Privacy Notice

Last Update 2024-06-12

The controller of personal data specified herein below is MAXIMA GRUPĖ, UAB, code: 301066547, registered address: Ozo str. 25, Vilnius, Lithuania (the ‘Company’).

This privacy notice (the ‘Privacy Notice’) is targeted at persons ( ‘you’) who use the Company’s services, have connections (e.g. provide services) or visit the Company’s websites (www.maximagrupe.lt; www.maximagrupe.eu or other).

In this Privacy Notice we provide information about the processing of your personal data conducted by the Company, the purposes for which we collect your personal data, the types of personal data we process and your rights related to the processing of your personal data.

By using our services, providing services or otherwise maintaining business relations with the Company or continuing to browse the websites, you confirm that you have read this Privacy Notice, understand its provisions and agree to comply with them.

The Company collects and processes personal data in compliance with General Data Protection Regulation (‘GDPR’) and laws governing the protection of personal data.

The scope of processed personal data depends on the services used or rendered and the information provided by a person who uses the services or browses our websites.

The Company seeks that the processing of personal data is accurate, fair and lawful, that the data are processed only for the purposes for which they have been collected, that they are processed in compliance with the clear and transparent principles of personal data processing and requirements set forth in legislation.

This Privacy Notice may be update by the Company at any time. The Company will inform you about updates by posting the new version of the Privacy Notice on the website together with the dates of corrections made. By continuing to use the website after amendments to the Privacy Notice you agree with the amendments made.

If any of the provisions of the Privacy Policy is recognised as invalid or non-applicable, this provision does not affect the legality and validity of the remaining provisions of the Privacy Policy.

This Privacy Policy is applicable as of 25 May 2018, updated 19 May 2023 and the date of last amendments are 12 June 2024.

Why, what data, on what grounds and for how long do we process your data?

Why do we collect information about you?	What information do we collect about you?	Why do we have the right to collect the information you provide?	How long do we use or store information about you?
We examine and respond to your submitted inquiries, requests, or other information	Name, surname, e-mail address, tel. No., signature, date of referral, referral number (registration number) and the information provided in it, the outcome of the proceedings, and, if the person making the request, complaint or proposal has been contacted by e-mail, the personal data recorded in the communication.	Your consent which is implied through your active actions, such as submitting (Article 6(1)(a) GDPR)	If you apply/email us, electronic correspondence will be stored up to 5 years.
We select candidates to become our employees	Name, surname, date of birth, phone No., place of work, e-mail address, place of residence (address), education, date of receipt of resume, personal characteristics, work experience, knowledge of foreign languages, ability to work with computer programs, other information provided in the resume, recommendation and (or) motivation letter.	You provide your personal data by giving consent, which is implied by through your active actions, i.e. sending CV by e-mail to cv@maximagrupe.eu or by submitting your CV by other means (GDPR Art. 6 d. 1 d. a p.)	If you have provided your personal data in specific candidate selection process, we will process your personal data until the end of such a selection process, unless you will provide separate consent for a longer period. In other cases, your provided personal data will be stored for no longer than one year from the date of submission.
	To evaluate your candidacy, we may contact your former employers for references regarding your qualifications and professional skills. We may contact your current employer for such information but only with your prior consent. If, having considered your application, we choose a candidate who better meets our requirements, we may ask for your separate consent to the storage and use of your personal data obtained during selection for the purposes of other staff selection processes and to our contacting you to this end. If we obtain such consent from you, we will store the said personal data for one year after the date of receipt of consent. After you give such consent, you have the right to withdraw it at any time, without affecting the lawfulness of data processing based on consent before its withdrawal. If you exercise this right, we will immediately take actions to erase your personal data. More about our Candidates’ Privacy Policy – Job Applicant's Personal Data Protection Policy
We manage the insiders list and implementing the requirements of the Market Abuse Regulation[1]	Name, surname acquired at birth, work and personal phone No., date of birth, personal identification number, home address, reason for inclusion in the list or job title, date and time of inclusion to the list, date and time of removal from the list.	We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR)	5 years from the date of the last update of the insider list.
We manage the list of persons discharging managerial responsibilities and their closely associated persons to implement the requirements of the Market Abuse Regulation1	Name, surname, the nature of your relationship with the person closely associated and the date of inclusion in the list, signature; name, surname, signature and relationship of your closely associated persons (spouses, partners, persons treated as spouses in accordance with the procedure established by the legislation), children or stepchildren (aged 16 and over living with the senior executives), relatives who have been living with the person discharging managerial responsibilities for 1 year prior to the date of conclusion of the transaction in question)	We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR)	1 year after the person in a leading position leaves the position.
We conclude and execute contracts with you, and fulfil related tax obligations	Business partner employee name, surname, phone No., e-mail address, signature, basis of representation (power of attorney, articles of association, etc.), job title, other information relevant to the conclusion and performance of the contract, depending on the nature of the contract. If we conclude a contract with a natural person, we additionally process: personal code or date of birth and bank account number.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR) We conclude and perform a contract with you (Article 6(1)(b) GDPR)	During the term of the contract and for 10 years after the end of the contract.
We conduct internal audits in our group companies	Personal data recorded in documents, including but not limited to e-mails, etc., of employees and representatives of contractors of Group companies, which are provided for internal audit purposes.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR).	10 years after the end of specific internal audit.
We provide holding and other related services to our Group companies	Name, surname, position, tel. No., e-mail address, any other personal data recorded in the course of providing holding or other services of a consultative nature, the number of hours spent on the consultation, the area, the category and the description of the consultation.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR).	Personal data is stored for 10 years after provision of services.
We manage an internal whistleblowing channel (the Trust line) and conducting internal investigations on the basis of the information received	If the information is not provided anonymously, the data provided by the person himself is collected - first name, last name, tel. No., personal identification number, e-mail address, the circumstances specified in the notice, the date of submission of the notice, the decision on informing about the actions taken and the decisions made.	We have a legitimate interest in processing your personal data (Article 6(1)(f) GDPR) We have the right to process your personal data in accordance with the law (Article 6(1)(c) GDPR).	We store personal data for 5 years after the evaluation of the received information or the completion of an internal investigation.

