Privacy policy


The purpose of the Privacy policy is to inform how personal data of data subjects are collected and processed, how long they are stored, to whom they are provided, what rights the data subjects have and where to apply for their implementation, or other matters related to the processing of personal data.

Personal data are processed in accordance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.

HUSTAL UAB  follows the following principles of data processing:

  • personal data are processed in a lawful, fair and transparent manner (the principle of legality, integrity and transparency);
  • personal data are collected for specified, clearly defined and legitimate purposes (purpose limitation principle);
  • personal data processed must be adequate, appropriate and necessary only for the purposes for which they are processed (the data reduction principle);
  • personal data are constantly updated (principle of accuracy);
  • personal data are stored safely and for no longer than required by the data processing objectives or the legislation (principle of limitation of storage time);
  • personal data are processed only by the employees of the Company who have been given such a right in accordance with their functions or data processors who provide services to the Company and process personal data on behalf of the Company and for the benefit of the Company or the data subject (principle of integrity and confidentiality);
  • The Company is responsible for ensuring that the Company complies with the stated principles (accountability principle).


  • Data controller – HUSTAL UAB (hereinafter referred to as the Company), legal entity code 148284860, registered office address Tinklų g. 7, Panevėžys.
  • The data subject is any natural person whose data are processed by the Company. The data controller collects only those data subject which are necessary for the operation of the Company and (or) visiting, using, while browsing the Company’s website (hereinafter the Website). The Company ensures that the collected and processed personal data will be safe and will only be used for a specific purpose.
  • Personal data means any information that directly or indirectly relates to a data subject whose identity is known or who can be directly or indirectly identified using the relevant data. Personal data processing means any activities performed on personal data (including collection, editing, recording, storage, modification, access, sending up queries, transfers, archiving, etc.).
  • Consent – any voluntary and deliberate confirmation by which the data subject agrees that his personal data are processed for a specific purpose.


  • Personal data are provided by the data subject himself. The data subject contact the Company, uses the services provided by the Company, buys services and/or goods, asks questions, contact the Company for the purpose of providing information, etc.
  • Personal data are obtained when the data subject visits the Company’s website. For some reason, the data subject leaves his contact details etc.
  • Personal data are obtained from other sources. Data are obtained from other institutions or companies, publicly accessible registers, etc.


  • When submitting the personal data to the Company, the data subject agrees that the Company uses the collected data in fulfilling its obligations to the data subject in providing the services the data subject expects.
  • The personal data are managed by the Company for the following purposes:


  • Administration of the curriculum vitae (CV) database for job candidates. For this purpose, the following data are processed:
  • Full name (s);
  • Date of birth (age);
  • Residential address;
  • Contact details (phone number, email address);
  • Information about the candidate’s education (educational institution, period of studies, education and/or qualification acquired);
  • Information about upgrading of qualification (training, certificates);
  • Information on the candidate’s work experience (workplace, period of employment, duties, responsibilities and/or achievements);
  • Information on language skills, information technology, driving skills, other competences, other information provided in the CV, cover letter or other candidate’s documents;
  • Employer references, feedback: persons recommending or providing feedback for the candidate, their contact details, contents of references or feedback.


  • Customer database administration (conclusion and execution of contracts with customers). For this purpose, the following data are processed:
  • Full name (s);
  • Contact details (phone number, email address);
  • Workplace and responsibilities (if information is provided as a representative of a legal entity);
  • Address of residence (four VAT invoice);
  • Bank account details (if the services to the Company are provided by a natural person).


  • Purpose of ensuring the safety of the Company employees, other data subjects and property (video surveillance). For this purpose, the following data are processed:
  • Video surveillance systems do not use facial recognition and/or analysis technology; image data captured by these systems are not grouped or profiled by a particular data subject (person). The data subject is informed about the ongoing video surveillance by the information signs with the camera’s symbol and the Company’s details, which are presented before entering the surveyed area and/or the premises. The video surveillance area may not include the premises where the data subject expects absolute personal data protection.


