Home for every YOU

Every day, we are a different version of ourselves, with needs, desires, and expectations that color the
changing contexts and periods of life.

We strive to create a home for you that would not limit but rather unleash all the versions that reside within you.

 

Co-living

Apartments

Co-living

Apartments

Benefits of Youston

Community

For an active-crazy-life-thirsty YOU

Leisure areas

From the sauna to the roof terrace.

Central part of the city

Everywhere on foot and in continuous action.

Flexibility

Rent as much as you want.

Everything is taken care off

from apartment cleaning to fresh coffee

Choose your Youston

Per month 60 days to 1 year
Per Day 2 to 59 days

Smolensko 14 Youston

Smolensko str. 14, Vilnius
from 299 € / month
from 35 € / day
from 519 € / month
from 38 € / day

Smolensko 10 Youston

Smolensko g. 10 Vilnius
from 440 € / month
from 50 € / day

Youston

We operate on a global scale

Want to live abroad? Explore Youston worldwide:

Explore

Let's communicate

Please note that this website uses cookies. When you agree, click the "Accept" button.

PRIVACY POLICY

This privacy policy defines the principles and procedure of personal data processing performed by UAB “Baltic Asset Management” and the operating conditions of the website www.youstonliving.com.

PRIVACY POLICY


This privacy policy defines the principles and procedure of personal data processing by UAB “Baltic Asset Management” and the conditions of operation of the website www.youstonliving.com

 

This Privacy Policy is governed by and used by UAB “Baltic Asset Management” group companies and companies affiliated with UAB “Baltic Asset Management”.

I.           GENERAL PROVISIONS

  1. UAB “Baltic Asset Management” ensures that personal data are processed in a lawful, fair and transparent manner, collected for specified and clearly defined purposes and are not further processed in a manner incompatible with those purposes.

  2. Terms used in this Policy include:
  • Personal Data is any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a personal identification number, location data and an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Data Controller — UAB “Baltic Asset Management”, code: 304602224, registered office address: Upės g. 21, Vilnius;
  • Data Subject — Customer of the Company — any natural person whose personal data is processed by the Data Controller;
  • Data processing — any operation or sequence of operations which is performed by automated or non-automated means on personal data or on sets of personal data, such as collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or any other means of making available, alignment with or combination with other data, restriction, erasure, or destruction.
  1. The concepts, principles and other provisions used in this Policy are in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as the “GDPR”), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other relevant legal acts.

  2. The Data Subject shall be deemed to have read and understood this Policy by voluntarily leaving their data (email address and telephone number) on the website of the Company www.youstonliving.com

 

  1. Please be informed that the Data Controller:
  2. Processes personal data in a lawful, fair and transparent manner in relation to the Data Subject (principle of lawfulness, fairness, and transparency);
  3. Collects personal data for specified, explicit and legitimate purposes and does not further process personal data in a manner incompatible with those purposes (purpose limitation principle);
  4. Collects only Personal Data that is adequate, relevant, and necessary for the purposes for which it is processed (principle of data minimisation);
  5. Processes only accurate Personal Data and updates it as necessary; takes all reasonable steps to ensure that Personal Data which are not accurate in relation to the purposes for which they are processed are erased or rectified without undue delay (principle of accuracy);
  6. Stores Personal Data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed (the principle of storage limitation);
  7. Processes Personal Data in such a way as to ensure, by appropriate technical or organisational measures, adequate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss or destruction (principle of integrity and confidentiality);
  • The Data Controller is responsible for ensuring compliance with the above principles and must be able to demonstrate compliance with them (principle of accountability).
  • The use of third-party services, such as the use of the social media accounts of the Data Controller, may be subject to the terms and conditions of third parties. Therefore, when using the services of such third parties, it is recommended that you also familiarise yourself with their terms and conditions.

II.        COLLECTION, PROCESSING, STORAGE OF PERSONAL DATA

  1. For the purposes of the provision and performance of the services of the Company, purchasing, and participation in the activities, billing, data analysis, the Data Controller processes the following personal data relating to the Data Subject:
  • name, surname,
  • personal number or date of birth,
  • phone number, email address,
  • home address,
  • bank account number (for payment for services)
  • data on the real estate being bought/sold/owned by the data subject (extract of the object from the Real Estate and Cadastre Register of the State Enterprise Centre of Registers),
  • IP address,
  • email and social media correspondence (not public records).

  1. For the purpose of direct marketing, the Data Controller shall process the following data of the Data Subject:
  • name, surname,
  • phone number, email address.

  1. For the purposes of administering customer enquiries, providing quality services, the Data Controller shall process the following data of the Data Subject:
  • comment,
  • name, surname,
  • phone number, email address.

