Back

UAB “TRELO” PERSONAL DATA PROCESSING AND PRIVACY POLICY

  1. General Provisions

    1.1. This Personal Data Processing and Privacy Policy (hereinafter – the “Policy”) sets out how UAB “Trelo” (hereinafter – the “Company” or the “Data Controller”) collects, uses, stores, and otherwise processes personal data of natural persons in the course of its activities.
    1.2. This Policy applies to individuals whose personal data is processed by the Company in the course of its activities, including:
    1.2.1. job applicants applying for positions within the Company;
    1.2.2. individuals who contact the Company regarding the provision of services or submit inquiries;
    1.2.3. representatives, employees, or contact persons of clients, partners, suppliers, and other legal entities;
    1.2.4. website visitors;
    1.2.5. other individuals whose personal data is provided to the Company in the context of business activities, cooperation, or communication.
    1.3. The Company processes personal data in compliance with:
    1.3.1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter – the “GDPR”);
    1.3.2. the Law on Legal Protection of Personal Data of the Republic of Lithuania;
    1.3.3. other applicable legal acts of the European Union and the Republic of Lithuania.
    1.4. The Company ensures that personal data is processed lawfully, fairly, transparently, and only to the extent necessary to achieve the specified purposes of data processing.
    1.5. This Policy may be amended, updated, or supplemented in response to changes in legal acts, changes in the Company’s activities, or changes in personal data processing practices. The most current version of the Policy is always published on the Company’s website.

    1. Information About the Data Controller

    2.1. The controller of your personal data is:
    UAB “Trelo”
    Legal entity code: 300080031
    Registered office address: Laisvės pr. 10, LT-04215 Vilnius, Lithuania
    Email: info@trelo.eu
    2.2. For any questions related to the processing of personal data or the exercise of rights established under this Policy, you may contact the Company using the contact details provided above.

    1. Principles of Personal Data Processing

    3.1. The Company processes personal data only where there is a lawful basis for processing and solely for clearly defined and legitimate purposes.
    3.2. When processing personal data, the Company follows these principles:
    3.2.1. lawfulness, fairness, and transparency;
    3.2.2. purpose limitation;
    3.2.3. data minimisation;
    3.2.4. accuracy;
    3.2.5. storage limitation;
    3.2.6. integrity and confidentiality;
    3.2.7. accountability.
    3.3. The Company implements reasonable technical and organisational measures to protect personal data against unlawful access, loss, destruction, alteration, or disclosure.

    1. What Personal Data Does the Company Process and for What Purposes?

    4.1. Processing of Data of Clients, Potential Clients, and Representatives of Legal Entities
    4.1.1. In carrying out its business activities and providing vehicle repair, maintenance, and related services, the Company may process personal data of clients, potential clients, business partners, suppliers, and representatives or contact persons of other cooperating legal entities, including:
    4.1.1.1. name and surname;
    4.1.1.2. telephone number;
    4.1.1.3. email address;
    4.1.1.4. name of the represented company and job position;
    4.1.1.5. vehicle and fleet information;
    4.1.1.6. content of inquiries, registrations, or correspondence;
    4.1.1.7. other information voluntarily provided by the individual.
    4.1.2. Personal data of clients and potential clients is processed:
    4.1.2.1. for the administration of inquiries and the conclusion or performance of contracts;
    4.1.2.2. for compliance with legal obligations applicable to the Company;
    4.1.2.3. for the purposes of the Company’s legitimate interests related to communication, service quality assurance, and business administration;
    4.1.2.4. on the basis of the individual’s consent where such consent is required under applicable laws.
    4.2. Processing of Personal Data of Job Applicants
    4.2.1. When carrying out recruitment processes, the Company may process the following personal data of applicants:
    4.2.1.1. name and surname;
    4.2.1.2. contact details;
    4.2.1.3. information provided in the curriculum vitae (CV);
    4.2.1.4. information regarding education, qualifications, and work experience;
    4.2.1.5. information contained in the cover letter;
    4.2.1.6. references;
    4.2.1.7. results of tasks completed during the recruitment process;
    4.2.1.8. other information voluntarily provided by the applicant.
    4.2.2. Applicants’ personal data is processed for the purposes of organising recruitment processes, evaluating candidates, and concluding employment contracts.
    4.2.3. Applicants’ personal data is processed on the basis of:
    4.2.3.1. steps taken at the request of the applicant prior to entering into an employment contract;
    4.2.3.2. the Company’s legitimate interest in conducting recruitment;
    4.2.3.3. the applicant’s consent where such consent is required under applicable laws.
    4.2.4. Special categories of personal data, including health-related data, are processed only where necessary under applicable laws or specific job requirements.
    4.2.5. If the applicant is not selected for the offered position, their personal data shall be retained for 1 year following the end of the recruitment process, unless a different retention period is established by law or the applicant submits a separate request for earlier deletion of their data.
    4.2.6. Where the applicant provides separate consent, their data may be stored in the candidate database for up to 2 years from the date consent is obtained.
    4.3. Processing of Website and Communication Channel Data
    4.3.1. The Company may collect and process technical and usage data of website visitors, including:
    4.3.1.1. IP address;
    4.3.1.2. cookie information;
    4.3.1.3. browser type;
    4.3.1.4. device information;
    4.3.1.5. visit time and duration;
    4.3.1.6. other statistical website usage data.
    4.3.2. This data is processed:
    4.3.2.1. to ensure the functioning of the website;
    4.3.2.2. to ensure website security;
    4.3.2.3. for statistical analysis purposes;
    4.3.2.4. to improve service quality and user experience.
    4.3.3. Detailed information regarding the use of cookies is provided in the Company’s Cookie Policy.
    4.4. Data Processed for Direct Marketing Purposes
    4.4.1. The Company may process personal data for direct marketing purposes in order to provide information about the Company’s services, offers, news, or other related information.
    4.4.2. The following data may be processed for direct marketing purposes:
    4.4.2.1. name and surname;
    4.4.2.2. email address;
    4.4.2.3. telephone number;
    4.4.2.4. represented company and job position.
    4.4.3. Personal data for direct marketing purposes is processed:
    4.4.3.1. on the basis of the individual’s consent;
    4.4.3.2. on the basis of the Company’s legitimate interest where permitted under applicable laws, including cases where information about similar Company services is provided to existing clients or their representatives.
    4.4.4. Individuals have the right to withdraw from direct marketing communications at any time.

