By using the www.olkm.lt website, all website visitors confirm that they have been properly familiarised with the Privacy Policy and agree to the Controller controlling, processing and collecting the information provided by visitors (including personal data) to the extent necessary to manage the website and ensure it functioning, as well as to provide services.
The Centre’s websites contain links to the websites of other companies and organisations. The Centre is not responsible for the content of these websites or the privacy principles used by them, so checking their privacy policies separately is recommended.
1. GENERAL PROVISIONS
Controller
GENOCIDE AND RESISTANCE RESEARCH CENTRE OF LITHUANIA
Legal entity code 191428780
Didžioji Str. 17/1, Vilnius, LT-01128
Phone
e-mail:
Data protection officer
On 25 May 2018, the direct application of General Data Protection Regulation (EU) 2016/679 (GDPR) began in all EU Member States. To implement the requirements of the GDPR, a data protection officer (DPO) has been appointed by the LGGRTC:
PAULIUS CIBULSKAS,
Chief Specialist, Legal and Personnel Administration Department (data security officer)
Phone:
E-mail:
Terms used in the Privacy Policy
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier;
Data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data subject means the natural person whose personal data are being processed.
Direct marketing is an activity where individuals are contacted by mail, telephone or other direct method to offer them goods or services and/or ask their opinion on the goods or services offered. This includes advertising and direct marketing messages (communications about new books and related promotions) that are sent to individuals who have given their consent to receive direct marketing and promotional offers from the Controller. These individuals receive the Controller’s newsletters and direct marketing communications via their selected means of communication.
Cookies are small text files that are automatically created when browsing the website and are stored on the data subject’s computer or other terminal equipment.
2. OBLIGATIONS OF THE CONTROLLER
The Controller does not collect any personal information (such as name, surname, national identification number, e-mail address, etc.), except in cases where such information is deliberately and knowingly provided by the actual visitor. A visitor’s personal data can be used in the event that the Controller absolutely needs to contact him or her.
The Controller shall not transfer or disclose personal data to any third parties without the written consent of the individual, except in cases where it is required by law enforcement and state institutions or other entities and when it is specified in the laws or it is necessary to protect the legitimate interests of the Controller.
In order to protect personal data from unauthorised access, unlawful processing or disclosure, accidental loss, alteration or destruction, the measures set out in the Genocide and Resistance Research Centre of Lithuania Rules for the Safe Handling of Electronic Information approved by order of the Director General of the Controller are applied.
Your information is stored in accordance with the General Documents Retention Period Index approved by the Chief Archivist of Lithuania or the limitation period applicable to the respective relationship, whichever is longer.
Once the data retention period expires, personal data must be deleted in such a way that it cannot be reproduced, or depersonalised in such a way that there is no possibility of identifying the individual.
3. PROCESSING OF PERSONAL DATA
The personal data obtained through the enquiry form (contact form) on the website are as follows: name, e-mail address, and other information that the visitor can voluntarily give to the Controller. The completed enquiry form is sent by e-mail to
These data are collected in order to respond to user enquiries.
Without your permission, these data will not be used for any other purposes, and will not be transferred or sold to third parties not related to the provision of our direct services (except in cases where it is required by law enforcement and state institutions or other entities and when it is specified in the laws or it is necessary to protect the legitimate interests of the Controller).
The information collected by cookies is used to ensure the smooth functioning of the website, to provide a better browsing experience, to collect information about the behaviour of the website’s customers, and to analyse trends. Visitors can choose whether they agree to the use of cookies. Visitors who do not agree to the use of cookies can change their web browser settings and disable all or part of the cookies. In some cases, not using cookies may slow down internet browsing speed, limit the functionality of certain website features, or block access to the website. Visitors who have read the Cookie Policy are informed about the risk of not using cookies.
For more on cookies, see the COOKIE POLICY
The information you provide to us when visiting our accounts is controlled by the Controller together with the social media operators as joint controllers.
These data are collected in order to respond to user enquiries.
Our accounts on social media sites:
Facebook:
Lietuvos gyventojų genocido ir rezistencijos tyrimo centras;
Tuskulėnų rimties parko memorialinis kompleksas;
Okupacijų ir laisvės kovų muziejus.
Instagram:
Tuskulėnų rimties parko memorialinis kompleksas.
Youtube:
Lietuvos gyventojų genocido ir rezistencijos tyrimo centras.
The Facebook privacy policy is available at https://www.facebook.com/privacy/explanation
The Instagram privacy policy is available at https://help.instagram.com/519522125107875
The YouTube privacy policy is available at https://policies.google.com/privacy
We recommend that you read the third party privacy notices and contact the service providers directly if you have any questions on how they use your personal data.
When you purchase goods on the online store, the Controller collects the following personal data from you: name, surname, e-mail address, telephone number and address.
