Book a demo

CyberUpgrade’s privacy policy of candidates for employees

  1. General provisions 

    1. The present privacy policy of candidates for employees (“Policy”) is intended for persons applying for employees in the company Cyber upgrade, UAB, legal entity code: 306422641, address Laičių g. 92, Laičiai, LT-21342, Elektrėnai, Lithuania, e-mail: privacy@cyberupgrade.net, phone No.: +370 650 72202 ( “CyberUpgrade” or “we”).

    2. The present Policy determines the main purposes and bases for the processing of personal data of candidates for employees (“Candidates”), including their data storage, the rights of Candidates related to the processing of personal data and other aspects of personal data processing, when we or with the help of third parties carry out selections for vacant positions in CyberUpgrade.

    3. When processing the personal data of the Candidates, CyberUpgrade follows the Regulation (EU) 2016/697 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), the Labour Code of the Republic of Lithuania (“Labour Code”), the Law on Legal Protection of Personal Data of the Republic of Lithuania (“Law”), other legislation regulating the processing of personal data and the present Policy.

    4. Unless provided otherwise, the definitions used in the Policy are understood the same as they are defined in GDPR, the Labour Code, the Law or in other applicable legislation and the internal documents of CyberUpgrade.

    5. When processing the personal data of the Candidates, we adhere to the principles of legality, fairness, transparency, purpose limitation, data volume reduction, data accuracy and storage limitation. We also establish security measures and procedures in our activities to protect the personal data of the Candidates from unauthorized access, disclosure, loss, alteration, destruction or other unauthorized processing.

  2. Purposes of processing the personal data of the Candidates 

    1. We process the personal data of the Candidates for the following purposes: 

organization of selection for a specific vacant position of CyberUpgrade: for this purpose, we process the personal data of the Candidates who have expressed their wish to apply for a specific job position in CyberUpgrade.
organization of future selections for vacant job positions in CyberUpgrade: for this purpose, we can process the personal data of the Candidates who have expressed their wish to participate in future selections for future job positions in CyberUpgrade.

  1. Basis of processing the personal data of the Candidates 

    1. For the purposes specified in the present Policy, the personal data of the Candidates is processed on the basis of consent:

      1. the consent to process the personal data of the Candidate for the purpose of organizing a specific selection for a vacant job position in CyberUpgrade (Clause 2.1 (a) of the Policy) can be expressed after the Candidate voluntarily submits their curriculum vitae (CV), motivation letter or other information about themselves to us or to third parties we use;

      2. the consent to process the personal data of the Candidate for the purpose of future selections for vacant job positions (organized in the future) in CyberUpgrade (Clause 2.1 (b) of the Policy) is clearly and unambiguously granted to CyberUpgrade itself (for example, after the end of a specific selection, the Candidate expresses his/her consent for CyberUpgrade to continue processing his/her data for the purpose of organizing future selections for job positions). 

    2. The personal data of Candidates may be processed for purposes other than those specified above in the present Policy only on the basis of the individual consent of the Candidate (except for cases where certain processing of the personal data of Candidates is necessary for the fulfilment of the requirements of the applicable legislation).

  2. Categories of processed personal data of the Candidates 

    1. For the purposes specified in Clause 2.1 of the Policy, we can process the following personal data of the Candidates:

      1. personal identification data: name, surname, date of birth or personal code, if the latter is indicated by the Candidate;

      2. contact data: residence address, correspondence address (if different from the permanent place of residence), phone number, email address;

      3. qualification and experience data: information about the work experience of the Candidate (workplace, work period, duties, responsibilities and (or) achievements), information about the education of the Candidate (educational institution, period of study, acquired education and (or) qualification), information about the qualification improvement (completed trainings, acquired certificates), information about language skills, skills in information technology, driving skills, other competencies, other information provided by the Candidate in the curriculum vitae (CV), cover letter or other application documents;

      4. references and feedback from employers: the person referring the Candidate or providing feedback, his/her contact details, the content of the reference or feedback;

      5. candidate assessment information: summary of the interview with the Candidate, insights and opinions of the person(s) conducting the selection, the results of the Candidate’s testing (if applicable);

      6. data on conviction and criminal acts, in cases if we are required to collect such data by legislation;

      7. other information that the Candidate provides on his/her own initiative in questionnaires, applications or other communication with the Candidate.

