Privacy Policy
I. GENERAL PROVISIONS
1. Public institution SMK College of Applied Sciences (hereinafter – the University) respects privacy of every individual and personal data security therefore when managing personal data, it follows not only other legal acts regulating management and storage of personal data, but also the following rules and provisions indicated in the Privacy policy, which are published and accessible in the website of the University www.smk.lt.
2. This policy regulates personal data collection, management and storage carried out by the University as data manager.
3. The University carries out activity which involves implementation of study programmes accredited by professional bachelor, qualification raising and other trainings, doing research for science and business, implementation of exchange programmes, provision of library and other education services.
4. The University processes personal data following the EU General Data Protection Regulation (EU) 2016/679 (hereinafter – the Regulation), Republic of Lithuania Law on Legal Protection of Personal Data and other legal acts, regulating processing and storage of personal data.
5. The University processes personal data of all the members of the University Community (current and former employees, students and other persons, who have presented their personal data to the University in the order established by laws, and on the basis of contractual and other legal relations.
6. The main concepts:
6.1. Personal data – any information related to a person, which can help to determine his/her identity both directly and indirectly by the features of physical, physiological, psychological, economic, cultural or social nature. The following are considered to be personal data, e.g. name, surname, address of the place of residence, face image, personal identification number, finger prints, iris, phone number, e-mail address, IP address, car number and etc.
6.2. Data processing – any action or a set of actions performed on personal data. E.g. collecting, registering, storage, grouping, connecting, modification, publishing, search, removing and etc.
6.3. Automatic data processing – data processing actions, performed by electronic means, i.e. various information and communication means: computers, telephones, tablets, video registers, photo cameras and etc.
6.4. Data object – You and every person whose data are processed.
6.5. Data manager– organization or a person who uses personal data for professional purposes, e.g. state institution, company, municipality, hospital, health centre, police, bank, credit union, insurance company, e-shop, travel agency, school, lawyer, bailiff, notary and etc. He sets goals and means for data processing, i.e. what is the defined and legal goal, legal basis that he follows and what personal data he processes, how he ensures the rights of the data object, what software uses for data processing and etc.
6.6. Data processor – an organization, authorized by data manager to carry out the work of data processing. Data processor acts in accordance with the instructions of data manager.
7. Other concepts used in the Privacy policy are perceived the way they are defined in the General Data Protection Regulation and in other legal acts.
8. The public institution SMK College of Applied Sciences is the manager of all the data collected in the processes of activity and internal administration, as well as the processor of personal data transferred by data objects and third parties.
II. GOALS OF PERSONAL DATA PROCESSING
9. The University processes these personal data for the following main purposes:
9.1. For the purpose of administering study process in the University (registration of the students admitted to the University, drafting study contracts, organization and implementation of study process, issuing graduation documents, student accounting) the following data are processed: name, surname, personal identification number, date of birth, number of document confirming personal identification, gender, photo, place of residence (address), phone number, e-mail address, citizenship, work record, social status (belonging to a group of socially supported persons), military service, education data (code of finished school, its name, type, year of graduation, country), data on personal studies (study cycle, form, branch, programme, year, semester, group, type of student, nature of funding, size and year of student’s basket, subjects attended, form, date of tests, assessments of study achievements), other diploma data, identification numbers granted to a student, bank account number, performed payments, their amounts and dates, type, series, number of documents issued to the student, date of validity / issuing.
9.2. For the purpose of study process administration. To determine the copyrights of scientific products, to set and assess the results of scientific (and art) activity of the staff and students, to implement the procedures of study graduation in the University, to collect and present documents, the following data are managed: name (names) of data subject, its surname (surnames), personal identification number, personal contact phone numbers, personal e-mail address, workplace, date of birth, institution (work or study), division of an institution (work or study), type of studies (for students), academic group (for students), date of starting studies (for students), date of study graduation (for students), staff group (for employees), responsibilities, scientific degree (for employees), date of starting job, date of retiring and/or defence, e-mail address, language of writing final or scientific thesis, topic of final or scientific thesis, topic of final or scientific thesis in English, summary of final or scientific thesis in both English and Lithuanian, responsibilities of participants of thesis defence process and data used in determining identification, status of the access of final or scientific thesis in the Internet, term of limitation, date of publishing, a feature of checking the overlap of final or scientific thesis, a meaning of checking the overlap of final or scientific thesis, data used in determining the identity of a person who has performed the check of overlap, documents of final or scientific thesis.
