TERMS OF PERSONAL DATA PROCESSING
Welcome to the website of UAB “GS Core,” a company engaged in the acquisition and enforcement of claims (debt management) at www.gscore.lt. By reading these terms, you will learn how UAB “GS Core” processes, stores, and uses personal data. If you use the website www.gscore.lt, it means you have read and familiarized yourself with these terms of personal data processing. If you have any additional questions regarding the processing of personal data, you can contact us via email at dpo@gscore.lt.
The data subject has the right to contact UAB “GS Core” with inquiries, requests to withdraw consent for the processing of personal data, as well as submit requests regarding the implementation of data subject rights and/or complaints regarding the processing of personal data.
All contact information for UAB “GS Core” is published on the website www.gscore.lt. The contact details of the appointed data protection officer are as follows: Phone No. +370 5 2166650, email address: dpo@gscore.lt. You can also send written correspondence to the address: Švitrigailos g. 11B, Vilnius, or visit the registered office of UAB “GS Core” at the same address.
UAB “GS Core” reserves the right to unilaterally change these terms of personal data processing at any time, informing the data subject about the changes by publishing them on the website www.gscore.lt no later than 20 (twenty) calendar days before the effective date of such changes.
1. Definitions
1.1 Data subject – a natural person whose personal data is processed by UAB “GS Core.”
1.2 Personal data – any information about a natural person whose identity is established or can be established (data subject); a natural person whose identity can be directly or indirectly identified, primarily based on identifiers (name and surname, personal code, location data and/or internet identifiers) or based on one or more characteristics of the physical person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
1.3 Processing of personal data – any operation or set of operations performed with personal data, whether automated or non-automated, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination with other data, restriction, erasure, or destruction.
2. General Information
2.1 The website www.gscore.lt belongs to UAB “GS Core,” legal entity code 305718420, registered address: Švitrigailos g. 11B, Vilnius.
2.2 These terms provide the key principles of how UAB “GS Core” processes personal data. Additional information about the processing of personal data is provided in contracts concluded with UAB “GS Core” as well as in local regulations of UAB “GS Core.”
2.3 UAB “GS Core” undertakes not to violate the principles of personal data processing established by applicable laws (General Data Protection Regulation 2016/679, publicly available at: https://eur-lex.europa.eu/legalcontent/LT/TXT/PDF/?uri=OJ:L:2016:119:%20FULL&from=EN, hereinafter referred to as the Regulation; the Law on Personal Data Protection of the Republic of Lithuania (latest edition), etc.) and to implement appropriate technical and organizational measures to protect the processed personal data from unlawful access, disclosure, accidental loss, alteration, or destruction or any other unlawful processing.
2.4 UAB “GS Core” may engage data processors for the processing of personal data, who are obliged to comply with lawful instructions and applicable legislation and are required to implement appropriate personal data security measures.
2.5 In the case of a lawful purpose and basis for the processing of personal data, UAB “GS Core” may collect personal data from the public state registers of the Republic of Lithuania and privately owned registers operated by legally operating individuals.
2.6 The terms of cookie usage are provided on the website www.gscore.lt.
3. Categories of processed personal data:
- Identity data: name, surname, personal identification number, date of birth.
- Contact data: address, telephone number, email address, social media accounts.
- Data provided by the data subject: data voluntarily provided by the individual.
- Professional data: data regarding education, professional activities, and current positions.
- Financial data: data about assets, income, obligations.
- Debt data: information about existing debts, debt details, received payments.
- Registry data: data from the State Enterprise “Regitra,” the State Enterprise “Registrų centras,” and other legally operating public and private data registers (databases that collect consolidated personal data files), the Electronic Services Portal of the Republic of Lithuania Courts (EPP), the LITEKO electronic court system, the database of bailiffs of the Republic of Lithuania.
4. Principles of Personal Data Processing
4.1 Contractual performance;
4.2 Legitimate interest of UAB “GS Core”;
4.3 Fulfillment of legal obligations by UAB “GS Core”;
4.4 Consent of the data subject.
5. Purposes of Personal Data Processing
5.1 Prevention of indebtedness and creditworthiness assessment.
5.2 Acquisition and enforcement of claim rights.
5.3 Protection of the data subject’s and/or UAB “GS Core” interests.
5.4 Administration of legal requirements and inquiries related to the processing of personal data.
5.5 Organization and execution of company activities.
5.6 Document storage.
5.7 Compliance with accounting and tax obligations.
6. Data Subject Rights
Each of the listed rights can be exercised by the data subject only by properly identifying themselves, i.e., by submitting a written request to UAB “GS Core” in the appropriate form (paper or electronic) or by completing the relevant inquiry on the website www.gscore.lt or by visiting the UAB “GS Core” premises and providing proof of identity:
6.1 Find out if personal data is being processed and, if so, familiarize themselves with it and other information: sources of data, legal basis for data processing, purposes and recipients of the data (during the last twelve months), data retention period, etc.
