Privacy Policy of Vilnius University of Applied Sciences
When processing personal data of natural persons, Vilnius University of Applied Sciences (the University) has as its main objective to protect the fundamental rights and freedoms of the individual, in particular, their right to the protection of their personal data, and to ensure a high level of protection of personal data through the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); therefore, we aim to provide you with clear and transparent information on how we process your personal data at the University by means of this Privacy Policy and the provisions set out in the Description of the Procedure for the Processing of Personal Data in Vilnius University of Applied Sciences. The Privacy Policy describes, among other things, what data we collect and for what purpose, how you can manage your data and how to contact the University regarding the processing of your personal data.
GENERAL PROVISIONS
Personal data are processed at the University in accordance with the GDPR, the Law of the Republic of Lithuania on Legal Protection of Personal Data and other legal acts governing the processing and protection of personal data.
For the purposes of this Privacy Policy, the terms used herein shall be construed as set out below:
Personal data means any information relating to an identified natural person or a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, surname, a personal identification number, location data, and an internet identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Recipient means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, regardless of whether the recipient is a third party or not.
Data subject means employees, stakeholders and other natural persons whose data is processed by the University.
Consent of the data subject (Consent) means the freely given expression of the data subject’s will, by means of a written statement or an explicit affirmative act, to process their personal data for a purpose that is known to them and that is set out in a clear manner.
Processing of data means any operation or set of operations that is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, as well as alignment or combination with other data, restriction, erasure or destruction, or any other operation or set of operations.
Data processor means entities that process personal data managed by the University in accordance with the instructions of the University and in accordance with the concluded contracts, as well as other entities that have access to the data of the University.
Data controller means the University, which, when processing the data of employees, stakeholders and other natural persons, determines the ways, means and purposes of the use of such data.
Other terms used in this Privacy Policy are understood as defined in the GDPR and other legal acts.
The University is the controller of all personal data collected in the course of the University’s activities and administrative processes, as well as the processor of personal data transferred by data subjects and third parties.
The process of processing personal data at the University is regulated in detail by the Description of the Procedure for the Processing of Personal Data in Vilnius University of Applied Sciences.
PRINCIPLES FOR PROCESSING PERSONAL DATA
The University complies with the following principles when collecting and processing personal data transmitted by you or received from others:
- The principle of lawfulness, fairness and transparency obliges us to process personal data only on a lawful basis and in such a way that the processing operations are known and understandable to you.
- The purpose limitation principle obliges us to collect your data for specified and legitimate purposes and not to process it in a way that is incompatible with those purposes.
- The principle of data minimisation obliges us to process appropriate data and only such personal data about you that are necessary to achieve the purposes for which it is processed.
- The principle of accuracy obliges us to process only up-to-date data about you and to correct or delete inaccurate or outdated data immediately.
- The principle of limitation of the retention period prohibits us from processing your personal data for longer than is necessary to achieve the purposes of the processing, unless we are required to store the data in an archive for the purposes of compliance with obligations imposed by law or in the public interest.
- The principle of integrity and confidentiality obliges us to process your personal data in such a way and by such means that it is protected against unauthorised or unlawful processing, accidental loss, destruction or damage.
- The principle of accountability implies that we must be able to provide evidence at any time that we have complied with any of the principles listed above.
LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
We process your personal data on the following legal grounds as defined in the GDPR:
- You have given your consent to the processing of your personal data for one or more specific purposes.
- The processing of your personal data is necessary for the performance of a contract we have concluded with you or to take action at your request prior to the conclusion of the contract.
- The University is subject to a legal obligation, i.e. valid legal acts of the Republic of Lithuania oblige us to process your personal data.
- The processing of your personal data is necessary to protect the vital interests of the data subject or another natural person.
- The processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- The processing of your personal data is necessary for the legitimate interests of the University or of the third party to which the personal data is provided, for the protection of the University and its assets, the security of technological processes, the safety and health of employees, internal administration, debt recovery, etc., unless the interests of the data subject or their fundamental rights and freedoms, which require the protection of the personal data, prevail.
PURPOSES OF PROCESSING PERSONAL DATA
Your personal data may be processed by the University for the following purposes.