9.3. For the purpose of internal administration and another activity. The following data are managed for the purpose of internal administration (structure management, management of information of present and previous employees, document management, management of the available material and financial resources): name (names), surname (surnames), citizenship, address, personal identification number, date of birth, gender, signature, family status, personal social insurance (certificate) number, amounts of wage and social insurance payments, data on voluntary insurance contracts, dates of state funds insurance, data on participation in pension accumulation, number of current account, phone number, e-mail address, Curriculum Vitae, responsibilities, data on recruitment, dismissal, number of years worked, responsibilities that a person wishes to be appointed or transferred to, tabular identification number of an employee, data on education and qualification, pedagogical names, code of identification in the register of pedagogues, date of data recording / modification, data on holidays, data on business trips, data on a separate work schedule, data on wage, allowances, compensations, benefits, information on the working hours worked, information on bonuses and penalties, violations of work responsibilities, data on the assessment of employee activity, data on declaring public and private interests, special personal data, related to personal health, data on a person’s conviction, passport and/or ID card number(s), date of issuing, date of validity, institution issuing a document, date and number of document registration, previous workplace and responsibilities, previous surname, numbers of the acquired study certificates, other personal data presented by the person himself/herself.
9.4. For the purpose of library visitors and property safety. The following data of employees and students, as well as other persons, who visit the University library, are managed for the purpose of ensuring safety of the University and the library property: name (names), surname (surnames), phone number, e-mail address, data on a student’s studies (name of the study programme, form, branch, year, group), identification numbers given to an employee and a student are necessary to manage the services provided by the library.
9.5. For the purposes of authentification of information systems. The following data are managed: name (names), surname (surnames), personal identification number, personal contact phone numbers, personal e-mail address, a granted username, data on password reminder.
9.6. To administer user account and to set identity. The following personal data are used to administer user account and to set identity: name (names), surname (surnames), personal identification number, scientific degree (if any), e-mail address, institution (workplace or studies).
9.7. For the purposes of organizing conferences and other events. The following data are managed for the purposes of organizing conferences and other events: name (names), surname (surnames), personal identification number, personal contact phone numbers, number of current account (for physical persons – payers), personal e-mail address, workplace, date of birth, institution (of work or studies), division of an institution (work or studies), responsibilities, scientific degree, e-mail address, language of writing scientific thesis, summary of final or scientific thesis in both English and Lithuanian status of access of scientific thesis in the Internet, term of limitation, date of publishing, data used in determining the identity of a person who has performed the check of overlap, data on identity documents used to determine personal identity of a conference participant.
9.8. Financial settlements. For the purpose of financial settlements with the physical persons, who have no labour relations with the University, with legal entities, providing services, and persons implementing individual activity, data of responsible persons are managed: name (names), surname (surnames), personal identification number, contact phone numbers, number of current account (for physical persons – fund raisers), e-mail address, represented organization or institution, responsibilities, scientific degree, data on identity documents used to determine personal identity of a conference participant.
9.9. For the purposes of administering candidate selection. The following data are managed for the purposes of administering candidate selection: CVs and data presented therein, name (names), surname (surnames) of data subject, personal identification number, photo, personal contact phone numbers, a presented e-mail address(es), the present and previous workplaces, date of birth, study institution (present or previous), responsibilities, scientific degree, other personal details given by a candidate himself/herself.
9.10. For the purpose of analyzing personal complaints, requests and reports. The following data are managed for the purpose of analyzing personal complaints, requests and reports: name (names), surname (surnames), personal identification number, address, phone number, e-mail address, signature, date and number of a complaint, request or a report (number of registering in the document management system of the University), information given in a complaint, request or a report (including special personal data); result of analysis of a complaint, request or a report, information obtained through the analysis of a complaint, request or a report, date and number of the University response to complaints, requests and reports.
