Privacy Policy
Bold One UAB (company code: 307149124, registered address: Vilnius, Lvivo str. 21A, LT-09313) (Data Controller, we, us) hereby informs you in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), as well as the Law on the Protection of Personal Data.
Under this Privacy Policy, Bold One UAB acts as the data controller of your personal information.
For any inquiries related to the processing of personal data, please contact us using the details below:
Address: Gedimino ave. 20, Vilnius
Email: compliance@bold.one
For the purposes of this Privacy Policy, the term “Personal Data” (Personal Data) means any information or set of information that enables us to identify you, either directly or indirectly, such as through your first and last name, email address, telephone number, or similar details and etc.
Personal Data receive and process
Data Controller may receive and process your Personal Data in the following situations:
- when you contact us in writing, by email, or by telephone; the content of such correspondence or conversations may be recorded and stored;
- when we communicate with you regarding negotiations and/or conclude agreements, as well as when you order goods or services from Data Controller;
- when you submit in the CV, cover letter or other application document;
- when you submit certain information through the Data Controller website (Web);
- when you browse or otherwise use the Web;
- when you visit the office premises of Data Controller.
By providing your Personal Data to us, you are responsible for ensuring the information you provide is accurate and up to date.
Information on the legal basis for the processing of Personal Data
Your personal data may be processed on the following legal bases:
- you have given your consent;
- processing is necessary for the performance of a contract to which you are a party;
- processing is necessary for the Data Controller to comply with a legal obligation;
- processing is necessary for the legitimate interests pursued by the Data Controller or a third party.
Purposes of Personal Data Processing
Your Personal Data are collected and processed for the following purposes:
- to perform and administer the contract to which you are a party;
- to comply with legal obligations applicable to the Data Controller;
- to manage and maintain customer relations, including communication and service provision;
- to fulfil accounting and reporting obligations;
- to ensure information security and prevent fraud;
- to handle inquiries, complaints, and requests submitted by data subjects;
- to exercise and defend legal claims;
- to pursue legitimate interests of the Data Controller, such as improving services, marketing, and analytics, provided that such interests do not override your rights and freedoms;
- for other purposes specified at the time of data collection, if any.
Categories of Personal Data Processed
Identification Data - first name and surname; date of birth (when necessary); personal identification document details (only in cases permitted by law).
Contact Data - e-mail address; telephone number; residential or correspondence address.
Communication and Correspondence Data - content of correspondence via e-mail; call information; customer service inquiries.
Technical and Usage Data - IP address; device and browser type; Web usage statistics; cookies data.
Retention period of Personal Data
We only retain your Personal Data for as long as it is required for the specific purpose for which it was collected. Once the purpose is fulfilled, we will delete or anonymize your data, unless we are legally obliged to keep it longer. In general, we keep Personal Data no longer than the periods indicated below:
Job applicant data: retained for 3 months after the recruitment process concludes. If you have explicitly agreed, we may keep this data for up to 2 year after the recruitment process ends.
Messaging data: If the messages are used to support existing client relationships and service delivery, we may retain them for up to 2 years after the related services have ended.
Communication/correspondence data: stored for a maximum of 3 years.
Device-related data: kept for up to 2 years.
Use of Personal Data and principles that we follow
We collect and process only such Personal Data as is necessary to achieve the purposes for which it is obtained. Personal Data that is not relevant to our business activities is neither collected nor retained.
When processing your Personal Data, we ensure that:
- all processing activities comply with applicable legal requirements, including GDPR;
- Personal Data is processed in a lawful, fair, and transparent manner;
- Personal Data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes, unless permitted by applicable law;
- reasonable steps are taken to ensure that inaccurate or incomplete Personal Data is promptly corrected, supplemented, restricted, or erased, taking into account the purposes of processing;
- Personal Data is retained in a form that allows identification of the data subject only for as long as necessary to fulfill the purposes of processing;
- Personal Data is not disclosed to third parties or made publicly available, except in cases expressly set out in this Privacy Policy or required by applicable legislation;
- appropriate technical and organizational measures are implemented to ensure an adequate level of Personal Data security, including protection against unauthorized or unlawful processing, as well as against accidental loss, destruction, or damage.
Transfer of Personal Data outside the EEA
Your Personal Data may be transferred to countries outside the European Economic Area (EEA). We will only do this under strict conditions:
- Data is shared exclusively with our reliable service providers who support the delivery of our services to you;
- We enter into written agreements with these providers that impose obligations to protect your Personal Data in line with legal requirements (including, where applicable, Standard Contractual Clauses);
- The transfer may occur only to countries that the European Commission has recognized as providing an adequate level of data protection;
- In cases where no adequacy decision applies, we will only transfer your Personal Data abroad if you have expressly consented to such transfer.