- For the purpose of administration of the study process.
For the purpose of the administration of the study process (registration of students’ admission to the University, conclusion of study contracts, organisation and execution of the study process, issuance of graduation documents, student records), the following data are processed on the basis of contracts and legal obligations: name, surname, personal identification number, date of birth, identity document number (optional), signature, gender, address (data of the place of residence and/or declared place of residence: street, house number, flat number, settlement, city, municipality, country), telephone numbers, email address, emergency contacts (optional), nationality, ethnic origin (if the data subject is a foreigner of Lithuanian origin), data on residence permit in the Republic of Lithuania, length of employment, social status (membership in a socially disadvantaged group), military service, education data (school code, name, type, year of graduation, country, language of study, qualifications and/or qualification degree acquired), competition score, data on the person’s studies (level, form, faculty, programme, year, semester, group, status of the student (student, listener), type of financing, cost and year of study, student certificate number, subjects taken, form of payment, date, grades of study achievements), other diploma data, identification numbers assigned to the student, bank account number, payments and/or disbursements made, their amounts and dates, data on financial support granted (scholarship type, amount, period of payment, loan details, etc.), type, series, number, date of validity (date of issue) of the documents issued to the student, details of the authorised person as stated in the power of attorney (if the person is represented), details of the head of the internship company or the person representing them (name, surname, job title), details of the supervisor of the internship (name, surname, place of work, degree, telephone, email address), video and/or audio recordings of remote learning lectures and assessments (if any). These data are kept in the information system for at least 5 years after the end of the contractual relationship. Documents and are be kept for 50 years after the end of the contractual relationship. Documents and data necessary to confirm the qualifications acquired may be kept indefinitely.
- For the purpose of accommodation services.
For the purpose of the administration of accommodation services in the University’s dormitories, on the grounds of concluded contracts and legal obligations, the following data is processed: name, surname, date of birth, personal identification number or identity document number (if the person does not have a personal identification number), signature, gender, address (data of the place of residence and/or declared place of residence: street, house number, flat number, settlement, city, municipality, country), telephone number, email address, settlement account number, workplace, social status, faculty, year, group, dormitory address, room number, other data for the purpose of financial settlements, data on the provided accommodation services. These data are kept for 10 years after the provision of accommodation services, except for the personal data of visitors, which are kept for a maximum period of one year.
- For the purpose of administration of the scientific process.
For the purpose of the administration of the scientific process (to determine the authorship of scientific production, to record and evaluate the results of the scientific (and artistic) activities of employees and students, to carry out graduation procedures at the University, to compile and submit documents), on the basis of contractual relations and legal obligations, the following data are processed: the data subject’s name, surname, personal identification number, personal telephone numbers, personal email address, workplace, date of birth, institution (work or study), department of the institution (work or study), type of study (for students), academic group (for students), date of commencement of studies (for students), date of completion of studies (for students), staff group (for employees), position, degree (for employees), date of commencement of the thesis, date of completion and/or date of the defence of the thesis, the language in which the final thesis was written, and the subject of the final thesis, the subject of the final thesis in English, the abstract of the final thesis in English and in Lithuanian, the job titles of the participants in the thesis defence process and the data used for identification, the online access status of the final thesis, the restriction period, the date of publication, the attribute of the thesis match check, the significance of the thesis match check, the data used for identification of the person who carried out the match check, the documents of the thesis, the video and/or audio recording of the final thesis defence meeting (if available). These data are kept in the information system for at least 5 years. Documents and data are kept for 50 years.
- For the purpose of administration of the performance of applied scientific, experimental development and artistic activities.
For the purpose of the administration of the performance of applied scientific, experimental development and artistic activities, the following data of lecturers, students and customers are processed on the basis of contractual relations and legal obligations: name, surname, degree (for employees), email address, signature, job title (for employees), institution (work or study), personal identification number, date of birth, subject of the applied scientific, experimental development and artistic production, title, date of creation, type of study (for students); academic group (for students), institution (work or study), field of study (work or study). Documents and are be kept for 10 years after the end of the contractual relationship.
- For the purpose of administration of employment relations of employees.
