1. The controllers of your personal data specified in this Privacy Policy are:

2. We confirm that the College will process your personal data in compliance with the applicable legislation of the European Union and the Republic of Lithuania, including Regulation (EU) 2016/679 (the General Data Protection Regulation, hereinafter – the GDPR), as well as other applicable data protection laws and the instructions of competent authorities. The terms used in this Privacy Policy shall be understood as defined in the GDPR.

3. By using the Website or otherwise providing your personal data to the College in the cases specified in this Privacy Policy, you legally undertake to comply with the provisions of this Privacy Policy. If you do not agree with these terms, you should not use the Website and/or provide your personal data to the College.

4. If you have any questions regarding the information set out in this Privacy Policy, you may contact the College at any time using the contact details provided above.

5. Personal data means any information relating to an identified or identifiable natural person. Separate pieces of information which, when combined, may also enable the identification of a particular individual likewise constitute personal data.

6. Please do not send the College any personal data, especially sensitive personal data, about yourself if you do not wish such information to be used in any way.

7. The Website may be used and personal data may be provided to the College only by individuals who are at least 18 years of age.

8. In cases where, through the use of the Website or by other means, you provide personal data of third parties, you are responsible for informing the individuals whose data you provide to the College about the processing of their personal data and for ensuring that they are acquainted with this Privacy Policy.

9. The College processes your personal data for the purposes set out below and on the corresponding legal bases:

9. The College processes your personal data for the purposes set out below and on the legal bases associated with each purpose.

3.1. Conclusion and performance of contracts with students and free listeners, as well as actions taken prior to the conclusion of such contracts.

10. Purpose: The conclusion and performance of contracts with the College’s students and free listeners (including applicants), as well as steps taken prior to entering into such contracts. This includes the formalisation of admission to the College, the issuance of graduation documents, and the organisation and administration of the study process.

11. Data subjects:

11.1. Students, including applicants;

11.2. Free listeners, including applicants.

12. Sources of data. Personal data is provided directly by the data subjects themselves. In cases where an applicant applies for admission to the College through the information system of the Lithuanian Higher Education Association (LAMA BPO), and where necessary for the above-mentioned purpose, certain data may be provided to the College by the Lithuanian Higher Education Association, the Student and School Register (e.g. name, surname, secondary school graduation certificate data, admission score, etc.). Personal data of data subjects who come to study at the College under the Erasmus+ mobility programme may be obtained from the relevant foreign higher education institutions or foreign companies where the data subject undertakes a traineeship or internship.

13. Personal data:

13.1. Student’s or free listener’s identity data: name, surname, personal identification number.;

13.2. Data related to identity documents: type of identity document (passport, identity card, temporary or permanent residence permit in the Republic of Lithuania), document number and expiry date, date of birth, personal identification number, photograph, nationality, and other information indicated in the document.;

13.3. Contact details: email address, telephone number, residential address.

Secondary school graduation certificate and its supplement(s) data: name and type of the school where education was completed, year of graduation, city (locality) and country where the school is located, date of issuance of the certificate, certificate number, results of school and state graduation examinations, annual grades in compulsory and elective subjects, names and grades of examinations, results of elective examinations, additional information regarding the marking of specific assessments (e.g. “passed”, “failed”); as well as any other information contained in the secondary school graduation certificate and its supplements.;

13.4.Copies of certificates (supplements to the secondary school graduation certificate) concerning retaken and additional examinations, as well as annual grades.;

13.5.Study-related data: type of study programme, mode of studies (full-time or part-time), type of study funding, admission score, level of studies, branch campus, programme, year of study, semester, group, amount and year of state-funded study place (if applicable), courses attended, form and date of assessments, study achievement results, correspondence content, and similar information..;

13.6.Financial data: bank account number, payments made and/or received, their amounts and dates, data relating to granted financial support (type of scholarship, amount, payment period, loan details, etc.), and purpose of payment.

13.7.Social status: belonging to a socially supported/vulnerable group (where applicable). Photograph: photograph for the student identification card.

13.8.Data relating to documents issued to the student: type, series, number, and date of issue/validity of documents issued to the student;

Copy of the diploma and its supplement (if the student has completed post-secondary or higher education).;

13.9.Copy of the application submitted through the Lithuanian Higher Education Association (LAMA BPO) information system (where examinations were taken within the framework of the centralised admission process).

13.10.Copy of a document confirming a change of surname (only where the submitted documents are not all issued under the same surname).

13.11.Disability-related data¹: number of the disability certificate, date of issue, validity period (if the disability is temporary), level or group of disability, cause (where indicated), related health condition or limitation data (where specified), and other information contained in the document.

13.12.Results of the entrance examination tasks for the selected study programme;

1 For this purpose, personal data is processed in accordance with the Procedure for the Provision of Financial Assistance Measures to Persons with Disabilities Studying in Higher Education Institutions, approved by the Department for the Affairs of the Disabled (NRD) under the Ministry of Social Security and Labour of the Republic of Lithuania (SADM).

