Privacy Statement

We are committed to protecting your privacy. This privacy statement (the “Privacy Statement“) explains what information about you we process when you use QND.legal website (“Site”) and our accounts on social networks (Facebook, Linkedin), why we do it, how we use it and your legal rights in relation thereto. Please also read our Cookie Statement, which tells you how we use cookies and / or other similar tracking technologies, if any.

1. WHICH PERSONAL DATA PROTECTION LAWS DO WE ABIDE BY?

When handling your personal data (i.e. any information which could be used to identify you), we adhere to the provisions outlined in Regulation (EU) 2016/679 (General Data Protection Regulation) (the “GDPR”), along with the processing requirements for personal data set forth by the Law on the Legal Protection of Personal Data of the Republic of Lithuania. To the extent applicable, there may also be other laws and regulations that we comply with.

2. WHO PROCESSES YOUR PERSONAL DATA AND HOW TO GET IN TOUCH?

This Site is owned and operated by QND Legal (please refer to Legal Statement). We are a controller of, and we are accountable for the legal processing of your personal data. Should you wish to reach us in relation to this Privacy Statement, please use the contact form available at our Site or send a letter to our address at: QND Legal, Dariaus ir Girėno g. 34F, Vilnius, Lithuania.

3. WHAT ARE THE PRINCIPLES OF PERSONAL DATA PROCESSING THAT WE ADHERE TO?

When processing your personal data, we adhere to the following principles in accordance with GDPR and other relevant legislation:

• Compliance: We comply with current and applicable legislation, including the GDPR.
• Lawfulness, fairness, and transparency: We process your personal data in a lawful, fair, and transparent manner.
• Purpose limitation: We collect your personal data for specified, clearly defined, and legitimate purposes. We do not continue to process it in a manner incompatible with those purposes, except as permitted by law.
• Data accuracy: We take reasonable steps to ensure that your personal data is accurate, complete, and up-to-date, considering the purposes for which it is processed. Inaccurate or incomplete data will be rectified, supplemented, suspended, or deleted without undue delay.
• Data retention: We retain your personal data in a form that allows your identity to be established for no longer than necessary for the purposes for which it was processed.
• Confidentiality: We do not disclose or transfer personal data to third parties except as outlined in our Privacy Statement or as required by applicable law.
• Data security: We ensure reasonably appropriate security measures are in place to protect your personal data against unauthorized or unlawful processing, as well as unintentional loss, destruction, or damage, through technical and organizational safeguards.

 

4. WHAT PERSONAL DATA WE MAY PROCESS, FOR WHAT PURPOSES AND ON WHAT GROUNDS?

What categories of personal data we may process?	Why we process such personal data?	What is the legal basis?	How long we may keep personal data?	Where may we get the personal data?	Where may we provide such personal data?
When you visit the Site, data about your browsing on the Site is collected using cookies (IP address, type of Internet browser used, number of visits, pages viewed on the Site, time spent on the Site, demographic data, unique ID and other data).	For administration and functioning of the Site.	Consent (Article 6 (1) (a) of the GDPR), except for necessary cookies.	Personal data is stored as long as a specific cookie is valid, unless you withdraw your consent in relation to use of cookies earlier. More information about cookies can be found in Cookie Statement.	From you, or third parties.	For service providers (e.g. data storage services,  marketing services, etc.).
Your name, surname, position, company name, email address, phone number, content of your inquiries.	For administering your inquiries and requests	Consent (Article 6 (1) (a) of the GDPR).	Personal data is processed for 12 months from the date of receipt of your inquiry.	From you.	For service providers (e.g. data storage services, etc.).
Your social network account name, profile picture, comments, reactions, content of your inquiries.	For managing and administering social network (Facebook, Linkedin) accounts.	Consent (Article 6 (1) (a) of the GDPR). Legitimate interest (Article 6 (1)(f) of the GDPR).	We may store relevant data for as long as our or your social network account is valid, unless you express a wish to delete your data in our social network accounts earlier (provided this is technically possible).	From you, or third parties.	For service providers (e.g. data storage services, etc.).
Your name, surname, position, company name, phone number, address, e-mail address, bank account number, information about legal services provided, taxpayer information, invoices issued and the information contained therein, electronic correspondence history, other information provided to us or sent to you.	To provide legal services.	Contract (Article 6 (1) (b) of the GDPR). Legitimate interest (Article 6 (1)(f) of the GDPR). Performance of obligations (Article 6 (1)(c) of the GDPR)	10 years following the last instance of providing legal services to you.	From you.	Based on the type of legal services rendered, we might share personal data with various entities, including public registries, courts, arbitrators, legal representatives of opposing parties, law enforcement agencies, financial institutions, other law firms, other regulatory bodies,  service providers offering marketing, accounting, IT, translation, and related services. We only share such data to the extent necessary for the effective delivery of legal services.

 

We aim to keep your personal data for the minimum duration necessary to accomplish the purposes for which such data was processed.

5. HOW DO WE GET YOUR PERSONAL DATA?

As you may have already understood from the above, we collect and process your personal data through various channels:

• Direct submission: This involves you providing us with your personal data directly, whether through written correspondence, communications with our team, lodging complaints about our services, or other forms of direct interaction.
• Site and social media usage: When you utilize our Site or engage with our social media accounts, certain information, such as your IP address and browser type, is automatically collected to enhance your browsing experience, or for other purposes as described above.
• Third-party sources: We may also receive your personal data from third parties, such as state institutions, in accordance with legally established procedures.

