PRIVACY POLICY

This Privacy Policy stipulates information about processing of personal data pursuant to the EU General Data Protection Regulation No. (EU) 2016/679 (the Regulation).

The data controller determining the purposes and means of the personal data processing is UAB Santa Monica Networks, legal entity code 134162647, address Perkūnkiemio st. 7, Vilnius, Lithuania, phone number +370 5 2638700, e-mail address info@smn.lt.

Provisions provided in this Privacy Policy are applicable to natural persons who visit our website, communicate with our company by e-mail or in other way submit their personal data to our company in below described situations. Please read this Privacy Policy from time to time, because we might update its content in the future. Definitions used in this Privacy Policy have the same meaning as provided in the Regulation.

The information provided below covers the following purposes of data processing: (i) recruitment of employees and administration of the database of job candidates; (ii) e-mail communication; (iii) use of cookies; (iv) use of social networks. This Privacy Policy also describes your data subject rights, transfer of data to the recipients and other conditions of personal data processing applied to all personal data processed by our company for the purposes listed above.

Recruitment of employees

If you sent us your CV in order your data would be included in our candidate’s database or for the purpose of participation in a recruitment process announced on our website or a specialised website for employee recruitment and job search, any personal data submitted by you voluntarily as well as any other data provided below will be processed for the purposes of recruitment of employees.

Your personal data will be processed until the end of the recruitment procedure, i.e. when a specific candidate will be employed, his/her trial period will expire or the selection will be completed without choosing a specific candidate. This period should not exceed 4 months. After the expiry of the recruitment procedure, your personal data will be stored for a period of 3 years in order to be able to offer you a job in case of a new vacancy unless you express your disagreement or objection to such further storage of data. If you disagree with the storage of your data after the end of the recruitment procedure, please inform us thereof by email or note it in a notification form during interview meeting.

If you submit your personal data voluntarily allowing us to store them in the database of the candidates, your personal data will be stored for a period of 3 years without additional consent, on the basis of your will to submit data.

Your personal data will be processed on the basis of your consent to participate in the recruitment procedure, as well as on the basis of the legitimate interest after the end of recruitment. Submission of your data is voluntary, however, without your data we could not evaluate your eligibility. At any time you can revoke your participation in the recruitment procedures or object to storing of your data in the database after end of recruitment procedures.

Please note that in exercising the right granted by the laws that regulate the protection of personal data, your former employers may be contacted and asked to give their opinion about your qualification, professional skills and disciplinary characteristics. However, your current employer will not be contacted without your express consent that should be obtained in advance.

E-mail communication

The basis for processing of your personal data is the expression of your free will for the communication by e-mail and provision certain data therein, i.e. consent. Furthermore, the basis for processing of data may also be a performance of contract and performance of the duties stipulated by the laws. Your personal data might be processed for the purposes of performing a contract and internal communication.

Your e-mail address, content of correspondence and related data will be processed in accordance with the principle of proportionality. Such data will, first of all, be available to the person with whom you have a direct e-mail communication. In certain cases, however, your correspondence may be read by other employees, for example, for the purposes of administration, investigation of possible breaches of laws or internal rules, replacement of employees and related purposes, as well as similar situations.

Use of cookies

Cookie is a small file of letters and digits recorded to your web browser or a hard-disk of your computer. Different cookies are used to seek different purposes. Cookies also help to distinguish you among other website users, thus ensuring a more convenient use of website and enabling us to improve the website.

The majority of browsers allow to reject all cookies, while some browsers provide an option to reject only the cookies of third parties. You may use these options. However, please note that not allowing to use all cookies will have a negative effect on the use of website; without cookies you will not be able to use all the services offered by the website.

The following cookies are used in our website:

• performance (session) cookies. They are used to improve the performance of website and collect general (anonymous) information on the use of website;

• analytical (monitoring cookies from “Google Analytics”). These cookies allow to recognise and calculate website visitors and monitor how the visitors move in the website. It helps to improve the performance of website, for example, to ensure that the users could easily find what they are looking for;

• functional cookies. These cookies are used to recognise website users when they visit the website again. It allows to present the content of social networks adapted to the needs of website users, to memorise the information that is relevant to the clients.