Pursuant to this procedure, the NRD under the SADM provides financial assistance to persons with disabilities studying in higher education institutions and supervises the proper use of allocated funds. The College cooperates with the NRD under the SADM in providing financial assistance to students with disabilities studying at the College.

13.13.Audio and video recording of a remotely conducted examination: video image and the examination environment, screen recordings, the applicant’s voice, background sounds, communication between the College representative(s) and the applicant, time stamps, and other related information (e.g. synchronisation of audio and video with time).;

13.14.Data specified in a power of attorney (where the individual is represented), including the personal data of the authorised representative; details of the head of the internship company or their representative (name, surname, position); and details of the internship supervisor (name, surname, employer, academic degree, telephone number, email address)..

14. In certain cases, for example when applying for tuition fee reductions (or free-of-charge studies), requesting specific exemptions, or seeking entitlement to additional admission points granted by the College, the following documents and the information contained therein (including personal data) may also be processed.:

14.1.Document certifying completion of mandatory continuous military service or basic military training.;

14.2.Document certifying the status of a foreign national of Lithuanian origin (a document confirming Lithuanian origin issued by a Lithuanian community abroad or another competent authority, or a copy thereof certified in accordance with the procedure established by law).;

14.3.Document certifying diaspora status (applicable to children, grandchildren or great-grandchildren of emigrants who have resided in a foreign country for at least three years and arrived in Lithuania no earlier than the eighth grade).

15. Please note that the scope of personal data provided by you and processed by us may vary depending on the nature of the contract concluded (or intended to be concluded) with you, as well as on individual factors and circumstances that may affect the contractual relationship. Therefore, the actual scope of your personal data processed may be narrower than indicated above..

16. Legal basis. We process personal data for the purpose of entering into, concluding and performing contracts with the College’s students and free listeners (Article 6(1)(b) of the GDPR). In certain cases, personal data is processed in order to comply with legal obligations applicable to the College (Article 6(1)(c) of the GDPR).

17. If you do not provide the data specified in this section, you may, unfortunately, lose the opportunity to enter into a contract with the College, or such opportunity may be limited.

18. Retention. Personal data is retained for the periods specified in the General Index of Document Retention Terms (Office of the Chief Archivist of Lithuania, 9 March 2011, No. V-100), on the basis of this document.:

18.1.Study contracts are retained for 10 years from the date of termination of the contract. Where no contract is concluded, data related to communication is retained for 2 years from the date of the relevant data submission.;

18.2.Accounting documents confirming an economic transaction or event (such as invoices, payment orders, advance reports, cash receipt and disbursement orders, and other related documents) are retained for 10 years.

19. Audio and video recordings of remotely conducted examinations are retained for 2 months following the completion of the remote entrance examination, after which they are immediately and irreversibly deleted.

20. In certain cases, in accordance with the requirements of applicable laws or in the circumstances specified in Section 3.13 of this Privacy Policy, your personal data may be retained for a longer period.

3.2. Creation and administration of an account in the College’s information system “Student Hub”

21. Purpose: Creation and administration of an account in the College’s information system “My VDK” in order to ensure the efficient management of the study process, for example::

21.1.Management of academic information (e.g. completed and ongoing study programmes, academic results, submission and completion of assignments).;

21.2.Scheduling of lectures, examinations and assessments;

21.3.Administrative information, including notifications and reminders regarding important administrative deadlines.;

21.4.Adjustment of account settings and data.

22. Data subjects:

22.1.students;

22.2.non-degree students.

23. Sources of data. Personal data is provided directly by the data subjects themselves..

24. Personal data:

24.1.name, last name;

24.2.password;

24.3. E-mail address;

24.4.Other additional information provided by the data subject in the account..

25. Legal basis. We process personal data for the purpose of entering into and performing a contract with you, i.e. for creating and administering your account² in the College’s information system “My VDK” (Article 6(1)(b) of the GDPR).

26. Retention. The personal data specified in Section 3.2 shall be retained for the periods set out in Section 3.1 of this Privacy Policy. Please note that only the account data required to be retained for the purposes specified in Section 3.1 of this Privacy Policy will be stored; all other personal data will be retained until your account is deleted.

27. In certain cases, in accordance with the requirements of applicable laws or in the circumstances specified in Section 3.13 of this Privacy Policy, your personal data may be retained for a longer period.

3.3. Conclusion and performance of contracts with the College’s service providers, suppliers, partners and subcontractors, as well as steps taken prior to entering into such contracts.

28. Purpose: The conclusion and performance of contracts with the College’s service providers, suppliers, partners and subcontractors, as well as steps taken prior to entering into such contracts.

29. Data subjects:

29.1 Service providers, suppliers, partners and subcontractors (including prospective ones).;

29.2.Representatives of service providers, suppliers, partners and subcontractors (including prospective representatives)

30. Sources of data. Personal data is provided directly by the data subjects themselves. In the case of representatives, their personal data may be provided to the College by the represented service provider, supplier, partner or subcontractor. The College also has the right to verify information in public registers where necessary for the above-mentioned purpose (for example, to ensure proper authorisation and representation).