For the purpose of administration of employment relations of employees (structure management, management of information of current and former employees, document management, management of material and financial resources), the following data are processed on the basis of contractual relationships and legal obligations: name, surname, citizenship, address (details of the place of residence and/or declared place of residence: street, house number, flat number, settlement, town, municipality, country), personal identification number, date of birth, gender, photograph, signature, marital status, emergency contacts (optional), names, surnames, personal identification numbers of family members and dependants, social security number of the person, amounts of wages and social security contributions, details of voluntary insurance contracts, dates of public insurance, pension participation data, settlement account number, telephone number, email address, curriculum vitae and description of activities, job title, details of recruitment (transfer), dismissal, length of employment, post to which the person wishes to be appointed or transferred, employee identification number in the table, details of education and qualifications, teaching titles, identification code in the register of teachers, date of entry (amendment) of data, details of leave, details of secondments, details of the separate work schedule, details of wages, disbursements, compensations, allowances, details of working time, details of incentives and penalties, details of misconduct in office or in the performance of work functions, details of staff performance appraisals, details of declarations of public and private interests, registration number of the vehicle (if the staff member has a permit to park the vehicle in the University’s closed car parks), special personal data relating to the person’s health, data on the person’s criminal record (for specified posts), passport and/or identity card number(s), date of issue, date of expiry, issuing body, date and number of registration of documents, data on the residence permit for the Republic of Lithuania, former place of work and job title, former surname, numbers of education certificates, other personal data provided by the person and/or data that the University is obliged to process according to laws and other legal acts. These data are kept in the information system for the duration of the employment relationship and for at least 5 years after the end of the contractual relationship. Documents contained in employees’ personal files are kept in the University archives for 50 years after the end of the contractual relationship.
- For the purpose of administration of candidates and applicants for vacancies by public competition.
For the purpose of administration of candidates and applicants for vacancies by public competition, the following data will be processed on the basis of the consent of the candidates and applicants: the data subject’s name, surname, personal identification number (optional), curriculum vitae and the data contained therein: photograph, personal telephone numbers, email address, address (data of residence and/or declared place of residence: street, house number, flat number, settlement, town, city, municipality, country), current and former workplace, date of birth, institution of study (current or former), job title, degree and other personal data voluntarily provided by the candidate or applicant. These data are processed for the entire duration of the selection or competition process, but no longer than 1 year after the end of the selection or competition, and the data are deleted at the end of the period if the data subject was not recruited and did not give their consent to the processing for the purpose of selection for other positions.
- For the purposes of providing services to library users and ensuring the security of library property.
For the purposes of providing services to library users and ensuring the security of library property on the basis of legal obligation, contracts, consent and/or legitimate interest, the following data are processed: names, surnames, addresses (data of residence and/or declared residence: street, house number, flat number, settlement, city, municipality, country), telephone numbers, email addresses, personal identification numbers, dates of birth, signatures, photographs, student ID numbers, employee job titles, library visitor IDs of employees, students and other persons who visit the University’s library. These data are kept in the information system for the duration of the service provision and for 1 year after the complete fulfilment of mutual obligations.
- For the purposes of registration of members of the governing bodies of the University.
For the purposes of registration of members of the governing bodies of the University, the following data are processed on the basis of a legal obligation: name, surname, personal identification number, name of the country that issued the identity document, (data of residence and/or declared place of residence: street, house number, flat number, settlement, city, municipality, country), date of appointment/election to the post/office, job title, telephone number, email address. These data are kept for the duration of the term of office of a member of the University’s governing body and for 1 year after the end of the term of office.
- For the purposes of administration of the user account, authentication of individuals in information systems, and identification.
For the purposes of administration of the user account, authentication of individuals in information systems, and identification, on the basis of the concluded contracts, the following personal data are processed: the data subject’s name, surname, personal identification number, academic degree, personal telephone numbers, personal email addresses, student ID number (for students), employee identification number in the table (for employees), email address of the University, institution (work or study), username provided, password reminder data. In the event of termination of the contractual or other legal relationship with the data subject, the use of the account is suspended as soon as it becomes known, but within 10 calendar days at the latest. Account data in the information system are deleted after 1 year.
