Privacy Policy

1. The Privacy Policy (hereinafter referred to as the ‘Policy’) defines the principles and procedure of processing of personal data by Kaita Group, UAB and the terms of operation of the website: www.kaitagroup.com. Kaita Group, UAB ensures that personal data shall be processed in a lawful, fair and transparent manner, shall be collected for specified and clearly defined purposes and shall not further be processed in a manner incompatible with those purposes.

2. For the purposes of the Policy:
‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Controller’ means Kaita Group, UAB, identification number: 306165556, registered office address: Upės g. 21, Vilnius;
‘Data Subject’ means a customer of the Company, any natural person whose personal data shall be processed by the controller;
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. The concepts, principles and other provisions used in the Policy are in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as the ‘GDPR’), the Republic of Lithuania Law on the Legal Protection of Personal Data, as well as other relevant legal acts.

4. The Data Subject shall be deemed to have got acquainted with and read the Policy when he/she voluntarily leaves his/her data (email address and telephone number) on the Company’s website: www.kaitagroup.com.

5. Please be informed that the Controller:
shall process Personal Data in relation to the Data Subject in a lawful, fair and transparent manner (principle of lawfulness, fairness and transparency);
shall collect Personal Data for specified, clearly defined and legitimate purposes and shall not further process Personal Data in a manner incompatible with those purposes (purpose limitation principle);
shall only process accurate Personal Data and shall update them as necessary;
shall take all reasonable steps to ensure that personal data which are not accurate in relation to the purposes for which they are processed are erased or rectified without undue delay (principle of accuracy);
shall keep Personal Data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed (principle of limitation of storage period);
shall process Personal Data in such a way as to ensure, by means of appropriate technical or organisational measures, adequate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss or destruction (principle of integrity and confidentiality);
the Controller shall be responsible for ensuring compliance with the above principles and must be able to demonstrate compliance with them (principle of accountability).
The use of third party services, such as the use of the Controller’s accounts on social networks, may be subject to third party terms and conditions. Therefore, when using such third party services, it is recommended that you also get acquainted with the terms and conditions applicable to them.

1. For the purpose of providing and purchasing of the services provided and performed by the Company, for the purpose of participating in its activities, for the purpose of invoicing, and for the purpose of data analysis, the Controller shall process the following Personal Data relating to the Data Subject:

• full name,
• personal identification number or date of birth,
• telephone number,
• e-mail address,
• residential address,
• bank account number (for payment for services),
• data on the real estate being purchased/sold/owned by the Data Subject (extract about the object from the Immovable Property and Cadastre Register of the State Enterprise Centre of Registers),
• IP address,
• correspondence via e-mail and social media (not public recordings).

2. For the purpose of direct marketing, the Controller shall process the following Personal Data relating to the Data Subject:

• full name,
• telephone number, e-mail address.

3. For the purposes of administering customer enquiries, providing quality services, the Controller shall process the following Personal Data relating to the Data Subject:

• comment,
• full name,
• telephone number,
• e-mail address.

4. Storage of personal data:

• personal data as far as the main activities of the Company are concerned, i.e. the purchase and sale of real estate, project management and development, shall be stored for (10) ten years. This time limit shall be established due to the possibility of inspections initiated by various state authorities (State Tax Inspectorate, Social Insurance Fund Board, etc.), which may be instituted (5) five years after the conclusion of a specific agreement (e.g. a contract agreement), requesting data for the previous (5) five years;
• for direct marketing purposes (i.e. offering Data Subjects to purchase/sell/otherwise transfer, in whole or in part, real estate relevant to them, and to contribute to real estate projects under development), the data received shall be stored for a period of (5) five years from the date of receipt of the data;
• for the purpose of administering enquiries, personal data shall be stored for a period of (1) one year from the date of receipt of the data;
• for the purpose of invoicing, personal data shall be stored in accordance with the requirements of legal acts applicable to bookkeeping.

5. The Data Subject may at any time submit a request to withdraw consent to the processing of his/her personal data by sending an e-mail to: info@kaitagroup.com or by arriving to the Company’s office at Upės g. 21, Vilnius.

