Privacy Policy

1. Overview

This Privacy Notice (the “Privacy Notice”) is designed in order to provide you the explanations on how your personal data is being processed when you visit our website https://nomadlaw.com (the “Website”) or use the services (the “Services”) introduced on the Website.

UAB Nomad Law, company code 305295301, registered at J. Basanaviciaus str. 26, Vilnius, the Republic of Lithuania, LT-03224 (the “Firm” or “we”) process your personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR“) and other applicable laws.

By contacting us via options available on the Website or by using this Website and the Services you confirm you have read, understood and accepted this Privacy Notice.

2. Purposes and retention period of your personal data processing

Support services

For this purpose we process your personal data so that we could provide you the necessary consultation based on your expressed request and / or answer any inquiry you may have. We may process your personal data throughout the provision of the support services and for 2 (two) years after our last actual contact with each other (e.g., our last e-mail to you answering your request). If during our communication you request specific Services and we agree to start working on that, then your personal data collected for the purpose of providing support services will be further processed for the purpose of provision of the requested Services;

Provision of the requested Services

For this purpose we collect your personal data in order to be able to provide the agreed Services in the most efficient and effective manner. We may process your personal data for as long as it is necessary in order to provide the required Services and as required by retention requirements in applicable laws and regulations, therefore, your personal data will be processed throughout our continues contractual relationship and stored after this relationship ends for up to 10 (ten) years. In case we have not entered into contractual relationship, your personal data will be processed for 2 (two) after our last actual contact with each other, except in cases where a longer period is established by laws and / or other regulations.

Direct marketing

For this purpose we process your personal data in order to update you on the scope of the Services we are able to offer, upcoming events or latest news we think you may be interested in. We may process your personal data throughout our continues contractual relationship or for 2 (two) years counted from the moment you expressed your consent to such processing, except in cases in which you decided to revoke your consent earlier or express your wish no longer to receive our newsletters;

Recruitment

For this purpose we process candidate’s personal data in order to assess his / her skills and qualifications in relation to the desired position, communicate during the ongoing recruitment process, keep records about its process and conclude a contract with the selected candidate. We may process your personal data during the recruitment process, but no longer than 6 (six) months, except in cases when you express a separate consent in order to stay in our candidate’s database for a longer period. In case the candidate has been selected by the Firm, the information he / she has provided will be further processed for internal administration purposes for as long as it is necessary according to applicable laws,

Administrating and improving the Website

For this purpose we may process some of your personal data in order to ensure Website functions properly and provides you with the best experience. For more information check our Cookie Policy.

If you do not provide the Firm with the personal data necessary in order to achieve the above indicated purposes, the Firm may not be able to keep a contact with you, continue contractual relationship, provide Services or perform other related functions.

3. Personal data we collect

The personal data we may process about you depends on your use of the Website, the type of Services you are willing to get from or your intention to participate in our organized recruitment purpose. Therefore, the personal data we may collect about you, could include but is not limited to the following categories:

• Personal information (such as first name, last name, image, citizenship, identity document data and its copy, country of residence for tax purpose, video and audio record for identification);
• Contact data (such as phone number, residing address, e-mail);
• Information about your occupation and income sources (such as type of occupation, countries related to your occupation);
• Financial information (such as source of your funds, monthly income, accounts in financial institutions, transactional data);
• Information about your desirable Services (such as Services you are interested in, your personal needs);
• Relationship data (such as information about relation to Politically Exposed Person (“PEP”), relation to other legal entities);
• Communication data (such as correspondence, chats, date, time);
• History data (such as time-stamped correspondence and provision / execution of the required Firm’s services);
• Recruitment data (such as resume (CV), data on candidate’s education and qualification, career social network profile (i.e., Linkedin), candidate’s assessment data);
• Information related to your use of the Website (such as browser and device data (IP address(es), time zone, time, data, browser information, screen resolution, electronic device‘s operational system information, location data (country (code), city), internet service provider (ISP), etc.) and usage data (time spent on the Website, pages visited, links clicked, etc.)).

4. Ways how we get your personal data

The Firm collects your personal data directly from you or from the third parties when:

• you contact us;
• you use our Website.

5. Legal basis for personal data processing

We process your personal data based on at least one of the following grounds:

• you have given a consent;
• your personal data processing is necessary for the performance of a contract or in order to take steps at the request of you prior to entering into a contract;
• your personal data processing is necessary for compliance with a legal obligation to which the controller is a subject;
• your personal data is necessary for the purpose of the legitimate interests pursued by us or the third party.