9.11. For the purpose of public order and control. In order to ensure the safety of the employees, students and other persons, who visit the University, and the property of the University, the following data are managed: name, surname, signature, video records and photos of safety cameras. Video observation is implemented in the SMK College of Applied Sciences in order to ensure safety and public order of persons, property and visitors in the premises and territory of the University. Information is also collected to investigate related incidents. Security cameras operate in the yard of the University, on the entrance to the University building, in common areas, parking, on entering the places of network or engineering system equipment.
9.12. For the purpose of communication with staff. To ensure a suitable communication with the staff, including communication outside working hours or in case of an accident, the following data are managed: names (names), surname (surnames), contact phone number of an employee and a person indicated in case of an accident, addresses of their places of residence, e-mail addresses.
9.13. For the purpose of communication with Alumni. The following data are managed for ensuring an appropriate communication with Alumni: contact person’s name (names), surname (surnames), contact phone number, e-mail address, represented company, responsibilities.
9.14. Personal data management for the purpose of direct marketing. For the purpose of direct marketing the University can manage the following data: name, surname, name of a legal entity, e-mail address, phone number, responsibilities, class, course, city. Agreement on the usage of personal data for the purposes of direct marketing is expressed by signing an agreement with the University, ordering a newsletter on the website or by filling in questionnaires and marking a certain field of agreement. Agreeing on direct marketing is voluntary, it is not a condition of contractual relations with the University and has no impact on personal relationships with the University. The University can send announcements of promotional or informational nature if a person has given his/her consent to the University to use his/her data for the purpose of direct marketing, and for present or previous students and customers of the University without a separate consent for the marketing of similar services, when they are provided with a clear, free and easily implementable possibility to disagree or to refuse this kind of usage of their contact data and if they previously didn’t contradict such usage of data, sending every message. For the purpose of direct marketing the University can send messages by e-mail and (or) phone. A person can revoke his/her consent on direct marketing at any time, informing of this by e-mail address info@smk.lt or otherwise contacting the University.
III. PRINCIPLES OF PERSONAL DATA PROTECTION
10. The University follows these principles when collecting and managing personal data given by persons themselves or legally obtained from other persons:
10.1. principle of legality, honesty and transparency. Personal data are managed in a legal, honest and transparent manner.
10.2. principle of purpose limitation. Personal data are collected for determined and legal purposes and are not managed in a manner which is not compatible with those purposes.
10.3. principle of reducing data amount. Personal data are adequate, suitable and only those which are necessary for the purposes that they are managed for.
10.4. principle of accuracy. Managed personal data are precise and updated if necessary.
10.5. principle of limiting the length of storage. Personal data are stored in a form that a person’s identity can be determined in no longer than it is necessary for the purposes that the data are managed.
10.6. principle of integrity and confidentiality. Personal data are managed in such a way that through application of certain technical or organizational means a suitable safety of personal data would be ensured, including protection against data management without permission or an illegal data management and against unintentional loss, destruction or damage.
IV. PROVISION OF MANAGED PERSONAL DATA TO OTHER SUBJECTS
11. The University undertakes to follow confidentiality concerning the managed personal data.
12. Personal data can be revealed to the third parties only when it is necessary to sign and implement a contract for the benefit of data subject or for other legal reasons.
13. Personal data can be transferred to the following indicated subjects: banks, which perform settlement operations for the University; Ministry of Education of the Republic of Lithuania and Centre of Information Technologies in Education (CITE), which handle registers of diplomas and qualification certificates of students and teachers; other organizations and state institutions (kitoms organizacijoms ir valstybės institucijoms (SODRA (Social Insurance), VMI (State Tax Inspectorate), The State Studies Foundation), when it is required by laws or if it is necessary in order to protect the information society services provided by the University; State information systems, such as eLABA, KVIS; companies, which provide services on request of the University. The possibility for the mentioned companies/institutions to use information is limited, because they cannot use the obtained information for any other purposes except service provision for the University.