6.2 Request correction of their inaccurate, incomplete, or incorrect personal data.
6.3 Refuse the processing of personal data if the legal basis for processing is the legitimate interests of UAB “GS Core” and there is a valid legal ground for such a request.
6.4 Request the erasure of personal data that is processed unlawfully or unfairly, or if the data was obtained based on the data subject’s consent and the data subject withdraws such consent.
6.5 Restrict the processing of personal data according to applicable laws.
6.6 Obtain a set of all their personal data processed in UAB “GS Core” electronic databases (processed based on consent or contract execution), in a structured, commonly used, and machine-readable electronic format, and, where technically feasible, the data subject has the right to request UAB “GS Core” to transmit this set to another data controller, stating the grounds or motivation for such a request (right to data portability). Such a data set may be provided to the data subject in PDF or MS Excel electronic format as a usual practice, and it may also be additionally provided as an attachment to the written response to the data subject’s request. The right to data portability is not related to data erasure.
6.7 Withdraw their consent for the processing of personal data.
6.8 File a complaint regarding the processing of their personal data to the State Data Protection Inspectorate or a court if the data subject believes that their rights and legitimate interests are violated in the processing of personal data.
UAB “GS Core” shall provide a response to the data subject’s request regarding the exercise of their rights within 30 (thirty) calendar days from the date of the request. UAB “GS Core” may, with proper justification, extend this period up to 90 calendar days, informing the data subject accordingly.
7. Recipients of Personal Data
In the case of a legitimate basis for data transfer and purpose, possible recipients of personal data may include:
7.1 State institutions and authorities and other persons performing functions assigned to them by law (e.g., courts, law enforcement agencies, bailiffs, notaries, institutions conducting financial crime investigations);
7.2 Entities providing legal, financial, credit rating, archiving, postal delivery, information technology, and other services as authorized data processors of UAB “GS Core”;
7.3 Other third parties with a legitimate interest.
All data recipients must have a legitimate interest in receiving the data and ensure an appropriately applied level of organizational and technical measures for data protection. Additionally, before obtaining personal data from UAB “GS Core,” they must commit in writing to not disclose personal data to unauthorized third parties (principle of confidentiality).
8. Transfer of personal data outside the European Union
8.1 UAB “GS Core” processes personal data within the boundaries of the European Union.
8.2 Personal data may be transferred outside the territory of the European Union in exceptional cases when the transfer is necessary for the conclusion and performance of a contract or with the consent of the data subject, provided that the requirements for adequate technical and organizational data protection measures, as approved under the General Data Protection Regulation 2016/679, are met.
8.3 The country in which the data recipient is located, but not part of the European Union, ensures an adequate level of personal data protection based on criteria approved by the European Commission.
Retention period for personal data:
- Personal data is stored in accordance with the Regulation and the Republic of Lithuania Law on Personal Data Protection, following the principle of limitation – personal data is kept for a period and to the extent necessary for UAB “GS Core” to fulfill its legitimate purposes of data processing. Once the legitimate purpose for processing personal data no longer exists, the data is destroyed.
- The retention periods for data determined by the 2011-03-09 Order of the Chief Archivist of Lithuania on the General Terms of Document Storage, as well as other applicable laws, also apply to the personal data processed by the company.
10. Profiling and automated decision-making
10.1 Profiling is any form of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects related to a natural person, particularly analyzing or predicting aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, with legal or financial consequences for the individual.
10.2 UAB “GS Core” does not engage in any exclusively automated decision-making or profiling. Human involvement is present in all decision-making processes of the company.
11. Organizational and technical measures for data security
In compliance with the requirements of the Regulation, UAB “GS Core” has implemented the following organizational and technical measures to protect processed personal data and minimize the risk of data loss, leakage, or any other data processing breach:
11.1 Internal and external data encryption;
11.2 Utilization of technical and software solutions to restore conditions and possibilities for accessing stored personal data in the event of a physical or technical breach;
11.3 Physical and electronic control over employees’ access to processed personal data;
11.4 Various security measures for access to company premises.
12. Data Protection Officer
12.1 UAB “GS Core” has appointed a Data Protection Officer (“DPO”).
12.2 The appointed Data Protection Officer meets the qualification requirements and is committed to maintaining confidentiality.
12.3 The main functions of the Data Protection Officer are as follows:
12.3.1 Advising UAB “GS Core” employees on matters of personal data protection and informing them about the requirements of the Regulation and other applicable laws;
12.3.2 Communicating and properly responding to requests and claims from concerned data subjects;
12.3.3 Monitoring and ensuring compliance with the requirements of the Regulation within UAB “GS Core,” collecting necessary information when needed, conducting audits and investigations to identify personal data breaches or prevent them;
12.3.4 Providing consultation on impact assessments related to data protection and monitoring their implementation within UAB “GS Core”;
12.3.5 Collaborating with the State Data Protection Inspectorate and serving as a point of contact for all matters related to personal data protection within UAB “GS Core”;
12.3.6 Responding to requests from data subjects;
12.3.7 The Data Protection Officer has additional rights and obligations prescribed by applicable laws and local regulations of UAB “GS Core.”