FOR EMPLOYEES  

Privacy Policy

1. GENERAL PROVISIONS
1.1 This privacy policy ("Privacy Policy") explains how we collect, use and protect your personal data, what your rights are and how you can exercise them.
1.2.Your personal data is processed by ICM Group UAB (hereinafter referred to as the "Company" or "we"), established and operating under the laws of the Republic of Lithuania, legal entity code 306343763, address Konstitucijos pr. 7, 27 floor, 09308 Vilnius, e-mail: info@icmgroup.lt Phone number: +370 685 58637.
1.3 This Privacy Policy applies to you when you order or use our services, interact with us, visit our website, or use our services. www.icm.lt (the "Website"), interact with us through our pages on social networking platforms ("Social Networking Accounts"), visit our premises, contact us by email, telephone or other communication channels.
1.4 For the purposes of this Privacy Policy, the term "personal data" ("Personal Data") means any information or set of information from which we can directly or indirectly identify you, such as your name, surname, email address, telephone number, etc.
1.5 We process your personal data in accordance with the requirements of the General Data Protection Regulation 2016/679 (EU) (hereinafter referred to as the "GDPR"), the laws of the Republic of Lithuania, and the instructions of the relevant supervisory authorities.
1.6 By using our services, Website or Social Media accounts, communicating or otherwise interacting with us, you acknowledge that you have read and understood this Privacy Policy. If you do not agree to or understand its terms, you may not use our services or communication channels.
1.7 Our Website and Social Accounts may contain links to external websites (for example, the websites of our partners or projects in which we are involved). This Privacy Policy does not apply to such external websites and we recommend that you consult their privacy policies when you access them.
1.8 We may update this Privacy Policy from time to time. We encourage you to review it regularly to keep informed about how we process your Personal Data.
2. HOW WE COLLECT YOUR PERSONAL DATA
2.1 We may collect your Personal Data:
2.1.1. directly from you, for example, when you make enquiries, place orders, agree terms of cooperation, use our services, make payments, communicate by email or telephone, or transmit information about yourself;
2.1.2. from other external parties, for example, from your employer, from public government registers, and payment confirmations from financial institutions;
2.1.3. from group companies where it is necessary for us to exchange data in order to provide you with services, respond to your enquiry or for other reasons;
2.1.4. automatically through certain technologies, for example, when you visit our Website, interact with our Social Networking accounts, use our Wi-Fi network or visit premises where we carry out video surveillance to ensure security.
2.2 Where you provide Personal Data about yourself or others (for example, your representatives), you are responsible for the accuracy, completeness and timeliness of such data, and for informing or consenting to the person whose Personal Data is being provided to provide us with their Personal Data. In certain cases, we may ask you to confirm that you have the right to provide us with Personal Data (for example, by completing registration forms) and to identify you as the source of the Personal Data.
3. WHAT PERSONAL DATA WE PROCESS
3.1 To help you better understand how we process your data, we have prepared an overview of the main purposes for which we process Personal Data:
Purpose of processing personal data Personal data processed Time limits for processing personal data Legal basis for processing personal data
Provision and quality assurance of accounting and corporate governance services. Name, title, position, contact details, status of representative, signature; account number, payment details; details of orders, contracts, other cooperation documents and communications; details of quality enquiries, inspections, non-conformities and quality-related decisions. 10 years after the end of cooperation;
Unconfirmed orders - 1 year after the end of the reconciliation;
VAT invoice and payment data - 10 years after invoicing, payment;
Quality management data - 3 years after the query was resolved.		 The processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR);
The processing is necessary to comply with the obligations laid down in the financial accounting legislation (Article 6(1)(c) GDPR);
Legitimate interests (Article 6(1)(f) of the GDPR) to manage the provision of services, to ensure the quality of services.
Managing enquiries and providing information about the Company's activities. Name, title (if provided), contact details, place of work or provision of services (if provided), social networking account details (if communicated via social networking account); the content of requests and related communications or documents; consent management details. 1 year after the end of the communication;
On social networking accounts - according to their settings, but no longer than 1 year after the end of the communication;
Publicly published evaluations and feedback - until removed.		 Consent of the data subject (Article 6(1)(a) GDPR);
Legitimate interests (Article 6(1)(f) of the GDPR) to provide adequate information about their activities.
