Important information for customers about how we collect, use and store your information

   ISOCERT.lt (hereinafter referred to as the “Company”/“we”) protects information about you and your privacy. When collecting, using and storing information about you, we comply with the European Union General Data Protection Regulation (hereinafter referred to as the “GDPR”)[1] and other legal acts.

What will I find in this policy?

   This policy answers the most important questions about how we collect, use and store information about you. This is important to you – please read the information provided carefully. This policy may change. We do not send a separate notice of policy changes to individuals. We ask you to visit the Company’s website at www.ISOCERT.lt from time to time and read the latest version of the policy published there.

Who is responsible for protecting information about me?

• ISOCERT.lt
• UAB “2D grupė”
• Mūsų įmonės kodas: 302670970
• Mūsų adresas: I. Kanto al. 15 Vilnius, LT-06214
• Mūsų el. pašto adresas: info@isocert.lt
• Mūsų tel. nr.: +370 69887399

Why and what information is collected about me?

   We collect, use and store such information about you as is necessary to:

• to properly and qualitatively provide you with management system implementation, consulting, auditing, preparation for certification, accreditation, notification, product validation services, product technical file preparation services, training, product safety testing selection services and other services provided by the Company – in accordance with the requirements of legal acts and the signed service provision agreement;
• assess your solvency, the risk of meeting your obligations and, if you are in debt, manage your debt;
• to protect the rights and interests of the Company – if necessary in legal proceedings or when collecting debts;
• prevent money laundering and terrorist financing;
• to inform you about services that are relevant to you and to ask for your opinion about the services;
• to ensure the smooth operation and security of the website and to provide you with the opportunity to apply for services through it.

What information is collected about me:

• Information you provide about yourself through a written website inquiry, during a telephone conversation, at our events, meetings or otherwise, or
• Information we receive regarding your interaction with the website and/or services.
• We do not request or collect sensitive data about you.

Does your website leave cookies on my computer and device?

   Cookies are small text files stored in the browser of your device (e.g. computer, mobile phone, tablet) when you browse the Company’s website. Cookies help collect and analyze website traffic statistics, maintain or improve website functionality, enhance security, etc. To achieve these website goals, other technologies may also be used to store information on your browser or device.

We invite you to read more about our Cookie Policy by clicking on this link. Cookie policy

What information do I have to provide you?

   You must provide the information about yourself that is necessary for us to enter into or perform a service contract with you or information that we are required to collect by law. If you do not provide this information, we will not be able to provide you with the services.

Where do you collect information about me from?

• State registers and cadastres, e.g. State Enterprise “Registrų Centras”;
• Board of the State Social Insurance Fund under the Ministry of Social Security and Labour;
• State Tax Inspectorate under the Ministry of Finance;
• Municipalities;
• Ministry of Internal Affairs;
• The Bank of Lithuania, commercial banks and other credit and financial institutions;
• Central mortgage institutions;
• Bailiffs, notaries, courts, other law enforcement institutions;
• Data controllers managing joint debtor data files (UAB “Creditinfo Lietuva”);
• Telecommunications companies;
• Debt collection companies;
• Insurance companies;
• Legal entities, when you are a representative, employee, founder, shareholder, participant, etc. of these legal entities;
• Facebook Ireland Ltd LinkedIn etc.
• and others.

What legal grounds allow you to collect information about me?

   ISOCERT.lt needs to know basic information about you in order to respond to inquiries/applications you submit to us, to provide you with information related to the services we provide (newsletters, industry updates, information about our products and services, invitations to events, reports, reviews, market research, etc.). Regarding this information: you have either agreed to receive it or it is related to ISOCERT.lt products and services that may be relevant to you. We do not use your data for other purposes.

