Vesta Consulting

Privacy Policy

PRIVACY NOTICE

 

Effective since 2024 10 28

 

 

  1. INTRODUCTION

 

  1. About us. This Privacy Notice provides the essential information on how UAB “Vesta Consulting”, legal entity code 302746261, registered address at Bebrų str. 1-2, Vilnius, the Republic of Lithuania, (VESTAwe or us) processes personal data of its clients, business partners and other third persons (you or data subjects). Main activities of VESTA include providing sustainability consulting services, specializing in building certifications, energy efficiency solutions, and the development of sustainability strategies. For more details, you can visit our website.

 

  1. Our commitment to your privacy. At VESTA, we value your privacy and are dedicated to safeguarding the confidentiality and security of your personal information. We understand the importance of maintaining the trust you place in us when you choose us as partners. We are committed to being transparent about how we collect, use, and protect your data. While processing your data, we adhere strictly to the data processing requirements established by the European Union and Lithuania. Primarily, this entails compliance with the General Data Protection Regulation (the GDPR). 

 

  1. HOW, WHY AND WHAT DATA WE COLLECT

 

  1. How we collect your data. We collect your personal data in the following ways:

 

  1. Direct collection. This involves gathering information directly from you when you engage with us. Examples of direct collection include:
  • Communication: if you reach out to us via email, phone, or live chat, we collect the information you share with us, including your inquiries, feedback, and any other personal details. This helps us address your needs promptly and improve our service.
  • Service use: whenever you use our services—be it through our website, mobile application, or in person—we collect relevant data. For example, if you purchase service, we will collect your payment information, and any additional details.
  • Forms and surveys: we may request information through forms or surveys you complete. This can include feedback about our services, preferences regarding product offerings, or responses to market research inquiries. Providing this information is voluntary; however, it enhances our ability to serve you better.
  • Job applications: when you submit your application, resume, or communicate with us directly during application process. 
  1. Automatic collection. We also collect data automatically when you interact with our digital platforms. This includes:
  • Website usage: our systems automatically gather data when you visit our website. This can include your IP address, browser type, device type, operating system, pages visited, and the time and date of your visit. Such data helps us analyse user behaviour, enhance website functionality, and tailor content to meet user needs.
  • Cookies and similar technologies: we employ cookies and other tracking technologies to collect information about your online activities.
  • Social media interactions: when you interact with our social media accounts, such as by liking, sharing, or commenting on posts, we may collect information about your activities. This includes any public posts you make on platforms we administer, which can help us understand audience engagement and preferences.
  • In case of job applicants: indirect collection involves obtaining data from recruitment agencies, job search internet portals, specialized career social networks (LinkedIn), public sources, our current if he/she recommended you for the job, state registers and databases, other third parties, e.g. persons recommending you (only if you give us your consent to contact those persons).
  1. Collection from third persons. This happens in certain instances where we may collect data from other sources, including but not limited to publicly available sources, third-party service providers or other business partners that assist us in providing and improving our services. Regardless of the source, we ensure that all data collected is processed in accordance with this Privacy Notice and applicable personal data protection legislation. We are committed to transparency on the sources from which your data is collected, as well as on the purposes for which it is used. 

 

  1. Why we collect your data. We collect and process your personal data to ensure that we can provide our services to you effectively and to comply with our legal obligations. In the case of processing data from job applicants, we do so to evaluate your suitability for employment at our Company and meet any legal requirements related to the recruitment process. We will only process your personal data if, and to the extent that, at least one of the following legal bases applies:

 

  1. you have given us a consent to the processing of your personal data for one or more specific purposes;
  2. processing is necessary for the performance of a contract concluded between you and us or to take steps at your request prior to entering into a contract;
  3. processing is necessary for compliance with a legal obligation to which we, as data controller, are subject to;
  4. processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data.

 

  1. Types of data we collect. We collect and further process the following data of yours:

 

Purpose for data processing

Legal grounds for data processing

Categories of personal data

Clients, business partners, other third parties

Fulfilment of contractual and pre-contractual obligations (providing services to clients and managing contractual relationships with business partners, incl. taking necessary steps before entering into a contract, fulfilling contractual commitments, and managing ongoing business relationships)

 

Contract (for the performance of contract or in order to take steps required prior entering into contract)

  • personal identity data (name, surname, etc.) 
  • contact details (address, telephone number, e-mail address, etc.) 
  • transactional details (service history, payment information, etc.)
  • professional details (job title, company name, etc.)
  • other data submitted by a person

Administration requests made by third persons (responding to inquiries submitted via the Company’s website, communicating via email, phone, etc.)