31. Personal data:

31.1.Identification data of the service provider, supplier, partner or subcontractor, including their representatives: name and surname / company name, personal identification number (where necessary in the context of representation, for example where official authorisation to act on behalf of a respective entity is provided), taxpayer identification details, and similar information.;

31.2.Contact details: email address, telephone number, position.;

31.3.Data relating to the relationship with the service provider, supplier, partner or subcontractor, including their representatives: nature of the services provided, goods supplied, form of cooperation, correspondence content, and similar information.;

31.4.Financial data: bank account number, date, amount and purpose of payments made or other settlements..

2 Accounts are created by the College administration – data subjects do not have the possibility to create an account themselves..

32. Legal basis. We process personal data for the purpose of entering into, concluding and performing contracts with our service providers, suppliers, partners and subcontractors (Article 6(1)(b) of the GDPR), or on the basis of our legitimate interest in maintaining business relationships with the College’s service providers, suppliers, partners and subcontractors and in ensuring the proper performance of mutual contractual obligations (Article 6(1)(f) of the GDPR)..

33. If you do not provide the data specified in this section, you may, unfortunately, lose the opportunity to enter into a contract with the College, or such opportunity may be limited.

34. Retention. Personal data is retained for the periods specified in the General Index of Document Retention Periods approved by the Office of the Chief Archivist of Lithuania (No. V-100). The retention periods are determined on the basis of this document.:

34.1.Contracts for goods, works and services, as well as acceptance certificates for goods, works and services (including the personal data contained therein), are retained for 10 years from the date of termination of the contract. Where no contract is concluded, data related to communication is retained for 2 years from the date of the relevant data submission.;

35. In certain cases, in accordance with the requirements of applicable laws or in the circumstances specified in Section 3.13 of this Privacy Policy, your personal data may be retained for a longer period.

3.4. Handling of enquiries and provision of information requested from the College.

36. Purpose: Handling of enquiries (e.g. administration of enquiries, reservation of consultations regarding admission to studies) and provision of information requested from the College (e.g. by email, regular mail, through enquiry forms available on the Website, in person or by telephone), as well as the administration of other direct communication with the College.

37. Data subjects: Individuals who submit enquiries to the College by email, regular mail, through enquiry forms available on the Website, in person or by telephone, or who otherwise communicate directly with the College.

38. Sources of data. Personal data is provided directly by the data subjects themselves.

39. Personal data

39.1.Identification data: first name (surname, where provided by the data subject together with the first name).

39.2.Contact details: telephone number, email address.;

39.3.Data contained in communication with the College (including its employees): date and time of the enquiry, date and time of the response, content and subject of correspondence, and similar information.

40. Please note that the scope of personal data provided by you and processed by us may vary depending on the method of enquiry or communication you choose. Therefore, the actual extent of your personal data processed may be more limited than indicated above.

41. Legal basis. We process personal data on the basis of our legitimate interest in examining your enquiry and providing you with accurate and comprehensive information about the College’s activities or other matters of interest to you (Article 6(1)(f) of the GDPR). If your enquiry relates to contractual relations between you or the entity you represent and the College, such data shall be processed on the legal bases specified in Sections 3.1 and 3.3 of this Privacy Policy.

42. Retention. Personal data is retained for 1 year from the date of receipt of your enquiry. In certain cases, in accordance with applicable legal requirements, your personal data may be retained for a longer period.

43. If your enquiry relates to contractual relations between you or the entity you represent and the College, the data shall be retained for the periods specified in Sections 3.1 and 3.3 of this Privacy Policy.

3.5. Organisation and promotion of conferences and other events.

44. Purpose: Organisation and promotion of the College’s conferences and other events.

45. Data subjects: Participants of the College’s conferences and other events.

46. Sources of data: Personal data is provided directly by the data subjects. During events, upon obtaining the individual’s consent, we or our engaged service providers may capture the individual’s image.

47. Personal data

47.1.Identification data: first name and last name.;

47.2.Contact details: telephone number, email address, position, academic degree.;

47.3.Image-related data (where the individual consents to photography/filming during the event): photograph and video recording of the individual.;

47.4.Financial data (where applicable): bank account number, date, amount and purpose of payments made or other settlements.

47.5.Event-related information: event date, title, content and correspondence concerning the organisation of the event..

48. Please note that the scope of personal data provided by you and processed by us may vary depending on the event or other circumstances. Therefore, the actual extent of your personal data processed may be more limited than indicated above.

49. Legal basis. For this purpose, personal data is processed on the basis of our legitimate interest in organising the event smoothly and efficiently (Article 6(1)(f) of the GDPR) or, insofar as it relates to the processing of your image, on the basis of your consent (Article 6(1)(a) of the GDPR).

50. Retention. Personal data will be retained as follows:

50.1.For 1 year following the end of the event organised by the College.;

50.2.Personal data processed on the basis of your consent shall be retained for the duration of your consent, but no longer than 1 year following the end of the event organised by the College.