  3. How do we obtain the personal data of Candidates? 

    1. The personal data of Candidates is obtained from:

      1. directly from the Candidates, by sending a CV and (or) motivation letter and providing other information by e-mail or presenting themselves otherwise to CyberUpgrade; 

      2. other persons with whom CyberUpgrade has contractual relations (for instance, entities providing job search, selection and (or) mediation services, for instance, from the Employment Service of the Republic of Lithuania, employment agencies and (or) career portals, career social networks (“LinkedIn”)). In this case, we take the position that the Candidate has received all the necessary information about the processing of his/her data and has given his/her consent to the processing of the personal data of the Candidate to the relevant entity providing such services that also includes the right to provide the data of the Candidate to potential employers (including us) by enabling such potential employers to process the personal data of the Candidate during selection for a vacant job position and evaluating the candidacy of the Candidate; 

      3. we can obtain certain information about the Candidates from third persons, for instance, the persons referring the Candidate, current or future employers. However, we will only collect such information if we have a legal basis to do so, for instance, if the Candidate consents to contact the current employer of the Candidate and (or) another person and we will inform the Candidate prior to contacting the former employer.

  4. Storage period of personal data

    1. The personal data of the Candidates is stored as long as the ongoing selection for a vacant job position in CyberUpgrade is valid, but no more than 6 (six) months.

    2. After the selection for a vacant job position in CyberUpgrade is over, the personal data of the Candidates is stored for no longer than 1 (one) year with the Candidate’s consent. If the Candidate revokes the consent earlier, his/her personal data is deleted without waiting for the period of 1 (one) year to expire.

    3. The personal data of the Candidates can be stored longer than provided in clauses 6.1 and 6.2 of this Policy when:

      1. there are reasonable suspicions of an illegal act that is the subject of an investigation;

      2. the personal data of the Candidate is necessary for the proper resolution of the dispute or complaint;

      3. in case of other grounds provided in legislation.

    4. In any case, we may store the consent given by the Candidate and proof of it for a longer period, if necessary, to be able to defend ourselves against requirements, claims or lawsuits brought against us.

  5. Assurance of security of personal data

    1. We implement various technical and organizational security measures to ensure the security of personal data of the Candidates and prevent illegal or accidental destruction, alteration, disclosure, as well as any other unauthorized data processing. These measures include various hardware and software, additional agreements with used service providers, internal rules related to personal data protection and other measures. 

    2. The transmission of information via electronic means of communication (for instance, e-mail, mobile phone, etc.) may be less secure in individual cases for reasons beyond our control of the technical or organizational measures chosen by us. Therefore, to ensure the security of your confidential personal data, we do not recommend to provide us with information through various less secure and (or) electronic systems that are not used by us.

  6. Recipients of the personal data of the Candidate and countries where we process the personal data

    1. We can transfer the personal data of Candidates for processing to third parties who help us carry out the selection of Candidates for the employees of CyberUpgrade or who provide us with services related to the selection for the proposed job positions, evaluation of Candidates and internal administration, for instance, selection assessment partners, database administrators, etc. 

    2. The personal data of the Candidates may also be provided to competent authorities, law enforcement agencies, public administration entities, but only upon their request and only when required in accordance with applicable legislation or in the cases and procedures provided for by legislation to defend the rights of CyberUpgrade and fulfil its obligations to declare, file and defend legal claims. 

    3. By understanding our obligation to process personal data in strict accordance with the applicable requirements, we use only those service providers who have implemented/undertake to implement appropriate technical and organizational security measures and we ensure that the said service providers comply with appropriate personal data protection, security and confidentiality obligations established in a written contract. 

    4. We process and store the personal data of the Candidates in the territory of the European Union and the European Economic Area. We do not transfer any personal data of Candidates to third countries or international organizations that are not in the European Union and the European Economic Area.

  7. Rights of Candidates, as data subjects, and their implementation procedure

    1. You as Candidate and as a data Subject, have the following rights:

      – right to be informed and to have access to personal data      :

You have the right to receive information about the processing of your personal data in a transparent, intelligible, and easily accessible form, using clear and plain language. This is provided for in this Policy. If any part of this Policy is not clear to you, please contact us using the contact details specified in clause 1.1 of this Policy. You also have the right to receive CyberUpgrade confirmation as to whether the data relating to you is processed and, if such data is processed, you have the right to access your personal data and the following information:

  • purposes for data processing;

  • categories of personal data;

  • data recipients or categories of data recipients;

  • the period of retention of personal data or the criteria used to determine that period;

  • the right to request CyberUpgrade to rectify or delete your personal data or to restrict the processing of personal data relating to you or object to such processing, and the right to file a complaint with a supervisory authority;

  • information about the sources of your personal data;

  • where personal data is transferred to a third country or an international organization, information about appropriate safeguards relating to the transfer of data.