We use only necessary cookies on the website, which allow us to ensure convenient browsing, efficient and safe operation of our website:

Name of the cookie	Description/Type	Moment of creation	Duration	Data used/collected
CMSESSID[code]	Standard cookie for upholding the session. Necessary cookie	Entering the Website	Until the end of session	Unique identifier

From what sources do we collect your personal data?

We collect most of the personal data you provided to us. However, we may also receive certain personal data from other sources. like legal entities where you work (e.g. MAXIMA GRUPĖ, UAB group companies, suppliers with whom we enter into contracts etc.) or when you visit our website.

To fulfil the purposes mentioned above, we will only ask you for the personal data strictly necessary.  We kindly request that you refrain from sharing any information beyond what is requested, such as political views, nationality, religion, and similar details.

In what cases and to what third persons do we disclose your data?

Without your prior consent the Company does not transfer your personal data to any third persons, except for the cases described below.

We may transfer your data for processing to our partners, service providers, as well as the entities listed below only when it is necessary to achieve the above-mentioned goals and we have a legal basis for this:

1)     banks for processing payments;

2)     courts, supervisory authorities, law enforcement agencies, and other government institutions;

datacentre, hosting, cloud service providers, website administration and related service providers, software developers, software support and development companies, IT infrastructure service providers, and telecommunications and other service providers to the extent necessary to operate our website and provide our services.

In each case, we only provide the data processor with as much data as is necessary to fulfil a specific order or provide a specific service.

Our used data processors may process your personal data only in accordance with our instructions. In addition, they are required to ensure the safe processing of your data and an adequate level of data protection in accordance with the minimum technical and organizational measures we have established, which are set out our written agreements.

Data may also be provided to competent public or law enforcement authorities, e.g. police or supervisory authorities, yet only upon their demand and only when this is required in accordance with the effective legislation or in cases and under the procedure set forth in legislation, in order to ensure our rights, security of our group companies, employees and resources, and to establish, exercise or defend legal claims.

In what territories and jurisdictions do we process your personal data?

We process your personal data in the territory of the European Economic Area (‘EEA’). We currently do not have any intention to transfer and do not transfer your personal data to any third countries.

How do we secure your personal data?

The Company implements and constantly updates appropriate organisational and technical measures that ensure security and help protect personal data against accidental or unlawful destruction, replacement, disclosure, as well as against any other unlawful processing.

