Privacy statement

EPSO-G Invest privacy notice

Last updated on 17 July 2025
1. What is contained in this Privacy Notice and for whom is it intended?
EPSO-G Invest (hereinafter - the Company or us) processes (collects, stores, etc.) Your personal data. When processing this information, the Company is guided by the General Data Protection Regulation of the European Union (hereinafter – GDPR) and other legal acts regulating the protection of personal data.  

In this Privacy Notice (hereinafter - Privacy Notice), we provide You with basic information about the Company's processing of your personal data - where we obtain your personal data and to whom we may provide it, for what purposes and on what grounds we process your personal data, what rights You have, how You can exercise those rights, and other relevant information. Please read this important information carefully and from time to time visit our website at https://www.epsog.lt/lt/apie-mus/privatumas and read the latest version of the Privacy notice posted there.  

In order to find out when the Privacy Notice was last updated, You can check the “Last updated” date.
2. Who is responsible for the protection of Your personal data?
EPSO-G Invest, legal entity code: 306949519, registered office:
Laisvės ave. 10, Vilnius, e-mail: [email protected].
3. Why and what Your personal data do we process?

No.

Why do we collect information about You?

What information do we collect about You?

Why do we have the right to collect the information You provided?

How long do we use or store information about You?

3.1

We carry out the employee selection process, organize the recruitment process

Name, surname, date of birth, phone number, e-mail address, place of residence (address), information about the candidate’s education, desired position (job title), date of receipt of resume, personal qualities, candidate’s work experience: workplace, length of service, held positions, other work experience; proficiency in foreign languages: language, levels of reading, writing, speaking; ability to work with computer programs, desired salary, other information in the resume, recommendation and (or) motivation letter.

We have Your consent (Article 6(1) clause a of the GDPR)  

1 year after the end of the selection.

3.2

We draw up and execute contracts with You, and comply with related tax obligations

Name, surname, personal code or date of birth, phone number, e-mail address, bank account number, signature, basis of representation (power of attorney, statutes, etc.), number of the power of attorney, term, duties, billing information, settlement period, other information relevant to the conclusion and performance of the contract, depending on the nature of the contract.

We conclude a contract with You and fulfil our contractual obligations (Article 6(1) clause b of GDPR)

During the period of validity of the contract and 5 years after the expiry of the contract.

3.3

We administer the internal reporting channel (Trust line) and carry out internal investigations on the basis of the information received

In case the information is not provided anonymously, the data collected will be the data provided by the person himself or herself - name, surname, phone number, personal code, e-mail address, the circumstances of the notification, the date of the notification, the decision to inform about the actions taken and the decisions taken.

We have a legitimate interest in the processing of Your personal data (to prevent fraud, corruption, other criminal acts, violations of law, other violations - to prevent acts being committed, to take measures to prevent acts being committed in the future, etc.)(Article 6(1) clause f of GDPR).
We are obliged to collect information in accordance with the law (Article 6(1) clause c of GDPR).

If an infringement has been found after examination of the information received - 5 years after the end of the investigation.  
If the examination of the information received did not lead to the finding of an infringement - 3 years after the end of the investigation carried out.

3.4

We deal with complaints, suggestions or requests submitted by You

Name, surname, e-mail address, telephone number, signature, date of application, application number (registration number) and the information contained therein, the outcome of the proceedings, if the person making the application, complaint or proposal has been communicated with by e-mail, the personal data recorded in that communication.

We have a legitimate interest in processing your personal data (to deal with your applications, requests or complaints) (Article 6(1) clause f of GDPR)

3 years from the date of receipt of the application, complaint or offer.

3.5

We strive to ensure the efficient and safe operation of our website (we use technical cookies to support the user session)

Unique identifier

We have a legitimate interest in processing Your personal data (to ensure that the Company's website operates in a high quality, secure manner) (Article 6(1) clause f of GDPR)

Until the closing of the website window (information is automatically deleted after the browser is turned off)

3.6

We implement economic or financial sanctions, embargoes or other restrictive measures imposed or administered by the EU or other relevant institutions.   Managing risks associated with business partners

Name, surname, date of birth, nationality, place of residence, address of registration, country of residence, percentage of shares held, information on links with politically exposed persons, information on investigations carried out in relation to corruption, competition, anti-money laundering, terrorist financing, occupational health and safety violations, information on business partners, clients.   Personal data of shareholders of the partner of activity, beneficiaries (name, surname, date of birth, nationality, place of residence)  
Name, surname, position, e-mail address of the representative of the business partner.  
Other information provided in the questionnaire by the business partner, his representative.

