PRIVACY POLICY
INTRODUCTION
We, The Office of the Government of the Republic of Lithuania (hereinafter – the Institution or the Data Controller), take care of the security of your personal data (personal data means any information that relates to an identified or identifiable living person, such as the name, surname, address, email address, website behaviour, etc.). The Privacy Notice below is addressed to all persons who contact, employ, apply for, or otherwise engage with the Institution, use the Institution’s services, or otherwise provide their personal data to the Institution.
This Privacy Notice is based on applicable legal acts and guidelines, such as the General Data Protection Regulation (hereinafter – the GDPR), the Law on Legal Protection of Personal Data, and the guidelines of the State Data Protection Inspectorate (hereinafter – the SDPI). The purpose of the Privacy Notice is to set out the rights and obligations of data subjects, as well as other information that is required to be provided under the GDPR.
DATA CONTROLLER
The Office of the Government of the Republic of Lithuania, legal entity code: 188604574, registered office address Gedimino pr. 11, LT-01103 Vilnius, Lithuania, is the data controller (as defined in the GDPR) of the personal data described in this Privacy Notice.
DATA PROTECTION OFFICER
The Office of the Government of the Republic of Lithuaniahas appointed the Data Protection Officer (hereinafter – the DPO) in accordance with Article 37 of Section 4 of the GDPR, who can be contacted by email: dap@lrv.lt.
WHAT PRINCIPLES DO WE FOLLOW WHEN PROCESSING YOUR DATA?
The processing shall be carried out on the basis of the following principles specified in Article 5 of the GDPR:
- the principle of lawfulness, fairness and transparency;
- the principle of purpose limitation;
- the principle of data minimisation;
- the principle of accuracy;
- the principle of storage limitation;
- the principle of integrity and confidentiality.
The Institution takes appropriate technical and organisational measures in order to ensure that it is able to meet the obligation under the accountability principle.
HOW DO WE PROTECT YOUR DATA?
In order to protect your data, we have taken organisational and technical measures that are designed to properly regulate and process your data. Such measures include but are not limited to: the SDPI guidelines, the measures set out in the ISO/IEC 27001:2022 /ISO/IEC 27002:2022 information security management standard, the EDPS (European Data Protection Supervisor) and WP29 (Working Party 29) guidelines and recommendations.
The organisational measures for the protection of personal data include, but are not limited to, the following: privacy policy, data subject access request procedures, risk assessments, information security incident management procedures, information security documents, records of data processing activities, data processing agreements with data processors, various staff procedures, ongoing staff training, etc.
Technical measures for the protection of personal data are implemented on the basis of information security documents. Data processing agreement is concluded at all times when data processors are involved.
COOKIES – GENERAL INFORMATION
- What are cookies?
Cookies are simple text files that are placed in the browser memory of your device (e.g., computer, mobile phone, tablet) with your consent when you browse a website. Cookies can be used to ensure the security of the website, to identify unique users, to store information about cookie options you have chosen, the pages you have browsed, what you have clicked on, etc. This is a common practice when browsing websites.
Please note that cookies are in many cases managed in conjunction with the company that collects and processes the cookie information, e.g., Google, Meta (formerly Facebook), and you should also read the Privacy Notices of these companies.
- How do I control cookies?
If you do not want your personal data to be processed by cookies, you can change the settings of your web browser so that cookies are not automatically accepted or delete cookies that have already been stored. You can do this at any time, as all browsers have an option to delete cookies. More detailed instructions depend on the browser you are using; you can find instructions for the most commonly used browsers here:
- Cookie settings in Internet Explorer
- Cookie settings in Microsoft Edge
- Cookie settings in Firefox
- Cookie settings in Chrome and Android
- Cookie settings in Safari and iOS
- How do we use cookies?
In most cases, we set cookies together with our technology partners through their use of, for example, cookie management tools, fonts etc. In other cases, certain security, analytical, advertising functions are performed by general data controllers. Here is a list of such partners and their privacy policies:
| Technology partner | Privacy Policy |
| https://policies.google.com/privacy | |
| Meta | https://www.facebook.com/privacy/explanation |
| https://twitter.com/en/privacy | |
| https://www.linkedin.com/legal/privacy-policy |
- Cookies on baltics2025expo.com
| Cookie | Type | Description | Expiration |
| CookieScriptConsent | Cookie Script Consent Cookie | This cookie is used to remember visitor cookie consent preferences. | 1 month |
| – pll_language | Functional | This cookie is used to remember the language selected by the user when he comes back to visit again the website. | 1 day |
| _ga | Google Analytics Persistent Cookie | Registers a unique ID that is used to generate statistical data on how the visitor uses the web site. | 2 years |
WHAT RIGHTS AND RESPONSIBILITIES DO YOU HAVE?
- The right to be informed in a transparent way, including the rights you have. We inform you by means of this Privacy Notice.
- The right to be informed about the processing of your data, and to know what data we process about you. You can request a copy of your data by contacting the DPO.
- The right to data rectification and erasure. If you find that your data is incomplete or inaccurate, you can contact the DPO and we will look into your case. You can also ask us to remove your data. We will be able to do this if there are no other legal acts that oblige us to keep the data.
- The right to restriction of processing. For example, until we clarify inaccuracies.
- The right to data portability.
- The right to object to our processing of your data and to withdraw your consent at any time.
- The right to object to automated decision-making, including profiling, which has significant consequences for you. The Institution does not currently apply such decision-making.
Please note that in order to exercise your rights, we will need to establish your identity.
When the Institution acts as a data processor, we follow the data controller’s instructions and the provisions of the data processing agreement.
You are responsible for ensuring that the data you provide to us is accurate, correct and complete. If the data you have provided changes, you must inform us immediately by email. We will not be liable in any event for any damage caused to you as a result of you providing incorrect or incomplete personal data or failing to inform us of any changes to such data.
Information published on the Institution’s websites, its copying, reproduction, links to it are allowed only with written permission of the Institution. It can be obtained by applying to lrvkanceliarija@lrv.lt. This permission shall not imply any transfer of rights in the material.
TO WHOM AND WHEN CAN WE TRANSFER YOUR DATA?
We may transfer your personal data when:
- You have given your consent to the transfer;
- We must do so in the manner prescribed by laws when required by a public authority / law enforcement body / pre-trial investigation authority, court or their representatives, when suspecting a criminal offence, in the event of a dispute, e.g., by the STI, the Centre of Registers, the FCIS, the Police, the Disputes Commission, criminal intelligence authorities, etc.
All your data shall be processed within the European Economic Community and shall not be transferred to third countries. If it is necessary to transfer data to other countries, we may rely on the European Commission’s adequacy decision (if the European Commission decides that the adequate level of data protection is ensured in the specific country where the data recipient is established and/or carries out its business). Other mechanisms may also be used to ensure adequate data protection, such as standard contractual clauses enshrined in legal acts regulating personal data protection.
HOW CAN YOU CONTACT US WITH QUESTIONS OR IN ORDER TO EXERCISE YOUR RIGHTS?
If you have any questions or want to exercise your rights, you can contact us in any way that suits you:
- By email: dap@lrv.lt
- By post to the address: Gedimino pr. 11, LT-01103 Vilnius, Lithuania
VALIDITY AND REVIEW OF THE PRIVACY NOTICE
We regularly review this Privacy Notice for compliance with legal acts and personal data processed by the Institution.
We may update or amend this Privacy Notice at any time. Such updated or amended Privacy Notice shall enter into force from the date of its posting on our website.