Below we provide a list of cookies used on our website:

How to manage and delete cookies?

The majority of browsers are set to accept the cookies automatically. Having the information on how and why they are used, you may decide to accept or disable the cookies in the browser. The majority of browsers allow you to control cookies via their settings. If you do not want to accept the cookies, you may choose not to accept all cookies via the settings or to send a notice when a cookie is created. If you would like to know more how to manage cookies, please visit this website: http://www.allaboutcookies.org/manage-cookies/.

We would like to warn you that in case of rejection of cookies you may lose a possibility to use certain functions. In order to disable cookies, you can set your browser to reject all cookies or send a notification when a cookie is created.

Without above mentioned cookies, in our website third parties might use cookies. In such cases privacy policies of third parties are applicable to the use of these cookies.

Use of social networks

Any information provided by you via social media (including the status messages, use of “Like” and “Follow” functions, as well as other information) is controlled by the controller of social network and our company.

At the moment, our company uses the following profiles:

-       on Facebook, the privacy statement which is provided at https://www.facebook.com/privacy/explanation;

-       on LinkedIn, the privacy statement which is provided at https://www.linkedin.com/legal/privacy-policy.

We recommend you to read the privacy statements of third parties and contact the service providers directly if you have any questions regarding the method of use of your personal data.

Transfer of personal data

Your personal data might be transferred to:

• the providers of IT, server, postal and courier services;
• lawyers, atttorneys at law, consultants, auditors, bailiffs, debt recovery companies;
• enforcement authorities, courts, other institutions involved in the examination of disputes;
• potential or current assignees of our business or their authorised consultants or persons

What are the principles of personal data protection that we follow?

The below principles are followed when collecting and processing personal data submitted by you or received from other sources:

• your personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
• your personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
• your personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
• accurate and, where necessary, kept up to date (‘accuracy’);
• your personal data is kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Data subject rights

Please be informed that you as the data subject have the following rights: a right to access your personal data; a right to rectification or erasure of personal data or restriction of processing concerning you; a right to data portability; a right to lodge a complaint to the State Data Protection Inspectorate; a right to withdraw consent and object the processing of personal data.

In order to exercise the rights of you as the data subject, it will be necessary to establish your identity. In case of failure to establish your identity, we will not be able to make sure, whether a person who submits an application is the one whose personal data is processed, therefore we will not be able to exercise your rights.

We may refuse to exercise your application for the use of your data subject rights or we may ask for a respective fee, if the application is clearly unreasoned or excessive, as well as in other cases established by the laws.

If you wish to exercise your rights as the data subject or if you have any questions regarding the processing of personal data, please contact us by the contacts identified at the beginning of this Privacy Policy.

VIDEO SURVEILLANCE POLICY

Table of contents

I.      OVERVIEW... 3

II.    PURPOSE.. 3

III.  SCOPE.. 3

IV.  RESPONSIBILITIES. 4

V.    VIDEO SURVEILLANCE.. 4

Type of equipment in use. 4

Video system modification and expansion. 4

Camera locations and coverage. 4

Areas of heightened expectations. 4

Notification of video surveillance. 4

VI.  ACCESS RIGHTS. 5

Access to the system.. 5

Periodic System and video image audit 5

System monitoring and security. 5

Access Rights. 5

Transfers and disclosures. 6

Data retention. 6

I.          OVERVIEW

For the safety and security of the office, assets, staff and visitors, UAB Santa Monica Networks, legal entity code 134162647, address Perkunkiemio st. 7, Vilnius, Lithuania, operates a video-surveillance system. The Video surveillance policy describes video surveillance system and the safeguards that UAB Santa Monica Networks implements to protect the personal data, privacy and other fundamental rights and legitimate interests of those recorded on the cameras. UAB Santa Monica Networks has a status of data controller over personal collected using video surveillance system. In cases where the rights of the data subject, data processing principles or other issues of processing personal data are not regulated by this policy, the provisions of the company's Rules on Processing of Personal Data shall apply.