3.6. Administration of social media accounts.

51. Purpose: The College aims to administer its social media accounts (Facebook, LinkedIn, Instagram, YouTube) and to communicate with users of these social media platforms.

52. Data subjects: Users of social media platforms (Facebook, LinkedIn, Instagram, YouTube) who interact or communicate with the College’s accounts.

53. Sources of data. The College obtains personal data directly from you and/or from the respective social media platform.

54. Personal data:

54.1.Social media profile name or first name and last name.;

54.2.profile picture;

54.3.Public comments and other interactions with the College’s social media accounts.;

54.4.Content of correspondence with the College, where applicable..

55. Please note that the scope of personal data provided by you and processed by us may vary depending on the communication method you choose. Therefore, the actual extent of your personal data processed may be more limited than indicated above.

56. Legal basis. Our legitimate interest in communicating with users of our social media accounts (Article 6(1)(f) of the GDPR).

57. Retention. Given that the College does not administer the above-mentioned social media platforms themselves, but only its accounts on such platforms, and acts as a joint controller together with the companies operating those social media platforms, we invite you to ознакомиться with information regarding the retention of your personal data in the respective privacy policies of these social media platforms:

57.1.Facebook (https://www.facebook.com/privacy/explanation);

57.2.LinkedIn (https://www.linkedin.com/legal/privacy-policy);

3.7. Recruitment of employees

58. Purpose: Recruitment of the College’s employees.

59. Data subjects: Candidates applying for employment at the College.

60. Sources of data. In most cases, personal data is provided directly by the data subjects when contacting the College or through other recruitment channels, such as online portals where we publish information about job vacancies. Candidates’ personal data may also be provided to us by entities offering recruitment and selection services. Certain personal data may be collected on our own initiative (e.g. results of aptitude or skills tests).

61. Personal data:

61.1.Identification data: first name and last name, date of birth and/or personal identification number (where provided by the candidate or indicated in the documents submitted by the candidate).;

61.2.Contact details: email address, telephone number, residential address (where provided by the candidate);

Data relating to qualifications and skills, including supporting documents.

61.3.1.Documents certifying the candidate’s education (qualification) and the data contained therein (document number, date of issue, issuing authority, education obtained (qualification), and other related information).

61.3.2.Information confirming work experience (former and current employers, dates of employment, positions held, functions performed, and similar information).;

61.3.3.Information confirming foreign language proficiency (foreign languages learned, level of proficiency, and supporting documents, including the data contained therein).;

61.3.4. data and documents substantiating compliance with special requirements established by legal acts (where applicable);
61.3.5. information provided by the candidate in their curriculum vitae, LinkedIn professional profile and/or other documents when applying for a position, for example, photograph, date of birth, etc., submitted on the candidate’s own initiative;
61.3.6. information about the candidate’s professional and business qualities obtained from the candidate’s former employer (only after informing the candidate in advance).
61.4. Correspondence data with the candidate: the candidate’s cover letter and other correspondence text.
61.5. Data on the selection process and its results:
61.5.1. results of the candidate’s aptitude tests and the information contained therein (in recruitment processes for certain positions, if the candidate completes such tests);
61.5.2. information recorded in the candidate’s selection documents, such as the date and content of the interview with the candidate, evaluation of each selection criterion (scores and general comments), final selection result, etc.
61.6. Please note that the scope of personal data provided by you and processed by us may vary depending on specific circumstances related to you or the selection process; therefore, the actual extent of your personal data processed may be less than indicated above.
61.7. Legal basis. We process personal data on the basis of our legitimate interest in recruiting new employees and carrying out selection for respective positions at the College (Article 6(1)(f) GDPR), or for the purpose of taking steps at your request prior to entering into an employment contract with you (Article 6(1)(b) GDPR), or on the basis of your consent (Article 6(1)(a) GDPR).
61.8. Retention. The candidate’s personal data is retained for the duration of the recruitment process for a specific position or for 1 year after the end of the recruitment process where the candidate has given consent. Upon withdrawal of consent by the candidate, personal data is deleted immediately.

3.8. Direct marketing
62. Purpose. The College aims to inform you about news and other information regarding the services and/or offers provided, including news of the College’s Career Centre, for example:
62.1. career counselling and information services aimed at facilitating the integration of students and graduates into the labour market;
62.2. provision of information about internship and employment opportunities and the labour market situation;
62.3. consultation on the preparation of employment-related documents.
63. Data subjects. Individuals who have given consent for the processing of their personal data for direct marketing purposes.
64. Sources of data. Data subjects.
65. Personal data:
65.1. first name, last name (where provided by you);
65.2. email address.
66. Legal basis – your consent to the processing of personal data for direct marketing purposes (Article 6(1)(a) GDPR).
67. Retention. Your personal data for the purpose specified in Section 3.8 shall be processed for 2 years from the date of collection or until you withdraw your consent for the processing of personal data for this purpose, whichever occurs first.
68. In certain cases, in accordance with applicable legal requirements or in the circumstances specified in Section 3.13 of this Privacy Policy, your personal data may be retained for a longer period.