  • For other purposes, in which the Company has the right to process personal data of the data subject when the data subject has expressed his consent, when the data is to be processed for the legitimate interests of the Company, or when the data are processed by the Company according to the requirements of the relevant legislation.


  • The Company undertakes to comply with the confidentiality obligation with respect to data subjects. Personal data may only be disclosed to third parties if it is necessary for the conclusion and drawing up of the contract for the benefit of the data subject or for other legitimate reasons.
  • The Company may submit personal data to its data processors, which provide services to the Company and process personal data on behalf of the Company. Data processors have the right to process personal data only in accordance with the instructions of the Company and only to the extent necessary for the proper fulfilment of obligations laid down in the Contract. The Company shall use such processors that provide reasonable assurance that appropriate technical and organizational measures will be implemented in such a way that the processing of data complies with the requirements of the Regulation and will ensure the proper protection of the data subject’s rights.
  • The Company may also provide personal data in response to requests from courts or public authorities to the extent necessary to properly enforce existing legislation and instructions from public authorities.
  • The Company guarantees that personal data will not be sold or leased to third parties.


  • The personal data collected by the Company are stored in printed documents and/or in the Company’s information systems. Personal data is processed for no longer than necessary for the purpose of data processing or for no longer than required by data subjects and/or provided by law.
  • Although the data subject may terminate the contract and refuse from the Company’s services, the Company continues to be obliged to keep the date of the data subject for possible future claims or legal claims until the expiration of the data storage periods.


  • The right to receive information on the processing of data.
  • Right to access the data processed.
  • The right to request the correction of data.
  • The rights to request to delete the data (“The right to be forgotten”). This right does not apply if the personal data requested to be deleted are also processed on other legal grounds, such as the processing necessary for the performance of the contract, or when the obligations according to the applicable law.
  • Right to restrict the data processing.
  • The right to disagree with data processing.
  • Right to data portability. The right to data portability may not adversely affect other rights and freedoms. The data subject has no rights to the portability of data in relation to personal data processed in a non-automatic weigh in systematised files, such as paper files.
  • The right to require that only automated data processing, including profiling, is applied.
  • The right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.
  1. The Company must ensure the disability for the data subject to exercise the rights of the data subject specified in the Rules, except in cases established by law, when it is necessary to guarantee state security or defence, public order, prevention, investigation, detection or prosecution of criminal offenses, important economic or financial interests of the state, prevention, investigation and detection of breaches of professional ethics, protection of the rights and freedoms of the data subject or other persons.


  • The data subject, in connection with the implementation of his rights, may apply to the Company:
    • When submitting a written request in person, by post, via a representative or by electronic means – by e-mail: The application must be legible, signed by the data subject, using the free application form and format or the recommended application form prepared by the Company: Application form
    • orally – by phone +37045585087;
    • in writing – at the address Tinklų g. 7, Panevėžys.
  • You can also contact the Company’s Data Protection Officer by e-mail:
  • In order to protect the data against unauthorized disclosure, the Company must verify the identity of the data subject upon receipt of the data subject’s request for data or implementation of other rights.
  • The Company’s answer to the data subject must be given not later than within one month from the date of receipt of the data subject’s request, taking into account the specific circumstances of the processing of personal data. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests.


  • The data subject must:
    • Inform the Company about changes in the submitted information and data. It is important for the Company to have valid and effective information of the data subject;
    • to provide the necessary information so that at the request of the data subject the Company can identify the data subject and a certain that it communicates or co-operates with the specific data subject (to provide a personal identity document, or in accordance with the procedure laid down by legal acts or by electronic means of communication that allows the data subject to be properly identified). It is necessary for the protection of data of the data subject and other persons so that the disclosure of the data subject’s information is restricted to the data subject, without prejudice to the rights of others.
  • By transferring personal data to the Company, the data subject agrees with this Privacy Policy, understands its provisions and agrees to comply with it.
  • In developing and improving the Company’s activities, the Company has the right at any time to unilaterally make changes to this Privacy Policy. The Company has the right to unilaterally, partially or completely change the Privacy Policy by notifying there on the website
  • The additions or changes to the Privacy Policy come into force from the day they are published, i.e., from the date they are placed on the website