Privacy Policy

  1. General information
    1. This Privacy policy (hereinafter – the “Privacy policy”) describes how Kotryna Group, UAB (registration number 121673734, with registered office at Vilius, Dariaus ir Girėno g. 34 LT-02189, Lithuania, e-mail: (hereinafter – “We” or the “Company”) collects, stores and processes your personal data on this Company website (hereinafter WEB).
    2. We want this Privacy policy to help you feel safe when you submit your personal data to us, and to demonstrate how we will ensure the processing of your personal data in accordance with the applicable data protection legislation, including but not limited to the General Data Protection Regulation (ES) 2016/679 (the “GDPR“) and other Data Protection legislation.
    3. Therefore, the UAB “Kotryna group”; Kotryna OY; OU, “Kotryna” and SIA “Kotryna” act as Joint Controllers, within the meaning of the GDPR. For this reason, we have concluded a “Joint Controller agreement” alongside group companies.
  2. Terms used in the Privacy policy and the principles of personal data processing
    1. Personal data means any information related to an identified or identifiable natural person (“Data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (E. g. name, surname, address, email, phone number, etc.).
    2. Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not automated (e. g. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, restriction, erasure, destruction, etc.).
    3. When processing your personal data, the company follows the following principles of personal data processing:
      1. Your personal data are processed only to the extent necessary to achieve the relevant clearly defined and legitimate purposes, taking into account the protection of your privacy;
      2. Your personal data is processed accurately, fairly and lawfully and is processed only for purposes that correspond to the purposes stated before the collection of your data;
      3. Your personal data is processed in strict compliance with the clear and transparent requirements for the processing of personal data set out in the legislation;
      4. Your personal data are processed only in such form, that permits your identification for no longer than is necessary for the data processing purpose(s);
      5. The processing of your personal data is subject to appropriate technical and organizational measures to ensure the security of your personal data, including protection against unauthorized processing and unintentional loss, destruction and damage.
  1. Purposes of the processing of personal data and information related to the processing
    • Our personal data processing operations which are performed according to the purposes:
Inquiry administration


For this purpose, we process your data so that we can evaluate and analyze your inquiries and provide you with an answer.

Identification data:

• Name and surname.


Contact information:

• Email address;

• Address;

• Telephone number.


Content details:

• Inquiry description (message);

• Documents regarding the complaint.

• etc.

Your consent, which you express by sending us inquiries, does not relate to a possible violation of your rights and (or) interests protected by law (GDPR Article 6 (1) (a)).


We are subject to a legal obligation to examine your request for a possible violation of your rights and (or) interests protected by law and to provide you with an answer (GDPR Article 6 (1) (c)).

We handle your inquiries the entire period of the inquiry and keep it for 6 months from the date of its inquiry (except for public communications). *
We receive your personal data directly from you and (or) your representative when you send us your requests, complaints, claims or other inquiries through the contacts we provide (such as address, e-mail, telephone, public space, including social networking communications and etc.).


* Personal data may be stored longer if the request is not processed or is still being processed during that time, and if personal data will be needed to protect our or third parties’ legitimate interests, such as in the event of a statute of limitations or a legal dispute. If the complaint has been resolved by signing the settlement agreement, your personal data will be stored for 10 years.

Communication in the internet:


For this purpose, we process your data so that we can communicate with you through social networks and (or) other means.


Identification data:

• Name and surname (title).


Communication details:

• Information about communication in the account (“like”, “follow”, “comment”, “share” or visit, etc.);

• Photos (profile and / or in which the Company is tagged);

• Sent message (content);

• Information about the message (time of receipt of the message, message attachments, correspondence history, etc.);

• Information on participation in events and (or) games organized by the Company (participation, non-participation, interest, compliance with the rules of the game, etc.);

• Information about the Company’s evaluation (evaluation score, feedback, etc.).

Your consent, which you express by visiting and (or) communicating with Us, in our managed social network accounts (GDPR Article 6 (1) (a)). We process the personal data provided by you until the moment of revocation of your consent (i.e. deletion of the provided personal data from the account), but not longer than until the deletion of the Company’s account. *


In the event of unauthorized communication (such as defamation, etc.), we may retain this communication as evidence for an appropriate period of time to defend our violated rights or legitimate interests (i.e., the entire out-of-court, pre-trial or litigation process).

We receive your data directly from you (from your social network account) when you visit and (or) communicate with Us thru social networks.