3.9. Provision of College library services and service to library visitors
69. Purpose. Provision of College library services and service to library visitors.
70. Data subjects:
70.1. students, including graduates;
70.2. free listeners;
70.3. other library readers and visitors who are not members of the College’s academic community but with whom the College has concluded cooperation agreements regarding the use of the reading room and library services, excluding borrowing publications and documents for home use.
71. Sources of data. Personal data is provided by the data subjects themselves.
72. Personal data:
72.1. first name, last name;
72.2. address;
72.3. telephone number;
72.4. email address;
72.5. personal identification number, date of birth;
72.6. signature;
72.7. student ID number;
72.8. library visitor ID.
73. Please note that the scope of personal data provided by you and processed by us may vary depending on the nature of the College library services used and your needs; therefore, the actual extent of personal data processed may be less than indicated above.
74. Legal basis. We process personal data for the purpose of entering into, concluding and performing contracts with you (Article 6(1)(b) GDPR).
75. Retention. These data are processed in the College library information system for the entire duration of service provision and for 3 years after the full performance of mutual obligations.
76. In certain cases, in accordance with applicable legal requirements or in the circumstances specified in Section 3.13 of this Privacy Policy, your personal data may be retained for a longer period.

3.10. Administration of the academic process
77. Purpose. Determination of authorship of academic output, recording and assessment of students’ academic (and artistic) activities, and implementation of study completion procedures at the College.
78. Data subjects:
78.1. students;
78.2. free listeners.
79. Sources of data. Personal data is provided by the data subjects themselves or collected by the College from the activities carried out by data subjects at the College.
80. Personal data:
80.1. first name, last name;
80.2. personal identification number and/or date of birth;
80.3. telephone number;
80.4. email address;
80.5. institution (employment or study), institutional unit (employment or study), type of studies, academic group, date of commencement of studies, date of completion of studies;
80.6. start date of the final or research work, completion and/or defence date, language of writing, title in Lithuanian and English, abstract in Lithuanian and English, online access status, restriction period, publication date, indication of plagiarism check performed, plagiarism check result, data used to identify the person performing the plagiarism check, final or research work documents, video and/or audio recording of the defence session (if recorded).
81. Please note that the scope of personal data provided by you and processed by us may vary depending on the academic process chosen and carried out by you; therefore, the actual extent of personal data processed may be less than indicated above.
82. Legal basis. We process personal data for the purpose of entering into, concluding and performing contracts with College students (Article 6(1)(b) GDPR). In certain cases, personal data is processed in order to comply with legal obligations applicable to the College (Article 6(1)(c) GDPR).
83. Retention. Personal data processed for the above purpose is retained for 5 years. Video and/or audio recordings of the final thesis defence session (if recorded) are retained for 2 months after the end of the defence session.
84. In certain cases, in accordance with applicable legal requirements or in the circumstances specified in Section 3.13 of this Privacy Policy, your personal data may be retained for a longer period.

3.11. Provision of accommodation services
85. Purpose. Administration of accommodation services in the College dormitories.
86. Data subjects:
86.1. students;
86.2. dormitory guests.
87. Sources of data. Data subjects.
88. Personal data:
88.1. first name, last name;
88.2. date of birth, personal identification number or number of an identity document (if the person does not have a personal identification number);
88.3. signature;
88.4. gender;
88.5. residential and/or declared address;
88.6. telephone number;
88.7. email address;
88.8. bank account number;
88.9. social status;
88.10. faculty, year, group, dormitory address, room number;
88.11. bank account number, date, amount and purpose of payments for accommodation services.
89. Please note that the scope of personal data provided by you and processed by us may vary depending on your status (student accommodated in the dormitory or dormitory guest); therefore, the actual extent of personal data processed may be less than indicated above.
90. Legal basis. We process personal data for the purpose of entering into, concluding and performing contracts with College students (Article 6(1)(b) GDPR). In certain cases, personal data is processed in order to comply with legal obligations applicable to the College (Article 6(1)(c) GDPR).
91. Retention. These personal data are retained for 10 years after the provision of accommodation services. Personal data of dormitory guests are retained for 1 year.
92. In certain cases, in accordance with applicable legal requirements or in the circumstances specified in Section 3.13 of this Privacy Policy, your personal data may be retained for a longer period.