II.       PURPOSE

UAB Santa Monica Networks uses its video surveillance system for the purposes of security of assets and persons. The video surveillance system helps to ensure the security of the office, safety of staff and visitors, as well as property and information located or stored on the premises, including control of access to the office. It complements other physical security systems such as access control systems. It forms part of the measures to support our broader security policies and to help prevent, deter, and if necessary, investigate unauthorized physical access, including unauthorized access IT infrastructure, or operational information. In addition, video surveillance helps prevent, detect and investigate theft of equipment or assets owned by UAB Santa Monica Networks, visitors, staff, and threats of their safety.

Purpose limitation

The video surveillance system is not used for any other purpose. For example: it is not used to monitor the work of employees or to monitor attendance. Neither is the system used as an investigative tool (other than investigating physical security and personal safety incidents such as thefts of unauthorized access).

III.   SCOPE

This policy applies to all sensitive information gathered using video surveillance system owned and operated by UAB Santa Monica Networks. The policy is obligatory to all employees of UAB Santa Monica Networks.

IV.    RESPONSIBILITIES

UAB Santa Monica Networks Security Management Team is responsible for developing and maintaining video surveillance policy which corresponds to UAB Santa Monica Networks business needs. The Video Surveillance policy requirements shall be justified with risk assessment reports and lawful goals.

V.       VIDEO SURVEILLANCE

Type of equipment in use

The video surveillance system is a conventional static system. It records digital images. It records any movement detected by the cameras in the area under surveillance, together with time, date and location. All cameras operate 24 hours a day, seven days a week. The image quality in most cases allows identification of those in the camera’s areas of coverage. The System cannot be used to target or follow individuals around, covert surveillance.

Video system modification and expansion

All additions or modifications must be approved in writing form with a signature of the managing director. Equipment shall not be moved modified or relocated or otherwise altered without direct and prior approval of the managing director.

Camera locations and coverage

Cameras should be located at entry and exit points of the office, including the main entrance at the elevator site, emergency and fire exits to the premises of the company at Perkunkiemio str. 7, Vilnius, Lithuania.

Areas of heightened expectations

Areas under heightened expectations of privacy such work places, meeting rooms, labs, staff leisure areas and toilet facilities cannot be monitored.

Notification of video surveillance

Areas that implements video surveillance must provide notifications that video is being recorded on the premises (i.e. a sign posted at the entrance)

VI.    ACCESS RIGHTS

Access to the system

Only video surveillance system administrators (VSSA) can access Recorded video and Live video. During investigation information can be provided to Managing Director (MD), Technical Center Manager (TCM), Security Officer (SO). Information from the video surveillance system can be provided for others related parties only during investigation and only with direct and prior approval of the Managing Director (MD).

Periodic System and video image audit

A periodic audit of the surveillance system and video images shall be conducted by the video surveillance system administrators (VSSA) to ensure the surveillance system has not been modified or altered and to ensure the integrity of the system.

System monitoring and security

Devices used to view live and recorded video should have secure access and be located out of open view of the public and staff.  Only designee should have access to the system.

Access Rights

The Video Surveillance system administrators have the right to:

• View the footage real time
• View the recorded footage
• Copy
• Download
• Delete

Transfers and disclosures

All transfer of video content and disclosures outside should be documented and are subject to legal basis established in laws and a rigorous assessment of the necessity of such transfer and the compatibility of the purpose of the transfer with the initial security and access control purpose of the processing. All transfers should be approved by the Managing Director (MD). Before deciding to transfer a video to a third party, the company should evaluate whether the purpose for which the third party requests the video cannot be achieved without the video being transferred, but by reviewing the video and confirming or denying information relevant to a third party.

By prior approval from Managing Director (MD), Law enforcement institutions may be given permission for access to the system, if needed, to investigate or prosecute criminal offenses.

A person, upon submitting to the Company an identity document or by other means having verified his or her identity, shall have the right to view the video on which he or she was shot.

If a video contains identifiable persons, disclosure of whose identity is not necessary for the legitimate purpose of the transfer, the said part of video shall be retouched.

Data retention

The images or video content are retained for 30 days. Thereafter, all images are deleted or overwritten. If any images/video content needs to be stored for further investigation or evidence in a security incident, Managing Director (MD) approval should be obtained.