 

  1. Storage of personal data:
  • personal data in relation to the core business of the Company, i.e., the purchase and sale of real estate, project management and development, shall be stored for 10 (ten) years. This time limit is due to the possibility of inspections initiated by various public authorities (e.g., STI, SoDra, etc.), which may start 5 (five) years after the conclusion of a specific contract (e.g., a works contract) and require data for the previous 5 (five) years;
  • for direct marketing purposes (i.e., offering data subjects to buy/sell/otherwise transfer, in part or in full, real estate relevant to them, contributing to real estate projects under development), the data received shall be stored for a period of 5 (five) years from the date of receipt of data;
  • for the purpose of administering enquiries, personal data is stored for 1 (one) year from the date of receipt;
  • for the purpose of invoicing, personal data is stored in accordance with the legal requirements applicable to accounting.
  1. The data subject may at any time submit a request to withdraw consent to the processing of their personal data by sending an e-mail to the following address: info@balticam.ltor by visiting the office of the Company at the following address: Upės g. 21, Vilnius.

 

  1. The Data Controller collects personal data:

 

  • directly from the Data Subject,
  • from publicly available sources, i.e., publicly available data of business partners and/or their representatives are collected by the Company from publicly available systems (social networks, public databases, etc.) in connection with the preparation of relevant tenders, project development, etc.
  • The company has a database of all real estate brokers operating in Lithuania. Their data is publicly available and accessible. Whenever the Company sends relevant enquiries to brokers, emails allow them to opt-out of receiving relevant offers of future cooperation.
  1. The Data Controller undertakes not to disclose the Personal Data processed to third parties except in the following cases:

 

  • if the Data Subject has consented to such disclosure of personal data;
  • when the data is provided to Data Processors providing accounting, online system support, payment and other services;
  • companies affiliated with the Data Controller, as well as companies that provide services at the request of the Data Controller, e.g., banks/companies that assist with payment transactions. These companies are limited in their ability to use your information; they cannot use this information for purposes other than to provide services to the Data Controller;
  • To other parties where required to do so by law or as necessary to protect the information society services provided.
  • where the data are provided for other relevant purposes in the performance of statutory obligations.

Cases where the Data Controller may disclose the information of the Data Subject to other parties:

  • to comply with the law or in response to a mandatory court order;
  • to confirm the legality of its actions;
  • to protect the Data Controller, its rights, property, or security;
  • to any related third party in the event of a merger, transfer, or bankruptcy;
  • in other cases, with the consent of the Data Subject or a lawful request.

 

  1. By submitting personal data, the Data Subject grants the Data Controller the right to collect, store, systematize, use and process, for the purposes provided for in this Policy, all personal data that are submitted directly or indirectly by visiting the website.

  2. It is the responsibility of the Data Subject to ensure that the data provided is accurate, correct, and complete. Knowingly entering incorrect data is considered a breach of the Policy. If the data you have provided changes, you must rectify it without delay and, if you are unable to do so, inform the Data Controller thereof. In no event shall the Data Controller be liable for any damage caused to the Data Subject and/or third parties as a result of the incorrect and/or incomplete personal data provided by the Data Subject, or the failure to request the completion and/or modification of the data following a change in them.

 

The Data Controller does not collect sensitive information about the Data Subject.

The Data Controller does not carry out automated decision-making or profiling based on information about the Data Subject.

The Data Controller does not share the personal data of the Data Subject with entities outside the European Economic Area.

 

The Data Controller may share personal data with UAB “Baltic Asset Management” group companies and UAB “Baltic Asset Management” affiliates.

III.     COOKIES

The Data Controller uses cookies on its Website in order to properly process information about Data Subjects (hereafter referred to as “Visitors”) when they visit the Website of the Data Controller.

 

Cookies are files that store information on the hard drive of a computer or in a search engine. They can be used to identify visits to the Website of the Data Controller, to see the history of visits, and to tailor content accordingly.

Cookies are also used to ensure the most user-friendly browsing experience and the smooth functioning of the website, to monitor the duration and frequency of visits and to collect statistical information about the number of visitors to the Website. They also help to improve the functioning of the Website and to implement improvements and adapt the Website to the optimal needs of its Visitors.


  1. The websites and social media accounts operated by the Data Controller allow the Data Subject to provide information directly to the Data Controller (for example, by subscribing to a newsletter on the website). The following information is obtained directly from the Data Subject:
  • e-mail.

 

The following information is obtained indirectly:

  • information about how the websites of the Data Controller are used (for example, the following information may be collected):
  • device information, i.e., IP address, operating system version and settings of the device used by the Data Subject to access the content/products;
  • login information, i.e., the timing and duration of the use of the session by the Data Subject, the timing of requests made by the Data Subject on the websites of the Data Controller and any information stored in cookies stored on the device of the Data Subject;
  • location information, i.e., the GPS signal of the device or information about the nearest WiFi access points and mobile towers, which may be transmitted to the Data Controller by the Data Subject when using the content of the websites of the Data Controller;
  • information from third-party sources.

 

The Data Controller may obtain information about the Data Subject from public and commercial sources (to the extent permitted by applicable law) and associate it with other information received from or about the Data Subject.

 

The Data Controller may also obtain information about the Data Subject from third-party social networking services when the Data Subject accesses them, for example, through accounts on Facebook.

 

The Data Controller may collect information about the Data Subject, their device, or their use of the content of the websites with the consent of the Data Subject.