6. The Controller shall collect personal data:

• directly from the Data Subject,
• from publicly available sources, i.e. publicly available data of business partners and/or their representatives shall be collected by the Company in publicly available systems (social networks, public databases, etc.), when preparing to launch relevant tenders, develop projects, etc.
• The Company has a database of all real estate brokers operating in Lithuania. Their data is publicly available and accessible. Whenever the Company sends relevant enquiries to brokers, the e-mails allow them to opt-out of receiving relevant offers of future cooperation.

7. The Controller undertakes not to disclose the Personal Data processed to third parties except in the following cases:

• where the Data Subject has consented to such disclosure of Personal Data;
• where the data is provided to Processors providing accounting, online system support, payment and other services;
• to companies affiliated with the Controller, as well as companies that provide services at the request of the Controller, e.g. banks/companies that assist with payment transactions. These companies are limited in their ability to use your information;
• they cannot use this information for purposes other than to provide services to the Controller;
• to other parties where required to do so by law or for the protection of the information society services provided. Where the data is provided for other relevant purposes in the performance of legal obligations.

8. Cases where the Controller may disclose any information of the Data Subject to other parties:

• to comply with the law or in response to a mandatory court order;
• to confirm the lawfulness of its actions;
• to protect the Controller, its rights and property, or to ensure their security;
• to a third party involved in any way in the event of a merger, transfer or bankruptcy of companies;
• in other cases, with the Data Subject’s consent or lawful request.

9. By submitting personal data, the Data Subject shall grant the Controller the right to collect, store, systematize, use and process, for the purposes set out in the Policy, all the personal data that you directly or indirectly provide when visiting the Website.

10. The Data Subject shall be responsible for ensuring that the data provided is accurate, correct and complete. Entering knowingly incorrect data shall be considered a breach of the Policy. If the data you have submitted change, you must rectify them immediately and, if you are unable to do so, inform the Controller thereof.

In no case shall the Controller be liable for damages caused to the Data Subject and/or third parties as a result of the provision of incorrect and/or incomplete personal data or the failure to apply for supplementation and/or rectification of the data in the event of a change in them.

The Controller shall not collect sensitive information about the Data Subject.

The Controller shall not carry out automated decision-making or profiling based on information about the Data Subject.

The Controller shall not share the Personal Data of the Data Subject with entities outside the European Economic Area.

The Controller may share Personal Data with the corporate group Kaita Group, UAB and companies affiliated with Kaita Group, UAB.

The Controller shall use cookies on its Website in order properly to process information about Data Subjects (hereinafter referred to as the ‘Visitors‘) when they visit the Controller‘s Website.

Cookies are files that store information on the Visitor’s computer hard drive or in a search engine. They can be used to identify visits to the Controller’s Website, to see the history of visits and to adapt the content accordingly.

Cookies shall also be used to ensure the most convenient browsing experience and the smooth functioning of the Website, to monitor the duration and frequency of visits and to collect statistical information about the number of Visitors to the Website. They also help us to improve the functioning of the Website and to implement improvements and to adapt the Website to the optimal needs of its Visitors.

1. The websites and social media accounts controlled by the Controller allow the Data Subject to provide information directly to the Controller (for example, by subscribing to a newsletter on the website). The following information shall be obtained directly from the Data Subject:

• e-mail address.

2. The following information shall be obtained indirectly:

• information about how the Controller’s websites are used (for example, the following information may be collected):
• device information, i.e. IP address, operating system version and parameters of the device used by the Data Subject to access the content/products;
• login information, i.e. the timing and duration of the use of the Data Subject’s session, the timing of enquiries entered by the Data Subject in the Controller’s websites, and any information stored in cookies set on the Data Subject’s device;
• location information, i.e. the GPS signal of the device or information about the nearest WiFi access points and mobile towers, which may be transmitted to the Controller by the Data Subject when using the content of the Controller’s websites;
• information from third party sources.

3. The Controller may obtain information about the Data Subject from public and commercial sources (to the extent permitted by applicable law) and associate it with other information received from or about the Data Subject.