14. The University can enable its data managers to manage personal data. The data managers provide services of information technologies, accounting, debt recovery, etc. to the University, which are necessary for the University activity, and manage personal data on behalf of the University. Data managers have a right to manage personal data only in accordance with the instructions of the University and only in the volume which is necessary in order to properly implement undertakings set in the service contract. The University employs only those data managers who sufficiently ensure that appropriate technical and organizational means will be implemented in such a way, that data management conform to the requirements of the Regulation and that protection of the rights of the data subject is ensured.
15. The University can also provide personal data of data subjects responding to the requests of a court or state institutions in the volume which is necessary to properly implement the valid legal acts and instructions of state institutions.
V. RIGHTS OF THE SUBJECT OF PERSONAL DATA
16. Subject of personal data has the following rights:
16.1. to apply to the University with a request to give information on the personal data managed in the University and the purpose of their management;
16.2. to request to correct wrong, incomplete or imprecise personal data and (or) to stop the actions of managing such personal data when, after getting acquainted with the personal data it is determined that the data are wrong, incomplete or imprecise;
16.3. to restrict management of personal data until, on request of the subject of personal data, the legality of their management is verified;
16.4. to request to delete personal data (“to be forgotten”);
16.5. to disagree that personal data are managed for purposes of direct marketing, including profiling;
16.6. to request to transfer personal data to another data manager or to present directly to the subject of personal data in a convenient form (applied to the personal data which were presented by the subject of personal data himself/herself and which are managed by automatized means on the basis of agreement or on the basis of contract signing and its implementation);
16.7. a right to revoke a consent given by a subject of personal data, without influencing his/her data management, implemented before revoking the consent.
17. The University may not provide data subjects with conditions to implement the afore mentioned rights when, in cases set by laws, it is necessary to ensure prevention, investigation and clarification of crimes, violations of business or professional ethics, as well as protection of personal rights and freedoms of the data subject of other persons.
VI. ENSURING IMPLEMENTATION OF RIGHTS OF A DATA SUBJECT
18. In order to implement their rights, data subjects provide an employee of the SMK College of Applied Sciences, responsible for data protection in the University, with an addressed request or complaint written in a free form.
19. Data subject can personally present a request or a complaint in a written form in a branch of the University, which manages data of a data subject (SMK College of Applied Sciences, Nemuno str. 2, Klaipėda, or SMK College of Applied Sciences Vilnius branch Kalvarijų str. 137E, in Vilnius, or SMK College of Applied Sciences Kaunas branch Vytautas ave. 23, Kaunas), also by a registered post.
20. A request or a complaint must include an address for a responsive correspondence. Requests and complaints, which do not have a backward address or which are presented by unregistered post, are analyzed in general manner, but do not get a written response.
21. A request must be legible, signed, and it must include a name, surname, place of residence of a data subject, as well as other data to maintain a connection of a desired form, and information on what right of a data subject and in what volume, the data subject wants to implement.
22. Upon submission of a request, data subject must confirm his/her identity:
22.1. upon submission of a request to an employee of the manager, who registers the request, data subject must present a document confirming his/her personal identity;
22.2. submitting a request by post or by a courier, must present a copy of a document, confirming personal identity, approved by a notary, likewise, order, or in a simplified order, established in the Civil Code of the Republic of Lithuania and other legal acts.
23. Data subject can implement his/her rights by himself/herself or through a representative having a notarial authorization.
24. If a representative of a person applies on behalf of a represented data subject, his/her request must include his/her name, surname, place of residence as well as other data to maintain a connection, as well as name, surname, place of residence of a person represented, and information on what rights of a data subject and in what volume, are intended to be implemented and attach a document confirming representation or its copy, approved in the order established by legal acts. The request presented by the representative must conform to the same requirements, as for the represented one.
25. The University responds to a submitted request no later than in 30 (thirty) calendar days from the day of receiving the request. In exceptional cases, which require additional time, the University, after informing thereof, has a right to prolong the term of submitting the requested data or analysis of other requirements listed in a person’s request, to 60 (sixty) calendar days since the day of a person’s application.