Data subject rights
As a data subject, you have the following rights in relation to your Personal Data:
- The right to be informed about the processing of your Personal Data (right to be informed);
- The right to access your Personal Data and to know how they are processed (right of access);
- The right to request rectification of inaccurate Personal Data or completion of incomplete Personal Data, taking into account the purposes of the processing (right to rectification);
- The right to request the erasure of your Personal Data or to request the cessation of processing of your Personal Data (other than storage) (right to erasure and the right to be forgotten);
- The right to request restriction of the processing of your Personal Data in the presence of one of the lawful grounds (right to restriction);
- The right to data portability (right to data portability). This right shall be exercised only if the conditions for its implementation exist and if appropriate technical measures are in place to ensure that transferring the requested Personal Data to another person does not create a risk of security breach;
- The right to object to the processing of your Personal Data where we process the Personal Data on the basis of our or a third party’s legitimate interest, including profiling. If you object, we may continue processing your Personal Data only if we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
We may refuse to comply with the above rights, except for the right to object to the processing of Personal Data where the Personal Data are processed on the basis of your consent, where the applicable GDPR provisions allow us to refuse your request, or where, as provided by law, it is necessary to ensure prevention, investigation and detection of crimes, breaches of official or professional ethics, as well as the protection of the rights and freedoms of the data subject, ourselves and other persons.
Where your Personal Data are processed on the basis of consent, you may withdraw such consent at any time. We shall immediately, within a reasonable period of time, cease the processing of your Personal Data. Withdrawal of consent does not automatically require us to erase your Personal Data or to provide you with information about the Personal Data we process; therefore, if you wish us to perform such actions, you must make a separate request.
Any request or instruction related to the processing of Personal Data may be submitted to us in writing by one of the following means: delivered in person to the address: Gedimino ave. 20, Vilnius, or by e-mail to: compliance@bold.one. When submitting such a request, in order to better understand its content, we may ask you to complete the necessary forms and/or or other information that will help us verify your identity.
Upon receipt of your request or instruction regarding the processing of Personal Data, we shall provide a response and perform the actions specified in the request no later than within 1 month from the date of receipt. If necessary, this period may be extended by an additional 2 months, taking into account the complexity and number of requests. In such case, we shall inform you about the extension within 1 month from the date of receipt of the request.
If your Personal Data are erased at your request, we will retain only those copies of information that are necessary to protect our and other persons’ legitimate interests, to comply with obligations imposed by state or local authorities and institutions, to resolve disputes, to detect disruptions, or to comply with any agreements you have concluded with us.
If you wish to submit a complaint regarding our processing of your Personal Data, please send it to us in writing, providing as much detail as possible. You may use the contact information provided at the end of this Privacy Policy. We will cooperate with you and aim to address your concerns promptly.
If you believe that your rights under the GDPR have been violated, you have the right to file a complaint with the supervisory authority, the State Data Protection Inspectorate. We encourage you to contact us first so that we can attempt to resolve any issues quickly and amicably.
Cookies
Our Web uses cookies and similar tracking technologies. Cookies are small text files that are placed on a user’s device when visiting a Web. They enable the Web to recognize the user’s device, ensure proper functioning of the Web, and improve the browsing experience.
We use cookies for several purposes, including ensuring that the Web operates correctly, improving the performance and functionality of our services, analyzing traffic and user behavior on the Web, enhancing security, and, where applicable, supporting marketing activities.
Users may control or restrict the use of cookies through their browser settings. Most web browsers allow users to block or delete cookies that have been stored on their device. Information on how to manage cookie settings is usually available in the browser’s help section or through the device manufacturer’s instructions for mobile devices. Please note that if cookies are disabled or restricted, certain parts of the Web may not function properly or may become inaccessible.
The Web may use the following categories of cookies:
Strictly necessary cookies – these cookies are essential for the operation of the Web and enable core functionalities such as navigation, security, and access to certain features.
Functional and performance cookies – these cookies allow the Web to remember user preferences and improve overall functionality and performance.
Analytical cookies – these cookies help us understand how visitors interact with the Web by collecting aggregated information about usage and traffic patterns.
Marketing cookies – these cookies may be used to provide users with relevant advertising and to measure the effectiveness of marketing activities.
Where required by applicable law, cookies that are not strictly necessary will only be used after the user has provided consent through the Web cookie consent mechanism.
Final provisions
We reserve the right to modify this Privacy Policy unilaterally. We may notify you of any changes via email or other customary communication channels. Any amendments or updates will become effective from the date specified in the revised Privacy Policy, unless a different effective date is explicitly stated.
If you continue to use the Web after the Privacy Policy has been updated, you will be deemed to have accepted the revised terms.
Any disputes arising from the interpretation or implementation of this Privacy Policy shall first be attempted to be resolved through negotiations. If no agreement can be reached, disputes shall be settled in accordance with the laws of the Republic of Lithuania.