- For the purpose of monitoring and surveillance of electronic communications flows.
For the purpose of monitoring and surveillance of electronic communications flows, users’ actions in information systems and networks are recorded automatically in action logs on the basis of a legal obligation. On the basis of the requirements of the Law on Electronic Communications, in order to ensure the availability of data for the purpose of investigation, detection and prosecution of serious and very serious crimes as defined in the Criminal Code of the Republic of Lithuania, the data referred to in Annex 1 of this Law are processed. These data are processed for a period of 6 months, unless otherwise specified by the law enforcement authorities, except for the categories of data referred to in the Law, and the data are deleted after the expiry of the specified period.
- For the purpose of organising conferences and other events.
For the purpose of organising conferences and other events, the following data is processed on the basis of contracts and consent: the data subject’s name, surname, personal identification number (optional), personal telephone numbers, personal email address, workplace, date of birth, institution (work or study), department of the institution (work or study), job title, degree, data of identification documents used to identify the participant of the conference, settlement account number, bank transfer data, video and/or audio recordings of the conference or another event. These data are kept in the information system for at least 5 years and may be kept indefinitely. Related documents are transferred to the University’s archives at the end of the calendar year and kept for 10 years.
- For the purpose of financial settlements.
For the purpose of financial settlements, the following data are processed on the basis of contracts: the data subject’s name, surname, personal identification number, telephone numbers, address (data of the place of residence and/or declared place of residence: street, house number, flat number, settlement, city, municipality, country), settlement account number (for natural persons/beneficiaries), email address, organisation or institution represented, job title, academic degree, email address, data of identification documents used for identification. These data are kept in the information system for at least 5 years. Documents and data are kept for 10 years.
- For the purpose of dealing with complaints, requests, applications, and other communications from individuals.
For the purpose of dealing with complaints, requests, applications, and other communications from individuals, the following data are processed on the basis of a legal obligation: the data subject’s name, surname, address (data of the place of residence and/or declared place of residence: street, house number, flat number, settlement, city, municipality, country), telephone number, email address, signature, date and number of the complaint, request, application or any other communication (registration number in the University’s document management system), the information contained in the complaint, request, application or other communication (including special personal data), the result of the examination of the complaint, request, application or other communication, the information received during the examination of the complaint, request, application or other communication, the date and number of the University’s reply to the complaint, request, application or other communication. These data are kept for the entire period of the complaint, request, application or other communication and retained for a period of 5 years after the decision/response.
- For the purposes of public order, property protection, transport and access control.
For the purpose of public order, property protection, transport and access control (ensuring the safety of employees, students and other persons visiting the premises of the University and the safety of the University’s property), the following data are processed on the basis of legitimate interest: name, surname, signature, security camera videos and photographs, arrival and departure times, vehicle registration plates. Video surveillance at the University is carried out in order to ensure the safety of persons, property and visitors and to ensure public order on the premises and in the territory of the University. Information is also collected for the investigation of related incidents. Security cameras are used to film the courtyards, entrances to the University’s buildings, shared areas, places of concentration of network or engineering system equipment (server rooms, communication nodes, control panels of the building management system, etc.). Video data are recorded and retained for a minimum of 7 calendar days and a maximum of 30 calendar days from the time of recording, after which they are automatically deleted, except where there are grounds to believe that misconduct, misconduct in employment, a criminal offence or other unlawful acts have been committed (pending the completion of the relevant investigation and/or legal proceedings).
- For the purpose of conclusion, performance and administration of contracts (other than with employees, students and listeners).
For the purpose of conclusion, performance and administration of contracts (other than with employees, students and listeners), the following data is processed on the basis of concluded contracts: name, surname, date of birth, personal identification number or identification document number (if the person does not have a personal identification number), address (data of the place of residence and/or declared place of residence: street, house number, flat number, settlement, town, city, municipality, country), email address, telephone number, signature, name of the workplace, job title, address of the workplace, data of powers of attorney (representation), including the representatives’ personal identification numbers, addresses, settlement account number, the terms of the contract, details of the documents authorising the activity in question (date of validity, number, issuing authority, other details contained in the document), details of participation in the supplementary pension scheme, details of the documents of representation, details of the documents confirming education and qualifications, details of correspondence between the parties, other details to be established during the conclusion, performance and administration of the contracts. These data are kept in the information system for at least 5 years after the performance of the contract. The documents and data are kept for 10 years after the performance of the contract.