 

The Data Subject may choose not to provide the Data Controller with certain information (e.g., subscription or marketing information), but in this case, the Data Controller will not be able to provide the Data Subject with the most recent offers or to contact the Data Subject promptly when the Data Subject has the most suitable offer.


  1. The processing of data by means of cookies does not allow the direct or indirect identification of Visitors to the Website.

  2. The visitor can delete cookies from their computer or block them in their web browser, but some of the functionality of the website may not work or may not function correctly.

IV.      RIGHTS OF DATA SUBJECTS

  1. The Data Controller shall guarantee the exercise of the rights of the Data Subject and the provision of any relevant information upon request or enquiry by the Data Subject:
  • to know (be informed) about the processing of your personal data;
  • to have access to your personal data and how they are processed;
  • to request the rectification or deletion of your personal data or the suspension, other than storage, of processing of your personal data;
  • to object to the processing of personal data, including direct marketing;
  • to request the erasure of personal data (“right to be forgotten”);
  • to request the portability of your personal data, i.e., access to your personal data in the form of personal data in a commonly used and computer-readable format;
  • the right to lodge a complaint with the State Data Protection Inspectorate.

 

The Data Controller may prevent Data Subjects from exercising the above-mentioned rights where, in the cases provided for by law, it is necessary to ensure the prevention, investigation, and detection of crimes, breaches of official or professional ethics, as well as the protection of the rights and freedoms of the Data Subject or other persons.

 

  1. A data subject who has presented a document confirming their identity or who has confirmed their identity by means of the procedure established by law or by means of electronic communications (provided that they allow for proper identification of the person) shall have the right to have access to their data processed by the Company at any time, free of charge, upon submitting a request to the Controller, and to obtain information on the sources from which their personal data were collected, the purpose for which they are processed, and the recipients to whom the data is being provided and to whom it has been provided for the past 1 (one) year. The Data Subject shall also have the right to request the rectification of incorrect, incomplete, inaccurate personal data, to request the suspension, except for storage, of the processing of their personal data when the data are processed in violation of the law and the terms of this Policy.

  2. The Data Subject may submit a request for the exercise of their above-mentioned rights at the office of the Company, at the following address: Upės g. 21, Vilnius, by filling in the application form, or by sending it by e-mail to: info@balticam.lt

  3. The Data Subject shall have the right to withdraw consent at any time to the extent that the processing of personal data is based on consent, without affecting the lawfulness of the processing based on consent prior to the withdrawal of consent, as provided for in the Policy.

 

  1. The website(s) or social media accounts of the Data Controller may contain links to third parties whose websites and services are not under the control of the Data Controller. The Data Controller is not responsible for the security and privacy of information collected by third parties. The Data Subject must be careful and read the privacy statements applicable to third-party websites and services used by the Data Subject.

 

  1. If the Data Subject is not satisfied with the response of the Data Controller or considers that the Data Controller is not processing personal data in accordance with the legal requirements, the Data Subject shall have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania.

V.         FINAL PROVISIONS

  1. Legal relations related to this Policy shall be governed by the law of the Republic of Lithuania.

  2. The Data Controller shall not be liable for damages, including damages caused by interruptions in the use of the Website, for loss or corruption of data caused by the actions or omissions of the Data Subject himself or by the actions or omissions of third parties acting with the knowledge of the Data Subject, including erroneous data entry, other errors, intentional damage, or other misuse of the Website. The Website Provider shall also not be liable for interruptions of access to and/or use of the Website and/or damage caused by such interruptions due to the actions or omissions of third parties not related to the Data Controller or the Data Subject, including interruptions of the electricity supply, Internet access, etc.

  3. The Data Controller has the right to amend the Policy in part or in full. This Privacy Policy shall be reviewed once every 2 (two) years and updated as necessary.

  4. Amendments or changes to the Policy shall take effect from the date of their publication on the Website.

  5. If the Data Subject continues to use the Website after the addition or modification of the Policy, the Data Subject shall be deemed not to object to such additions and/or modifications.