Consent (given by data subjects by actively submitting inquiry for the Company and providing their data)

  • personal identity data (name, surname, etc.) 
  • contact details (telephone number, e-mail address, etc.)
  • details provided in the inquiry (questions, preferences, feedback, etc.)
  • all communication logs with clients, business partners and third persons

Direct marketing (providing advertisements and promotional content, informing about the Company’s services, and offers, collecting opinions on services through surveys, etc.)

Contract (for providing information on the Company’s services to existing clients)

 

Consent (data subject has given prior consent to his/her data processing for direct marketing activities)

  • personal identity data (name, surname, etc.)
  • contact details (phone number and other contact information provided by the data subject)
  • marketing preferences (opt-in/opt-out status, preferred communication channel, etc.)
  • interaction history (email open rates, clicks on promotional content, etc.)

Cookies management (understanding how users interact with the Company’s online services with a purpose to enhance and optimize their experience, and to develop new content)

Consent (expressed through active actions – accepting other than necessary (essential) cookies)

 

Legitimate interest (need to ensure proper and secure operation of the Company’s website by using necessary (essential) cookies) 

  • IP address 
  • access date and time 
  • device information
  • information about the internet provider 
  • geo-location data 
  • language settings 
  • browsing behaviour (pages visited, time spent on the website)
  • other data stored by cookies 

Defending legal rights and legitimate interests of the Company (in the event of legal claims) 

Legal obligation (processing is necessary for compliance with a legal obligation to which the Company is subject) 

 

Legitimate interest (only in cases where assessment of necessity to process data on such ground has been prepared) 

  • all of personal data the Company possesses that are necessary to defend the Company’s legal rights and legitimate interest in case of legal claims
  • correspondence or records related to legal disputes or potential legal disputes

Job applicants

Collecting general information about job applicant 

Contract (processing necessary before entering into contract)

 

Consent (consent is expressed by applying to the position at the Company)

  • personal identity data (name, surname, date of birth, etc.)
  • contact details (address, telephone number, e-mail address, etc.)
  • details on work and professional experience (employment, employment period, job title/position, responsibilities, and achievements, etc.)
  • details on education (educational institution, training period, completed education and acquired qualification, etc.)
  • information on further periodic training (training courses attended, certificates obtained, etc.)
  • details on knowledge of languages
  • information technology skills
  • other competences and information provided in CV, cover letter, letter of motivation or other application documentation 

Collecting references about job applicants

Consent (specifically expressed consent)

  • feedback from a person recommending a job applicant
  • contact information/details of such person

Details on assessment

Contract (processing necessary before entering into contract)

 

Consent (consent is expressed by applying to the position at the Company)

  • summary of an interview with job applicant
  • insights and opinions of persons carrying out the recruitment selection

Information that may be requested at the final stage of selection/recruitment process

Legal obligation (processing is necessary for compliance with a legal obligation to which the Company is subject) 

  • identification documents data (ID card, passport data, etc.)
  • data on health (only to extend of applicable laws)

 

  1. Cookies: we use cookies, which are small text files that a website server stores on your hard drive. This allows us to collect certain information from your web browser. You can find more information on how we use cookies in our Cookies Policy. 

 

  1. HOW WE SHARE YOUR DATA

 

  1. Whom we share your data with and why. We may share your personal data with other persons for purposes consistent with this Privacy Notice: 

 

  1. Other members of the group of companies to which we belong.
  2. Service providers, also known as data processors, who assist in processing your personal data under our instructions and must comply with the same data protection standards. These may include companies providing data storage, server and/or communication services, software development and maintenance, advertising and marketing services, online traffic and website analysis, statistics services, accounting, recruitment service providers and other service providers.
  3. Our business partners, with whom we collaborate to provide specific services. These partners may be involved in jointly delivering or enhancing the services we offer to our clients and may include entities working with us on projects, as well as law firms with whom we partner for the provision of services in specific cases.
  4. Third parties such as courts, state authorities, legal or audit service providers, etc. in compliance with legal requirements.

 

  1. Safeguards when sharing your data. We transfer your data to third parties only after establishing necessary legal agreements with them and ensuring that they are capable of processing personal data in compliance with the requirements of applicable personal data protection legislation. We take measures to ensure that our data processors have appropriate technical and organizational measures in place. As a general rule, we do not transfer personal data outside the European Economic Area. However, in certain cases where our activities require it (e.g., if our service provider is located outside the European Economic Area), we will ensure that the necessary security measures are implemented for such data transfers.