3.12. Purchase of gift vouchers for evening courses organised by the College
93. Purpose. Personal data is processed for the purpose of administering the sale of gift vouchers and carrying out course registration, as well as ensuring information and service provision to course participants.
94. Data subjects:
94.1. purchasers of gift vouchers;
94.2. voucher recipients registering for courses.
95. Sources of data. Personal data is provided by the data subjects themselves.
96. Personal data:
96.1. first name and last name;
96.2. telephone number;
96.3. email address;
96.4. bank account number, date, amount and purpose of payments for the gift voucher;
96.5. course registration information (e.g. selected courses, course dates).
97. Please note that the scope of personal data provided by you and processed by us may vary depending on your status (gift voucher purchaser or recipient); therefore, the actual extent of personal data processed may be less than indicated above.
98. Legal basis. We process personal data for the purpose of entering into, concluding and performing contracts with you (Article 6(1)(b) GDPR), i.e. processing is necessary for the sale of the gift voucher and provision of services to the recipient.
99. Retention. Data is processed for the entire duration of service provision (until voucher redemption or completion of the course) and additionally retained in accordance with accounting and other legal requirements – 10 years after the provision of services.
100. In certain cases, in accordance with applicable legal requirements or in the circumstances specified in Section 3.13 of this Privacy Policy, your personal data may be retained for a longer period.

3.13. Legal claims and dispute resolution
101. The College may also process all of the above-mentioned personal data for the purpose of establishing, exercising or defending legal claims. For this purpose, personal data will be processed on the basis of our legitimate interest in establishing, exercising or defending legal claims (Article 6(1)(f) GDPR). Such data will be processed for this purpose until the completion of the relevant legal procedures (e.g. examination of a claim, entry into force of a court or arbitration decision), and where a final decision is adopted by a court or other dispute resolution authority – for 1 year from the date of adoption of such decision.

3.14. Website functionalities
102. All information about the measures we use to ensure the functioning of our Website (including cookies) and related data protection matters can be found in Section IV of this Privacy Policy.

103. In this section, we inform you about the technologies used on the Website that help ensure the proper functioning of the Website or monitor and analyse visitor behaviour while browsing.
104. According to their function, cookies are classified as follows:
     104.1. Necessary cookies. These cookies enable basic website functions or ensure compliance with legal requirements (e.g. cookies ensuring the proper functioning of the cookie banner).
     104.2. Functional cookies. These cookies allow the website to remember the visitor’s choices, such as selected language, region or other settings, so that the visitor does not need to repeat them when visiting the website again.
     104.3. Statistical or analytical cookies. These cookies collect anonymous information about website visitor activity and statistics, helping to understand how visitors use the website.
     104.4. Marketing or advertising cookies. These cookies are intended to provide visitors with tailored advertisements and to evaluate the effectiveness of advertising campaigns.
     104.5. According to their duration, cookies are classified as session and persistent cookies. Cookies may be first-party, for example created by our website, or third-party, for example created by other websites.
105. Web beacons, uXDT or Ultrasonic tracking technology operate in such a way that when visiting a website, a computer generates an ultrasonic signal inaudible to humans but detectable by other smart devices running a specific application at the same time.

4.1. Cookies used on the Website

106. Currently, the College uses the following cookies on the Website www.vcd.lt:
     Download the list of cookies used ↗
107. Cookies stored until the end of the session are deleted after the browser is closed or after 30 minutes of visitor inactivity.
108. To optimise marketing communications, we use analytics software “Google Analytics” provided by “Google LLC” and “Snapchat”. These tools allow tracking online behaviour, including time spent on the website, geographical location and website usage. This information is collected through cookies. Information obtained through cookies is anonymous and is not linked to personal data. “Google” and “Snapchat” process personal information on their servers in various countries around the world. Personal information may be processed on a server located outside the user’s country of residence. We do not share this information with any third parties who could freely use it.
109. If you do not agree to such analysis, you may choose not to install cookies in our cookie banner, or you may opt out of Google Analytics data processing here: https://tools.google.com/dlpage/gaoptout
110. More information about Google Analytics cookies is available here:
     https://support.google.com/analytics/answer/6004245?hl=en
111. You may opt out of Snapchat data processing here:
     https://www.snapchat.com/cookie-settings?utm_source=help_snapchat_com&utm_medium=referral&utm_campaign=universal_navigation&utm_content=footer_item_link
112. More information about Snapchat cookies is available here:
     https://www.snap.com/en-US/cookie-policy?utm_source=businesshelp_snapchat_com&utm_medium=referral&utm_campaign=universal_navigation&utm_content=footer_item_link
113. This Website has an interface with the third-party communication channel “Facebook”, where we publish information about the Company’s activities and which acts as a separate data controller. Cookies used by these channels allow us to receive aggregated statistical data and insights about how visitors interact with our posts, advertisements, this Website, videos and other content on these social media platforms. More information about “Facebook” and Facebook “Messenger” cookies is available here:
     https://www.facebook.com/privacy/policies/cookies/?entry_point=cookie_policy_redirect&entry=0

4.2. Cookie management

114. Necessary cookies, which are essential for the proper functioning of the Website, are used based on our legitimate interest in ensuring smooth Website operation, legal compliance and Website security (Article 6(1)(f) GDPR). Other cookies, such as functional, analytical, statistical or marketing cookies, are used only with your prior consent (Article 6(1)(a) GDPR).
115. In any case, the processing of personal data using cookies and other technologies used on the Website is based on your explicit choice made via the Website’s cookie preference banner, which you may change at any time. To do so, click “Manage cookie preferences”.
116. Cookies may also be controlled or deleted directly in the browser settings of your smart device, independently of your use of our Website. Most browsers allow you to refuse all cookies, and some browsers allow you to refuse only third-party cookies. You may use these options. However, please note that blocking all cookies may negatively affect your use of the Website, and without cookies you may not be able to use all services provided by the Website.
117. If you require more information, please visit www.aboutcookies.org. This website provides detailed information prepared by independent experts on how to disable cookies in your browser and how to delete cookies already stored on your computer. To remove cookies from your mobile phone, you should consult your device’s user instructions.