4. The Controller may also obtain information about the Data Subject from third party social networking services when the Data Subject accesses them, for example, through accounts on Facebook.

5. The Controller may collect information about the Data Subject, his/her device or use of the content of the websites with the consent of the Data Subject.

6. The Data Subject may choose not to provide the Controller with certain information (e.g. subscription or marketing information), but in such case, the Controller will not be able to provide the Data Subject with the most up-to-date offers, or promptly to contact the Data Subject when it has the most suitable offer.

7. The processing of data by means of cookies shall not allow the direct or indirect identification of Visitors to the Website.

8. The Visitor can delete cookies from his/her computer or block them in his/her web browser, but some of the functionality of the website may not work in this case, or may not work correctly.

1. The Controller shall guarantee the exercise of the Data Subject’s rights and the provision of any relevant information upon request or enquiry by the Data Subject:

• to know (be informed) about the processing of your personal data;
• to get acquainted with your personal data and how they are processed;
• to request the rectification or destruction of your personal data or the suspension, with the exception of storage, of the processing of your personal data;
• to object to the processing of personal data, including direct marketing;
• to request the erasure of personal data (‘right to be forgotten’);
• to request the portability of your personal data, i.e. to have access to your personal data in the form of personal data in a commonly used and computer-readable format;
• the right to lodge a complaint with the State Data Protection Inspectorate.

2. The Controller may prevent Data Subjects from exercising the above-mentioned rights where, in the cases provided for by law, it is necessary to ensure the prevention, investigation and detection of crimes, breaches of official or professional ethics, as well as the protection of the rights and freedoms of the Data Subject or other persons.

3. The Data Subject who has presented a document confirming his/her identity or who has confirmed his/her identity by the procedure established by law or by means of electronic communications (provided that they allow for the proper identification of the person), shall have the right to have access to his/her personal data processed by the Company at any time, free of charge, by submitting a request to the Controller, and to be provided with information on the sources from which his/her personal data were collected and for what purpose the personal data are being processed, and on the recipients to whom such data are being and were being provided within the last (1) one year. The Data Subject shall also have the right to request the rectification of incorrect, incomplete or inaccurate personal data, to request the suspension, except for storage, of the processing of his/her personal data when the data are processed in violation of the law and the terms of the Policy.

4. The Data Subject may submit a request for the exercise of his/her aforementioned rights at the Company’s office at Upės st. 21, Vilnius, by filling in a request form, or by sending such a request by e-mail to: info@kaitagroup.com.

5. To the extent that the processing of personal data is based on consent, the Data Subject shall have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent prior to the withdrawal of consent, as provided for in the Policy.

6. The Controller’s website(s) or social media accounts may contain links from third parties to their websites and services that are not under the Controller’s control. The Controller shall not be responsible for the security and privacy of information collected by third parties. The Data Subject must be careful and to read the privacy statements applicable to third party websites and services used by the Data Subject.

7. If the Data Subject is not satisfied with the Controller’s response or considers that the Controller is not processing personal data in accordance with legal requirements, the Data Subject shall have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.

1. Legal relations related to the Policy shall be governed by the law of the Republic of Lithuania.

2. The Controller shall not be liable for damages, including damages caused by interruptions in the use of the Website, for loss or corruption of data caused by the acts or omissions of the Data Subject or third parties acting with the Data Subject’s knowledge, including erroneous input of data, other errors, intentional damage, or any other misuse of the Website. The Website Provider shall also not be liable for interruptions of access to and/or use of the Website and/or damage caused by such interruptions due to the acts or omissions of third parties not related to the Controller or the Data Subject, including interruptions of the power supply, Internet access, etc.

3. The Controller shall have the right to amend the Policy in part or in full. This Privacy Policy shall be reviewed once every (2) two years and updated as necessary.

4. Any supplements and amendments to the Policy shall become effective as of the date of their posting on the Website.

5. If the Data Subject continues to use the Website after the supplement or amendment to  the Policy, the Data Subject shall be deemed not to object to such supplements and/or amendments.