 

  1. AUTOMATED DECISIONS ABOUT YOU

 

  1. Automated decision-making processes. Depending on our products or services you use, we may employ automated decision-making processes (also referred to as profiling) concerning you. This entails utilizing technology to assess your personal circumstances and other factors to anticipate outcomes. We use automated decision-making to ensure the efficient operation of our services and to guarantee that decisions are equitable, consistent, and founded on accurate information. For example, automated processes may be used in areas such as screening job applications and conducting preliminary assessments in recruitment process. 

 

  1. Compliance and transparency. Regardless of the use of automated decision making in certain cases, we ensure that all data collected is processed in accordance with this Privacy Notice and applicable data protection laws. We are committed to transparency and will provide information on requests you have regarding this matter. In cases where we reach automated decisions concerning you, you retain the right to request a manual review conducted by a human being (for further details on this right, please refer to the section below). 

 

  1. YOUR RIGHTS AND CHOICES

 

  1. Your rights regarding your data. You have the following right established by the GDPR:

 

  1. Right to be informed: you have a right to be informed about your data processing, including purposed and legal grounds of processing.
  2. Right of access: you have a right to get information as to whether personal data concerning you is being processed, and, if that is the case, access to your personal data and defined information about such data processing.
  3. Right of rectification: you have the right to request to rectify inaccurate personal data concerning you or complete the incomplete personal data.
  4. Right to erasure (“right to be forgotten”): you have the right to request the erasure of your personal data in such cases: 
  • your personal data is no longer necessary; 
  • you withdraw consent on which the processing is based and where there is no other legal ground for the processing; 
  • you object to the processing and there are no overriding legitimate grounds for the processing; 
  • your personal data has been unlawfully processed; 
  • your personal data has to be erased for compliance with a legal obligation.
  1. Right to restriction of processing: you have a right to request the restriction of processing of your personal data in such cases: 
  • you contest the accuracy of the personal data – for a period enabling us to verify the accuracy of the personal data; 
  • processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead; 
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defence of legal claims; 
  • you have objected to processing pending the verification whether our legitimate grounds override those of yours, as data subject.
  1. Right to data portability: you have a right to receive the personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller (directly from us to another controller, where technically feasible) in such cases: 
  • processing is based on consent or on a contract; and 
  • processing is conducted by automated means. 
  1. Right to object: you have a right to object at any time to processing of personal data concerning you which is based on legitimate interest or public interest, including profiling. Where personal data are processed for direct marketing purposes, you have a right to object at any time to such processing of personal data. You will always have a right to revoke your consent to process your personal data. If we have no other legal basis for the processing of personal data, we will cease processing of personal data immediately after the cancellation/revocation of the consent provided by you.
  2. Rights in relation to automated individual decision making, including profiling: you have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects you.
  3. Right to file a complaint with the supervisory authority: if you believe our processing of your personal data infringes upon your rights you have the right to lodge a complaint with the State Data Protection Inspectorate (located at L. Sapiegos str. 17, 10312, Vilnius, the Republic of Lithuania; email: ada@ada.lt). You can find more information on how to lodge a complaint on their website.
  4. Right to be informed about transfers outside the EEA: if we transfer your data outside the European Economic Area (EEA), we ensure that appropriate safeguards, such as Standard Contractual Clauses or Adequacy Decisions, are in place to protect your data in accordance with GDPR requirements. Upon your request, we can provide more information on these safeguards and how they are implemented in specific cases.

 

  1. How you can implement your rights. To exercise your rights, please send a detailed written request to use the contact information provided in this Privacy Notice. Upon receiving your written request, we will take the necessary actions to promptly and properly address your requests related to data processing. We aim to respond to your request immediately, and in any case, no later than within 1 month. In certain circumstances, such as when dealing with an exceptionally large amount of data, we may extend this timeframe by an additional 2 months. Generally, we handle all requests free of charge. However, if your request is clearly unfounded or excessive, for example, due to its repetitive nature, we may consider charging a reasonable fee based on actual administrative costs or refusing to act on the request. Additionally, you have the right to lodge a complaint with the State Data Protection Inspectorate.

 

  1. HOW WE PROTECT YOUR DATA

 

  1. Our commitment to keeping your data safe. We take the protection of your personal data very seriously and consistently implement all necessary organizational and technical measures to ensure the confidentiality, integrity, and availability of your personal data.

 

  1. Measures we take to protect your data. To safeguard your personal data, we undertake the following measures, including but not limited to:

 

  1. documenting all processing of personal data in data security policies and procedures;
  2. defining internal roles and responsibilities related to the processing of personal data; 
  3. ensuring access control;
  4. prior to engaging third parties as data processors, we define, document, and reconcile all necessary formalities with such data processors;
  5. establishing basic procedures to be followed in the event of an incident or personal data breach to ensure the necessary continuity and availability of personal data processing by IT systems;
  6. ensuring that all employees understand their responsibilities and obligations regarding the processing of personal data;
  7. implementing measures for the protection of servers, databases, workstations, and network and software security;
  8. applying backups and data recovery practices to mitigate the risk of data loss or unauthorized access.