We are obliged to collect information in accordance with the law (Article 6(1) clause c of the GDPR), we have a legitimate interest (to ensure the compliance of our business partners with the requirements of the Group's Supplier Code of Conduct and the management of potential financial and reputational risks) (Article 6(1) clause f of the GDPR)

5 years after the end of the contractual relationship.

The privacy policy of the candidates to the employees of EPSO-G can be found here.
4. Where do we receive Your personal data from?
You provide us with most of the information Yourself, but we may also receive certain personal data from: 4.1. the legal entities for which you work (e.g. companies within the EPSO-G group of companies) or which You represent (e.g. suppliers with whom we enter into contracts).
When we receive personal data from You, we would ask You to provide only the information necessary to achieve the purposes set out in point 3. Other information, such as political views, nationality, religion, etc., would be requested not to be provided.
5. What personal data do You need to provide to us and why?
Please review the answer to point 3 above – You must provide the information about You that is necessary in order to:
5.1. enter into contracts with You and fulfil our contractual obligations;
5.2. enter into contracts with the persons You represent and fulfil our contractual obligations;
If you do not provide the above information, we will not be able to conclude contracts with You and/or the persons You represent and fulfil contractual obligations.
6. Who can we disclose Your personal data to?
We may transfer information related to You to our partners, service providers, as well as to the following entities only if it is necessary for the purposes set out in point 3 and permitted by applicable law:
6.1. banks carrying out settlement operations (data shall be transmitted for the purpose specified in point 3.4);
6.2. courts, supervisory, law enforcement and other public authorities (data may be transferred for all the purposes set out in point 3);
6.3. lawyers, notaries, bailiffs, auditors, consultants, companies providing data center, hosting, cloud, website administration and related services, companies designing, maintaining and developing software, companies providing information technology infrastructure services, companies providing communication services, insurance companies, companies providing archiving services and other services to the Company (the data may be transferred for all of the purposes set out in point 3 above).
           
We note that when the Company transfers personal data to other third parties as outsourced data processors, it shall make sure, before using them, that they have appropriate technical and organisational measures in place to ensure the secure processing of personal data and an adequate level of data protection in accordance with the applicable European Union legislation.
7. Will Your personal data be transferred outside the European Economic Area?
In most cases, personal data is processed and transferred within the territory of the European Union and the European Economic Area (EEA[1]).  If necessary for the provision of certain services, the data may be transferred and processed outside these territories, provided that an adequate level of personal data protection is observed. Where permitted by law and necessary for the reasons set out in section 6 of this Privacy Notice, we disclose information about You:
7.1. on the basis of an adequacy decision of the European Commission, which means that the European Commission has recognised the country in which the third party is established and/or carries out its activities as having an adequate level of protection of personal data;  
7.2. we have signed a contract with a third party based on standard contractual clauses approved by the European Commission;  
7.3. we have obtained permission from the State Data Protection Inspectorate;
7.4. making use, where possible, of other available safeguards and derogations for the protection of personal data.  
8. How is Your personal data processed?
In order to ensure that information about You is protected from unauthorized access, disclosure, accidental loss, alteration or destruction or other unlawful processing, we have implemented and apply appropriate level of technical and organizational security measures for Your personal data.
9. What rights do You have?
The GDPR and other laws give You rights, provide for when You can exercise them, the procedures You must follow, and the exceptions in which cases You cannot exercise the rights granted. When permitted by law, You can:
9.1. access Your personal data, i.e. to receive a notification confirming whether the Company processes Your personal data and, if processed, to request access to the data processed and related information;
9.2. submit a request to us to correct inaccurate, incorrect personal data or to supplement it when it is not complete;
9.3. submit to us a request to delete Your personal data, which we have if this can be justified by one of the reasons provided for in Article 17(1) of the GDPR;  
9.4. submit a request to us to restrict the processing of Your personal data, where one of the cases provided for in Article 18(1) of the GDPR applies.  
9.5. object to the use of data when we process Your data for the legitimate interests of the Company and (or) third parties;
9.6. submit to us a request for the transfer (receipt) of data that You have provided to us under the contract or with Your consent to the processing of data and which we process by automated means in a commonly used electronic form;
9.7. object to a fully automated decision, including profiling, if such decision-making may have legal consequences or similar significant effects on You;
9.8. revoke the consent given to us to process Your personal data when we use the data on the basis of Your consent;
9.9. lodge a complaint with a supervisory authority, in particular in the Member State where You have Your habitual residence or the place where the alleged infringement of the GDPR has occurred and to seek judicial remedies. In the Republic of Lithuania, the supervisory authority is the State Data Protection Inspectorate (L. Sapiegos str. 17, Vilnius; e-mail: [email protected]), but first we recommend You to contact us and we will try to solve all Your requests together with You.
10. How can You exercise Your rights?
In order to exercise Your rights referred to in point 9 of this Privacy Notice, You must:
10.1. personally present a request to exercise the rights of the data subject (hereinafter - Request) to the Company’s headquarters at Laisvės ave. 10, LT-04215, Vilnius (together with the Request, a document confirming personal identity must be submitted);  
10.2. send a Request to the Company or the Personal Data Protection Expert by e-mail [email protected] (the Request submitted by e-mail must be signed with a secure electronic signature);
10.3. submit to the Company by post, at Laisvės ave. 10, LT-04215, Vilnius (the Request must be accompanied by a copy of the identity document, certified by a notary or other procedure established by legal acts).
When submitting an application through a representative, the application must be accompanied by a document confirming the representation or a copy thereof certified in accordance with the procedure laid down by legal acts.  
11. How will we inform You of changes to the Privacy Notice?  
We may update or change this Privacy Notice at any time. Such updated or amended Privacy Notice will be effective from the date of its posting on our Website.  

