Personal Data Protection Policy
AB Linas Agro Group and its subsidiaries (hereinafter – the Group) respect the privacy of individuals. The purpose of the Personal Data Protection Policy of the Group is to draw the guidelines and to oblige the managers of the companies of the Group to ensure a proper compliance with the provisions of the General Data Protection Regulation (GDPR) of the EU, the Law on Legal Protection of Personal Data (LLPPD) of the Republic of Lithuania, the Labour Code of the Republic of Lithuania, as well as compliance with other legal acts regulating the protection of personal data, and respect for privacy of individuals.
The Group strives to process the personal data of employees and customers safely and appropriately and to ensure their confidentiality in accordance with legal requirements, and therefore takes all necessary technical and organizational measures to protect the personal data of the employees, partners and clients of the Group:
- The Group collects and stores the data of individuals solely on the legal basis, to the extent that is necessary and for a period that is necessary, i.e., information that is not used to achieve a specific pre-determined objective may not be collected and stored, and personal data are kept for a period that is no longer than necessary for the purposes of the data processing.
- Personal data are processed accurately and fairly, they may not be outdated or inaccurate and must be kept confidential throughout their processing period, as well as it is prohibited to disclose any information relating to personal data, unless such information is public in accordance with provisions of applicable laws or other legal acts.
- The Group processes personal data of its customers solely for the purpose to be able to provide a better consultation, to offer best solutions and to perform contracts concluded.
- The companies of the Group must adopt internal rules of procedure or policies that define for what purposes, to what extent and by whom personal data of employees and customers are collected, stored and safe-kept. Employees of the companies must be informed about the said rules or policies and have access to them on a regular basis.
- Depending on the nature of activity of each company and the amount of customers’ personal data collected and stored, it is advisable to endorse the customers’ personal data protection management principles and publish them on the company’s website, so that customers could access them. The companies that do not have websites have a possibility to publish their personal data processing principles at www.linasagrogroup.lt.
- Customers of the Group must be provided with the opportunity to consent to or to disagree with the use and accumulation of their personal data and to request the deletion or transfer of their personal data, except for the cases where this would interfere with the fulfilment of contractual obligations. Customers must also be provided with the opportunity to consent to or to disagree with the use of their personal data for marketing purposes by the means of signature or electronically.
- Companies of the Group must appoint persons responsible for the proper application of the GDPR provisions within the companies and the provision of contact information of the persons to be addressed by the employees in matters related to the GDPR. Companies can use external consultants to develop and implement procedures in line with the GDPR.
- Personal data processed by the Group are provided to third parties (data recipients) only in the cases and according to the procedure established by laws and other legal acts based on the consent of the data subject or in the presence of other legitimate basis for the provision of such data.
- Since the largest part of personal data is collected and stored electronically, the managers of companies of the Group must ensure that the personal data collected and stored on the servers, computers or other media of the companies are protected against viruses and other attempts to illegally obtain personal data or personal data leakages.
This Policy applies to and is mandatory for all employees of the Group and data processors engaged by the Group.