 

  1. DATA RETENTION

 

  1. Why we retain your data. We retain your data for specific purposes outlined in this Privacy Notice and as required by law. One reason for retaining your information is to ensure that we can provide you with the services you expect from us effectively. Additionally, we may retain your data to comply with legal obligations, resolve disputes, enforce agreements, and protect our rights. 

 

  1. How long we keep your data. We keep data in a form, which permits identification of data subjects for no longer than it is necessary for the purposes for which personal data is processed (storage limitation principle). We ensure that data which retention period is completed, is no longer processed. At the end of the defined retention period, we either destroy personal data or anonymize it. Generally we apply the following retention periods:

 

  1. How long we keep your data. We retain personal data in a form that allows identification of data subjects only for as long as necessary to fulfill the purposes for which it was collected and processed, in line with the principle of storage limitation. Once the retention period expires, the data is no longer processed. At the end of the retention period, we either securely destroy or anonymize the data. Our general retention periods are as follows:

 

  1. Business partners and clients’ data: retained for 5 years after the termination of the respective agreements.
  2. Third persons data: retained for 5 years following the last correspondence with the respective individuals.
  3. Job applicants’ data: retained for 1 year after conclusion of the recruitment process, unless specific legal requirements dictate otherwise. If your application is successful and you become an employee, your data will be processed further in accordance with our internal policies and procedures.

 

  1. UPDATES TO OUR PRIVACY NOTICE

 

  1. How we notify you of changes. We reserve the right to update this Privacy Notice periodically. In the event of the event of any changes to this Privacy Notice, we will publish the updated version on our website. 

 

  1. Your right to review updates. You have the right to review any updates and changes made to our Privacy Notice. We encourage you to regularly check our website for the latest version of our Privacy Notice. If you have any questions or concerns about the updates, please do not hesitate to contact us.

 

  1. CONTACT US

 

  1. How to reach us with questions or concerns. If you have any questions, concerns, or requests regarding our privacy practices or the information outlined in this Privacy Notice, please feel free to contact us. You can reach us by e-mail at info@vestaconsulting.lt or by phone at +370 614 27772.

COOKIES POLICY

 

Effective since 2024 10 28

 

 

  1. INTRODUCTION

 

  1. About us. This Cookies Policy provides clear and detailed information on how UAB “Vesta Consulting”, legal entity code 302746261, registered address at Bebrų str. 1-2, Vilnius, the Republic of Lithuania, (VESTAwe or us), a sustainability consultancy, uses cookies on our websites: 
    https://www.vestaconsulting.lt/
    https://www.vestaconsulting.lv/
    https://www.vestaconsulting.ee/
    https://www.epd-finder.com/
    At VESTA, we value your privacy and are dedicated to safeguarding confidentiality and security of your personal information. We understand the importance of maintaining the trust you place in us when you choose us as partners.

 

  1. Our commitment to transparency of cookies’ use. We are committed to being transparent about how we use cookies. While using cookies, we adhere strictly to the legal requirements established by the European Union and Lithuania. Primarily, this entails compliance with the General Data Protection Regulation and the Law on Electronic Communications, which implements ePrivacy Directive.

 

  1. HOW WE USE COOKIES

 

  1. Understanding cookies. Cookies are small text files that are stored on your device (such as a computer, smartphone, or tablet) by our websites. These files contain information about your browsing activity, preferences, and interactions with our websites. Cookies allow us to collect certain information from your web browser and they play an important role in improving user experience on our websites by enabling features like session management, user authentication and others.

 

  1. Retention of cookies. Most cookies we use on our websites are persistent cookies which remain on your device even after you close your web browser until you erase them or until they expire. The remaining ones are session cookies that are temporary and are deleted from your device when you close your web browser. Specific periods for which each type of cookies is stored are specified in table below. 

 

  1. Cookies we use. We have set up and use the following cookies:

 

Type and purpose

Specific cookies and data collected

Storage period

Strictly necessary cookies – required for the basic functioning of our websites (includes strictly necessary storages)

  • _GRECAPTCHA – used to identify and prevent bots on the website

6 months

  • li_gc – used to store guests' consent for the use of cookies for non-essential purposes (linkedin.com)

6 months

  • CookieScriptConsent – used by the "Cookie-Script.com" service to remember visitors' cookie consent preferences. It is necessary for the Cookie-Script.com cookie banner to function properly.