26. Information upon request of a person is given free of charge. In the cases, when requests are not reasoned or disproportionate for their repetitive content, the University can refuse taking actions as requested by the person.
VII. COOKIES
27. Data of the visitors of the University website www.smk.lt are collected following the law of the Republic of Lithuania on Legal Protection of Personal Data, Law of the Republic of Lithuania on Electronic Communication, other related legal acts and instructions of controlling institutions.
28. The University website may include links to social networks, websites of other companies or organizations. The University privacy and cookies policy is applied only when the website of the University is visited.
29. The University is not responsible for the content of the websites of the third parties or the principles of ensuring privacy used by them. If after pressing a link in the website of the University you get to other websites, you should additionally question their privacy policy.
30. When administering the website and diagnosing any disorders, the servers of the University websites register IP addresses of visitor computers and their actions performed in the websites. IP address – is a unique code which identifies a computer in networks. As well as a sequence of actions of visiting websites, it can be used when determining a visitor and collecting various statistical information. Information is collected following the requirements the legal acts for cyber and information safety.
31. In order to improve the visiting of the University website, the University can use cookies – small particles of textual information, which are created automatically when browsing the web and are stored in the computer of the website visitor or another device.
32. Information collected by cookies enable to ensure a more comfortable browsing in the website of the University and to know more of the behavior of the University website visitors, to analyze trends and to develop both the website and the services provided by the University or the information given in the website. With the help of cookies the University manages the depersonalized personal data.
33. If a visitor of a website does not agree that cookies are entered into his/her computer or another devide, he/she can change settings of his/her web browser and turn all cookies off or turn them on/off one by one. However the University notes, that in some cases it can slow down the speed of browsing in the website, limit the operating of certain functions of the website or block access to some pages of the website.
34. The data collected on the visitors of the University website are responsibly protected against loss, illegal usage and modifications. Employees of the University have committed in writing not to disclose to third parties and not to disseminate the information, obtained in the workplace, on the visitors of the website.
Cookie | Description | Moment of creation | Validity period |
---|---|---|---|
ses1606036186 | A cookie necessary for system operation, used to maintain a user session | On the entrance of a consumer to the website | Till the end of a session |
_ga | Analytical cookies, which collect statistical information: register actions of a visitor, accumulate information on consumer behavior, collect statistical information on consumer (do not collect any personal data, but provide each consumer with a unique ID in accordance with their account). |
After a consumer visits the website |
2 years |
_gat | After a consumer visits the website for the first time | 1 min | |
_gid | After a consumer visits the website | 24 hrs |
VIII. A TERM OF STORING PERSONAL DATA
36. Personal data collected by the University are stored in printed documents and (or) information systems of the University in e-format. Personal data are managed no longer than it is necessary to achieve the goals of data management or no longer than it is required by data subjects and (or) foreseen by legal acts.
37. Though a person may terminate a contract and refuse the services of the University, the University must store the data of a data subject for possible occurrence of requirements in the future or legal pretensions until the terms of data storage and time-barred claims end.
38. The University aims at not storing old and unnecessary information and at ensuring that personal data and other information is constantly updated, corrected and destroyed on time.
IX. FINAL PROVISIONS
39. Personal data management in the University conform to the legal requirements, i.e. personal data are stored by the University no longer than it is necessary to implement the purposes that they were collected for or for a period which is foreseen under legal acts. It means that information will be removed when it will be no longer necessary to implement the purposes that it was collected for.
40. The University has installed smart and certain physical and technical means in order to protect information, which is being collected for the purposes of content/services provision. However it should be remembered that even though the University takes certain actions to protect information, no website, operation performed online, computer system or a wireless connection are totally safe.
41. The University always acknowledges the superiority of legal acts, Law of the Republic of Lithuania on Legal Protection of personal data and General Regulation of Data Protection 2016/679 (GDPR).
42. This privacy policy can be updated in order to correct mistakes or follow new legal acts or technical requirements.
43. The newest version of this privacy policy is announced in the website of the University www.smk.lt.