_____________________

RULES ON PROCESSING OF VIDEO SURVEILLANCE AND VIDEO DATA

I.           GENERAL PROVISIONS

  1. The Rules on Video Surveillance and Video Data Processing (hereinafter referred to as the “Rules”) regulate and cover the surveillance of premises, buildings and outdoor areas of UAB “Plėtojimo projektai” (hereinafter referred to as the “Company”), recording of video data, processing of recordings (viewing, storing, transferring, sharing, using), granting, deleting and changing of access rights and powers to process personal data, procedures for managing and responding to data security breaches and rules for exercising the rights of data subjects and handling requests, ensuring compliance with and implementation of the Law on Legal Protection of Personal Data of the Republic of Lithuania, the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”), and of other laws and regulations governing the processing and protection of personal data.
  2. These Rules have been prepared in accordance with the Law on Personal Data Protection of the Republic of Lithuania (hereinafter referred to as “LRPPD”), the GDPR and its implementing legal acts, the Order of the Director of the State Data Protection Inspectorate of November 12, 2008 No.1T-71(1.12) “On Approval of the General Requirements for Organisational and Technical Measures for Personal Data Security”, other laws and legal acts regulating the personal data processing and protection.
  3. Terms used in these Rules include:
    • Data Controller — General Data Controllers — UAB “Plėtojimo projektai”, company no. 305227656, Smolensko g. 12, Vilnius, e-mail info@balticam.lt, tel. +37065261041 and UAB “Tvari plėtra”, company no. 305600151, Smolensko g. 12, Vilnius, e-mail info@balticam.lt, tel. +37065261041, UAB “Baltic Asset Management”, company no. 304602224, Upės g. 21, Vilnius, e-mail info@balticam.lt, tel. 37065261041.
    • Data Processor — UAB “Plėtojimo projektai” company no. 305227656, Smolensko g. 12, Vilnius, e-mail info@balticam.lt, tel. 37065261041 and UAB “Tvari plėtra”, company no. 305600151, Smolensko g. 12, Vilnius, e-mail info@balticam.lt, tel. 37065261041.
    • Data Subject — a natural person whose personal data is processed for the purposes specified in the Rules.
    • Personal Data — any information relating to a Data Subject who is known or identifiable, directly or indirectly.
    • Access to video recording equipment — physical access or access by means of electronic communication enabling a person to modify, remove or update the components or software of the technical video equipment, to set the operating parameters of the video equipment, and to have access to the personal data collected in the course of video surveillance.
    • Video surveillance — the processing of video data relating to a natural person by means of automated video surveillance tools (video cameras), regardless of whether the data are stored in a medium.
    • Video surveillance system — servers and/or video data recorders, CCTV cameras and data storage media that store video data.
    • Video data recorders — digital devices used to capture, record, store, view, and copy video data in corporate asset accounts.
    • Other terms used in the Rules shall be understood as defined in the LRPPD, GDPR and other legal acts of the Republic of Lithuania.

II.        PURPOSE AND SCOPE OF CCTV CAMERAS

  1. The purpose of CCTV cameras is to provide a preventive security measure to ensure the protection of the property and assets of the company, its employees and customers, as well as public order and a safe environment.
  2. Video surveillance cameras are installed at Slucko g. 8, Vilnius and Smolensko g. 12, Vilnius.
  3. CCTV cameras record:
    • Outdoor areas of all premises: entrance and exit areas, on-site vehicle parking areas and all other public areas of the premises;
    • Internal common areas for all units: corridors, entrance and exit of the building, common kitchen and leisure areas;
    • Indoor and outdoor areas are monitored 24 hours a day with cameras.
  4. CCTV data shall be recorded on a data storage device and stored on digital media for at least 30 calendar days. Due to the limited capacity of the hard disk, the video recorder automatically deletes the oldest videos and saves the most recent video stream in the space left available. The staff responsible for the maintenance of the CCTV system, as defined in these Rules, shall ensure the continuity of the recording of the video data and ensure that the system is free from malfunctions.

III.     MANAGEMENT OF CCTV FOOTAGE

  1. All recorded CCTV data shall be processed by the director of the company and the person authorised by them, the administrators of the premises, the employees of the security service (hereinafter referred to as the employees responsible for the maintenance of the CCTV system), who are responsible for the organisation of the CCTV system, the processing of the CCTV data, their transfer to third parties and the protection of the CCTV data under the conditions set out in these rules, except in the case of a technical malfunction of the CCTV system or in case of preventive maintenance. These staff members, who have the right of access to the CCTV data, have signed an undertaking to protect the confidentiality of personal data and undertake to comply with the requirements laid down in the legislation on the protection of personal data.
  2. Staff responsible for the maintenance of the CCTV system must:
    • ensure that CCTV data is not used for purposes other than those defined in these Rules;
    • ensure that CCTV cameras are installed in such a way that, having regard to the stated purpose of the CCTV surveillance as set out in these Rules, the CCTV surveillance does not cover a larger part of the territory or the premises than is necessary, and does not collect more video data than is necessary;
    • comply with the basic principles of image data processing and the confidentiality and security requirements established by the LRPPD, GDPR, these Rules and other legal acts;
    • ensure that the CCTV system is in good working order and that technical malfunctions of the CCTV system are dealt with swiftly, using all available technical resources;
    • take organisational and technical measures to ensure the security of personal data in order to prevent accidental or unlawful destruction, loss, alteration, disclosure or any other unauthorised processing of image data;
    • store video data on video data recorders and/or media;
    • not disclose, transmit or allow access by any means to the video data to persons not entitled to do so;
    • ensure that information boards (CCTV signs) are displayed in the building entrances, premises, and areas where CCTV surveillance is being carried out, with the following information: “The area and common areas are monitored by CCTV cameras for your security. Data Controller — UAB “Plėtojimo projektai”, company no. 305227656, tel. No. +370 650 22531, e-mail: tomas@balticam.lt”; and “The grounds and common areas are monitored by CCTV cameras for your security. Data Controller — UAB “Tvari plėtra”, company no. 305600151, tel. No. +370 650 22531, e-mail: tomas@balticam.lt”.
    • ensure that the information boards are posted and visible before entering the CCTV area;
    • record the transmission of CCTV data in the CCTV Transmission Log;
    • ensure that the area covered by CCTV cameras does not include a residence and/or its private area or entrance, as well as premises where the data subject has a reasonable expectation of absolute privacy and where such surveillance would be degrading to human dignity;
  3. If the staff responsible for the maintenance of the CCTV system, or other employees of the company, become aware that CCTV data they are processing has been made available (or threatened to be made available) to persons who do not have the right to process the data, they shall:
    • immediately take all feasible measures to stop unauthorised access to personal data processed;
    • immediately inform the employee responsible for maintaining the CCTV system and/or the company director;
    • immediately inform the responsible employee, who must record the incident in accordance with the procedures established by the company.
  4. Access rights to recorded CCTV data shall be terminated upon the termination of the mandate of the staff member processing the CCTV data, the termination of the employment relationship, or any change in the functions of the staff member for which access to the CCTV data is no longer required.