    1. Sources of Personal Data

    5.1. The Company usually obtains personal data directly from the data subjects themselves.
    5.2. In certain cases, personal data may be obtained:
    5.2.1. from job search portals;
    5.2.2. from social networks, professional platforms, and other publicly available communication channels;
    5.2.3. from recruitment agencies;
    5.2.4. from the Employment Service under the Ministry of Social Security and Labour of the Republic of Lithuania;
    5.2.5. from persons providing references;
    5.2.6. from business partners;
    5.2.7. from publicly available sources where permitted by law.
    5.3. Where required by law or where such consent is necessary under applicable data protection requirements, the Company obtains the data subject’s consent before collecting personal data from third parties.

    1. Transfer of Personal Data

    6.1. The Company may transfer personal data to third parties only in accordance with legal requirements and only to the extent necessary to achieve the specified data processing purposes.
    6.2. Personal data may be transferred to:
    6.2.1. information technology service providers;
    6.2.2. accounting, legal, or consulting service providers;
    6.2.3. recruitment partners;
    6.2.4. public authorities and supervisory institutions;
    6.2.5. other data processors providing services on behalf of the Company.
    6.3. The Company ensures that all data processors implement appropriate organisational and technical measures for the protection of personal data.
    6.4. In certain cases, personal data may be transferred outside the European Economic Area when international service providers are used. In such cases, the Company ensures that data transfers are carried out in compliance with GDPR requirements and appropriate safeguards are applied.

    1. Retention Periods for Personal Data

    7.1. Personal data is retained no longer than necessary to achieve the purposes for which it was collected or for the period required by applicable laws.
    7.2. Specific retention periods may vary depending on:
    7.2.1. the purpose of data processing;
    7.2.2. the duration of contractual relationships;
    7.2.3. retention periods established by law;
    7.2.4. potential disputes, claims, or legal proceedings.
    7.3. Upon expiry of the retention period, personal data is deleted or anonymised in such a way that the identity of the data subject can no longer be determined.

    1. Rights of Data Subjects

    8.1. The data subject has the right to:
    8.1.1. receive information about the processing of their personal data;
    8.1.2. access the processed personal data;
    8.1.3. request correction of inaccurate or incomplete data;
    8.1.4. request deletion of personal data (“right to be forgotten”);
    8.1.5. request restriction of data processing;
    8.1.6. object to data processing;
    8.1.7. withdraw consent provided;
    8.1.8. receive the data they provided in a structured, commonly used, and machine-readable format;
    8.1.9. lodge a complaint with the State Data Protection Inspectorate.
    8.2. Requests from data subjects are handled in accordance with the procedures and time limits established by applicable laws.
    8.3. Requests regarding the exercise of rights may be submitted:
    8.3.1. by email to info@trelo.eu;
    8.3.2. by registered mail to the Company’s registered office address;
    8.3.3. by visiting the Company’s registered office in person.

    1. Security of Personal Data

    9.1. The Company implements appropriate technical and organisational security measures intended to protect personal data against:
    9.1.1. unauthorised access;
    9.1.2. unauthorised disclosure;
    9.1.3. accidental loss;
    9.1.4. destruction;
    9.1.5. alteration;
    9.1.6. other unlawful processing.
    9.2. Access to personal data is granted only to employees or service providers for whom such access is necessary to perform work functions or provide services.
    9.3. The Company ensures that employees with access to personal data are bound by confidentiality obligations and are familiar with personal data protection principles.
    9.4. The Company regularly reviews the security measures applied and updates them where necessary.

    1. Final Provisions

    10.1. This Policy enters into force on the date of its publication.
    10.2. The latest version of the Policy is published on the Company’s website.
    10.3. Questions related to the application of this Policy or the processing of personal data shall be resolved in accordance with the applicable legal acts of the European Union and the Republic of Lithuania.

    Useful links