Privacy policy

 

General information

Public Institution “GO Vilnius” (hereinafter – “we” or “Data manager”) is the manager of the Website www.govilnius.lt (hereinafter – “the Website”). In this Privacy Policy (hereinafter – “the Privacy Policy”), we establish and explain that we collect and further process the personal data of the Website visitors. In the Privacy Policy, we also provide information on the processing of data from other data subjects performed in the course of our business.

The Privacy Policy applies to all persons who visit the Website. The conditions set forth in them apply every time you want to get access to the content and/or services we offer, regardless of the device (computer, mobile phone, tablet etc.) you use. By continuing to browse the Website, you confirm having read and understood the Privacy Policy.

The data of all data subjects is processed legally, transparently and honestly, with predetermined goals and only to the extent necessary to achieve them. When processing your personal data, we adhere to the General Data Protection Regulations No. 2016/679 (hereinafter – “the GDPR”), the Law of the Republic of Lithuania on the Legal Personal Data Protection in the Republic of Lithuania, as well as recommendations of supervisory authorities and/or personal data processing requirements.

Persons under 14 may not provide any personal data on the websites we manage and/or profiles on social networks. If you are under 14, prior to providing your personal data, you must obtain the legal consent of your representatives (parents, adoptive parents, guardians).

The concepts used in the Privacy Policy are treated as they are described in the GDPR.

Data manager details:

Public Institution “GO Vilnius”
Legal entity code: 123641468
Legal address: Gynėjų st., 16, LT-01109 Vilnius
Phone: +370 686 57232
Email: [email protected]

How do we collect your information?

  • You can provide data (personal) by yourself;
  • Your data may be collected automatically;
  • In some cases, we receive your personal data from third parties and may collect it from public sources.
  • When you enter into an agreement with us (sale and purchase, provision of services, etc.);
  • When you use our services;
  • When you subscribe to our newsletters;
  • When you register for our events, exhibitions, courses or other projects;
  • When you submit a request, application and/or complaint to us by phone, email or mail.
  • When you submit an application on our websites and profiles on social networks (for example, Facebook, LinkedIn, Instagram, YouTube);
  • When you make entries on platforms in social networks (for example, Facebook, LinkedIn, Instagram, YouTube) that we manage;
  • When you use our sites (cookies and similar technologies allow us to collect data. For more information about our cookies, see below).

To the extent permitted by applicable laws we may receive your data from third parties. This may be the data provided by our partners, contractors, service providers, as well as the data from your public profiles or databases.

We may associate your data, obtained from you, public and commercial sources with other information that we receive from you or about you.

We may also collect your data in other unspecified cases. You will be additionally informed about this.

What data (personal) do we process?

Even though we try to collect as little information about you as possible, we collect the following information to carry out our activities:

  • Your contact details;
  • The information necessary for the conclusion and execution of transactions, contracts and other agreements;
  • Information about your achievements, professional or other activities relevant to the Vilnius tourism sector development and creating the city image;
  • Your face on the photos;
  • The information that you provide during telephone conversations with us, in letters, requests or registration forms;
  • The information contained in the money transfers you make to us;
  • The information necessary to protect the interests of our institution in court or in other institutions;
  • Information about your device;
  • Information necessary for direct marketing.

Name, surname, gender and other identity data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerance, as well as other information that may be required to purchase/provide goods and/or services.

Information on how you use the Website and/or our other websites (device information: IP address, version of the operating system and the device you use to get access to the content, parameters; login information: session time and duration, as well as any other information that is stored in the cookies that we install on your device (the cookie policy is presented below); location: device GPS signal or information about the nearest Wi-Fi access points and mobile towers (which can be transmitted to us, when you use our websites).

Name, surname, place of employment/job/business, education, information about your achievements relevant to the Vilnius tourism sector development and creating the city image, place of residence, face on photos.

You may choose not to provide us some information, however, in this case, we may not be able to provide you with our services (for example, if you do not provide the necessary information required to respond to your request, we will not be able to answer you).

