Privacy Policy
1. Purpose of this Privacy Policy
This Privacy Policy (hereinafter, the "Policy") provides you with information about the personal data that UAB "Greituolis" (hereinafter, the "Company" or "we") collects, the purposes for which it is used, the duration of its storage, the parties to whom your personal data is disclosed, and other relevant details about the processing of your personal data.
This Policy covers the Company’s data processing activities when you use the website www.pickitoo.com, apply for a position within the Company, act as a representative of employees from our partner companies, or contact us with inquiries, among other situations.
In certain cases, the Company also acts as a data processor on behalf of other data controllers, and this Policy does not cover those instances.
Hereafter, any individual whose data is processed by the Company is called the Data Subject.
2. About the Data Controller
The data controller is UAB "Greituolis," a legal entity with registration code 305054987, headquartered at Kalno St. 26, Aukštųjų Rusokų village, Avižienių municipality, Vilnius district, Republic of Lithuania. Email address: datapolicy@pickitoo.com. The Company's information is stored and maintained in the Register of Legal Entities of the Republic of Lithuania.
The contact email for the Data Protection Officer is: dpo-iki@kinast.eu.
3. Definition of Personal Data
Personal data refers to any information collected by the Company about the Data Subject that can be used to identify the Data Subject and is stored electronically or by other means.
Personal data includes any information, such as the Data Subject’s name, surname, and address, which the Company collects about the Data Subject for the purposes specified in this Privacy Policy or in a separate consent or agreement with the Company.
4. Data Processed for Service Provision Purposes
Purpose of Data Processing | Legal basis for Data Processing | Personal Data Processed | Data Processing Period | Additional notes |
|---|---|---|---|---|
Conclusion and Execution of Contracts with Suppliers/Partners (Legal Entities) | GDPR Article 6(1)(f) (legitimate interest to fulfill the contract) | Partner employee’s name, surname, email address, telephone number, correspondence content | For the duration of the contract | Data Recipient (Data Controller) - Client/Partner Legal Entity
Data Recipient (Data Processor) – IKI Lietuva, UAB and its appointed sub processors: UAB Rivilė, CGI Lithuania, UAB
Data may be obtained from your employer.
You have the right to object to data processing by notifying us at the email address provided above. |
Receipt of Services, Purchase of Goods, Contract Conclusion and Execution, Payment (Counterparty as a Natural Person) | GDPR Article 6(1)(b) (contract) | Supplier’s name, surname, personal identification number, address, business license/individual activity certificate number (for service providers), bank account number, contract execution details | For the duration of the contract | Data Recipient (Data Controller) – Bank
Data Recipient (Data Processor) – IKI Lietuva, UAB and its appointed sub processors: UAB Rivilė, CGI Lithuania, UAB
|
5. Direct Marketing
For legal entities that have provided their contact details (email address, telephone number) and have expressed an interest in receiving information about the Company’s services, we will send service offers via electronic communication (email, phone, SMS). In some cases, the contact details provided by the legal entity granting consent, such as an email address, may include your name and surname.
In this case, for the purpose of direct marketing, the Company will process the following personal data of you as a representative of a legal entity: email address (mandatory information, without which the Company cannot send direct marketing messages to the legal entity’s consent), name, surname, and position, when such data has been provided to the Company. Your data will be processed for direct marketing purposes until the legal entity’s consent is withdrawn or until the legal entity you represent provides alternative contact details through which they prefer to receive information about our services.
As a representative of a legal entity, your personal data will be processed on the basis of a legitimate interest to send direct marketing offers to interested legal entities (GDPR Article 6(1)(f)).
We use the services of our data processor, Braze, Inc., to process personal data for direct marketing purposes.
6. Candidate Selection
We collect and process your personal data (name, surname, desired position, work experience (employer, position, reference contact), education, other data specified in your CV, application form, or cover letter, and/or other information provided by you) for candidate selection purposes based on your consent, which you provide by sending your CV and/or cover letter to the Company. If you do not provide your CV and/or cover letter, we cannot assess your suitability for the offered position.
With your consent, we may contact your current employer and a former employer based on our legitimate interest (to select a suitable candidate). You may withdraw your consent at any time or object to us contacting your former employer by notifying us via the email provided in Section 2 of this Policy.
