Privacy policy
1. What is the purpose of this Privacy Policy?
This Privacy Policy (the “Policy”) describes how we collect, use, disclose, and store your personal data (the “Data”), as well as the statutory rights you have. We protect your Data in accordance with applicable data protection laws, including the EU General Data Protection Regulation 2016/679 (the “GDPR”).
2. Who is my Data Controller?
Name: Confluence Valley, UAB
Registration code: 307179217
Email address: info@confluencevalley.org
Address: Švitrigailos st. 34, LT-03230 Vilnius
3. Purposes and legal basis of processing, categories of the Data concerned
3.1. Handling your inquiries, requests and complaints
When you submit an inquiry, request, or complaint, we process the Data listed below in order to provide you with appropriate support and to ensure proper handling of your case.
Legal basis for the processing |
Categories of the Data concerned |
Is the provision of the Data a requirement? |
Consent
(Article 6(1)(a) GDPR)
Legitimate interest (to handle your inquiries (Article 6(1)(f) GDPR)
|
Name, surname, e-mail address, telephone number, residential or business address, the content of the inquiry, request, or complaint, information and documents related to the submitted inquiry, request, or complaint, responses, correspondence records, chat transcripts, and any other information voluntarily provided by you in the course of communication. |
No |
3.2. Security, functionality, and improvement of our website
To ensure the security, stability, and proper functioning of our website, as well as to protect against fraud and abuse, we automatically collect and process certain technical and usage-related data. This information also helps us monitor performance, detect errors, implement upgrades, develop new features, and improve the overall user experience.
Legal basis for the processing |
Categories of the Data concerned |
Is the provision of the Data a requirement? |
Legitimate interest
(to ensure the security, proper functioning, and continuous improvement of the website, mobile application, and products) (Article 6(1)(f) GDPR)
|
IP address, device identifiers, device type and model, operating system and version, browser type and version, screen resolution, language settings, time zone, session identifiers, cookies and similar tracking technologies, browsing and interaction data on the website, referrer URL, geolocation data (if enabled), network and connection information, log files, error and crash data, authentication and access records |
No |
3.3. Recruitment
When you apply for a vacant position in our company or when we contact you regarding job opportunities, we process your Data related to the recruitment process.
Legal basis for the processing |
Categories of the Data concerned |
Is the provision of the Data a requirement? |
Consent
(Article 6(1)(a) GDPR)
Legitimate interest to contact you regarding job opportunities in our company
(Article 6(1)(f) GDPR) |
Name, surname, place of residence or residential address, e-mail address, telephone number, information about work experience (employer, period of employment, position, responsibilities, achievements), information about education (educational institution, period of study, degree and/or qualification obtained), information about training (courses attended, certificates obtained), information about language skills, IT skills and other competences, other information provided in the CV, cover letter or other application documents, name of the referee/recommending person, content of the recommendation, summary of the interview, notes and opinions of the recruiter, results of candidate testing. |
No |
3.4. Compliance with legal requirements and defence of our legal interests
We will retain the Data in accordance with statutory limitation periods to defend our rights and legal interests if necessary. Some data must be retained to comply with legal requirements in accounting, archiving, and other areas. In rare cases, if you become involved in a legal process to which we are a party, we will use this data for that legal process.
Legal basis for the processing |
Categories of Data concerned |
Is the provision of the Data a requirement? |
Legal obligation
(Article 6(1)(c) GDPR)
Legitimate interest in protecting our rights and legal interests
(Article 6(1)(f) GDPR) |
Name, surname, email address, contracts, legally binding documents and data, correspondence, legal documents, pleadings, annexes, court documents, investigative information, information about convictions and criminal offences, correspondence, logs, possible breaches and incidents, and any other Data provided and collected |
When the processing of your Data is required under applicable laws, providing this data becomes a legal necessity. If you are unable to provide this data, unfortunately, we will not be in a position to offer our services to you. |
4. How long do you keep my Data?
We retain the Data in a form that allows your identity to be determined no longer than necessary for the purposes for which the Data is processed, and in accordance with legal requirements. We will retain information necessary for the protection of our legal interests for 10 years after the termination of relationship with you.
5. Where do you collect my Data from?
We collect most of the Data from you. Where necessary for the purposes set out below, we collect Data from other sources.
