Purpose of this privacy notice
This privacy notice (hereinafter – the “Notice”) explains how your personal data, provided through the website www.privacysummit.eu (hereinafter – the “Website”) or other communication channels, is collected and processed.
All terms used in this Notice shall be understood and interpreted in accordance with the definitions set out in the General Data Protection Regulation (EU) 2016/679 (hereinafter – the “GDPR”).
When using our Website and registering to the Baltic Privacy and Innovation Summit 2025, we kindly ask that you familiarise yourself with this Notice and the procedures described herein regarding the processing of personal data.
Data controller
The data controller of the personal data referred to in this Notice is Lietuvos duomenų apsaugos pareigūnų asociacija, legal entity code: 304711138, registered address: Saulėtekio al. 15-1, Vilnius (hereinafter – the “LDAPA” or “Controller”).
Contact details
Should you have any questions regarding the processing of your personal data or this Notice, including any requests to exercise your legal rights, please do not hesitate to contact us by email at info@ldapa.lt.
The following section sets out the purposes for which your personal data is processed, the categories of personal data concerned, the legal bases for such processing, and the corresponding retention periods.
Your personal data will not be processed for any purposes other than those specified at the time of collection, unless a separate lawful basis permits such processing (e.g. the pursuit of the data controller’s legitimate interests, which may include the establishment, exercise, or defense of legal claims).
We would like to note that you may access the Website without providing personal data, as a significant portion of the information is available to individuals who are not registered to the event. However, certain services require personal information to authenticate you or perform specific actions.
1.1.Registration for participation in the summit
Processed personal data: In order to register you for the event, we collect and process the following personal data: your name, surname, organization name, and email address.
Legal basis(es): We will process the provided personal data for the performance of a contract (Article 6(1)(b) of the GDPR).
Purpose(s): The personal data will be processed for the purpose of registering you for the summit, ensuring its smooth organization, and verifying that only registered individuals participate in the summit.
Retention period: We will process and store your data for 3 (three) years.
1.2.Photography, video and audio recordings during the summit
Processed personal data: Please be advised that photos, video and audio recordings will be made during the summit for documentation, promotional, and communication purposes. These materials may feature your identifiable image or audio recordings.
Legal basis(es): We will process the provided personal data based on the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).
Purpose(s): The personal data will be processed for the purposes of documenting, promoting, and communicating the event, as well as creating materials for future reference or educational purposes.
Retention period: We will process and store your data for 2 (three) years
In certain instances, such as for the organisation and facilitation of the summit, to ensure the seamless continuity of the event, safeguard our legitimate interests, or to comply with legal obligations, we may disclose your personal data to the following third parties:
- event partners;
- event facilitators or service providers engaged in the execution of the event;
- social networks;
- other companies that provide services at our request, including data centre, cloud, Website management, and other related services providers;
- lawyers;
- public authorities such as the courts, police, the IRS, but only upon their request and only when required to do so by applicable law or to protect our rights or the safety of our members, employees and resources.
In certain instances, your personal data may be transferred to third countries outside of the European Economic Area (hereinafter – the “EEA”). To ensure that such transfers are carried out lawfully and that your personal data remains protected, we implement appropriate safeguards in accordance with applicable data protection laws.
In particular, the following measures are in place:
Where data is transferred to service providers in countries without such adequacy decisions, we apply standard contractual clauses (SCCs) approved by the European Commission, which provide safeguards equivalent to those under the GDPR.
With regards to the personal data that we process, you have the following rights:
Right to access your personal data: You have the right to access your personal data and learn how it is being processed.
Right to rectify your personal data: You have the right to request the correction or supplementation of any incorrect, inaccurate, or incomplete personal data.
Right to erasure ("Right to be forgotten"): In certain cases, where not prohibited by law or where there is no obligation for the Controller to retain the relevant personal data, you have the right to request the deletion of personal data related to you.
Right to restrict personal data processing: Under certain circumstances, you have the right to request the Controller to limit the processing of your personal data.
Right to personal data portability: Under specific conditions, you have the right to receive the personal data related to you, which you have provided to the Controller, and the right to transfer this personal data to another data controller.
Right to object: You have the right to object to certain types of personal data processing and may withdraw any previously given consent regarding the processing of your personal data at any time.
Right not to be subject to automated decisions, including profiling: You have the right to request that decisions based solely on automated data processing, including profiling, which may have legal effects on you or significantly affect you, are not applied to you.
Right to lodge a complaint: If you believe that our actions or omissions infringe upon your rights or legal obligations, you have the right to lodge a complaint with data protection supervisory authorities. Residents of Lithuania may submit a complaint to the State Data Protection Inspectorate (more information and contact details are available at https://vdai.lrv.lt/lt/). If your habitual residence or place of work is in another country, you may file a complaint with the relevant supervisory authority in that country. For more information on data protection authorities in the EEA member states, please visit https://edpb.europa.eu/about-edpb/about-edpb/members_en. However, in all cases, we recommend contacting us first to seek a swift and effective resolution to any issue before submitting an official complaint to the supervisory authority.
To exercise your rights, you may contact us by email at info@ldapa.lt.
We will provide you with information regarding the actions taken in response to your request without undue delay, and in any case, no later than one month from the date of receipt of your request. Depending on the complexity and number of requests, we reserve the right to extend the one-month period by an additional two months, notifying you of such an extension before the end of the first month and providing the reasons for the delay. In cases of clearly unfounded or excessive requests, we reserve the right to refuse to fulfil them or to charge an appropriate administrative fee.
We would like to emphasize that the data controller reserves the right to request verification of your identity prior to fulfilling any rights you may exercise.