Tickets to the Museum of Occupations and Freedom Fights (and its branches) can be purchased at the museum ticket offices or online at www.bilietai.lt. When you buy tickets to the museum online at www.bilietai.lt the Controller collects the following personal data from you: name, surname, e-mail address and telephone number.
The purchase will also be subject to the Bilietai.lt privacy policy, which you can find at Bilietai.lt Privacy Policy
The data you provide are only used to enable us to fulfil the order. Without your permission, these data will not be used for any other purpose, and will not be transferred or sold to third parties unrelated to the provision of our direct services.
The Controller does not collect customer data for logging in to payment systems. You enter the data for logging in to electronic banking or payment systems on the websites of the banks or payment systems, so the Controller does not have access to this information.
When purchasing tickets or goods, the visitor undertakes to provide accurate, correct and complete information. Any losses resulting from the submission of inaccurate or erroneous data are the responsibility of the visitor.
By leaving a review on the website, you are giving us your consent to process the contact details and content of the review you provide. This information will be used to improve our services and take into account your opinions and observations. Without your permission, these data will not be used for any other purpose, and will not be transferred or sold to third parties unrelated to the provision of our direct services.
The content of the reviews and the name given can be seen publicly and are available to all visitors to the page.
When registering for a tour or workshop, you provide the following personal data to the Controller: name and surname, contact information (e-mail, phone number), name of school or organisation (if necessary), desired date/time, preferred language, and other information necessary for organising the tour or workshop.
The personal data you provide will only be used for the following purposes:
- To process your registration for the tour or workshop;
- To provide you with information about the tour or workshop;
- To contact you regarding registration confirmation, payment information or any other issues related to the tour or workshop;
- To collect statistics about tour or workshop participants;
- For direct marketing purposes (with your separate consent).
Your personal data are stored as long as they are necessary for conducting the tour or workshop. After that, the data will be deleted unless they need to be stored due to legal or administrative requirements.
The Controller may disclose your personal data to the following third parties:
- The organiser of the tour or workshop;
- Payment service providers;
- IT service providers;
- Law enforcement institutions.
The Controller will not sell, rent or otherwise transfer your personal data to third parties without your prior consent.
There may be filming and photography at the events we organise. This material is collected for presentational, promotional and chronicling purposes.
Anyone who attends our events understands and agrees that they may be filmed or photographed, and that this material may be used for publicity, including on our websites, social media, advertising and other means of publicising information.
The controller of the personal data (videos or photos) collected during events or exhibitions is the Genocide and Resistance Research Centre of Lithuania, which may transfer videos and photos to third parties. This may include creators and distributors of advertising material, website administration and cloud service providers, and so on.
Anyone who does not want to be filmed or photographed or does not want their image to be used for publicity must convey this to the organisers of the event.
If you have any questions or would like to receive more information about the filming and photography policy, or do not want your photo to be used publicly, please contact us at
4. RIGHTS OF DATA SUBJECTS AND THE EXERCISE THEREOF
In accordance with the further conditions established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), the visitor has the right:
- to know (be informed) about the processing of his or her personal data;
- of access to the personal data processed by the Centre and how they are processed (the right of access);
- to have personal data rectified or, having regard to the purpose of processing the personal data, to have incomplete personal data completed (the right to rectification);
- to obtain the erasure of personal data relating thereto (right to be forgotten);
- to request that we restrict the processing of personal data relating thereto (right to restriction of processing);
- to request that the data submitted to the Centre be moved (right to data portability);
- to object at any time to the processing of personal data, when such processing is carried out in the public interest, in the legitimate interests of the Centre or a third party, and where personal data are processed for direct marketing purposes, including profiling (right to object);
- to withdraw consent to process personal data if the data are processed on the basis of consent.
More about the protection of personal data at the LGGRTC (in Lithuanian)
Visitors who have read the Policy are informed that the Controller always strives to properly ensure visitors’ rights and promptly respond to any possible violation of them. Visitors are informed that in case of any questions regarding the personal data processed by the Controller, they have the right to first contact the Controller, and in all cases, they also have the right to lodge a complaint with the State Data Protection Inspectorate at any time.
The national personal data supervisory authority responsible for monitoring the application of Regulation (EU) 2016/679 in the Republic of Lithuania is:
State Data Protection Inspectorate
Juozapavičiaus Str. 6, LT-09310 Vilnius
Phone (8 5) 271 2804, 279 1445
E-mail
You are responsible for ensuring that the data that you provide to us are accurate, correct and complete.
Please inform us immediately if the data you provide changes. We will not be liable for any damage resulting from incorrect or incomplete personal data provided by you, or from your failure to provide information about changes to your data.
This Privacy Policy may be amended taking into account changes in the legislation and in the activities of the Controller (including the Controller’s branches). Amendments and/or additions to the Privacy Policy shall take effect from the moment they are published on the website.