6. Personal data recipients

We may disclose your personal data under initiative of our own or upon respective request to the below indicated personal data recipients which are also obliged to comply with the requirements of GDPR, laws and other mandatory legal requirements:

• banks, financial, payment and (or) electronic money institutions;
• professional advisors (legal, financial, risk management, etc.);
• third party services providers which we outsource for the purpose of execution specific functions (e.g. IT services, document management services, translation services, fraud detection services, etc.);
• courts, attorneys, bailiffs, national and local authorities;
• other service providers which services may include, or which are engaged in personal data processing executed by the Firm.

Personal data may also be provided to other recipients if:

• the Firm has to comply with a legal obligation to which it is a subject; or
• such requested personal data is necessary for the concrete data recipient to carry out a particular inquiry in the general interest, in accordance with the European Union or Member State law; or
• the data requesting party has a legitimate interest to request for such information.

Most of the time the Firm process your personal data within the European Economic Area ("EEA"). Whenever the Firm needs to transfer your personal data outside EEA, it ensures such a transfer complies with GDPR requirements, such as:

• the personal data transfer is made to the country which the European Commission has acknowledged as ensuring the adequate level of protection;
• the personal data transfer is made subject to appropriate safeguards designated by law (such as standard data protection clauses);
• the personal data transfer is made in relation with the binding corporate rules approved by competent supervisory authority;
• other security measures under GDPR has been complied.

7. Security measures

The Firm takes various security ensuring technologies and procedures in order to protect your personal data against unauthorised or unlawful processing, accidental loss, misuse, unauthorized access, illegal usage, destruction, disclosure, damage, etc. This includes legal, organisational, technical, and physical security measures, such as the latest security systems, working only with trustworthy service providers, ability to detect cyber security attacks and other threats to the integrity of the Website. However, no transmission of information via email or other telecommunication channels through the internet could be fully secured. Therefore, you should take due care when you are sharing confidential information via e-mail or other telecommunication channels.

8. Cookies

Cookies are small information files that your device browser finds on the Website and stores in your device. In order to get to know more about cookies, please read our Cookie Notice.

9. Your data protection rights

You have certain legal rights in relation to the processing of your personal data:

• the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, if so, access to the personal data and the information regarding its processing as set out in article 15 of GDPR;
• the right to obtain from us without undue delay the rectification of inaccurate personal data as set out in article 16 of GDPR;
• the right to obtain from us the erasure of personal data concerning you without undue delay as set out in article 17 of GDPR;
• the right to obtain from us restriction of processing as set out in article 18 of GDPR;
• the right to data portability as set out in article 20 of GDPR;
• the right to object at any time to processing of your personal data as set out in article 21 of GDPR;
• the right not to be subject to an automated individual decision-making, including profiling, as set out in article 22 of GDPR.

This Privacy Notice does not deprive you of any other legal rights you may enforce under the applicable law.

You may be able to exercise your rights only after the Firm has successfully identified you. If the Firm is not sure about the identity of the person sending the request, the Firm may not provide the requested information to him / her, unless his / her identity is confirmed.

You may be provided with information related to the exercise of your rights free of charge. However, your request for the exercise of rights may be waived or may be subject to an appropriate fee if the request is manifestly unfounded or excessive, in particular because of their repetitive character.

The Firm shall provide you with information on the actions taken upon receipt of your request for the exercise of your rights or the reasons for the inaction no later than within 1 month from the receipt of the request. The period for submitting the requested information may be extended, if necessary, for 2 more months, depending on the complexity and number of requests. If you have submitted the request by electronic means, the information shall also be provided by electronic means.

If you consider that your personal data is being processed in violation of your rights and legitimate interests in accordance with applicable law, you shall have the right to file a complaint against the processing of personal data to the State Data Protection Inspectorate of the Republic of Lithuania.

10. Final provisions

If you have any questions regarding this Privacy Notice or if you want to execute your rights you may contact us via e-mail: [email protected]

This Privacy Notice shall be viewed and applied in accordance with GDPR and other applicable laws.

The Firm reserves the right to revise this Privacy Notice from time to time in order to correspond with the changes of its business practice or applied legal requirements. The revised Privacy Notice will be effective upon the posting of it on the Website and you have a sole responsibility to review it. Your continued use of the Website and Services following any such revisions to the Privacy Notice will constitute your acceptance of such changes.