When we update the Privacy Notice, we will inform You of what we consider to be material changes by posting them on the Website. You can look at the “Updated” date at the bottom to see when the Privacy Notice was last updated.
12. Does Your website leave cookies on my computer or device?
Yes, we use cookies as shown in the table below. Cookies are small text files stored in Your device (e.g. computer, mobile phone, tablet) browser when You browse websites. Other technologies, including data we store on Your browser or device, identifiers associated with Your device and other software, may be used for similar purposes. Cookies are used extensively to make websites work or work better and more efficiently.
Essential cookies – these cookies are necessary for the proper functioning of the website. They enable the use of certain functions of the website, such as the management of network services (load balancing), the storage of user preferences. Cookies are used to ensure the technical functioning of the website.  
If You disable cookies in Your browser, some features of the website may not work at all or in part.

Name

Supplier

Purpose

Valid for

PHPSESSID

-

to set up a user session and transmit status data

Until the closing of the website window

gpdr-checked

-

To inform the user about the cookies used

Until the closing of the website window

13. How can You manage cookies?
By visiting the website (www.epsoginvest.lt) You can choose whether You want to use cookies. You can control cookies on the website itself and (or) delete them according to Your preferences in the browser. You can refuse the use of optional cookies on the website, which are not mandatory, but the website may not be fully functional.  

In Your browser settings, You can choose which cookies You want to accept and which You want to reject. You can delete all cookies that are already on Your computer, and most browsers allow You to prevent cookies from being saved. The location of these settings depends on the browser You are using.

If You do not agree to the storage of cookies on Your computer or other device, You can revoke Your consent to use them at any time by changing the settings on the website and deleting the saved cookies in Your browser. If You have chosen to delete cookies, remember that all the options set will also be removed. In addition, by blocking cookies completely, many websites (including www.epsoginvest.lt) may not function properly. For these reasons, we do not recommend disabling essential cookies
14. How to remove cookies from Your device?
In order to prevent the processing of Your personal data with the help of cookies, You can change the settings of Your web browser so that cookies are not accepted or delete the saved cookies. You can change the cookie settings in Your browser at any time. All browsers have the option to delete cookies. More detailed instructions depend on the browser You are using,

You can find them in the options menu of the browser You are using:  
Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari web and iOS  
More information https://allaboutcookies.org/  

Please note that the removal or blocking of the cookies used may affect the functioning of the website and some of its functionalities, as well as may adversely affect Your use of the services available on the portal.

In order to learn more about cookies and how to manage or delete them, just visit https://allaboutcookies.org/ and Your browser’s help page.
15. How to contact the Company or Personal Data Protection Expert?
If You have any questions, comments or complaints about how we collect, use and store information about You, or if You wish to exercise Your rights as a data subject, You can contact:
15.1. Company, address: Laisvės ave. 10, Vilnius, Tel. No. +370-685 84866, e-mail: [email protected]
[1] The EEA or European Economic Area shall be composed of the Member States of the European Union and Iceland, Norway and Liechtenstein.
About us
Projects About company Strategy Management
Contacts
EPSO-G Invest
Legal entity code 306949519
Laisvės ave. 10, LT-04215 Vilnius
[email protected] (+370) 699 89818
Cookies Policy and Privacy Notice Trust line