If you do not provide separate consent for further data processing, upon the conclusion of this recruitment process, we commit to deleting and/or destroying your personal data within three days after the contract with the selected candidate is signed or a decision to end the recruitment process is made, except in cases where separate consent is provided for storing candidate personal data for the period specified in the consent.
We will retain your data based on your consent for the period indicated in the consent.
Based on our legitimate interest, we may process information about the individual you list as a reference (name, surname, email, phone number, and any information provided by the reference), including former or current employers or persons providing recommendations, for candidate selection purposes. In this case, our legitimate interest is to select a suitable candidate for the position sought. We will delete this data at the end of the recruitment process.
We may receive your data from employment service providers or recruitment platforms.
In actively searching for potential candidates, we conduct candidate searches on the LinkedIn social network, job portals, and other public sources based on our legitimate interest (to find new employees) under GDPR Article 6(1)(f). After conducting searches, we may contact potential candidates who meet the search criteria (individuals with LinkedIn accounts or profiles on job portals). In this case, we process name
s, surnames, and other information available on LinkedIn or other job search platform profiles, although this data is not separately retained.
For candidate data processing purposes, we have engaged IKI Lietuva, UAB, as our data processor, which provides us with a personnel management system.
7. Protection of Company Confidential Information and Business Continuity
To ensure the Company’s legitimate interest in protecting its confidential information, maintaining business continuity, and protecting its legal interests (GDPR Article 6(1)(f)), the Company may review its employees’ correspondence with contractors.
For these purposes, the Company processes the following personal data of its employees and individuals who send or receive emails from employees: email address, sender or recipient’s name and surname, date, and information content on electronic work devices.
To ensure business continuity, data (the content of the employee's email inbox) is processed for one month after the end of employment.
Personal data is retained for three years to protect confidential information and safeguard the Company’s rights and legitimate interests. In cases of confidentiality breaches, data may be disclosed to courts, governmental authorities resolving disputes, opposing parties, lawyers, and other providers of legal services.
8. Data Archiving
Please note that certain data must be retained for archiving purposes to fulfill our archiving obligations. This means, for example, that although data processed for service provision purposes is stored for the duration of the service contract, after the contract expires, the data will continue to be processed for archiving purposes. Below, we provide more detailed information:
Purpose of Data Processing | Purpose of Data Processing | Purpose of Data Processing | Purpose of Data Processing | Purpose of Data Processing |
|---|---|---|---|---|
Archiving | Personal data processed for purposes of service provision or receipt, contract conclusion, and execution. Until the transfer of the e-commerce business unit to Spartuolis, UAB, legal entity code 306978022, registered address: Lvivo St. 37-101, LT-09307 Vilnius, personal data is processed for purposes of service provision or receipt, contract conclusion and execution, payment, order fulfillment via LastMile, and execution of contracts with couriers (both natural and legal persons), including data specified in contracts, VAT invoices, other financial documents, green card, and payment documents. | GDPR Article 6(1)(c), legal obligation as set out in the General Document Retention Index approved by the Chief Archivist of the Republic of Lithuania on March 9, 2011, Order No. V-100, Sections 3.15 and 3.24 | 10 years | Data is not shared with any third parties |
9. Protection of Legitimate Interests
On the basis of its legitimate interest in protecting its rights, including in cases of civil disputes (GDPR Article 6(1)(f)), the Company processes the names, surnames, personal identification numbers, case details, and other information related to the case of individuals or their employees involved in the proceedings, as well as publicly available information. Data may be disclosed to law enforcement authorities, lawyers, or bailiffs conducting enforcement actions. Data is destroyed one year after the final resolution of the case and the Company’s claims are fully satisfied (if the claims are satisfied).
The Company also processes personal data to protect its rights and legitimate interests as described below, based on GDPR Article 6(1)(f).