The College may share your personal data with third parties providing services to the College and acting on its behalf. The College ensures that any processing of personal data carried out by such third parties is performed only in accordance with the lawful instructions of the College and in compliance with the GDPR and other applicable legal requirements, and that personal data is transferred to them only where and to the extent necessary for the provision of the respective services.

In addition, personal data may be transferred to relevant recipients/independent third parties, i.e. separate data controllers, where necessary to ensure the proper implementation of the above-mentioned purposes of personal data processing or the fulfilment of legal obligations (e.g. professional advisers, public authorities performing official duties assigned to them, etc.).

The College may share personal data with the following categories of third parties (data processors, data recipients or separate data controllers), where necessary:

120.1. service providers supplying IT software and information systems, cloud computing and data hosting services, as well as accounting, human resources, training, recruitment and selection, event organisation, postal or courier and other services – only to the extent necessary for the proper provision of services to the College;

120.2. the Ministry of Education of the Republic of Lithuania and the Education Information Technology Centre (ŠITC), which manage registers of student diplomas and qualification certificates;

120.3. travel organisers, insurance companies and accommodation providers, where necessary to organise business trips, traineeships or other travel for College employees;

120.4. the State Studies Foundation – in cases where a student’s tuition payments are related to a study grant transferred to the student by the State Studies Foundation;

120.5. training providers, traineeship organisations and similar entities to which employee data is transferred for the purpose of organising training, traineeships, etc.;

120.6. banks or other financial institutions when executing payments or carrying out other financial transactions related to the College’s monetary transfers;

120.7. courts, arbitrators, mediators, opposing parties and their lawyers – where necessary for the purposes of legal proceedings;

120.8. information systems of the Republic of Lithuania, such as the Lithuanian Academic Electronic Library (eLABa);

120.9. the National Education Agency, which manages the Pupils’ and Students’ Registers;

120.10. foreign higher education institutions and companies abroad with which the College cooperates regarding student participation in the ERASMUS+ mobility programme for partial studies, traineeships or internships;

120.11. SODRA (State Social Insurance Fund Board), the State Tax Inspectorate, the Employment Service, the State Labour Inspectorate, the police, other law enforcement authorities and state or municipal institutions (where clearly required by applicable legal acts) or other persons performing official duties assigned to them or holding relevant public authority (e.g. notaries, debt collection companies, etc.);

120.12. the Lithuanian Higher Education Association (LAMA) – where an applicant applies for admission to the College through the LAMA BPO system;

120.13. the Ombudsperson for Academic Ethics and Procedures of the Republic of Lithuania;

120.14. the Department for the Affairs of the Disabled under the Ministry of Social Security and Labour of the Republic of Lithuania – in cases where persons with disabilities apply to study at the College;

120.15. professional advisers, such as lawyers, auditors or accountants (where necessary to protect the College’s legitimate interests);

120.16. former employers of a candidate, where information about the candidate is collected from them;

120.17. suppliers, partners and other third parties with whom the College maintains business or professional relationships – in the context of representation relations and ensuring continuity of operations;

120.18. other natural or legal persons where related to and necessary for organisational changes of the College, e.g. transfer of shares, assets or part thereof, and the performance of legal due diligence for this purpose (including auditors, representatives of potential acquirers, etc.), or transfer of relevant data to the acquirer;

120.19. other natural or legal persons only to the extent and where necessary to ensure the proper implementation of the personal data processing purposes specified in this Notice.

The College does not normally transfer employees’ personal data to third countries (outside the EU/EEA), unless it is considered necessary (e.g. when providing payment card processing services). In such cases, transfers are carried out ensuring an adequate level of personal data protection, where there is a legal basis for the transfer and at least one of the following conditions is met:

121.1. the non-EU/EEA country in which the data recipient is established ensures an adequate level of personal data protection pursuant to a decision of the European Commission;

121.2. the data controller or data processor implements appropriate data protection safeguards, such as transferring personal data under a contract incorporating the standard contractual clauses approved by the European Commission or other duly adopted standard clauses, an approved code of conduct, or where the data recipient has obtained a relevant certification;

121.3. applicable derogations apply, for example where you have explicitly consented to the transfer of personal data, the transfer is necessary for the performance of a contract concluded with you, the personal data must be transferred for the establishment, exercise or defence of legal claims, or for important reasons of public interest.

