We are Kaunas University of Technology (hereinafter – KTU or the University), legal entity code 111950581, registered office address K. Donelaičio str. 73, LT-44249 Kaunas, tel. +370 (37) 300 000, 300 421, fax +370 (37) 324 144, email ktu@ktu.lt, main website https://ktu.edu.

In most cases, the University processes personal data as a data controller; however, depending on the situation, it can also act as a joint data controller or a data processor.

We process your personal data based on the following legal grounds defined by the GDPR:

1. We aim to make or have made and are executing a contract, agreement with you or any other equivalent obligation;
2. You have expressed your consent in writing or by an action;
3. We have a legal obligation, i.e., the current national legislation obligates us to process your personal data;
4. Your personal data are processed in the public interest (for example, in the process of our research) or for the performance of the functions assigned to us by the public authorities (for example, to provide information for the statistical reports prepared by the public authorities or to the law enforcement authorities, etc.);
5. In the University’s legitimate interests if they are more important than your personal interests, for example, for a provision of high-quality and competitive services of studies, we have to provide the teaching material to the students by electronic means, in advance making sure the recipients of this information are the University’s students.

The University processes the data subjects’ personal data for the following purposes:

1. Admission of students and unclassified students;
2. Making contracts with students and unclassified students;
3. Financing of studies, allocation of financial support, administration of taxes and insurance of the entitlement to benefits for students and unclassified students;
4. Accounting of academic employees, students and unclassified students;
5. Transfer of the data on students to the state registers and the authorities;
6. Organisation of studies and accounting of learning outcomes;
7. Organisation, performance and administration of research, experimental development and innovation activities;
8. Promotion of the results of the University’s academic and research activities, dissemination of the information on the University;
9. Quality management in the University’s activities;
10. Registration and administration of the members of the University’s management bodies;
11. Organisation and administration of public competitions and selections for the candidates and applicants to job positions;
12. Making and termination of employment contracts, and administration of employment relationships;
13. Accounting, execution and control of remuneration, taxes and payments;
14. Accounting of the individual work planning and the implementation of scheduled activities of academic employees;
15. Organisation of the publishing process, administration and accounting of publications;
16. Performance of financial obligations and settlements, financial accounting and control;
17. Management of available material and financial resources;
18. Administration of the resources of the University’s Library, control and accounting of its visitors and resources;
19. Making and administration of the contracts on accommodation services;
20. Organisation and performance of events and conferences;
21. Provision of the services of non-formal education;
22. Qualification improvement and competence development;
23. Organisation and implementation of the participation in the interinstitutional projects, exchange programmes and traineeships for academic employees and students;
24. Organisation and execution of teaching and training visits;
25. Communication with the University’s employees, students, alumni, partners and other community members;
26. Authentication of a data subject in the information systems;
27. Authentication of the users of the information systems;
28. Administration of the user’s accounts;
29. Handling of personal complaints, requests and other applications;
30. Video surveillance for personal security and protection of property;
31. Execution of public procurements;
32. Making, execution and administration of contracts with suppliers;
33. Making, performance and administration of partnership and cooperation;
34. Direct marketing aiming to inform about the University’s services and receive reviews of the interested persons.

Depending on the purpose of processing, the University processes the personal data of the following categories:

1. Personal identity data, such as name, surname, personal ID number, date of birth, age, an image of the face, data of the personal identity document (title, number of the document, date of issue, expiry date), gender, citizenship, student’s internal code, employee’s time-card number, a country from which he/she arrived (in the case of  a student), curriculum vitae (in the case of admission), the status of an emigrant/foreigner of the Lithuanian descent (in the case of  a student);
2. Contact data, such as the address of the place of residence, postal code, office telephone number, personal telephone number, email address, contact information of the student’s or employee’s close relative (if provided);
3. Data related to studies, such as study cycle and form, language of studies, faculty, programme and its alternatives, year of studies, semester, group, the status of studies, the period of studies, completed study modules, mobility data, form and date of assessments, evaluation of academic achievements, student’s applications and supporting documents; data proving the participation in classes: attendance data, reports on systematic absence, copies of the documents justifying the absence; works of studies: answers to the written assessments, test results, written works, final degree projects, doctoral dissertations, dissertation abstracts, attestation documents, mobility documents, public presentations and defences of the students’ works of studies, statements in the e-learning environment in writing, audio or video; learning activity logs: performed actions in the University’s information systems, statistical data, etc.;
4. Data related to the planned activities of individual work and their implementation;
5. Data related to the obtained education and professional activities, such as education, scientific degree, pedagogical or honorary title, knowledge of foreign languages, obtained qualifications, workplace, job position, occupied part of FTE, science (artistic) fields and areas, study fields and groups of fields, history of previous employment; data of the previously obtained education that is the basis for the person’s admission to studies: completed school, date of issue, code and serial number of the document proving the obtained education, date and number of the acknowledgement document of the education obtained abroad, entry competition score, results of maturity examinations; data of tuition fees: nature and sources of the financing of studies, price of the study programme, price of the study credit, payment receipts, bank account number (if provided by a student); data of the allocated financial support: application and supporting documents, type, amount of the scholarship/support, payment period, data of the loan, etc.;
6. Data about family, such as marital status, children/adopted children, number of supported persons;
7. Financial data, such as calculated remuneration and payable taxes, premiums and bonuses, income and its sources, nature of the financing of studies, amount and year of the student’s basket, financial volume of the supervised projects and contracts, etc.;
8. Data required for the performance of financial obligations, such as bank account number and title of the financial institution, identification number of a social security payer and/or taxpayer;
9. Data justifying the data subjects’ entitlement to benefits, such as date of birth, social status, health condition, information on the family composition, received income, need for social support, personal data of socially disadvantaged students and students with disabilities or special educational needs (if provided by a student), disability, etc.;
10. Data required for the insurance of the requirements of accounting and control of the migration of persons under the procedure stipulated by the legislation, such as citizenship, country of residence, place of birth;
11. Data required for the management of resources and assets, such as name, surname, address of the place of residence, telephone number, email address, number of the personal identity document;
12. Data that are created and/or received pursuant to a legal obligation, such as data received according to the inquiries by the courts, law enforcement authorities, notaries, bailiffs, lawyers, tax administrators with regards to the income, a job position at the University or the activities performed;
13. Video data recorded by the video surveillance equipment on the University’s premises and in its territory;
14. Data that are submitted or generated by electronic means (information systems, email, websites, etc.), such as login to accounts, internet user’s IP address, version of the operating system and parameters of the device used to access content or services; login and access information and information collected by any cookies of the websites.