Personal Data Processed | Data Processing Period | Notes |
|---|---|---|
Any and all personal data of data subjects specified in consents regarding personal data processing; and data confirming consent (in cases of direct marketing, when consent is provided through the website, IP address; consent confirmation link); personal data specified in documents implementing data subject rights or documents with which the Company refuses to implement such rights | 3 years from the end of the calendar year in which personal data processing was completed or (and) data subject rights were implemented (or refused) | Data Recipients (Data Controllers): Courts, governmental authorities handling disputes, opposing parties, lawyers, and other providers of legal services |
Personal data processed for purposes of service provision or receipt, contract conclusion and execution, and payment | 10 years from the end of the contract | Data Recipients (Data Controllers): Courts, governmental authorities handling disputes, opposing parties, supervisory authorities, lawyers, and other providers of legal services |
Personal data of individuals contacting the Company via its communication channels: email address, name, surname (if provided), username (if the inquiry is sent via a social media account), workplace (if provided), date and time of sent and received messages, recipient, sender, content of correspondence | 1 year, or if the individual is a client of the Company – 10 years | Data Recipients (Data Controllers): Courts, governmental authorities handling disputes, opposing parties, lawyers, and other providers of legal services |
10. Contact Us
There are several ways to contact the Company: by phone, email, through social media accounts, or by using forms and features on our website or application. We receive, review, and respond to all messages personally. If you contact us, we may process the data you provide, including your name, surname, email address, phone number, inquiry content, and the organization you represent.
This data will be processed to respond to your inquiries and review your suggestions. If you do not provide your contact information, we cannot reach you.
Correspondence is retained for 1 year from the date of message receipt, except in cases where other retention periods are specified in this Privacy Policy or applicable law.
All personal data you provide when communicating with us is used solely for the above purposes, including reviewing messages and managing communication flow. We are committed to not using your personal data in any publications that would allow for identifying your personal identity without your explicit consent.
Please note that we may need to contact you by mail, email, or phone. Please inform us of any changes to your personal data.
11. Website
Our website and application use cookies. A cookie is a small file consisting of letters and numbers that we store on your browser or computer's hard drive with your consent. We use different types of cookies to achieve various purposes. Cookies also help us distinguish you from other website users, ensuring a more pleasant browsing experience and allowing us to improve our website.
You can choose whether to accept cookies. If you do not agree to have cookies stored on your computer or another device, you may indicate this in the cookie banner, change your browser settings, and disable cookies (either all at once or by groups).
Most browsers allow you to reject all cookies, and some allow you to reject only third-party cookies. You can use these options, but please note that blocking all cookies may negatively impact your experience on our website, and without cookies, you may not be able to use all services provided on the site. For more detailed information, visit AllAboutCookies.org or www.google.com/privacy_ads.html.
We may use the following types of cookies, but a detailed and updated list of cookies in use can be found HERE:
Strictly Necessary Cookies
These cookies are essential for our website to function. The legal basis for using such cookies is GDPR Article 6(1)(f) (our legitimate interest in ensuring proper website operation) and Article 73(4) of the Law on Electronic Communications of the Republic of Lithuania.
Statistical Cookies
These cookies allow us to recognize and count website visitors and observe how visitors navigate through our site. This helps us improve website performance, for example, by ensuring users can easily find what they are looking for. The legal basis for processing data collected by these cookies is your consent.
Facebook Icon Plugins
This page uses Facebook and Instagram icon plugins. We implemented these plugins on the Company’s website to allow you to link directly to the Company’s social network accounts or open the Company’s messaging window on communication platforms.
Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) manages the website's plugins (Facebook and Instagram social networks).
When you click on a plugin icon, you are redirected to the plugin controller’s page, which receives data such as the originating page, time, and date of the request. The plugins are identifiable by the “Facebook” and “Instagram” logos.
Information provided by a person on the plugin controller’s page or received when a person visits links to plugins on the Company’s website is controlled by the plugin controllers. Information about the collection and storage of personal data, the legal grounds for data processing, data retention periods, and technical and organizational security measures is provided in the privacy notices of the plugin controllers: https://lt-lt.facebook.com/privacy/explanation/.
12. Social Media Platforms
Information you provide to us through social media platforms (including messages, "Like" and "Follow" actions, and other interactions) is controlled by the social network’s administrator.