Managing and ensuring the security of your website and Social Media accounts. IP address, data collected by cookies and similar technologies, visitor behaviour data, public social media account data and actions (account followers, reactions to posts, comments, shares); consent management data. Website data - according to the terms of the cookies, but no longer than 2 years;
Where the data is not contained in cookie information, for a maximum of 1 year after collection;
Social network accounts are not stored separately, only accessed.		 Consent of the data subject (Article 6(1)(a) GDPR);
Legitimate interests (Article 6(1)(f) of the GDPR) to ensure the functioning and security of the Website.
Sending commercial offers or news, collecting customer feedback, improving the Company's performance. Name, title (if applicable), email address, telephone number; data provided in a commercial offer or communication; data on receipt, viewing of an offer or news; data from quality surveys; consent management data. Data on commercial offers - 1 year after submission;
Consents to receive newsletters - for 3 years from the date of data submission;
Data from quality surveys - 1 year after receipt or resolution of the situation.		 Consent of the data subject (Article 6(1)(a) GDPR);
Legitimate interests (Article 6(1)(f) of the GDPR) to organise marketing, analyse the quality of services and, in accordance with Article 81(2) of the Law on Electronic Communications.
Company communication and event organisation. Name, surname, email address, phone number, social network account profile (with consent), job title, workplace (if applicable); event-related data (date, location, list of attendees, catering preferences, etc.); photographs, video and audio recordings; opinions, comments, interviews, articles, etc., consent management data. 5 years from the start of the processing and, in the case of publication, until the end of the publication. Consent of the data subject (Article 6(1)(a) GDPR);
Legitimate interests (Article 6(1)(f) of the GDPR). ensure effective communication;
Consent for special categories of personal data (Article 9(2)(a) of the GDPR) on allergies, health conditions (where necessary for events).
Administration of the company's activities, managing the agreements, documents and tasks required for the operation. Name, surname, personal identification number (if applicable), job title, email address, telephone number, work or business address, signature, details of experience and qualifications (if applicable); documents, information and communications relating to contracts, supplies or cooperation; supplier credentials; details of organisation, attendance at meetings and communications; person represented (where you are representing someone else) and the contact details of the person represented. In accordance with the Index of retention periods for general documents (1-10 years);
Data not included in the index - 5 years after the end of the contact;
Remote meeting data - according to the settings in the apps, but for a maximum of 1 year.		 Data subject consent (Article 6(1)(a) of the GDPR) for the use of telecommunication applications;
The processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR);
Legitimate interests (Article 6(1)(f) GDPR) to ensure the continuity of the business, to obtain goods, services, works, to check the reliability of suppliers.
Managing payments for services, accounting, arrears management. Name, surname, personal identification number (if required), signature; details of ind. activity; address, e-mail address, telephone number; VAT registration details; account and payment details; details of debts; person represented (where you are representing another person), contact details; content of communication. In accordance with the legislation governing financial transactions and financial accounting and the General Index of Document Retention Periods (10 years). The processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR);
The processing is necessary to comply with the obligations laid down in the financial accounting legislation (Article 6(1)(c) GDPR);
Legitimate interests (Article 6(1)(f) of the GDPR) in the efficient management of financial transactions, accounts and debts, and in the making of meaningful forecasts and judgements.
Handling requests, complaints, disputes and ensuring the rights of data subjects. Name, surname, email address, telephone number, address, position; person represented (where you represent another person), contact details; content of the complaint/claim/proceeding, information related to the dispute/claim. According to the index of retention periods for general documents (from 1 to 10 years after the end of examination);
Data not included in the index - 3 years after the end of the examination;
Data on the pre-litigation handling of data subjects' requests - 2 years after the end of the handling;		 The processing is necessary for the fulfilment of the obligations laid down by law relating to the judicial and extrajudicial settlement of disputes (Article 6(1)(c) GDPR);
Legitimate interests (Article 6(1)(f) GDPR) to assert, exercise or defend one's rights and legal claims.