For the purposes of research and statistical analysis, the University can also process the special category data. Before the processing of the special category data, the University makes sure the University’s applied organisational and technical measures are sufficient and, if needed, takes additional measures for protection and insurance of the confidentiality of these data.

We process your personal data in the terms required for the achievement of the set processing purpose. When the set purpose is achieved, your personal data are deleted or otherwise irreversibly destroyed unless the current legislation obligates to store such personal data in the term stipulated by the legislation. After the end of the term, personal data are irreversibly deleted or destroyed. Specific terms for storage of personal data depend on the legal basis for the data processing.

In the processing of your personal data, we apply the organisational and technical measures of adequate level, constantly update and improve the systems and processes for personal data processing, regularly brief the University’s employees on the proper processing and protection of personal data.

The University’s administrative and academic employees have the right to process personal data. The access rights to the University’s information systems and personal data are granted under the procedure set out by the University and according to the functions stipulated by the job descriptions of the employees.

While processing personal data, the University’s employees guarantee that personal data:

1. Are processed according to the personal data processing policy of the University, the GDPR, the legal protection of personal data of the Republic of Lithuania, this Privacy Policy and other current legislation regulating the protection of personal data;
2. Are not processed for the purposes incompatible with the purposes for personal data processing set before the collection of personal data;
3. Are processed accurately, honestly and lawfully;
4. Are accurate, complete; inaccurate data have to be corrected or destroyed;
5. Are processed according to the organisational and technical measures of data security;
6. Are not transferred to the third parties unless it is stipulated by the legislation;
7. Are destroyed when the set storage terms of personal data end.

Usually, we process and store your personal data within the University’s infrastructure. Our selected data processors usually process them within the territory of the European Union (hereinafter – EU) and the European Economic Area (hereinafter – EEA); however, sometimes personal data have to be transferred to other countries outside the territory of the EU and EEA.

In the cases when the University transfers personal data for processing in the countries outside the territory of the EU and EEA, it applies one of the following security measures:

1. A contract based on the Standard Contractual Clauses approved by the European Commission is signed with the data recipient/processor;
2. The recipient of personal data is located in the country recognised as applying the adequate standards of personal data protection by the decision of the European Commission.

In case of any questions regarding the privacy or personal data protection, or any concerns that the University might violate the requirements of the legislation regulating the data protection while processing your personal data, contact us by the following address: Kaunas University of Technology, K. Donelaičio str. 73, LT-44249 Kaunas, tel. +370 (37) 300 000, 300 421, fax +370 (37) 324 144, emails ktu@ktu.lt or duomenu.apsauga@ktu.lt.

If we receive your request or inquiry, we will respond in the manner and form preferred by you within 30 (thirty) calendar days at the latest. In case an inquiry needs to be clarified, we will immediately contact you requesting to clarify the request or inquiry. In this case, the term for our response is calculated from the date of the submission of the clarified inquiry.

If you get acquainted with your personal data and identify that the University has processed the data unlawfully, we will immediately inspect the lawfulness of the data processing; if the fact is confirmed, at your written request, we will destroy the unlawfully processed personal data or suspend the processing actions, except for the storage in electronic back-up copies of the data or printed copies of the documents under the procedure stipulated by the legislation.

If the actions of the personal data processing are suspended, the respective personal data are stored until they are corrected or destroyed (at your request or the end of the data storage term). Other processing actions can be performed with regards to such personal data only if:

1. The University aims to prove the circumstances that caused the suspension of the data processing actions;
2. You give consent regarding the further processing of your personal data;
3. The public interest, the University’s rights or legitimate interests need to be protected.

The University will immediately notify you specifying how your instruction regarding the further processing of personal data has been implemented: whether the data has/has not been corrected or destroyed, whether the data processing has been suspended. If the personal data has been processed by the data processor at the University’s assignment, the University will immediately notify the data processor regarding the data subject’s instruction to correct or destroy his/her personal data or suspend the processing actions, except for the cases when submission of such an instruction to the data processor proves impossible or involves a disproportionate effort (due to a large number of the data subjects, period of data, unreasonably high costs).

The University carries out the inquiries of the data subjects free of charge. In some cases (if a data subject is obviously abusing his/her rights, unreasonably resubmits the requests to provide information, extracts, documents), the University has a right to require payment for the provision of such information and data to the data subject based on the principle of the coverage of demonstrable costs.

The University stores the data subject’s inquiries and correspondence on the issues of exercising of the data subject’s rights for 1 (one) year from the deadline for submission of any claims.

You can contact the University’s data protection officer by email duomenu.apsauga@ktu.lt.