- For the purpose of carrying out public procurement.
For the purpose of carrying out public procurement, on the basis of a legal obligation, the following data of suppliers, their representatives and other persons indicated in procurement documents are processed: name, surname, personal identification number or identification document number (if the person does not have a personal identification number), telephone number, email address, signature, workplace, job title, address (details of the place of residence and/or declared place of residence: street, house number, flat number, settlement, town, city, municipality, country), details of education and qualification documents, settlement account number. These data are kept in the information system for at least 5 years after the end of the procurement. The documents and data are stored for 10 years after the end of the procurement.
- For the purpose of communicating with employees and/or students/listeners.
For the purpose of communication with employees and/or students/listeners on the basis of contractual relations as well as in emergencies, for the purpose of ensuring the vital interests of the subject, the following data are processed: name, surname, telephone number, address (data of residence and/or declared residence: street, house number, flat number, settlement, city, municipality, country), email address of the employee and/or student/listener and the emergency contact. These data are processed until the end of the contractual relationship.
- For the purpose of communication with the community.
For the purpose of communication with the community, on the basis of contractual relations and legitimate interest, the following data are processed: contact person’s name, surname, degree, telephone number, date of birth, email address, address (data of the place of residence and/or declared place of residence: street, house number, flat number, settlement, city, municipality, country), contact details in social networks (if the data subject provided them), company represented, job title, membership in the University’s collectives, societies, committees. These data are processed until the end of the contractual relationship.
- For the purposes of informing about the University’s events, studies and/or scientific and/or artistic activities as well as project activities.
For the purposes of informing about the University’s events, studies and/or scientific and/or artistic activities as well as project activities, the following data are processed on the basis of consent and legitimate interest: name, surname, group and study programme (for students), workplace (for third parties), job title (for employees of the University/third parties), telephone number, email address, photograph(s) and/or video(s). These data are processed until the consent is withdrawn.
- For the purpose of communication with student organisations.
For the purpose of communication with student organisations, the following data of student representatives are processed on the basis of a contractual relationship: name, surname, email address, telephone number, address (data of residence and/or declared residence: street, house number, flat number, settlement, city, municipality, country), date of birth. These data are kept for the entire term of office of the student representatives. The relevant documents are transferred to the University’s archives at the end of the calendar year following the end of the student representatives’ term of office and kept for 25 years.
- For the purpose of monitoring graduates’ careers.
For the purpose of monitoring graduates’ careers, the following data of the University’s graduates are processed on the basis of consent: name, surname, higher education institution, study programme, start and end of studies, telephone number, email address, work experience (workplace, job title, address), language skills, computer skills, test results, photograph, presentation data and other personal data voluntarily provided by the graduate. These data are processed until the consent is withdrawn.
- For the purpose of administration of the University’s arts groups and/or sports teams.
For the purpose of administration of the University’s art groups and/or sports teams, the following data are collected and processed on the basis of contracts and consent: name, surname, email, telephone, date of birth, study programme, course, faculty, photographs, audio and video recordings. The data are processed for the entire period of participation in the activities of the art group and/or sports team.
TRANSFER OF PERSONAL DATA
In the cases and according to the procedure established by the legal acts, the University provides the personal data processed by the University, including, but not limited to, the managers and/or administrators of state registers and state information systems, the Ministry of Education, Science and Sports of the Republic of Lithuania, the Ombudsperson for Academic Ethics and Procedures of the Republic of Lithuania, the State Tax Inspectorate of the Republic of Lithuania (the Inspectorate), the Special Investigation Service of the Republic of Lithuania, the State Security Department of the Republic of Lithuania, the State Social Insurance Fund Board, the National Cyber Security Centre of the Republic of Lithuania, the Communications Regulatory Authority of the Republic of Lithuania, and to other third parties, upon request (in the case of a one-off collection of personal data) or pursuant to a contract on the provision of personal data (in the case of repeated collection of personal data).
