AGREEMENT ON PERSONAL DATA PROCESSING

Vilnius  

The Client (hereinafter referred to as the Data Controller),

and

UAB Interneto Vizija, number of legal entity 126350731, registered address J. Kubiliaus g. 6,
Vilnius, represented by projects manager Valentinas Čirba acting according to the Articles of
Association of the Company (hereinafter referred to as the Data Processor), hereinafter jointly
referred to as the Parties and separately as the Party,

Having regard to the fact that the Parties have entered into an agreement specified in the Special
Part of this Agreement under which the Data Processor has undertaken to provide the Data
Controller with the Services referred to in the Special Part of this Agreement (hereinafter referred to
as the Contract), have agreed and concluded this agreement on the processing of personal data
(hereinafter referred to as the Agreement).

General

1. The Agreement governs the rights and obligations of the Data Controller and the Data Processor
in the processing of personal data processed by the Data Processor for the purpose of the
provision of the Services specified in the Special Part of the Agreement to the Data Controller.
2. Personal data is processed for the period of validity of this Agreement force.
3. The Data Controller undertakes to:
3.1. Ensure that personal data transferred to the Data Processor during the execution of the
Agreement and the contract is collected and processed lawfully by the Data Controller;
3.2. to implement the rights of the data subject;
3.3. upon request of the Data Processor, assist him in the processing of personal data.

4. The Data Processor undertakes:

4.1. to select the technical and organizational measures for the protection of personal data in
accordance with the nature of data and the level of risk of their handling, and to ensure
their continuous and uninterrupted operation;
4.2. to ensure that appropriate technical and organizational measures for the protection of
personal data are implemented in such a way that data processing complies with the
requirements of the law and guarantees the protection of the rights of the data subject;
4.3. to refrain from using personal data for purposes other than the execution of the Contract
and this Agreement, to take measures to prevent accidental or unlawful destruction,
alteration, disclosure of personal data, as well as any other unlawful processing;
4.4. to refrain from disclosing and transferring, or making personal data available to any
person by any means;
4.5. upon noticing security violations of personal data (actions or omissions that could cause
or endanger the security of personal data), to notify the Data Controller thereof at the
latest within 24 hours from the discovery of a breach of personal data security;
4.6. to guarantee confidentiality both during the validity period of the Contract and the
Agreement, and after the expiration of the validity of the Contract and the Agreement;
4.7. to take all measures required by Article 32 of Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such data;
 4.8. to use the subcontractors for the processing of data specified in the Special Section of the
Agreement;
4.9. by using the subcontractors for the processing of data specified in the Special Section of
the Agreement, to ensure that it will perform all obligations of the Data Processor as set
forth in this Agreement;
4.10. to provide the Data Controller with all assistance necessary to fulfil the rights of the data
subject in accordance with requests submitted by the data subject;
4.11. to help the Data Processor to comply with the obligations laid down in Articles 32-36 of
of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 on the protection of natural persons with regard to the processing of personal data
and on the free movement of such data, having regard to the nature of the data and the
information available to the Data Processor;
4.12. immediately notify the Data Controller if, in the opinion of the Data Processor, the Data
Controller’s order violates the provisions of the legislation;
4.13. at the latest within 8 working hours of the notification, to respond to reports of employees
of the Data Controller on suspicious activity.
5. In the event of a conflict between the provisions of this Agreement and this Contract, the
provisions of this Agreement shall be followed.
6. The Agreement may be amended by a written agreement between the Parties.
7. The Agreement is governed by the law of the Republic of Lithuania.
8. All disputes arising from this Agreement shall be settled in the courts of the Republic of
Lithuania.
9. Annex to the Agreement – Special Part.
Annex to Agreement on the processing of personal data – Special Part

1. Purposes for personal data processing: Provision of Services according to the Service
Contract

2. Data subject categories: 2.1. Data Controller staff;

2.2. Data Controller's clients and their
representatives;
2.3. Data Controller suppliers, other partners
and their representatives;
2.4. other persons whose personal data are
stored by the Data Controller on the server
provided by the Data Processor.

3. Categories of personal data processed: 3.1. Full name;

3.2. E-mail address;
3.3. Telephone number;
3.4. Photos;
3.5. Other personal data stored by the Data
Controller on the server provided by the
Data Processor.

4. Data processing activities: Monitoring and hosting of servers that may

contain personal data, and making of backup
copies of their data and their storage in the
backup repository will not be longer than the
backup service provided to the Data Controller.

5. Data Sub-Processor: UAB Rakrėjus, company registration number

303126701

6. Country of storage of personal data: Republic of Lithuania