Selection, evaluation and management of candidate data for future selections Name, surname, email address, telephone number, address, education and activity data, content of CV, correspondence with the candidate, other information required by the candidate or provided by the candidate; information required for the work or residence permit. During the selection period and for 3 months afterwards. The Selection shall end when the Company has selected a candidate, terminates the Selection, or the candidate declines to participate further;
For data not provided for a specific selection, as well as for data in the candidate database (with the consent of the candidate), for 1 year after receipt of the data;
Information on permits for foreign nationals - before the employment contract is concluded.		 Consent of the data subject (Article 6(1)(a) GDPR);
Data processing is necessary to fulfil a legal obligation (Article 6(1)(c) GDPR) related to residence and work permits for foreigners in Lithuania;
Legitimate interests (Article 6(1)(f) GDPR) in ensuring a smooth turnover of staff and attracting and processing data from a former existing employer (Article 5(2) of the ADTAA).
3.2 You have the right to object to or withdraw your consent to the processing of your Personal Data at any time if it is processed on the basis of your consent. If consent is withdrawn before the expiry of the data retention period, the data shall continue to be processed until the consent is withdrawn. Withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal.
3.3 We may use the contact details you provide to send you important communications or to contact you about material changes to our services or operations that may affect our cooperation. These communications are necessary for the proper provision of our services and do not constitute marketing communications.
3.4 You may request that we correct or update the Personal Data we hold about you. In some cases, we may ask you to verify that the information we hold about you is accurate and up-to-date as this may be necessary for the proper provision of our services.
3.5 We may use automated tools, including artificial intelligence chatbots and decision-making systems, to help us provide our services, for example, to process enquiries, manage orders. You have the right to request human intervention if an automated decision has a significant impact on you.
3.6 We monitor the retention periods of Personal Data and aim to delete Personal Data promptly when it is no longer necessary for the purposes for which it was collected.
4. SOCIAL MEDIA ACCOUNTS
4.1 We have official pages on social networking platforms where we post information and news about our activities. We may also place advertisements on these accounts and respond to your queries or comments.
4.2 When you visit Social Networking Accounts, you are also subject to the privacy policies, terms of use and rules of the respective operators of the social networking platform (for example, Facebook, Instagram or Linkedin). These platforms independently determine the terms and conditions for the processing of your Personal Data and we have no control over their activities. In addition, the operators of social networking platforms may impose restrictions on how we can manage or use the data collected through their services.
4.3 When you interact with us through our Social Media accounts (for example, by posting a comment, sharing our content, sending us a message or following our page), we may have access to certain public information about your profile depending on your privacy settings on that platform. Such information may include your profile name, photo, email address, and any content you choose to share publicly on your profile.
4.4 Please note that the information you make public on our Social Networking Accounts (for example, comments you post) may be visible to other visitors to your Social Networking Account, depending on the personal privacy settings you have chosen. You are responsible for managing the privacy settings of your Social Networking Profiles.
5. WHAT PRINCIPLES WE FOLLOW WHEN PROCESSING PERSONAL DATA
5.1 In processing your Personal Data, we comply with the following principles:
5.1.1 We process personal data in accordance with all applicable laws and regulations, including the GDPR;
5.1.2 We process your Personal Data lawfully, fairly and transparently;
5.1.3 We collect your Personal Data for specific, explicit and legitimate purposes and we do not process it for any purposes incompatible with the purposes originally stated unless permitted by law;
5.1.4 We take all reasonable steps to ensure that the Personal Data we process is accurate and kept up to date. Inaccurate or incomplete data shall be rectified, supplemented, limited or deleted;
5.1.5 We only keep your Personal Data for as long as is necessary for the purposes for which it was collected;
5.1.6 We do not disclose your Personal Data to third parties except as described in this Privacy Policy or as required by applicable law.