SECURITY OF PERSONAL DATA
In order to protect your personal data, the University applies appropriate organisational, technical and software security measures to protect your personal data against accidental or unlawful destruction, alteration, disclosure or any other unlawful processing.
Basic principles for ensuring the protection of personal data:
- Properly protected, managed and controlled access to personal data is ensured. Access rights to personal data are only granted, revoked and modified in accordance with the procedures established by the University. The University ensures that access rights to personal data are granted only to legitimate users and only to the extent necessary for the performance of the staff members’ official functions. Access rights to personal data are revoked upon termination of the employment relationship between the University and the employee and upon a change in the job functions for which access is not required;
- Personal data can only be subject to the actions for which the user has been granted rights;
- The principles of confidentiality, integrity and availability of personal data were implemented;
- Computer workstations, servers and other hardware through which personal data may be accessed are adequately secured in accordance with best practice of information security and legal requirements;
- The use of illegal (unauthorised) software is prohibited and strictly controlled;
- Adequate protection of personal data against unauthorised access by means of electronic communications is ensured;
- Adequate physical security of the premises where personal data are stored is ensured;
- Personal data are deleted from all systems after achieving the purpose for which they were used, except for data storage in accordance with statutory procedures.
RIGHTS OF THE DATA SUBJECT AND PROCEDURES FOR EXERCISING THEM
In implementing the rights of the data subject, the University is guided by the GDPR and the Law of the Republic of Lithuania on Legal Protection of Personal Data.
Your rights
You have the following rights:
- The right to know (be informed) about the processing of your personal data by the University
- The right to have access to your personal data processed by the University and to receive a copy of the data;
- The right to request deletion of the data (“the right to be forgotten”);
- The right to request rectification of the data;
- The right to restrict data processing;
- The right to data portability;
- The right to object to data processing;
- The right to request that a decision based solely on automated processing, including profiling, not be applied.
Procedure for exercising your rights
Data subjects have the right to directly contact the University’s departments or the data protection officer on all issues related to the processing of data subjects’ personal data and the data subjects’ rights provided for in the GDPR, the Law of the Republic of Lithuania on Legal Protection of Personal Data, and other related legal acts.
The University ensures that your rights are properly exercised and that all information is provided to you in a clear, understandable and accessible form.
In order to exercise their rights, the data subject submits a written request to the University. The data subject may lodge a complaint regarding the processing of personal data at the University with the data protection officer in writing, in person, by post, or by sending a request to the email address of the data protection officer of the University, as indicated on the website of the University.
Employees, former employees of the University, current and former students, and other data subjects submit their requests to the department of the University that processes the data subject’s data, to the Document Management Division of the University’s Central Administration, as well as by registered mail or via the national electronic delivery information system E. pristatymas.
A request for the exercise of the data subject’s rights or a complaint must be legible, signed by the data subject, and contain the data subject’s name, surname, address and/or other contact details for communication or for the purpose of receiving a reply.
The data subject must provide proof of their identity when making a request or complaint:
- When submitting the request or complaint orally or in writing in person, they must present an identification document to the University’s employee registering the request;
- When submitting a request or complaint by post, in addition to the request or complaint, they must submit a copy of an identification document, certified by a notary public, by a method equivalent to a notary public, or according to a simplified procedure as provided for in the Civil Code of the Republic of Lithuania and in other legal acts;
- When submitted by electronic means, the application or complaint must be signed by a qualified electronic signature or be drafted by electronic means that ensure the integrity and inalterability of the text.
The data subject may exercise their rights themselves or through an authorised representative. The representative of the data subject indicates in the request or complaint their name, surname, address and/or other contact details for communication by which the representative of the data subject wishes to receive a reply, as well as the name of the data subject represented and the grounds for the representation; in addition, the representative provides a document confirming the representation or a copy thereof certified by a notary public or according to another procedure established by law.