1 month

  • _grecaptcha – local storage to identify bots

local

  • elementor – stores layout changes

local, session

  • lastExternalReferrerTime – records the timestamp of a user’s last visit from an external referral source, which helps track when the user was last directed to the site from an external link

local

  • lastExternalReferrer – stores the URL of the last external website that referred the user to the site

local

Performance cookies– used to analyse and improve website performance

  • _ga – used to distinguish users by assigning a randomly generated number as a client identifier; it is included in every request on the website and is used to calculate visitor, session, and campaign data for website analytics reports

1 year 1 month

  • _ga_0G8H110MLW – used by Google Analytics to maintain session state

1 year 1 month

Targeting cookies – uses to track user interests and provide targeted ads

  • test_cookie – set by DoubleClick (owned by Google) to determine if the website visitor’s browser supports cookies

15 minutes

  • IDE – set by DoubleClick and provides information about how the end-user uses the website and any ads the end-user may have seen before visiting the website

1 year

  • _fbp – used by Facebook to deliver a range of advertising products, such as real-time bids from third-party advertisers

3 months

  • lidc – a Microsoft MSN first-party cookie to ensure the proper functioning of the website

1 day

  • _gcl_au – set by DoubleClick and provides information about how the end-user uses the website and any ads the end-user may have seen before visiting the website

3 months

  • bcookie – a Microsoft MSN first-party cookie intended for sharing website content via social media

1 year

Functionality cookies – uses to enhance user experience by remembering preferences like language settings

  • wp-wpml_current_language – stores the current language; set only for logged-in users unless AJAX filtering is enabled

session

 

  1. YOUR CONSENT AND COOKIES MANAGEMENT

 

  1. No consent for necessary (essential) cookies. We do not require your explicit consent for necessary (essential) cookies, as we use these cookies based on legitimate interest – ensuring the proper and safe functioning of our websites. You still have the option to block or delete necessary (essential) cookies by adjusting your web browser settings. Please note that blocking necessary (essential) cookies may limit your ability to use certain features of our websites.

 

  1. Consent for other cookies. For all other cookies that we use, we require your consent. You provide consent by taking affirmative action – by clicking the “accept” cookies button on the cookies banner displayed when you visit our websites. You will have the option to provide separate consents for each type of cookies. If you do not consent to certain cookies, we will not use them when you visit our websites.

 

  1. Cookies preferences. You may adjust your cookies preferences at any time:

 

  1. On our websites: you may manage your preferences and choose which cookies you consent to use or withdraw your consent entirely at any time by interacting with the cookie settings icon available on the website. Please note that your choice may affect the functionality of our websites, and you may not be able to fully utilize our online services or receive offers or advertisements.
  2. On your web browser: you may also change cookie settings in your device’s web browser and delete cookies. Please be aware that blocking or deleting all cookies may affect the functionality of our websites. Additionally, changes to security settings should be made individually in each web browser, and the settings displayed may vary. For specific information on managing cookies in common browsers, you can visit: FirefoxChromeInternet Explorer.

 

  1. THIRD-PARTY COOKIES

 

  1. Understanding third-party cookies. When visiting our websites, you may encounter cookies set by third parties, rather than by us as website owners. These third-party cookies may be used for purposes such as advertising, analytics, and tracking user behaviour. Third-party cookies are used on our websites when you interact with content or services provided by third parties, such as viewing content provided by a third party, embedded videos, social media features.

 

  1. Managing third-party cookies. You can manage or opt-out of these cookies by following the instructions provided on the respective third-party websites. For more detailed information on how to control third-party cookies, please review the settings or opt-out tools offered by these third parties. For example, you can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page or by installing Google Analytics Opt-out Browser Add-on for your browser, which provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

 

  1. UPDATES TO OUR COOKIES POLICY

 

  1. How we notify you of changes. We reserve the right to update this Cookies Policy periodically, e.g. we may update cookies list periodically as we implement new cookies or change the ones we use. In the event of any changes to this Cookies Policy, we will publish the updated version on our websites. 

 

  1. Your right to review updates. You have the right to review any updates and changes made to our Cookies Policy. We encourage you to regularly check our websites for the latest version of our Cookies Policy. If you have any questions or concerns about the updates, please do not hesitate to contact us.

 

  1. CONTACT US

 

  1. How to reach us with questions or concerns. We encourage you to read this Cookies Policy thoroughly. If you have any questions, concerns, or requests regarding our privacy practices or the information outlined in this Cookies Policy, please feel free to contact us. You can reach us by e-mail at info@vestaconsulting.lt or by phone at +370 614 27772.