Our website includes links to our accounts on social media platforms (hereinafter, “Social Accounts”). Currently, we have the following Social Accounts:
-
Pickitoo account on Facebook
-
Pickitoo account on Instagram
-
Pickitoo account on LinkedIn
-
Pickitoo account on YouTube
Information on our Social Accounts (such as the social network profile name, profile picture, public comments, other interactions with the Company’s social media accounts, and the subject and content of your inquiries, if any) is processed for account administration purposes based on your consent. The information available on the Social Accounts is not separately stored (when data is processed solely for Social Account administration purposes, though data may be saved if needed for other purposes, such as rights protection).
When you visit our Social Accounts, the social media platform administrators place cookies on your device that collect personal data. These cookies are applied whether or not you are a registered social network user.
Since the Company does not administer the above social networks but only its accounts on them and acts as a joint data controller together with the companies managing these social networks, we invite you to review information about the storage of your personal data in these social networks’ privacy documents:
13. Data Transfers to Third Countries
The data controllers of social networks (Facebook, Instagram) are located in the United States, which the European Commission has recognized as ensuring an adequate level of protection. Meta Platforms, Inc. and LinkedIn Corporation are included in the Data Privacy Framework List.
Data of European Union residents posted on Facebook and Instagram is processed by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Information on how to exercise your rights as a data subject can be found here: https://lt-lt.facebook.com/privacy/explanation/. If you have complaints about the handling of your personal data by Meta Platforms Ireland Limited or about the exercise (or non-exercise) of your rights as a data subject, you have the right to file a complaint with Meta Platforms Ireland Limited's supervisory authority – the Irish Data Protection Commission or the State Data Protection Inspectorate.
Below is information on the purposes for which personal data is transferred to third countries and related information:
Data of European Union residents posted on Facebook and Instagram is processed by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Information on how to exercise your rights as a data subject can be found here: https://lt-lt.facebook.com/privacy/explanation/. If you have complaints about the handling of your personal data by Meta Platforms Ireland Limited or about the exercise (or non-exercise) of your rights as a data subject, you have the right to file a complaint with Meta Platforms Ireland Limited's supervisory authority – the Irish Data Protection Commission or the State Data Protection Inspectorate.
14. Data Collection and Disclosure
We receive your data from you, your devices, our employees, banks, and from our contractual partners.
We may disclose information about you to data recipients listed under the “Notes” section for each data processing purpose. We may also transfer your personal data to service providers, such as IT service providers, when reasonably necessary for the purposes specified in this Privacy Policy, as well as to banks, payment initiation service providers, and other recipients listed in this Policy.
Additionally, we may disclose information about you:
-
if required by law;
-
when intending to sell part or all of the Company’s business, disclosing your personal data to a potential buyer of the business or part thereof;
-
upon the sale of the Company’s business or a substantial portion of its assets to third parties.
Except as specified in this Privacy Policy, we do not disclose your personal data to any third parties.
The list of recipients or categories of recipients specified in the Privacy Policy may change. If you wish to be informed about changes to the recipients of your personal data, please inform us by email at the address provided in this Privacy Policy, specifying in the message text, “I wish to receive information about changes to the recipients of my personal data, name, surname.”
15. Security of Your Personal Data
Your personal data will be processed in accordance with the General Data Protection Regulation, the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other applicable legal requirements. In processing your personal data, we implement organizational and technical measures to protect it from accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
16. Your Rights
This section provides information on your rights regarding our processing of your personal data and the situations in which you can exercise these rights. If you would like more information about your rights or wish to exercise them, please contact us at the email address provided in this Privacy Policy.
The Company will provide information on actions taken upon receiving your request to exercise your rights without undue delay and no later than within one (1) month of receiving the request. Depending on the complexity of the request and the number of requests, this period may be extended by an additional two (2) months. In such a case, we will inform you within one (1) month of receiving the request about the extension and the reasons for it. The Company will only refuse to implement your rights in cases permitted by law.
17. Right to Access Your Personal Data
We aim to ensure that you fully understand how we use your personal data and to prevent any inconvenience. You may contact us at any time to inquire whether we process any of your personal data. If we store or otherwise use your personal data, you have the right to access it. To do so, please submit a written request to the email address provided in this Privacy Policy, confirm your identity, and follow the principles of fairness and reasonableness when making such a request.