* Please note that personal data provided on social networks is processed jointly with the social network administrator (I.e., Facebook Inc., Instagram Inc., LinkedIn Inc. managed platforms), therefore, for more information on the processing of personal data on these social networks, we suggest the privacy settings of the social network manager.


(selection of personnel)


For this purpose, we process your data in order to assess the suitability of your candidacy for our proposed job and (or) internship and to communicate with you.

Identification (general) data:

• Name;

• Surname;

• Address (optional);

• Date of birth (optional).


Contact information:

• E-mail address;

• Telephone number;

• Links to social networking accounts (optional).


CV (curriculum vitae) data:

• Work history (experience);

• History of education (including training courses and certificates);

• Languages;

• Other skills, depending on the position you are applying for;

• Photo (optional);

• Summary (may include photos and videos) (optional).


Additional data:

• Salary expectations;

• Desired work and / or working hours);

• Annexes to the application (recommendations, cover letter, etc.) (optional);

• Contact information for recommendations (optional).


Data generated during sampling:

• Remarks made during the job interview process (among other things, such remarks may include our assessment of you as a candidate);

• Results of tests and (or) practical tasks you have performed;

• Application details (e.g. number of applications, date of job interview, comments, and notifications).

Your consent, which you express by sending us your CVs and (or) other information, I. e. participating in the selection of staff (GDPR Article 6 (1) (a)).


Your consent, which you give to us (in writing), so that we may use your personal data in future planned personnel selections (GDPR Article 6 (1) (a)).

We process the personal data you provide and (or) are generated during the selection process until the selection for a specific position takes place.


At the end of the selection process and without selecting your candidacy for the desired job, we may ask for your separate consent so that we can store and use your personal data obtained during the selection process for the purpose of other personnel selections and contact you. However, these data will be kept for a maximum of 1 year from the date of consent.


If you send your personal data (CV, etc.) to us by e-mail, despite the fact that we have not published a selection for a job or (and) internship, in which case we may process this personal data of you for 1 year (I.e. store and use them to consider your candidature in future staff selections).

We receive your data directly from you when you participate in the personnel selections organized by us and (or) send us your CVs in order to get a job (or) an internship.


When selecting for a job position, we only process personal data of candidates that is relevant to their qualifications, professional abilities and subject characteristics. Therefore, we ask you to protect your privacy and not to send excessive and (or) unnecessary personal data (such as personal identification number, health and (or) other special categories of data, financial data, bank account number, family member data, etc.).