IV.      PROVISION OF VIDEO DATA AND DATA RECIPIENTS

  1. According to the cases and procedures established by law, the company shall provide the video surveillance data processed by it to law enforcement authorities and other persons to whom the provision of such data is obliged by law or other legal acts, or to whom the company is obliged to provide such data, according to the procedure established by law or under contractual obligations. Also, upon the request of the data recipients under at least one of the conditions for lawful processing of personal data set out in Article 6 of Regulation (EU) 2016/679. The request must specify the purpose of the use of the video data, the legal basis for the provision and receipt of the video data, and the scope of the video data requested.
  2. The decision to provide image data shall be taken by the director of the company or a responsible person authorised by him.
  3. All staff members have the right to access their image data with the consent of the Director and, in exercising this right, must comply with the requirements laid down in the legislation on the protection of personal data.

V.         ORGANISATIONAL AND TECHNICAL MEASURES FOR THE SECURITY OF PERSONAL DATA

  1. The following organisational and technical measures for the security of personal data shall be implemented to ensure the security of video data:
    • access to live video surveillance is limited to staff who need live video surveillance data to perform their job functions;
    • only the staff responsible for the maintenance of the CCTV system, as specified in these Rules, shall have the right to process the recorded CCTV data;
    • access to video data is secured, managed and controlled (with passwords);
    • protection of personal data against unauthorised access to the local area network by means of electronic communications;
    • the security of the premises where the video data is stored and the adequate protection of the data storage devices (data storage devices are kept in locked rooms/lockers, access to the relevant premises is restricted to unauthorised persons, etc.);
    • protection of computer equipment against malicious software (installation and updating of antivirus programmes, etc.);
    • information on the fact that video surveillance is in progress is provided in all cases, regardless of the fact that at some designated locations video surveillance is not in progress at the time (e.g., a CCTV camera is not in operation all the time, at a fixed interval, etc.).

VI.      RIGHTS AND OBLIGATIONS OF THE DATA SUBJECT

  1. The Data Subject shall have the following rights: to receive information about the processing of the data; to have access to the data; to request the erasure of the data (“right to be forgotten”) if the image data are stored for longer than the retention period set out in these Rules; to restrict the processing of the data; to object to the processing of the data.
  2. A copy of the CCTV footage (if the footage is stored) may only be provided upon the written request of the data subject or in accordance with the procedure established by law.
  3. A request from a Data Subject who wishes to receive a video recording (copy) of a third party other than himself or herself must specify the purpose of the use of the personal data, the legal basis for the provision and receipt of the personal data, and the scope of the personal data requested.
  4. Upon receipt of an enquiry from a person concerning the processing of video data relating to them, the company shall respond within 30 calendar days of receipt of the request, at the latest, as to whether the video data relating to the person is being processed, stored, and, if so, the procedure for providing such data.
  5. Upon a request by a data subject for access to their video data, the requested video data may be made available to the data subject by making the video available for viewing on the premises of the company and/or by making a copy of the video available on an external storage medium if the video data are stored.
  6. At the request of law enforcement authorities or other authorities to which the company undertakes to provide data in accordance with the procedure laid down by law, the video/copy recorded by CCTV cameras may be released without the consent of the persons captured in the video.
  7. In order to protect the personal data and interests of the customers of the company, third parties are only allowed to take photographs, video, or audio recordings in all premises and areas of the service stations upon request and with the prior permission of the management of the company, stating the reason for which they wish to take video/photographs/audio recordings and the legal grounds for doing so.
  8. The decision to allow photography, filming or audio-recording on the premises and in the area shall be taken by the director of the undertaking or the responsible person authorised by him.

VII.   FINAL PROVISIONS

  1. These Rules shall be published on the website of the company www.youstonliving.com and on the information boards of the premises being filmed.
  2. All employees of the company shall be informed of the Rules in a signed form and thereby undertake to comply with the Rules and other legal acts establishing the requirements for processing of personal data.
  3. The employees of the company who violate the requirements of these Rules shall be held liable in accordance with the procedures established by law.

