUR 500 and you choose to remain anonymous, your name(s) and surname(s) or company name(s) will not be published in the list of sponsors on the Foundation’s website, but the Foundation, in compliance with the laws of the Republic of Lithuania, will specify you in the activity reports, which are published on the Foundation’s website.
Donors (sponsors and partners) published on the Foundation’s website may be made public in the media and other communication channels used by the Foundation (social media, newsletters, press releases, etc.).
The Foundation undertakes to send, to the e-mail specified by the donor, a letter of thanks, a certificate attesting to the support, the Foundation’s activity reports, and other information that is not considered direct marketing. The Foundation is not responsible for certificates and/or activity reports not received if an incorrect e-mail address was provided.
For Financial Settlement Purposes
For the purpose of financial settlement with natural persons and legal persons performing services or individual activities, the data of responsible persons are processed: the data subject’s name(s), surname(s), national identity number, contact telephone numbers, current account number (for natural persons/beneficiaries), e-mail address, organisation or institution represented, position, academic degree, identity document data used for identification.
For the Purpose of Supervision and Monitoring of Electronic Communications Traffic
For the purpose of supervision and monitoring of electronic communications traffic, based on the implementation of legal requirements, user actions are automatically recorded in action logs. On the basis of the requirements of the Law on Electronic Communications, the data specified in Annex 1 to this Law are processed in order to ensure the availability of data for the investigation, detection and prosecution of serious and grave crimes as defined in the Criminal Code of the Republic of Lithuania.
For the purposes of organising events and all related activities
For the purposes of organising events and all related activities, (such as accommodation for guests, sending invitations, identification of guests, etc.), the following data are processed on the basis of concluded agreements: name, surname, national identity number, personal telephone numbers, current account number (for natural persons/payers), personal e-mail address, place of work, date of birth, institution (work or study), department of the institution (work or study), position, pedagogical and academic titles, degree, identity document data used for identification of the event participant, data on services provided, identity document data used for identification, place of accommodation, place of residence, in case of parking – car number and model, data on related accommodation services provided, data on related event services provided.
For Direct Marketing Purposes
For the purposes of direct marketing, on the basis of consent of the data subject, the following data are collected and processed in order to inform you about the Foundation’s ongoing and future projects, investment results, events, services provided and goods offered: name(s), surname(s), e-mail address, telephone number(s), address(es), work or research institution (department of the institution), languages (when sending information in different languages).
Please be informed that you that you have the right to refuse direct marketing communications at any time by e-mailing us about your decision or by clicking the “Unsubscribe” link in the direct marketing communication.
How are Your Personal Data Obtained?
- The Foundation processes your personal data, which are:
- received directly from you (when you provide support, participate in the Foundation’s events, visit the www.vuf.lt website, communicate with the Foundation’s employees or representatives, visit the Foundation’s premises, etc.);
- obtained from other sources;
- generated automatically to the extent provided by applicable legislation (by visiting a website and/or social media account, using apps).
- The Foundation receives your personal data from other sources, such as:
- donors (their representatives), when they provide data on close family members or persons related by kinship;
- legal entities, if you are the head/representative, employee or authorised person of a legal entity;
- third parties and/or publicly available sources, to the extent provided by applicable legislation (such as the social media site LinkedIn).
Who is Your Data Disclosed to?
Personal data may be disclosed to the following parties:
- enterprises providing services upon the request of the Foundation e.g. Lithuanian postal services;
- banks carrying out settlement operations for the Foundation;
- other organisations and state institutions (State Social Insurance Fund, State Tax Inspectorate), when it is required by law or when it is necessary in order to protect our information society services;
- We may disclose your personal data to other parties in the following cases:
- in order not to violate the law or in accordance with the mandatory requirement of the legal process (e.g. after receiving a legal order or a search warrant or any other court decision);
- to confirm the legality of our operations;
- to protect the rights, property or security of the Foundation;
- in other cases upon your consent or your lawful request.
Which Countries are Your Personal Data Processed in?
We normally process and store your personal data within the territory of the European Union (hereinafter referred to as the EU) and the European Economic Area (hereinafter referred to as the EEA), but your personal data may occasionally have to be transferred to other countries outside the EU and the EEA where lower levels of data protection may apply. In such cases, the Foundation shall make every effort to ensure the security of the personal data transmitted.
When the Foundation transfers personal data to countries outside the EU and the EEA, one of the following security measures applies:
- a contract is signed with the personal data recipient based on the standard contractual clauses approved by the European Commission;
- the personal data recipient is established in a country recognised by a decision of the European Commission as applying adequate standards of personal data protection;
- permission from the State Data Protection Inspectorate.
Profiling and Automated Decision-Making
In certain cases, the Foundation uses profiling and automated decision-making.
If you have given your consent to the processing of Personal Data for the purpose of direct marketing and you have not revoked this consent, the Foundation will profile your personal data, i.e. perform automated processing of personal data in order to provide you with the offer and/or service that best suits your interests after evaluating such data.
What do we do to Protect Your Information?
We follow these principles when collecting and processing personal data transferred by you to Vilnius University Foundation or lawfully received from other persons:
- Your personal data are processed lawfully, fairly and in a transparent manner (principle of ‘lawfulness, fairness and transparency’)
- Your personal data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of ‘purpose limitation’).
- Your personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of ‘data minimisation’)
- Your personal data processed are accurate and, where necessary, kept up to date (principle of ‘accuracy’).
- Your personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (principle of ‘storage limitation’).