  1. Data transmission
    1. We may transfer your personal data for processing to third parties who assist us in the administration of the WEB and store the data as well as direct marketing service providers. Such individuals may include database software vendors, database administration service providers, cloud service providers, and so on. In addition, your personal data can be transferred to the joint data controllers (I.e., UAB “Kotryna group”; OY “Kotryna”; OU, “Kotryna” and SIA “Kotryna”).
    2. Your personal data may also be submitted in cases and in accordance with the procedure established by law, for example, to courts, bailiffs, law enforcement institutions, or other third parties with a legitimate interest.
    3. We note that your personal data is provided only to those third parties who ensure proper conditions for the processing and protection of personal data. Your personal data is not transferred to third countries (I.e. outside the European Union or the European Economic Area) or to international organizations.
  2. Information about minors
    1. Children’s should not submit any of their personal data on the WEB and/or otherwise without the consent of their parents or guardians. Therefore, we advise parents and guardians to teach their children to use their personal data carefully and responsibly on the Internet.
  3. Links to other web pages
    1. The provisions of Privacy policy applies to the WEB. The WEB may contain links to websites that are not covered by this privacy statement. Therefore, when leaving our website, read the privacy policies of other websites that may use your personal information.
  4. Data security
    1. When processing your personal data, Company shall apply appropriate technical and organizational security measures to ensure the protection of all personal data processed against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other forms of unlawful processing. The above measures are chosen taking into account the risks to your rights and freedoms as a data subject.
    2. In this case, we ensure strict access control to the processed personal data, therefore we grant access to them only to those employees who need your personal data to perform work functions and monitor the use of the provided access. Access to personal data is ensured by using the appropriate level of passwords and concluding confidentiality agreements with the persons who access your personal data.
    3. We note that all employees of the Company who have access to your personal data are acquainted with the requirements of personal data protection and must ensure the confidentiality of the processed personal data.
  5. Your responsibilities
    1. You must provide complete and correct information about yourself. If your data changes, please update it immediately.
    2. By submitting your personal data, you assume full responsibility for the lawfulness of the submission of your personal data and are liable for any losses that we and (or) third parties may incur as a result of the unlawful processing of such personal data.
  6. Your rights and their enforcement
    1. You have the following rights regarding your personal data:
      1. request, access and obtain a copy of your personal data;
      2. request that inaccurate or incomplete personal data be corrected or restricted;
      3. request that inaccurate or incomplete personal data be corrected or restricted;
      4. request the erasure or restriction of redundant or unlawfully processed personal data (“right to be forgotten”);
      5. disagree to the processing of her/his personal data;
      6. request the transfer of your personal data in a structured, computer-readable format (“right to data portability”);
      7. the right to withdraw his consent at any time when the processing is based on the data subject’s consent (pursuant to GDPR Article 6 (1) (a)). Withdrawal of the data subject’s consent shall not affect the lawfulness of the processing prior to the withdrawal of the consent;
      8. to submit a complaint to the State Data Protection Inspectorate.
    2. The Company does not apply the decisions based solely on automated data processing, including profiling, which could have legal consequences for you or which could have a significant impact on you in a similar way.
    3. You can exercise the following rights:
      1. By contacting Company directly at the employee’s workplace or by e-mail:
    4. In order to exercise your rights listed in 10.3. you must prove your identity by the following means:
      1. When you exercise your rights by contacting us by e-mail or registered mail – you can identify yourself in one of the following ways:
        1. Accompanying the application with a valid identity document (when the application is submitted directly at the employee’s place of work);
        2. Along with the application, submit a copy of a valid identity document, certified in accordance with the procedure established by legal acts (when the application is sent by registered mail or by courier);
        3. Confirmation of the application by electronic means that allow for the proper identification of the person, such as a mobile signature, a qualified electronic signature, etc. (when the request is sent by e-mail or other electronic means).
    5. Upon receipt of your request for the exercise of data subjects’ rights, we will provide you with an answer immediately (but not later than within 1 month from the date of the request) (I.e. we will exercise your rights and (or) refuse to exercise them). This period may be extended by two months, if necessary, depending on the complexity and number of applications. You will be additionally notified of such an extension within one month.
    6. The answer will be provided to you in the manner chosen in your request. If you do not specify in the request the way in which you wish to receive a reply, the reply will be sent to you in the same way as the request.
    7. The information you request will be provided free of charge. However, if we see that your requests are manifestly unfounded or disproportionate, in particular due to their repetitive content, we have the right to charge a reasonable fee for this (i.e. to claim administrative costs) or to refuse to act on such request from the data subject.
  1. Validity and amendments
    1. This privacy policy is effective from the date of publication. If we change this Privacy Policy, we will publish an updated version of it. Changes and (or) additions to the Privacy policy take effect from the moment of their publication, therefore we encourage you to take an interest in our privacy and to review this Privacy policy periodically.
    2. If you have any questions about the provisions of this Privacy policy, please contact our Data Protection Officer by email
  2. Final Provisions
    1. All disputes regarding the implementation of these provisions shall be settled through negotiations. Therefore, before submitting a formal complaint, we recommend that you contact us ( first.

Contest Privacy notice:

  1. By participating in contests and submitting the photos of yourself and/or your children (including other personal data required for participation in the contest) to the SIA „Kotryna“(hereinafter – Organizer), You agree that the data you provide (including personal data) will be processed for the purpose of organizing these contests and select the winner (the basis for personal data processing: GDPR 6(1)(a), I.e. your given consent).
  2. Provided personal data, will be processed (including public publishment on this page) until the end of the competition, and then deleted. If necessary, Organizer can store your personal data for a longer period (E.g. if you win a competition, etc.).
  3. You can withdraw your given consent at any time. You can do this by contacting us using the contacts below. However, if you withdraw your consent, you can no longer participate in the contest and do not have the opportunity to win the contest prizes. Withdrawal of your consent does not affect the lawfulness of data collection and processing up to the withdrawal of consent.
  4. You also have the right to request access to your personal data processed by the Organizer, to correct incorrect, incomplete, and inaccurate personal data, to demand the deletion of your personal data, to disagree with the processing of personal data, and to limit the processing of personal data. Also, the right to data portability, and if you believe, that your personal data is processing illegally, you have the right to submit a complaint to The Data State Inspectorate.
  5. Persons participating in the contest may contact the Organizer by email:, regarding the processing of their personal data, the exercise of their rights, applied security measures, and any other questions related to data protection.