Note: the staff of JSC “GO Vilnius” does not ask you to provide your login data, bank card numbers, passwords or any other information, due to the use of which you may suffer financial or any other loss.

Why and on what basis do we process your data?

The above information is processed to achieve the following goals:

  • conclusion and execution of transactions, contracts and other agreements;
  • realization of our institution owner’s rights, the municipality of Vilnius;
  • establishment, maintenance and development of business, professional and/or other legal contacts;
  • creation of the image of Vilnius, tourism sector development, as well as attraction of businessmen and talents;
  • performance of our duties in accordance with applicable legal acts;
  • processing of the internal administrative and accounting records of our institution;
  • verification of the quality of services provided by our institution on the internet;
  • realization of the interests of our institution in court or in another institution;
  • direct marketing.

We inform you that we strive to keep in touch with our customers and provide them with information about the services offered. To do this, we carry out direct marketing by phone and email, providing notifications and news about our services, events, conferences, courses, etc. We have the right to send our customers promotional information about our products or services to the email address that we received during the provision of services or sales of goods. Our clients have the right to immediately or at any time refuse our marketing notifications by letting us know about this decision in any way convenient for them: by email [email protected], by sending a letter to the address Gynėjų str., 16, LT-01109 Vilnius or using the link in the advertising notice in an email. This refusal will in no way affect our processing of customer data that we carried out before.

In all other cases, to carry out direct marketing, we will process your personal data only by receiving your permission to process it for this purpose. You can cancel this permission at any time by notifying us by any of the methods above.

Your personal data is processed in accordance with one or several legal processing principles:

  • compliance with legal requirements;
  • the conclusion and execution of transactions, contracts or other agreements concluded with you;
  • state interests (unless your personal interests prevail);
  • our legitimate interests (unless your personal interests prevail);
  • in some cases, your consent.

The purposes, principles and personal data that we process are shown in the following table.

Purpose Legal basis Personal data
Conclusion and execution of transactions, contracts and other agreements
  • Conclusion and execution of agreements with you
  • Compliance with legal requirements
  • The legitimate interests of our institution
Name, surname, personal code, gender and other identity data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerances, as well as other information that may be required to purchase/provide goods and/or services
The exercise of our institution owner’s rights Compliance with legal requirements Any information related to the activities of our institution, i. e., any of your personal data that we process
The establishment, maintenance and development of business, professional and/or other legal contacts
  • The legitimate interests of our institution
  • Compliance with legal requirements
  • State interests
Name, surname, gender, telephone number, email address or other contact details, place of employment/job/business, position
Creation of the image of Vilnius, the tourism sector development, as well as attraction of businessmen and talents
  • Compliance with legal requirements
  • The legitimate interests of our institution
  • State interests
Name, surname, personal code, gender and other identification data (passport or ID card), address of residence, telephone number, email address, bank account number, place of employment/job/business, position, education, marital status, data on allergies and food intolerance, data on achievements relevant to the Vilnius tourism sector development and creating the city image, as well as your face on photos
Fulfilment of our duties in accordance with applicable legal acts. Compliance with legal requirements This depends on the requirements of the applicable legal acts, the institution request content or other objective reasons
Processing the internal administrative and accounting records of our institution
  • Compliance with legal requirements
  • The legitimate interests of our institution
To do this, we can process all the personal data we have specified in the Privacy Policy
Verification of the quality of services provided by our institution on the internet (to improve them and create new content)

The legitimate interests of our institution

IP address, version of the operating system and the device you use to get access to the content, parameters, session time and duration, as well as any information that is stored in cookies that we install on your device, device GPS signal or information about the nearest Wi-Fi access points and mobile towers, which can be transmitted to us, when you use our Website
Realization of the interests of our institution in court or in other institutions
  • Compliance with legal requirements
  • The legitimate interests of our institution
  • State interests
Depending on the filed claim or claim, all we can process all your personal data as indicated in the Privacy Policy
Direct marketing (only if we received your consent or did not receive a message from you prohibiting us from doing so)
  • Consent
  • The legitimate interests of our institution
Name, surname, email address, telephone number, address of residence, age

When we cannot be guided by one of the legal grounds set forth in this table, prior to beginning to process your personal data, we will ask for your consent (such cases will be clear, depending on the circumstances and context).