- Your personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of ‘integrity and confidentiality’).
- We have put in place smart and appropriate physical and technical measures to protect the information we collect for providing content / services. Keep in mind, however, that while we take reasonable steps to protect your information, no website, online operation, computer system, or wireless connection is completely secure.
How Long do We Store Your Data?
We store your personal data to the extent necessary to achieve the stated purpose. Once the stated purpose has been achieved, your personal data will be deleted, except in cases when applicable legislation obliges the Foundation to store personal data for a period specified therein.
For direct marketing purposes, your personal data is stored for five years from the date of its receipt or renewal, or until the withdrawal of consent to the processing of personal data. After the data retention period, we reserve the right to ask you again if we can continue to process your data.
Other specific retention periods for your personal data depend on the legal basis for the processing of your personal data.
You, as the data subject whose personal data are processed by the Foundation, have the following rights:
- to ask the Foundation to provide information about your personal data processed by the Foundation and the purposes of processing;
- to ask to rectify incorrect, incomplete or inaccurate personal data and/or suspend the processing of such personal data when after checking you establish that the data are incorrect, incomplete or inaccurate;
- to restrict your personal data processing until the lawfulness of their processing is checked upon your request;
- to request to erase personal data (the right to be forgotten);
- to object to the processing of your personal data for direct marketing purposes, including profiling;
- to ask for your personal data to be transferred to another data controller or to be provided directly to you in a commonly used form (it applies to the personal data provided by yourself and processed by automated means upon consent or upon concluding and implementing a contract);
- to withdraw your consent without affecting the use of your personal data executed before the withdrawal of consent.
- to file a complaint with the State Data Protection Inspectorate if you believe that your personal data is being processed in violation of your rights and legitimate interests in the field of personal data protection. More information is available at www.vdai.lrv.lt.
The Foundation may not provide the data subjects with the conditions for exercising the above rights in the cases laid down in laws when it is necessary to ensure prevention, investigation and detection of criminal offences, violations of official or professional ethics as well as protection of the rights and freedoms of the data subject or other persons.
How will You Execute Your Right?
- In order to exercise their rights, data subjects submit a personal written request or complaint relating to the personal data processing issues to firstname.lastname@example.org addressed or to
headquarters in Universiteto g. 3 Vilnius.
- The request or complaint must contain a return address for correspondence. Requests and complaints sent by unregistered post or lacking a return address are investigated in line with general procedures but not replied to in writing.
- The request must be legible and signed, must contain the data subject’s name, surname, residence address and other contact details to maintain communication of the preferred form, information specifying the data subject’s right and the requested scope of its implementation.
- A data subject may exercise his/her rights personally or through a legally authorized representative.
- If a representative applies on behalf of the represented data subject, he/she must provide his/her name, surname, place of residence, contact details for communication, as well as the represented individual’s name, surname, place of residence, information specifying the data subject’s right and the scope of exercising requested and attach a document confirming representation or a copy of the document approved in accordance with the procedures set by legal acts. The representative’s request must satisfy the same requirements as set out for the request of the individual represented.
We will provide a reply to your request within 30 (thirty) calendar days from the date of the receipt of the request. In exceptional cases which require additional time, we will notify you and will have the right to extend the period for the provision of requested data or investigation of other requirements listed in your request for up to 60 (sixty) calendar days from the date of your enquiry.
The information requested will be provided to you free of charge. In cases when your requests are unjustified or disproportionate due to their repetitive content, the University may refuse to take action upon your request.
nces, violations of official or professional ethics as well as protection of the rights and freedoms of the data subject or other persons.
We collect the data of our website visitors in accordance with the Republic of Lithuania Law on Legal Protection of Personal, the Republic of Lithuania Law on Electronic Communications, other related legal acts and directions of controlling authorities.
By browsing the Foundation website www.vuf.lt, you agree to the storing of cookies on your computer or other device. You can always withdraw your consent by changing your browser preferences and deleting installed cookies.
When administering the websites and diagnosing disruptions in the work of the Foundation webpage servers we record the visitors’ computer IP addresses and operations on the webpages. The IP address is a unique code identifying a computer in the networks. This code and the sequence of operations on webpages may be used to identify a visitor and collect different statistical information. This information is collected in compliance with the requirements of cyber security and information security regulation.
When you subscribe to the Foundation newsletters, we collect the basic information necessary for the identification of the user that you provide in the registration form, i.e., name, surname, email address and IP address.
We safeguard the data collected about the visitors of the Foundation websites against loss, unlawful use and alterations. The Foundation employees sign a written commitment not to disclose or disseminate information obtained in their work about the website visitors to the third parties.
The Foundation website uses technical cookies which have been designed and are used directly (without interference of the third parties) for the transfer of this website information through the electronic communication network. Technical cookies are not used for any other purposes. This data processing does not allow to identify you directly or indirectly. The Foundation retains the right to disclose anonymous statistical information to the third parties. List of cookies used on the Foundation webpage: JSESSIONID; wc_cart_hash_#; wc_fragments_#; messagesUtk; _ga; _gat; _gid; tk_ai; __hmpl; __hssc; __hssrc; __hstc; __ptq.gif; embed/v3/counters.gif; HUBLYTICS_EVENTS_53; hubspotutk; r/collect; mailerlite:webform:shown:1821656
- el. mail: email@example.com;
- by phone: +370 (5) 219 3000
- in writing to the address: Universiteto str. 3, 01513 Vilnius, Lithuania