Upon receipt of a request or complaint from a data subject, the data subject is provided with information on the action taken in response to the request within 30 (thirty) calendar days of receipt of the request or complaint. Upon the decision of the data protection officer, in the cases provided for in the GDPR, the provision of a response may be postponed for up to 60 (sixty) calendar days by informing the data subject thereof.
The rights of the data subject and the procedure for their implementation at the University are regulated in detail by the Description of the Procedure for the Processing of Personal Data in Vilnius University of Applied Sciences.
COOKIES
We collect the data of the visitors of the University’s website in compliance with the Law of the Republic of Lithuania on Legal Protection of Personal Data, the Law of the Republic of Lithuania on Electronic Communications, other related legal acts and instructions of the controlling authorities.
The University’s websites may contain links to social networks, other companies’ or organisations’ websites. The University’s privacy and cookie policy applies only when you visit the University’s websites and those of its departments. The University is not responsible for the content of third party websites or their use of privacy practices. If you follow a link from the University’s website to other websites, you should consult their privacy policies separately.
A cookie is a small text file that a website sends to your web browser when you visit the website and saves the file on the device you are using. This allows the website to “remember” your actions and preferences (e.g., registration name, language, font size and other display options) for a certain period of time so that you do not have to re-enter them each time you visit the website.
The websites use their own cookies and/or third party cookies. Cookies are categorised according to their function as:
- Strictly necessary cookies. These cookies activate the main functions of browsing or accessing the website. Without these cookies, the website will not function properly.
- Functional or technical cookies. These cookies allow the website to remember information that determines its performance and appearance, such as the language chosen by the visitor or the region in which they are located. (Without these cookies, the website will not function.)
- Statistical or analytical cookies, which collect and report anonymous information that allows the website operator to learn how visitors use the website.
- Marketing or advertising cookies. These are used to track visitors on many websites in order to serve them personalised advertising. They also limit the number of advertisements shown and help to measure the effectiveness of advertising campaigns. These are usually cookies from third-party advertisers.
Cookies are divided into session cookies and persistent cookies based on their duration.
In order to ensure the quality of our services and the operation of our website, we use cookies on the University’s websites and collect data about the use of our services.
List of cookies
Name | Category | Description | Cookie loading | Period of validity |
_utma | Statistical or analytical cookie | Tracking cookie from Google Analytics. The information is sent to the server anonymously. Cookies identify unique visitors and track user sessions | On first access to the page | 2 years |
__utmb | Statistical or analytical cookie | Tracking cookie from Google Analytics. Logs a timestamp with the exact time the user accessed the website | On first access to the page | 1 day |
__utmc | Statistical or analytical cookie | Tracking cookie from Google Analytics. Logs a timestamp with the exact time the user left the website | During the visit | Until the window is closed |
__utmt | Statistical or analytical cookie | Used to reduce the speed of server requests | On first access to the page | 1 day |
__utmz | Statistical or analytical cookie | Tracking cookie from Google Analytics. Information is sent to the server anonymously | On first access to the page | Until the browser is closed |
_fbp | Marketing cookie | Helps to choose and offer targeted advertising to the user. | During the visit | 3 months |
fr | Marketing cookie | Helps to display the most relevant advertising to the user. | During the visit | 3 months |
How to manage and reject cookies
When you use your browser to access the content we provide, you can configure your browser to accept all cookies, reject all cookies, or to notify you when a cookie is downloaded. Every browser is different, so if you don’t know how to change your cookie preferences, please check your browser’s help menu. Your device’s operating system may have additional cookie controls. If you do not want information to be collected by cookies, you can use a simple procedure in most browsers that allows you to opt out of cookies, i.e. to reset your cookie settings on the home page of the website.
CONTACT INFORMATION
For all questions related to the processing of personal data of the data subject and exercising your rights, please contact the Data Protection Officer Valdas Špakauskas by email dap@viko.lt, by phone (8 5) 219 1726, at Saltoniškių Str. 58, LT-08105 Vilnius.
FINAL PROVISIONS
This Privacy Policy may be revised at any time in the light of new circumstances relating to the processing of personal data, changes in the law or to correct errors. The most up-to-date version of this Privacy Policy is always available on the University’s website.
LEGISLATION
Law of the Republic of Lithuania on Legal Protection of Personal Data