The College may transfer employees’ personal data to third countries (outside the EU/EEA) insofar as this relates to the use of Microsoft software, including cloud computing and hosting services. The data processing agreement, the third countries to which personal data is transferred, and the applicable data protection safeguards are available at:

https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

The College makes every effort to ensure that such transfers comply with GDPR requirements and implements appropriate measures to ensure that your personal data remains protected. You may obtain more information about such measures by contacting us directly using the contact details provided above.

124. The College implements appropriate technical and organisational measures in compliance with the GDPR to protect employees’ personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or use, as well as against any other unlawful forms of processing.

125. Although the College strives to protect the personal data it processes, please understand that the College cannot ensure or guarantee the security of any information transmitted to us, as no method of data transmission or storage is 100% secure.

126. You have the following rights in relation to the personal data we process about you:

126.1. Right to be informed and right of access to personal data. You have the right to receive information about the processing of your personal data in a transparent, intelligible and easily accessible form, using clear and plain language. This is set out in this Privacy Policy. If any part of this Privacy Policy is unclear to you, we kindly invite you to contact us using the contact details provided above. You also have the right to obtain confirmation from the College as to whether your personal data is being processed and, where that is the case, to access information about how we process your personal data, including the right to obtain a copy of such data.

126.2. Right to rectification. You have the right to request that the College correct or complete inaccurate or incomplete personal data relating to you.

126.3. Right to erasure (“right to be forgotten”). You have the right to request that we erase your personal data where there is no justified reason for us to continue processing it, where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, where you withdraw consent on which the processing is based and there is no other legal ground for processing, or where other grounds set out in Article 17 of the GDPR apply. Please note that Article 17(3) of the GDPR provides for certain exceptions where processing is necessary. If such exceptions apply in your case, we will inform you accordingly.

126.4. Right to restriction of processing. You have the right to request that the College restrict (suspend) the processing of your personal data where:
132.4.1. you contest the accuracy of the personal data – for a period enabling us to verify its accuracy;
132.4.2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
132.4.3. we no longer need the personal data for processing purposes, but you require it for the establishment, exercise or defence of legal claims;
132.4.4. you object to the processing as described below – pending verification of whether our legitimate grounds override your legitimate grounds.

Where processing has been restricted, such personal data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.

126.5. Right to data portability. You have the right to receive the personal data that you have provided to the College in a structured, commonly used and machine-readable format, and to transmit those data to another controller, where:
126.5.1. the data is processed on the basis of consent or a contract;
126.5.2. the data is processed by automated means.

You also have the right to request that the College transmit your personal data directly to another controller, where technically feasible.

126.6. Right to object. You have the right to object at any time to the processing of your personal data where processing is based on the performance of a task carried out in the public interest or on the College’s legitimate interest. In such a case, the College will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

126.7. Right to withdraw consent. Where your personal data is processed on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

126.8. Right to lodge a complaint with a supervisory authority. If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the State Data Protection Inspectorate (address: L. Sapiegos g. 17, 10312 Vilnius, Lithuania, email: ada@ada.lt, website: www.vdai.lrv.lt). Before lodging a complaint with the supervisory authority, we would appreciate it if you contacted us and explained your concerns. We will make every effort to resolve your issue promptly and carefully.

127. To exercise these rights, please submit a written request to the email address specified in Section 1 of this Privacy Policy. The College must, no later than within 1 month from the date of receipt of your request, implement your rights and inform you thereof or refuse to satisfy the request, stating the reasons for such refusal. This period may be extended by a further 2 months, taking into account the complexity and number of requests – in such case, we will inform you of the extension within 1 month from receipt of the request, together with the reasons for the delay. In order to ensure data protection and enable you to exercise your rights, we may request additional information necessary to confirm your identity.

128. The College has the right to amend this Privacy Policy at its discretion. Notice of such amendments will be published on the Website. In the event of material changes to this Privacy Policy, the College will inform you separately.
129. This Privacy Policy was last updated on 27 August 2024.

130. The Website and the materials contained therein are provided for informational purposes only. To the maximum extent permitted by law, the College shall not be liable for any consequences arising from the use of the information and materials available on the Website. The College also assumes no responsibility for any improper functioning of the Website where the user uses inappropriate hardware or software, or where such equipment malfunctions on the user’s side due to reasons beyond the College’s control (for example, malware on the user’s computer).

131. The Website, the materials contained therein, the code, design, the Website domain name, all copyrights, trademarks and service marks, databases, names and any other intellectual property or other property related to the Website or to materials distributed through digital marketing channels and/or contained therein are the exclusive property of the College, except for intellectual property objects (trademarks, logos, etc.) related to the College’s partners or suppliers, and are protected by national and international intellectual property laws and other applicable legal acts.
132. Without the explicit permission of the College, you are not entitled, in any form and by any means, to copy, record, reproduce in any form or manner, present, publish, transmit, sell, process, submit, license, modify, republish, edit, broadcast, rebroadcast or otherwise publish, publicly display or demonstrate, adapt, distribute or use the materials available on the Website, its code or any part thereof, nor to create derivative works based on them.