5.1.7 We implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, disclosure, alteration or destruction.
5.1.8 Our employees are obliged not to disclose your Personal Data to unauthorised third parties.
6. TO WHOM AND WHEN WE TRANSFER YOUR PERSONAL DATA
6.1 In order to conduct our business and provide our services efficiently, we may share your Personal Data with trusted service providers who help us achieve the purposes described in this Privacy Policy:
6.1.1. The provider of the document management systems, digital workspace (including the telepresence application) is Microsoft Ireland Operations Limited (Ireland);
6.1.2. the CRM and business management system provider is UAB B1 (Lithuania);
6.1.3. Recruitment and HR management systems and service providers - Recruitment Software OÜ (Estonia), LT Solutions UAB (Lithuania, a group company);
6.1.4. The provider of document signing solutions is UAB Dokobit (Lithuania);
6.1.5. payment and financial services management provider - AB "Šiaulių bankas" (Lithuania);
6.1.6. providers of server and hosting services, website administration services, IT services, communication services - UAB Hostinger (Lithuania), MB begrow (Lithuania), UAB Bitė (Lithuania), Google Ireland Limited (Ireland);
6.1.7. telecommunication solution providers - Zoom Video Communications, Inc. (USA), Google Ireland Limited (Ireland) (Google Meets);
6.1.8 The provider of the IoT tools is OpenAI Ireland Limited (Ireland) (ChatGPT);
6.1.9. Legal and other service providers.
6.2 When we manage our Social Networking Accounts, we may share certain data with the operators of social networking platforms. The platforms we may use are:
6.2.1. Meta Platforms Ireland Ltd (Facebook and Instagram);
6.2.2. LinkedIn Ireland Unlimited Company (LinkedIn).
6.3 Data shared on social networking platforms may be transferred outside the European Union and the European Economic Area (EU/EEA) in accordance with applicable international data transfer mechanisms, such as standard contractual clauses or eligibility decisions approved by the European Commission.
6.4 We may disclose your Personal Data to public authorities, law enforcement authorities, courts or other competent bodies where required to do so by applicable law or lawful requests. Such disclosures are made in accordance with legal requirements.
6.5 In the event of a reorganisation, merger, acquisition, sale of all or part of our business, or other structural and legal change in the Company's business, your Personal Data may be transferred to new owners or partners as part of the transaction, subject to appropriate confidentiality and data protection measures.
6.6 As part of a group of companies, we may use other common systems or services, including the exchange of Personal Data between companies. Such internal data transfers are carried out in accordance with applicable data protection laws. A list of companies within the group of companies is available upon request.
6.7 Although we primarily process Personal Data within the EU and EEA, your Personal Data may sometimes be transferred to countries outside the EU/EEA. In such cases, we ensure that appropriate safeguards are in place, including:
6.7.1. the use of standard contract clauses approved by the European Commission;
6.7.2. a transfer on the basis of an eligibility decision taken by the European Commission;
6.7.3. other legal mechanisms permitted under applicable data protection law;
6.7.4. your explicit consent where required.
7. WHAT RIGHTS YOU HAVE
7.1 As a data subject, you have the following rights in relation to your Personal Data:
7.1.1. to be informed about the processing of your Personal Data and to have access to your Personal Data, i.e. to obtain confirmation of whether we process your Personal Data and to request access to the processing of your Personal Data and the related information;
7.1.2. to ask us to correct inaccurate, incorrect or incomplete information about you, or to supplement it;
7.1.3. to ask us to delete the information we hold about you where there is a basis for deletion;
7.1.4. to request us to restrict the processing of the information we hold about you where you contest the accuracy of the Personal Data or object to the processing of the Personal Data, you object to the erasure of unlawfully processed Personal Data, or you need the Personal Data in order to assert, exercise or defend legal claims;
7.1.5. to object to the use of your Personal Data where we process your Personal Data for the purposes of our legitimate interests and/or the legitimate interests of third parties (including profiling, if any);
7.1.6. to submit a request to us to transfer (receive) Personal Data that you have provided to us under a contract or consent to the processing of Personal Data and that we process by automated means in a commonly used electronic format;
7.1.7. to object to a decision taken by fully automated means, including profiling, where such decision-making may have legal consequences or similar significant effects on you;
7.1.8. to withdraw the consents given to us for the processing of your Personal Data where we use Personal Data on the basis of your consent, including where we process Personal Data for direct marketing purposes, including profiling in connection with direct marketing;
7.1.9. lodge a complaint with the State Data Protection Inspectorate.
7.2 We may refuse to exercise your rights where we are not permitted to comply with your request under the GDPR or any other law, except to object to the processing of your Personal Data for direct marketing purposes or in other cases where the processing of Personal Data is carried out with your consent.