When we process your personal data for purposes other than those specified in the Privacy Policy, we will notify you in a separate notice.

To whom do we transfer your personal data?

Without your prior written consent, we may transfer your personal data only in the following cases:

  • to our business partners or companies, providing services at our request, selected in a responsible manner;
  • the owner of our institution, the Municipality of Vilnius;
  • law enforcement and government agencies;
  • to other entities, if this is required by law or to protect our legitimate interests.

The ability of your personal data recipients (individual data managers) to use your data is limited. They may not use this information for purposes not specified in the contract. If we need to use their direct marketing offers, you will be asked for separate consent.

We can also provide your data to data managers who provide services to us (perform work). They are entitled to process your personal data only based on a written contract signed between us and them according to our instructions and only to the extent necessary for the proper fulfilment of contractual obligations. Our data managers help us take all the necessary measures to ensure that they can take appropriate organizational and technical measures to ensure security and maintain the confidentiality of your personal data.

Below is a list of data recipient categories:

Banks; advertising and marketing agencies; the company that controls our institution’s system, as well as other companies involved in software creation, installation and support; communication companies; security companies; the companies providing financial accounting to our institution; mail delivery companies and courier services; legal advice companies; archiving companies; bloggers and other media representatives; accommodation, catering, leisure, event organization companies etc., inextricably linked with the Vilnius tourism sector.

Other parties who may be provided with your personal information we have, when it is necessary to protect our legitimate interests or to comply with the requirements of legal acts: government organizations, the persons conducting a pretrial investigation, courts, etc.

You can get more information about the specific companies listed in this section with whom we can share your personal data, using the contact details, provided in the Privacy Policy, the Privacy Policy of the websites we manage, or the informational notifications provided to you.

Which countries are your personal data transferred to?

Sometimes we must transfer your personal data to other countries where lower level data protection policies may be applied. In such cases, we do our best to ensure the security of the transferred personal data.

In very rare cases, we may send your personal data to countries outside the EEC. In such cases, we will apply one of the following security measures:

  • we sign a contract with the data recipient, based on the standard contractual terms, approved by the European Commission;
  • mandatory conditions apply for companies;
  • the data recipient is in a country recognized by the European Commission as applying appropriate data protection standards;
  • codes of conduct; certification mechanisms;
  • we obtain permission from the State data protection inspectorate.

If any of the above security measures are applied, we can use the exceptions provided by Article 49 of the Regulations (for example, transfer your data with your consent), but they can only be used strictly in the cases, formulated in the Regulations.

What do we do to protect your personal data?

We have implemented smart and appropriate physical and technical means to protect the information we collect in order to provide content/services. However, note that, although we take appropriate measures to protect your personal data, not a single website, transaction through the internet, computer system and wireless communications are completely secure.

How long will we store your personal data?

We set your personal data storage term, guided by the requirements of the law, regulations and instructions of the supervising institution and/or another competent institution. If these requirements or instructions are not set, we set your personal data storage term, based on state interest or our legitimate interests, but this term cannot exceed 7 years from the data receipt date (unless, as mentioned above, a longer data storage term is provided by legal acts).

We draw your attention to the fact that, based on the scale of personal data that we process, as well as ongoing events, conferences, exhibitions, courses or other projects, we set the storage period for specific personal data of certain data subject categories in the relevant Privacy Policy of our websites or informational notifications provided to you at the time of receiving data.

At the end of the data storage term, your data is erased so that it cannot be restored to establish your identity.