 

_________________________

 

Rules on video surveillance

This regulation on video surveillance defines the principles and procedure of personal data processing by UAB "Baltic Asset Management", and the terms and conditions governing the operation of the website www.youstonliving.com.

RULES ON VIDEO SURVEILLANCE AND VIDEO DATA PROCESSING

I.       GENERAL PROVISIONS

  1. The Rules on Video Surveillance and Video Data Processing (hereinafter referred to as the “Rules”) regulate and include the surveillance, recording and processing of video data (reviewing, storing, transferring, sharing, using), granting, revoking and amending the access rights and authorisations to process personal data, procedures for managing and responding to data security breaches, and rules for exercising the rights of Data Subjects and for handling their requests, as well as ensuring compliance with and implementation of the Law on Legal Protection of Personal Data of the Republic of Lithuania, the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”), and of other laws and regulations governing the processing and protection of personal data, as relates to the premises, the buildings and the outdoor territory of UAB Naujamiesčio NT (hereinafter referred to as the “Company”).
  2. These Rules have been prepared in accordance with the Law on Personal Data Protection of the Republic of Lithuania (hereinafter referred to as the “LPDP”), the GDPR and its implementing legal acts, the Order No 1T-71(1.12) of 12 November 2008 of the Director of the State Data Protection Inspectorate “On the Approval of the General Requirements for the Organisational and Technical Measures for Personal Data Security”, and other laws and regulations governing personal data processing and protection.
  3. For the purposes of these Rules:
    • “Data Controller” or “Joint Data Controllers” shall refer to UAB Baltic Asset Management, reg. No 304602224, Upės g. 21, Vilnius, email: info@balticam.lt, tel.: +37065261041.
    • “Data Subject” shall mean a natural person whose personal data is processed for the purposes specified in the Rules.
    • “Personal data” shall refer to any information relating to a Data Subject whose identity is known or can be established, directly or indirectly.
    • “Access to video recording equipment” shall mean access, either physical or by electronic means, enabling a person to modify, remove or update the components or software of the technical video equipment, to set the operating parameters of the video equipment, and to have access to any personal data collected in the course of video surveillance.
    • “Video Surveillance” shall refer to the processing of video data relating to a natural person by means of automated video surveillance tools (video cameras), regardless of whether the data is stored in any medium.
    • “Video Surveillance System” shall include servers and/or video data recorders, CCTV cameras and data storage media used to store video data.
    • “Video Data Recorders” shall mean digital devices contained in the Company’s asset register for capturing, recording, storing, viewing and copying video data.
    • Other terms used in the Rules shall be understood as defined in the LPDP, the GDPR and other applicable laws of the Republic of Lithuania.

II.     PURPOSE, SCOPE AND LEGAL BASIS OF VIDEO SURVEILLANCE

  1. The purpose of video surveillance is to provide a preventive security measure aimed at protecting the property and assets of the Company, its employees and customers, as well as ensuring public order and a safe environment. The legal basis for the video surveillance is the legitimate interest of the Joint Data Controllers (Article 6(1)(f) of the GDPR). Where damage to property or a person is identified, the Data Controllers are authorised to transfer this data to third parties in order to investigate and determine the origin of the damage.
  2. Video surveillance cameras are installed at Slucko str. 8 and Smolensko str. 12 in Vilnius.
  3. Video surveillance cameras are used to monitor the following:
    • Outdoor areas of all premises, including entrances, exits, on-site car parks and all other public spaces within the premises;
    • Internal communal areas of all premises, including corridors, building entrances and exits, communal kitchens and lounges;
    • Indoor and outdoor areas are subject to 24-hour video surveillance.
  4. Surveillance video data shall be recorded on a data storage device and stored on digital media for a maximum of 30 calendar days. Due to the limited capacity of the hard disk, the video recorder shall automatically delete the oldest video recordings and record the most recent video feed in the free storage space available. The employees responsible for the supervision of the video surveillance system, as specified in these Rules, shall ensure the continuity of the video data recording and shall maintain the system in good working order.