7.3 If you do not want your Personal Data to be processed for the purposes of direct marketing, competitions, surveys, including profiling, you may opt out of such processing of your Personal Data, without giving reasons for your opt-out, by sending an e-mail to indicate your objection, or by any other means indicated in the message provided to you (for example, by clicking on the relevant link in the newsletter).
7.4 If you wish to withdraw your consent to the processing of your Personal Data or exercise any of your other rights listed above, you may contact us by email at info@icmgroup.lt. To better understand your request, we may ask you to fill in the relevant application form and sign it with an advanced or qualified electronic signature.
7.5 In some cases, we will only be able to process your request after verifying your identity. This may include, for example, asking you to provide an identity document or other information.
7.6 We do not normally charge a fee for exercising your rights. However, the law allows us to charge a reasonable fee or to refuse to comply with your request if it is manifestly unfounded or excessive.
7.7 Upon receipt of your request or instruction regarding the processing of your Personal Data, we will provide you with a response within no later than 1 month from the date of the request and will carry out the actions specified in the request or inform you why we refuse to do so. If necessary, the time limit may be extended by a further 2 months depending on the complexity and number of requests. In this case, we will inform you of the extension within 1 month of receipt of the request.
7.8 If Personal Data is erased at your request, we may retain copies of the information as necessary to protect our legitimate interests and those of others, to comply with governmental obligations, to resolve disputes, to identify interference or to comply with agreements.
8. USE OF COOKIES AND SIMILAR TECHNOLOGIES
8.1 A cookie is a small text file that is stored in the browser or on your device (computer, tablet, mobile phone). In this Privacy Policy, we use the term "cookies" to refer to cookies and other similar technologies, such as pixel tags, web beacons and clear GIFs.
8.2 Cookies may be used to ensure the proper functioning of the Website, to improve your browsing experience, to remember your preferences, to ensure security, to analyse traffic, to link our Social Networking Accounts to the Website and to provide tailored content.
8.3 We may use cookies that are necessary for the operation of the Website, analytical cookies that analyse the use of the Website, functional cookies that remember users' preferences, ensure the smooth and secure functioning of the Website and help us to improve it, performance cookies, cookies from third parties, advertising cookies that are designed to show you both personalised and generic advertisements.
8.4 Some third parties, such as operators of social networking platforms, may use their own cookies to tailor the apps or applications they develop to your needs. We do not control the use of these cookies. We recommend that you check the privacy policy of the third party for more detailed information. Some third parties may transfer data to countries outside the European Union/European Economic Area (EU/EEA), such as the United States of America, in accordance with applicable international data transfer rules.
8.5 We may also use tools such as Google Analytics, Google Tag Manager, Google Ads, Meta Pixel and other remarketing and optimisation solutions to better understand user behaviour and optimise our marketing efforts. Some of these tools may transfer data to countries outside the European Union/European Economic Area (EU/EEA), such as the United States, in accordance with applicable international data transfer rules.
8.6 Our Website uses cookies:
Cookie name Description / Purpose of use Moment of creation Period of validity Data used
cookie_consent_status with
cookie_notice_accepted		 Remembers the user's cookie preferences At the time of entry to the site valid for 6-12 months IP address
8.7 You can manage your cookie preferences using the Website's cookie management tool. You can choose to accept or reject unnecessary cookies at any time. You can also manage cookies through the privacy settings of your browser or mobile phone operating system.
8.8 For more information on how you can manage your preferences, please visit reputable sources such as, www.allaboutcookies.org or the help section of the browser you are using.
9. CONTACT US
9.1 If you have any questions regarding the information contained in this Privacy Policy, please contact us by e-mail at info@icmgroup.lt or by phone +370 685 58637.
9.2 If you believe that your rights have been infringed under the GDPR, you may lodge a complaint with our supervisory authority, the State Data Protection Inspectorate. We aim to resolve all disputes promptly and amicably, so you are welcome to contact us in the first instance.
10. FINAL PROVISIONS
10.1 If we change this Privacy Policy, we will notify you by posting the updated Privacy Policy on the Website or by other customary means of communication.
Last update date: 2025-07-01

Business enquiry

Fill in the business enquiry form - let's explore cooperation opportunities together!