In addition, you have the right to receive a copy of the personal data that we have about you. We have the right to charge a reasonable fee based on administrative costs for any additional copies requested by you.

– right to have personal data rectified:

You have the right to request that CyberUpgrade correct inaccurate or incomplete personal data about you. You are responsible for ensuring that the data you provide to us is accurate, correct, and complete. If the data you provide changes, you must notify us immediately by amending the relevant data in the registration form or, if the data is not specified in the registration form, by notifying us about it by email. In no event will we be liable for any damage caused to you because you have indicated incorrect or incomplete personal data or have not informed us of changes.

– right to erasure (“right to be forgotten”):

You have the right to request us to erase or delete your personal data if there is no reasonable reason why we should continue to process it if personal data is no longer necessary for the purposes for which it was collected or processed or if you withdraw your consent on the basis of which the personal data was processed and there is no other legal basis for processing it or on other grounds set out in Article 17 of the GDPR. Please note that in order to ensure the security of information systems and personal data, CyberUpgrade makes personal data backup copies. We will then delete or remove your personal data, except for the data from such backup copies, within the terms specified below. If, before the expiry of the term specified in this paragraph, we are forced to restore the backup copy containing your personal data, we will immediately delete such data and will not use it for any other purpose. Please note that Article 17(3) of the GDPR provides for exemptions to the cases above, where the data must be processed. If any such exceptions are valid in your case, we will inform you accordingly.

– the right to restrict the processing of personal data:

You have the right to request CyberUpgrade to restrict (or suspend) the processing of your personal data if:

  • you contest the accuracy of your personal data – until its accuracy is verified;

  • your data has been unlawfully processed but rather than request erasure, you wish to restrict processing;

  • we no longer need the personal data, but you need us to keep the data in order to establish, exercise, or defend against a legal claim;

  • you have objected to us processing your data – until it is verified whether our legitimate grounds override yours.

After restricting the processing of personal data, such personal data may be processed (except for its storage) only with your consent or only for the purpose of the establishment, exercise, or defense of legal claims, protection of the rights of another natural or legal person or for reasons of important public interest.

– right to data portability:

You have the right to receive your personal data provided by CyberUpgrade, in a structured common machine-readable format, as well as the right to transfer this data to another controller, provided that:

  • the data is processed on the basis of the consent or contract; and

  • the data is processed by automated means.

You also have the right to request that CyberUpgrade transfer your personal data directly to another controller if it is technically possible.

– right to object:

You have the right to object at any time to the processing of your personal data for the purpose of public interest or the legitimate interest of CyberUpgrade. In this case, CyberUpgrade will no longer process your personal data unless we can prove the legitimate grounds on which your personal data is processed and which are more important than your interests, rights, and freedoms, or if this is necessary to establish, exercise, or defend a legal claim. When personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for this purpose and it will no longer be processed for this purpose.

– right to withdraw consent:

If your personal data is processed on the basis of your consent, you have the right to withdraw such consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

– right to file a complaint with supervisory authority:

If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority of the EU Member State of your habitual residence, your place of work, or the place of the alleged infringement. The supervisory authority in Lithuania is the State Data Protection Inspectorate, address: L. Sapiegos str. 17, 10312 Vilnius, Lithuania, email: ada@ada.lt, website: https://vdai.lrv.lt/. Before submitting a complaint to the supervisory authority, we would appreciate it if you would contact us and explain your concerns to us. We will make maximum efforts to resolve your question expeditiously and carefully. 

CyberUpgrade will examine your request to exercise the rights of the data subject within 1 month. This period may be extended, if necessary, for a further period of 2 months, taking into account the complexity and number of requests. In this case, CyberUpgrade will notify you of any such extension within 1 month of receipt of the request, together with the reasons for the delay. If upon the receipt of a request, complaint, or claim, we have suspicions regarding your identity, we have the right to request additional information necessary to confirm your identity. 

  1. In addition, please note that the above rights of data subjects may be restricted in order to ensure the prevention, investigation, detection or prosecution of criminal offences or the enforcement of criminal sanctions, including the protection against and prevention of threats to public security, public safety, and in the cases of restriction of rights as set out in Article 23 of the GDPR.

    10. Updates of Policy

We have the right to update or change this Policy at any time. Such an updated or amended Policy will enter into force upon its publication at our website. If substantial changes to this Policy are made, this will also be communicated.

Linkedin

Company

Compliance

Resources

© 2025 CyberUpgrade. All rights reserved.

Privacy Policy

Terms of Service

Cookies Settings