Source of origin of data
|
Purpose of processing |
Recruitment agencies, job search portals, professional social networks (e.g. LinkedIn)
|
Recruitment |
Supervisory authorities, police, prosecutors, courts, law enforcement and other state and municipal authorities, participants in legal proceedings and their representatives
|
Compliance with legal requirements and defense of our legal interests
|
6. Who do you share my Data with?
Where necessary for the above purposes and subject to applicable law, we share data with the following recipients.
Recipients or categories of recipients |
If the Data are to be transferred
to a third country or an international organisation:
|
Third country
|
Safeguard measure or exemption allowing the transfer
|
Lawyers, notaries, bailiffs, data protection officers, auditors, tax, business, HR and other consultants
|
--- |
Providers of IT tools and services, electronic communications service providers, travel agencies, insurance companies, archiving and other service providers
|
--- |
State labour, social security, tax, supervisory authorities, police, prosecutors, courts, law enforcement and other state and local authorities
|
--- |
Potential or actual purchasers of the business or part of it and their authorised advisers or representatives
|
Various
|
EU Standard Contractual Clauses |
7. What rights do I have in relation to the processing of my Data?
My right
|
Summary |
The right to obtain confirmation from us as to whether Data relating to you is being processed and, if such Data is being processed, the right to have access to the Data and information about the processing. |
Right to rectification |
The right to require us to rectify inaccurate Data relating to you. |
Right to erasure (‘right to be forgotten’) |
- when Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- when you withdraw consent on which the processing of Data is based and there is no other legal ground for the processing;
- when you object to the processing of Data and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;
- where the Data have been unlawfully processed;
- where the Data have to be erased for compliance with a legal obligation;
- where the Data have been collected in relation to the offer of information society services directly to a child and subject to a consent. |
Right to restriction of processing |
- where the accuracy of the Data is contested by you;
- where the processing of Data is unlawful and you oppose the erasure of the Data and request the restriction of their use instead;
- where we no longer need the Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
where you have objected to the processing of the Data and until it has been verified whether our legitimate interests override yours. |
Right to data portability |
where you seek to receive the Data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means. |
Right to object |
where the collection and use of the Data is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your data for direct marketing purposes. |
Right to withdraw consent |
where the processing of Data is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time. |
Right to lodge a complaint |
Right to lodge a complaint with a supervisory authority |
8. Does your website place cookies on my device?
Yes, our website places the following cookies on your device:
Purpose of processing |
Cookie |
Category |
Whether third parties will have access to the information |
Duration of operation |
_ga |
Analytics / Performance |
Yes – Google LLC (US) |
2 years |
To distinguish individual users by assigning a unique ID. |
_gid |
Analytics / Performance |
Yes – Google LLC (US) |
24 hours |
To throttle request rates and limit data collection on high traffic sites. |
_gat |
Analytics / Performance |
Yes – Google LLC (US) |
1 minute |
To store campaign information and attribute conversions to the correct advertising channel. |
_gcl_au |
Analytics / Advertising |
Yes – Google LLC (US) |
3 months |
To persist session state and link user interactions within one session. |
ga_<container-id> |
Analytics / Performance |
Yes – Google LLC (US) |
2 years |
To identify individual clients behind a shared IP address and apply security-based rate limiting, ensuring the website remains protected from abusive traffic. |
_cfuvid |
Necessary / Security |
Yes – Cloudflare, Inc. (US) |
Session (deleted when the browser is closed) |
9. How can I manage cookies?
You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:
● Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
● Google Chrome: https://support.google.com/chrome/answer/95647
● Opera: https://www.opera.com/help/tutorials/security/privacy
● Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
● Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-information-sfri11471/mac
10. Automated decision-making, including profiling
No, we do not make decisions based solely on automated processing of Data, including profiling, which would produce legal effects concerning you or similarly significantly affects you.
11. How can I contact your Data Protection Officers?
You can contact our Data Protection Officers at: info@confluencevalley.org
12. Can this Policy be amended?
We may amend this Policy unilaterally from time to time. Any such amendments will take effect immediately upon publication. Therefore, please visit our website regularly to review the latest version of this Policy.
Last update date: 2025-11-17