III.  PROCESSING OF VIDEO SURVEILLANCE RECORDINGS

  1. The Director of the Company and their authorised person, the administrators of the premises, and the employees of the security service (hereinafter referred to as the “employees responsible for the supervision of the video surveillance system”) shall have the authority to process all recorded video surveillance data and shall bear the responsibility for the organisation of video surveillance, the processing of the video surveillance data, its transfer to third parties and the protection of the video surveillance data in accordance with the provisions specified herein, unless the system is experiencing a technical failure or undergoing preventive maintenance work. The employees concerned, who shall have the right of access to the video data, have all signed a declaration of confidentiality and have undertaken to comply with the requirements established by the legislation on the protection of personal data.
  2. The employees responsible for the supervision of the video surveillance system must:
    • ensure that the video surveillance data is not used for purposes other than those defined in these Rules;
    • ensure that the video surveillance cameras are installed in such a way as to ensure that, given the stated purpose of the video surveillance specified herein, the video surveillance does not cover a larger area of the territory or premises than is necessary and does not collect more video data than is necessary;
    • comply with the key principles of video data processing and the confidentiality and security requirements set out in the LPDP, the GDPR, these Rules and other applicable legislation;
    • ensure that the video surveillance system is in good working order and that any technical faults in the system are rectified promptly, using all available technical resources;
    • take the necessary organisational and technical measures to ensure the security of personal data in order to prevent accidental or unlawful destruction, loss, alteration, disclosure or any other unauthorised processing of the video data;
    • safely store video data contained in the video data recorders and/or media;
    • not disclose, transmit or allow access by any means to the video data to any unauthorised persons;
    • ensure that information signs (CCTV signs) are displayed at the entrances, premises and territories of and around the Company’s building, where video surveillance is implemented, with the following information: “These premises and common areas are under CCTV surveillance for your safety (orig. Teritorija ir bendrojo naudojimo patalpos Jūsų saugumo tikslais stebimos vaizdo kameromis). Data Controller – UAB Baltic Asset Management, reg. No 304602224, Upės g. 21, Vilnius, email: info@balticam.lt, tel.: +37065261041.
    • ensure that the information signs are displayed and visible when entering the video surveillance area;
    • record the transfers of video surveillance data in the Video Surveillance Data Transfer Log;
    • ensure that the area monitored by the video surveillance cameras does not extend to the residential premises and/or private areas or entrances thereto, as well as to such premises where the Data Subject has a reasonable expectation of absolute privacy and where such monitoring would be degrading to their dignity;
  3. If the employees responsible for the supervision of the video surveillance system, or other employees of the Company, discover that the video surveillance data they are processing has been made available to persons who are not authorised to process the data (or attempts have been made to access it), they shall:
    • take all practicable measures immediately to terminate unauthorised access to the personal data being processed;
    • inform the employee responsible for the supervision of the video surveillance system and/or the Director of the Company immediately;
    • report the incident immediately to the responsible employee, who must then record the incident in accordance with the Company’s procedures.
  4. The access rights to the recorded video surveillance data shall be terminated upon the termination of the authorisation of the employee processing the video data, the termination of their employment relationship, or any change in the employee’s functions which do not necessitate such access to the video data.

IV.   PROVISION OF VIDEO DATA AND DATA RECIPIENTS

  1. In the cases and manner prescribed by law, the Company shall provide video surveillance data it processes to any law enforcement authorities and to other persons legally or contractually entitled to receive such data. Likewise, at the request of the data recipients in the event of at least one of the grounds for the lawful processing of personal data referred to in Article 6 of Regulation (EU) 2016/679 (GDPR). The request must specify the purpose of using the video data, the legal basis for its provision and receipt, and the scope of the video data requested.
  2. In the event of damage or unlawful conduct recorded on the premises, further investigation of these events may require the personal data to be transferred to the persons investigating the event, i.e. the Data Controllers’ employees, who are tasked with the duty of investigating the circumstances of the event. Such personal data shall be processed by the employees in compliance with the requirements provided for by law.
  3. The decision on the provision of video data shall be taken by the Director of the Company or a responsible person authorised by the Director.
  4. All employees have the right to access their video data with the consent of the Director. Such employees are obliged to comply with the requirements established by the legislation on the protection of personal data when exercising this right.

V.     ORGANISATIONAL AND TECHNICAL MEASURES FOR PERSONAL DATA SECURITY

  1. The following organisational and technical measures for personal data security have been implemented to ensure the security of video data:
    • access to live video surveillance is limited to those employees whose job functions necessitate the use of live video surveillance data;
    • only the employees responsible for the supervision of the video surveillance system, as specified in these Rules, shall be authorised to process the recorded video surveillance data;
    • access to video data is secured, managed and protected (with passwords);
    • personal data is protected against unauthorised access to the local area network through electronic communications;
    • the premises where the video data is stored are kept secure and the data storage devices are suitably protected (the data storage devices are kept in locked rooms/lockers, and unauthorised persons are restricted from entering such premises, etc.);
    • the computer equipment is protected against malicious software (the computer has anti-virus software, it is fully updated, etc.);
    • the fact that video surveillance is performed shall be displayed in all cases, regardless of whether some designated areas are not being monitored at certain times (e.g. a video surveillance camera is not in operation at all times or operates at fixed intervals, etc.).

VI.   RIGHTS AND OBLIGATIONS OF THE DATA SUBJECT

  1. The Data Subject has the following rights:
    • to know (be informed) about the processing of their personal data;
    • to access their personal data;
    • to request the erasure of their personal data (“the right to be forgotten”) if the video data is stored for longer than the retention period specified in these Rules, or to restrict the processing of their personal data;
    • to object to the processing of their personal data.