As a rule, the following personal data storage terms are established:

Personal data Storage period
Data related to the conclusion and execution of transactions, contracts and other agreements 10 years after expiration/termination of a transaction, contract or agreement
Payment details 10 years after a transaction
Data related to registration forms for our events, conferences, exhibitions, courses or other projects Up to 7 years after submitting the registration form
Data in the applications, statements and/or claims provided to us by phone, email or mail Up to 1 year from the request/application/claim receipt or their execution
Information about your achievements, professional or other public activities relevant to the development of the Vilnius tourism sector and creation of  the city image The data is periodically checked and stored as long as it is relevant to the development of the Vilnius tourism sector and creation of  the city image . The data may be erased earlier, if you notify us that you do not wish it to be stored (if your interests prevail)
Your photos While your consent is valid or if you are a public person, while the publication of your photos is relevant to the development of the Vilnius tourism sector and creation of the city image. The data may be erased earlier, if you notify us that you do not wish it to be stored (if your interests prevail)
Your data is related to the potential or existing protection of our interests in court or another institution Until the claim limitation or the claim/complaint submission period expires and/or until the court decision’s effective date
Personal data processed with your consent, except for your consent to the use of your photos Up to 2 years from receipt of your consent, if it not revoked before
Records (logs) of IT systems 1 year

Even if you declare your desire to terminate the contract and refuse our services, due to requirements that may arise in the future, we will need to continue to store some of your personal data until the storage period expires. The data will also be stored so that, if necessary, we can provide you with the necessary information, so that we have a properly recorded history of our relations and can answer your questions related to our communication.

What are your rights?

Depending on the situation and additional conditions approved by GDPR you have the following rights:

  • to know (be informed about your data processing (the right to know);
  • to review your data that we process and how it is processed (the right to review);
  • to request to correct or, based on the personal data processing purposes, to supplement your non-exhaustive personal data (the right to request to correct);
  • to request to erase your personal data (the right to “be forgotten”);
  • to require us to limit your personal data processing (the right to limit);
  • to require transfer of the data provided to us (the right to transfer data);
  • to disagree with your personal data processing at any time, when processing is carried out to fulfil public interests, to fulfil our legitimate interests or legitimate interests of a third party, as well as when personal data is processed for direct marketing purposes, including profiling (the right to disagree);
  • to cancel your consent to your personal data processing, if it is processed, based on your consent.

We always strive to properly enforce your rights and respond promptly to any possible violation of them, so, if you have any questions, regarding your personal data that we process, we ask you to contact us first. We also note that, in all cases, you are entitled to file a complaint with the State Data Protection Inspectorate at any time.

We give you the opportunity to exercise your rights in a convenient way. You can do this by calling this phone number – +370 686 57232, by emailing us at [email protected] or by using any links listed at the bottom of the advertising content provided to you.

Your rights will be exercised subject to prior personal confirmation of your identity (subject to the provision of an identification document: an identification card or passport) or via electronic communication (for example, using an electronic signature).

Your right Some restrictions
The right to know Before the beginning of your personal data processing, you are entitled to receive concise, simple and understandable information about your data processing.
The right to review

This right means that you can ask us to provide the following:

  • A confirmation that we process your personal data;
  • A list of your personal data processed;
  • A list of goals and legal grounds for processing your personal data;
  • A confirmation that we send data to third countries. If this fact is confirmed, the information about what security measures were applied;
  • The source of your personal data;
  • The information about whether profiling is applied;
  • A data storage notification.

We will provide the above information with the condition that it does not violate the rights and freedoms of others.