What rights are granted to you under data protection legislation and how can you exercise them?

Personal data protection legislation grants many rights that you can freely exercise and we have to ensure this possibility to you. Where permitted by law, you have the following rights:

a)      Right of access to your personal data processed by us;

You have the right to obtain our confirmation as to whether or not we process your personal data, and the right of access to your personal data processed by us as well as information on the purposes of processing, the categories of processed data, the categories of data recipients, the period of data processing. We provide most of this information to you in this Privacy Notice and we believe you will find it useful.

We present a substantial part of this information in this Privacy Notice and we believe that it is useful to you.

b)      Right to rectification of personal data

You may also contact us in ways specified this Privacy Notice and ask us to rectify or specify your data.

c)       Right to withdraw consent

In cases where we process your data on the basis of your consent, you have the right to withdraw your consent at any time and data processing based on your consent will be terminated.

d)      Right to lodge a complaint

If you consider that we process your data by infringing the requirements of data protection legislation, we always first of all ask you to contact us directly. We believe that through benevolent efforts we will manage to dispel your doubts, satisfy your requests and correct our mistakes, if any.
If you are dissatisfied with our proposed problem solution or, in your opinion, we do not take actions that are necessary according to your request, you will have the right to lodge a complaint to a supervisory authority which is the State Data Protection Inspectorate in the Republic of Lithuania (further information: www.ada.lt).

e)       Right to object to the processing of data where processing is based on legitimate interests

You have the right to object to the processing of personal data where personal data is processed on the grounds of our legitimate interests.
If you want to exercise the right specified in this section, please submit a written request to by below provided email.

f)        Right to erasure (’right to be forgotten’)

Under certain circumstances specified in data processing legislation (when personal data are processed unlawfully, the grounds for data processing have expired, etc.), you have the right to request us to erase your personal data. If you want to exercise this right, please submit a written request by below provided e-mail.

g)      Right to restriction of processing

Under certain circumstances specified in data processing legislation (when personal data are processed unlawfully, you contest data accuracy, you objected to data processing on the basis of our legitimate interest, etc.), you also have the right to restrict your data processing.
If you want to exercise the right specified in this section, please submit a written request by below provided e-mail.

h)      Right to data portability

You have the right to move data that we process based on your consent and by automated means to another data controller. We will provide the data that you request to move in a machine-readable format that we commonly use in our systems, and where you request so and if we have technical possibilities, we will transmit data directly to another data controller you have specified. If you want to exercise the right to data portability, please submit a written request by below provided e-mail.

The procedure of examination of request

In order to protect your and other persons’ data from unlawful disclosure, we will have to verify your identity upon your request to provide data or exercise your other rights. For this reason, we may ask you to indicate your name, surname, e-mail address or telephone number and we will compare whether your provided data correspond to the respective data. During verification we may also send a control notification to the indicated contact (SMS or e-mail), asking you to perform an authorisation action. If the verification procedure is unsuccessful (e.g. your provided data do not correspond to our available data or you fail to authorise according to the received SMS or e-mail notification), we will have to state that you are not the requesting person and we will have to reject your request.

Upon receipt of your request concerning the exercise of any of your rights and having successfully carried out the above verification procedure, we commit, without undue delay, yet in any case within one month from the date of receipt of your request and completion of the verification procedure at the latest to inform you about actions we took according to your request. Having regard to the complexity and number of requests, we have the right to extend the period of one month by two additional months, informing you thereof by the end of the first month and indicating the reasons for this extension.

If your request is submitted by electronic means, we will also give you an answer by electronic means, except for cases where this is impossible (e.g. due to a particularly large scope of information) or when you ask us to respond in another way.

We will refuse to satisfy your request by a reasoned response when the circumstances specified in legislation are identified, notifying you thereof in writing.

What are the ways to contact us and what are our contact details?

You may contact us on all data processing issues in the following ways:
By e-mail: info@maximagrupe.eu
By phone: +370 669 00118

Contact details of the person responsible for data protection:
E-mail: dpo@maximagrupe.eu
Postal address: Ozo str. 25, Vilnius, Republic of Lithuania

Our legal details as the data controller:
MAXIMA GRUPĖ, UAB
Legal entity code: 301066547
Registered address: Ozo str. 25, Vilnius, Republic of Lithuania