Cookie Name | Purpose of Data Processing | Data Used | Expiration | Type (Necessary, Statistical) |
|---|---|---|---|---|
_hjSession_{site_id} | Stores data for the current session, ensuring subsequent requests within the session window are assigned to the same session. | Hotjar user ID | 30 min. | Statistical |
_hjSessionUser_{site_id} | Set when the user first visits the page. Keeps a unique Hotjar user ID for this website only; does not track users across different sites. Ensures data from subsequent visits to the same website is assigned to the same user ID. Source: Hotjar Help
| „ Hotjar User ID
(Hotjar assigns a unique identifier, called the Hotjar User ID, to all users when their data is collected. For example, when a user responds to a widget or when their session recording is captured. This allows for locating specific user recordings and widget responses without identifying them personally. Source: Hotjar Help) | 365 days | Statistical |
intercom-session-fiqzr868 | „Set by Intercom, allows visitors to view all conversations on Intercom websites | Intercom user ID | 30 min | Necessary |
intercom-device-id-fiqzr868 | Set by Intercom, allows visitors to view all conversations on Intercom websites | Browser device information | 270 days | Necessary |
intercom-id-fiqzr868 | Set by Intercom, allows visitors to view all conversations on Intercom websites | Intercom user ID | 270 days | Necessary |
__consent | Necessary cookie for essential website functions | User consent data for cookies | 365 days | Necessary |
__session | Necessary cookie for essential website functions | Unique user ID | 365 days | Necessary |
17.1 Right to Withdraw Consent
If you have provided us with explicit consent for data processing, you may withdraw it at any time.
17.2 Additional Rights
Below is information on additional rights you may exercise according to the procedures described:
-
(a) You have the right to request the correction of any inaccuracies in the data we hold. In such a case, we may ask you to confirm the corrected information.
-
(b) You have the right to request the deletion of your personal data. This right is granted under the conditions outlined in GDPR Article 17.
-
(c) You have the right to request the restriction of processing or to object to the processing of your personal data:
-
for the period needed to verify the accuracy of your personal data if you dispute its accuracy;
-
when our collection, storage, or use of your personal data is unlawful, but you choose not to request deletion;
-
when we no longer need your personal data, but you require it to establish, exercise, or defend a legal claim;
-
for the period needed to determine whether we have a more substantial legal basis to continue processing your personal data, if you have exercised your right to object to data processing.
-
-
(d) You have the right to data portability for data processed by automated means and obtained based on your consent or for contract performance purposes. Upon exercising this right, we will transfer a copy of the data you provided at your request.
-
(e) You have the right, under the procedure set out in GDPR Article 21, to object to our use of your personal data. You may object when your personal data is processed on the basis of a legitimate interest (the legal basis for each data processing purpose is specified above) or for direct marketing purposes.
17.3 Right to Request Additional Information
We hope you understand that it is challenging to cover every possible method of personal data collection and use. We strive to provide the clearest and most comprehensive information possible and commit to updating this Privacy Policy should our personal data processing practices change. However, if you have any questions regarding the use of your personal data, we would be happy to answer them or provide any additional information we can disclose. If you have specific questions or did not understand any part of the information provided, please contact us.
18. Complaints
If you believe that your rights as a Data Subject have been or may be violated, please contact us immediately using the email address provided in this Privacy Policy. We assure you that upon receiving your complaint, we will contact you within a reasonable time to inform you about the progress of the investigation and subsequently its outcome.
If you are not satisfied with the investigation results, you may file a complaint with the supervisory authority – the State Data Protection Inspectorate (L. Sapiegos St. 17, Vilnius, www.vdai.lrv.lt, tel. (8 5) 271 28 04, 279 1445).
19. Responsibility
You are responsible for maintaining the confidentiality of the data you provide and for ensuring that the information you provide to us is accurate, correct, and complete. If your data changes, you must inform us immediately by email. We will not be liable for any damage resulting from your provision of incorrect or incomplete personal data or from your failure to inform us of changes.
20. Changes to the Privacy Policy
We may update or modify this Privacy Policy at any time. Such updated or modified Privacy Policy will take effect from the time it is posted on our website.
When we update the Privacy Policy, we will inform you of any significant changes, in our opinion, by posting them on the website. The "Update Date" listed below indicates the last time the Privacy Policy was updated.
The last update to the Privacy Policy was made on 30.10.2024.