Data recipients

   The Company discloses information or part of it about you to the following persons when permitted by law and when necessary for the reasons specified in Part 3 of this Policy:

• financial and payment institutions, insurance companies (including insurance intermediaries, insurance brokers), financial services intermediaries (including brokers), third parties involved in the execution and settlement of trade in financial instruments, which assume or intend to assume the risk related to the performance of clients’ financial obligations;
• to personal data processors or controllers who manage joint debtor data files or whose activities are related to the collection, administration or use of debts;
• law enforcement authorities, courts, other dispute resolution institutions;
• to third parties who install, administer or otherwise manage the software used by the Company;
• printing and/or postal service providers when it concerns the printing and/or sending of the Company’s messages;
• printing and/or postal service providers when it concerns the printing and/or sending of the Company’s messages;
• persons who have provided security for the performance of obligations (guarantors, sureties, pledgers);
• notaries, bailiffs, attorneys, lawyers, consultants, auditors, service providers, whom the Company engages to provide necessary services to the Company or these institutions contact in performing the functions assigned to them by law;
• to other third parties (intermediaries) who process personal data on behalf of the Company or under cooperation agreements concluded with the Company (accounting providers);
• potential or actual successors of the Company’s business or part thereof or their authorized consultants or persons.

Are you profiling me and making automated decisions?

• In order to assess your solvency and risk of fulfilling your obligations, we assign you to categories. Depending on which category you are assigned to, the payment terms under which the service will be provided may depend. Profiling is used to perform analysis related to the advice provided to you, for direct marketing purposes, in making decisions related to creditworthiness assessment, risk management and transaction monitoring in order to prevent fraud.
• For statistical purposes, as well as to prevent the sending of unsolicited marketing offers, we categorize you according to the date of conclusion of the contract, the term of completion/termination of the contract, and the status of the contract.

Is information about me transferred outside the European Economic Area?^[2]

   The Company will keep your personal information secure using appropriate technical and organizational measures.

In most cases, personal data is processed and transferred within the territory of the European Union and the European Economic Area. ISOCERT.lt will not disclose your personal information to anyone outside its company or to any person or entity outside the Republic of Lithuania and/or the European Union, except where necessary for the provision of certain services. Data may be transferred and processed outside the aforementioned territories, provided that an adequate level of personal data protection is maintained, where permitted by law and necessary for the reasons specified in this policy in response to question 3.

We use service providers to operate our websites, such as website hosting and query functions, and some of these service providers will process your personal information as part of the services they provide to us. We will ensure that those service providers also comply with this privacy policy.

What rights do I have?

   The GDPR and other laws give you rights, set out when you can exercise them, the procedures you must follow, and exceptions when you may not be able to do so. Where permitted by law, you can:

• Submit a request to us for confirmation as to whether the Company processes data relating to you and, if so, to request access to the processed data and information relating to it.
• Submit a request to us to correct inaccurate, incorrect information used or to supplement it when it is incomplete
• Request us to delete the information we have about you if we are using it unlawfully
• Submit a request to us to restrict the processing of information we hold about you – when you dispute the accuracy of the data or object to the processing of the data, you do not agree to the deletion of your unlawfully processed data, or you need the data to assert, exercise or defend legal claims
• To object to the use of data – when we do so based on the legitimate interests of the Company and/or third parties or the data is processed for direct marketing purposes,
• Submit a request to us to transfer (receive) the data that you have provided to us under a contract or with consent/opinion and which we process by automated means, in a commonly used electronic form
• object to the decision being made, including profiling, if such decision-making has legal consequences or a similar significant effect on the Customer.
• Withdraw consent given to us to use information about you – when we use data based on your consent, e.g. for direct marketing
• To lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or the place where the alleged infringement of the GDPR occurred, and to seek judicial remedies.

When you visit ISOCERT.lt office premises

   When you visit ISOCERT.lt premises, we may collect only basic information (as set out in this policy) and only for the purposes of protecting and securing the premises. You may be asked to check in and out when you visit ISOCERT.lt. You may be given a Guest Card during your visit.

How and what can your Data Protection Officer help me with?

   Contact us if you would like to submit a request to exercise your rights, make a complaint or have any questions. Our Data Protection Officer is ready to assist you. Please contact him/her by e-mail: info@isocert.lt. We will respond within one month of receiving your request, unless the request is complex or involves a large amount of data. In such cases, we will respond within 3 months.

^[1]Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

^[2] The European Economic Area consists of all European Union Member States plus Iceland, Liechtenstein and Norway.

Last update date: 2025-02-27