The right to request to correct Applies, if your personal data is not exhaustive or clear.
The right to “be forgotten”

Applies, if:

  • The information we have is no longer needed to achieve the stated goals;
  • We process data based on your consent;
  • We process data based on legitimate interests. After obtaining your consent, it is established that your interests prevail;
  • The information was obtained by illegal means.
The right to limit

This right may be exercised while we analyse the situation, i. e.:

  • If you dispute the accuracy of the information;
  • If you object to the processing of your personal data, when it is carried out based on legitimate interests;
  • We use the information illegally, but you object to its deletion;
  • We no longer need the information, but you need to keep it for trial.
The right to transfer data This right can be exercised, if you provide your data and we process it automatically based on your consent or an agreement concluded with you.
The right to disagree This right can be exercised, if the data is processed to protect public interest or data processing is necessary to protect the legitimate interests of the data owner or third party. When processing your personal data on this basis, we must prove that the data is processed for valid legitimate reasons that are more important than your interests.

You may also at any time disagree with your personal data processing for direct marketing purposes, including profiling, as far as direct marketing is concerned.

The right to withdraw consent To cancel your consent to the processing of your personal data at any time, if it is processed, based on your consent.
The right to file a complaint with the State Data Processing Inspectorate The data subject has the right to contact the institution responsible for the supervision and control of legal acts regulating the personal data protection – the State Data Processing Inspectorate (L. Sapiegos str. 17, Vilnius 10312, email: [email protected], phone (8 5) 271 2804).

More information available at: www.ada.lt

We may not create conditions for you to exercise the above rights when, in cases provided for by law, it is necessary to ensure the prevention of crimes, violations of professional or professional ethics, ensure the investigation progress and the criminal identification, as well as protect the rights and freedoms of the data subject and other persons.

Cookies, signals and similar technologies

Cookies are small informational elements that are stored in your browser.  In the Privacy Policy, we use the term “cookies” to describe these elements and other similar technologies, for example, pixel tags, web beacon, clear gif. They help us:

  • to identify you as a previous visitor to a particular website;
  • to preserve the history of your visit to a website and adjust its content;
  • to ensure the smooth operation of the Website;
  • to control the duration and frequency of visits to collect statistics on the number of visits to the Website.

By analysing this data, we can improve our Website and make it more convenient to use.

We remind you that some services can be configured to work only with cookies. By turning them off in whole or partly, you can no longer use these services. When you use a browser to access the content we provide, you can configure your browser to accept all cookies or block them all. Cookies notifications may also be displayed. Browsers are different, so, if you do not know how to change the settings of cookies, look in the menu. Your device’s operating system may have additional cookies control. If you do not want cookies to collect information, use a simple procedure that is embedded in many browsers. It allows you to refuse the use of cookies. If you want to learn more about how to manage cookies, visit this website.

We also draw your attention to the fact that, in addition to our cookies, some third parties (for example, social network managers) may use the Website to install and access cookies on your device. The third parties who install such cookies apply their Privacy Policy. We cannot be responsible for them (our Website does not have access to the information transferred), so we strongly recommend that you additionally inquire about the above rules on the websites of these third parties. The profiles of our social networks (Facebook, LinkedIn, Instagram, YouTube) apply the Privacy Policy of their managers.

Full cookies list

External websites

The Website has links to external websites, i. e., the websites related to travel companies of Vilnius (for example, accommodation, catering, leisure companies). When using these links, pay attention to the fact that the websites and services accessible should have a separate individual Privacy Policy that we cannot take responsibility for, so we recommend reviewing them in detail again before providing any of our personal data.

Contact us

If you notice an inconsistency of Privacy Policy, a security breach on any of our Websites or if you have other questions related to your personal data processing, please, contact us in the most convenient manner:

Public Institution “GO Vilnius”
Legal entity code: 123641468
Registered address: Gynėjų st., 16, LT-01109 Vilnius
Phone: +370 686 57232
Email: [email protected]

Final provisions

The Privacy Policy is checked and updated according to our needs, but at least once every two years or in case of changes in legal acts regulating the processing of personal data. By updating the Privacy Policy, we will notify you of the changes that we consider essential by posting a notice on the Website or in a similar way. If you use the content and/or services we offer after the publication of such a notice, we will assume that you agree with the new requirements specified in the updated Privacy Policy.

The last time the Privacy Policy was revised was on February 1, 2019.