 

  1. The Data Subject’s right to know about the processing of their personal data shall be exercised as follows:
    • Any persons who are not employed by the Data Controller or the Data Processor and whose video data are processed in the course of video surveillance shall be informed of the ongoing video surveillance as follows:
      • By displaying information signs throughout the premises where video surveillance is in operation. The information signs must indicate that video surveillance is in operation, the legal names and registration numbers of the Joint Data Controllers, the contact telephone number of their representative, and the purpose of the video surveillance;
      • When signing lease agreements for premises or workspaces with individuals. The person is obliged to inform any visiting third parties of the video surveillance in operation.
    • The Data Controller’s employees shall be informed of the video surveillance in the workplace (if the workplace is located at the premises subject to video surveillance):
      • Either on approval of these Rules or on the first working day.

 

  1. The Data Subject’s right of access to their video data shall be exercised as follows:
    • A copy of the recorded surveillance video (if the recording is saved) may be issued only at the written request of the Data Subject or in accordance with the procedure established by the legislation (specifying the purpose of using the personal data, the legal basis for the provision and receipt of the personal data, and the scope of the personal data to be provided). Such a request shall be accompanied by a document identifying the person. If the request is sent by post or by courier, it shall be accompanied by a notarised copy of the Data Subject’s identity document. Where a representative of the person requests information on the person, they must provide proof of representation and their personal identification document.
    • In response to a request from a Data Subject concerning the processing of their personal data, following verification of the Data Subject’s identity, the Data Subject shall be provided with information as to whether or not personal data relating to them is being processed and shall be provided with the data requested (that is, the Data Subject shall be given the opportunity to view the video or be provided with a copy of the video or still image at their request).
    • As part of the exercise of the Data Subject’s right of access to their video data, the right to privacy of third parties must also be ensured, meaning that, if the video being accessed by the Data Subject shows other identifiable persons or any other information likely to violate the privacy of other persons, the images must be retouched or otherwise rendered so as to prevent the identification of any third parties.
    • Following a request for access to video data from a Data Subject, a reply as to whether or not the video data relating to the Data Subject is processed shall be provided in writing no later than 25 (twenty-five) days from the date of the request.
  2. The Data Subject’s right to object to the processing of their video data shall be exercised as follows:
    • The Data Subject’s right to object to the processing of their video data applies to the provision of the video data or to any other processing operation, such as the use of the video data, in accordance with Article 5(1)(5) and 5(1)(6) of the LPDP.
    • The Data Subject’s right to object to the processing of their video data shall be exercised prior to the processing of the video data, on the grounds referred to in Clause 19.2 herein, by informing the Data Subject in writing with the following information: the intention to process the video data (e.g., provision, use, etc.), indicating that the Data Subject has the right to object to such processing, explaining that the objection must have a legal basis and be expressed by means of a written notice to the Data Controller, whether in person, by post or by electronic means, and setting a reasonable time limit within which the Data Subject has the right to express their opinion.
  3. The Data Subject’s right to request the erasure of their personal data shall be exercised as follows:
    • If the Data Subject, having examined the processing of their personal data, establishes that their personal data are being processed unlawfully or unfairly and they or their authorised representative contact the Data Controller, the Data Controller shall immediately, and at the latest within five (5) working days, verify the lawfulness and fairness of the processing of the Data Subject’s personal data free of charge, and shall immediately erase the unlawfully and unfairly stored personal data or suspend the processing of such personal data, except for storage. Such personal data shall be kept until it is destroyed (at the request of the Data Subject or at the end of the retention period). Any further processing operations on such data may only be undertaken in the following cases:
      • For the purpose of proving the circumstances that led to the suspension of the processing;
      • Where the Data Subject, directly or through a representative, consents to further processing of their personal data;
      • Where necessary to protect the rights or legitimate interests of third parties.
  1. The Data Controller shall notify the Data Subject or their authorised person immediately, and no later than within 5 (five) working days, of the erasure or destruction of the personal data of the Data Subject or the suspension of the processing of the personal data at their request.
  2. The Data Controller shall have the right to refuse to exercise the Data Subject’s rights on the grounds stated in Article 23(2) of the LPDP.
  3. At the request of law enforcement authorities and other authorities to which the Company undertakes to provide personal data in accordance with the procedure established by law, the recorded video (or a copy thereof) may be released without the consent of the persons recorded in the video.
  4. In order to protect the personal data and interests of the Company’s customers, third parties shall be allowed to take photographs, video or audio recordings within the premises and territory of all service stations only if they request and receive prior permission from the Company’s management, stating the reason for the request and the legal grounds for the filming, photographing and/or audio recording.
  5. The decision to allow photography, videography or audio recording on the premises and in the territory shall be taken by the Director of the Company or the responsible person authorised by the Director.

VII. FINAL PROVISIONS

  1. These Rules are available on the Company’s website www.youstonliving.com and the information boards at the premises subject to video surveillance.
  2. All employees of the Company shall be informed of the Rules and required to sign them, thereby agreeing to comply with them and with other legal acts governing the processing of personal data.
  3. The Company’s employees in breach of the requirements of these Rules shall be liable in accordance with the procedures established by law.

 

_________________________

 

WhatsApp Chat

Contact us on
WhatsApp

Send message