Furthermore, to enhance our services and ensure accuracy, we may combine the personal data you provide with information lawfully collected from other sources, including data obtained through website cookies, information gathered during service provision, or data lawfully acquired from third parties.

6. DO WE SHARE YOUR DATA WITH THIRD PARTIES?

Your personal data will be handled with care and will not be disclosed or transferred to third parties without a legitimate basis. We will use your personal data for the purposes for which it was collected, in compliance with this Privacy Statement and applicable law.

Your personal data may be transferred to companies assisting us in our operations, such as those providing marketing or IT services. These partners are contractually obligated to process your data only as instructed by us and in accordance with data protection laws. We also may disclose your information if required by law or law enforcement authorities.

We may share your personal data with:

• Third-party service providers (who are bound by agreements to use your personal data solely for providing services to us and not for any other purposes), including technical service providers assisting in contract performance, newsletter distribution, or other marketing activities.
• Service providers we typically use for data storage, telecommunications, and website hosting.
• Government and law enforcement agencies, when mandated by law or to defend our legitimate interests.
• Other entities and actors as described in response to question 4 of this Privacy Statement.

 

7. IS YOUR DATA TRANSFERRED OUTSIDE OF THE EUROPEAN ECONOMIC AREA?

Generally, your personal data is intended to be kept within the boundaries of European Economic Area (EEA), however, it is possible that your data may be transferred outside of EEA. This could occur if our service providers utilize storage or other services located outside of the EEA. Additionally, there may be instances where such transfer is reasonably necessary for us to provide our legal services effectively. Rest assured, we take necessary precautions to ensure that any such transfers comply with applicable data protection laws and safeguards.

8. WHAT ARE YOUR RIGHTS?

We guarantee the implementation of these rights and the provision of any related information at your request or in case of your demand:

• to know (be informed) about the processing of your personal data;
• to get access to your personal data that we process;
• to request correction or addition, adjustment of your inaccurate, incomplete personal data;
• to require the destruction of personal data when they are no longer necessary for the purposes for which they were collected;
• to demand the destruction of personal data if they are processed illegally or when you withdraw your consent to the processing of personal data or do not give such consent, when is necessary;
• to disagree with the processing of personal data or withdraw your previously provided consent;
• to request to provide, if technically possible, the provision of your personal data in an easily readable format collected under your consent or for the purpose of performing the contract, or request the transfer of data to another data controller;
• other rights as per applicable legislation.

Should you wish to implement any of your rights, please send relevant request via contact form at our Site.

Upon receiving your request, we may ask for proof of your identity or other identifying details to ensure the rightful exercise of your data subject rights and prevent unauthorized disclosure. Failure to verify your identity may impede our ability to fulfill your rights.

We offer information on personal data processing free of charge. However, unfounded, repetitive, or disproportionate requests may incur an administrative fee.

Upon receipt of your request, we commit to responding within 30 calendar days, provided all necessary documents are submitted on time.

In exceptional cases, if more time is needed, we may extend the response period by two months, depending on complexity. We’ll notify you in writing within one month of receipt, stating the reasons for the delay. If required, we’ll pause processing your data (except for storage) until the matter is resolved. If you lawfully withdraw your consent for data processing, we’ll promptly cease processing your data, unless legally obligated otherwise. The response will match the method of your initial request.

Please note that we reserve the right not to comply with your requirements under certain circumstances, including in instances where it is necessary to ensure the performance of the legal obligations imposed on us, national security or defense, public policy, the prevention, investigation, detection or prosecution of criminal offenses and due to other similar materially important reasons.

9. HOW DO YOU MAKE A COMPLAINT?

If you intend to file a complaint regarding our handling of your personal data, kindly submit it in writing, including as many details as possible. You can send your complaint via contact form at our Site., or the address of QND Legal if you want to submit the complaint by post. We will promptly address any concerns raised.

Furthermore, you can file a complaint with our supervisory authority – the State Data Protection Inspectorate, contact details: L. Sapiegos str. 17, LT-10312 Vilnius, email ada@ada.lt.

In all cases, we kindly urge you to contact us before making a formal complaint so that we can reach a reasonable compromise and resolve your grievance.

10. WHAT ELSE?

External websites. When navigating the Website, you may encounter links directing you to external websites, including those of our business partners or platforms promoting our services. It’s important to recognize that these websites and the services they offer have their own distinct privacy policies. We bear no responsibility or liability for the policies of these external sites or for any personal data they may collect, such as contact or location details. Prior to submitting any personal information or utilizing services on these sites, we urge you to thoroughly review their respective privacy policies.

Transmission of data through internet. While we strive to safeguard your personal data, it’s important to note that transmitting information over the Internet carries inherent risks. We cannot guarantee the security of your data during transmission to the Site or otherwise using Internet and therefore you assume relevant risks. Please do not use the inquiry form available on the Site for sending sensitive information. In the rare event of a personal data breach posing a significant risk to your rights or freedoms, we will promptly notify you upon becoming aware of it and take other necessary actions in relation thereto.

Changes to Privacy Statement. We reserve the right to change and update this Privacy Statement in whole or in part. Any such amendments and revised Privacy Statement will be posted on the Site and become effective upon such posting. We advise to regularly review our Privacy Statement so that you are always up to date.