As professionals engaged in the provision of legal services to the clients worldwide, ECOVIS ProventusLaw law firm (hereinafter – we or Law firm) is committed to protecting the privacy of personal data (information that directly or indirectly identifies individuals who may be clients, potential clients or others outside the Law firm). You can contact of our Law firm by clicking here.

As we collect and use personal data (hereinafter – The Personal Data), we are obligated to use and process your Personal Data only in accordance with this privacy policy (hereinafter – The Privacy Policy), as well as, applicable legislation, including the General Data Protection Regulation (2016/679) (hereinafter – GDPR), the Law on Money Laundering and Terrorist Financing Prevention of the Republic of Lithuania, the applicable national data protection laws of the Republic of Lithuania and other applicable legal acts.

When writing <<you>>, we mean you as a client, a potential client, our client’s employee or other parties, such as beneficial owners, authorised representatives, potential employees and other associated parties.

If you provide us with information about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used.

Principles of Processing Personal Data

While processing the Personal Data we follow the principles specified in GDPR, as well as, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other applicable legal acts.

The principles that are strictly followed by us to comply with the need to protect your Personal Data are as follows:

1. Principle of legality, fairness and transparency which means that Personal Data with respect to you is processed in a lawful, honest and transparent way;

2. Purpose limitation principle which means that Personal Data is collected for specified, clearly defined and legitimate purposes and shall not be further processed in a way that is incompatible with those purposes;

3. Data minimisation principle which means that Personal Data must be adequate, appropriate and is only necessary for the purposes for which it is processed;

4. Accuracy principle which means that Personal Data must be accurate and, if necessary, updated. All reasonable steps must be taken to ensure that Personal Data which is not accurate in relation to the purposes for which it is processed shall be immediately erased or corrected;

5. Storage limitation principle which means that Personal Data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which Personal Data is processed;

6. Integrity and confidentiality principle which means that Personal Data shall be managed by applying appropriate technical or organizational measures in a way, which would ensure the proper security of Personal Data, including protection against unauthorized or unlawful processing or against accidental loss, destruction or damage.

What Personal Data is Collected by Us?

The Personal Data which we may collect can be grouped into the following categories:

Basic Personal Data such as your name, surname, job title etc.

Contact Data such as phone number, addresses and email address etc.

Identification and other background verification data such as your or your representative’s, ultimate beneficiary owner’s of legal entities (natural persons who directly or indirectly own or control a legal unit with a sufficient number of shares or voting rights, including through bearer share management) name, surname, personal code, date of birth, address, nationality, a copy of passports or ID card or evidence of beneficial ownership or the source of funds, number of shares held, voting rights or share capital part, visually scanned or photographed image of your face or image that your provide through a mobile app or camera, video and audio record for identification, telephone conversations, to comply with client due diligence/”know your client”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures.

Financial data such as accounts, transactional data, amount of transactions, income, location, type of concluded agreements etc.

Information related to legal requirements such as data resulting from enquiries made by the authorities, data that enables us to perform anti-money laundering requirements and ensure the compliance with international sanctions, including the purpose of the business relationship and whether you are a politically exposed person and other data that is required to be processed by the law firm in order to comply with the legal obligation to “know your client” ( including, but not limited to visually scanned or photographed image of your face or image that your provide through a mobile app or camera, video and audio record for identification, telephone conversations).

Personal Data provided to us by or on behalf of you or generated by us in the course of providing our legal or other services, which may, where relevant, include special categories of Personal Data. We may also collect special categories of Personal Data.

Recruitment related data such as your curriculum vitae, your education and employment history, details of professional memberships and other information relevant to potential recruitment to the Law firm.

Any other Personal Data related to you that you may provide.

How do We Obtain Your Personal Data?

We may collect or receive your Personal Data in several ways:

– When you provide it to us directly, for example, by corresponding with us via email or other direct interactions with us such as completing a form on our website. Sometimes additional information is required to keep information up to date or to verify information we collect;

– In the course of our relationship with you or while providing services to third parties;

– When it is provided to us by a third party because you are the subject or your data is otherwise included in a legal advice that we are asked to provide to a third-party client;

– Third party sources, for example, register held by governmental agencies or where we collect information about you to assist with “know your client” check-ups as part of our client acceptance procedures, such as sanctions list, politically exposed persons list etc. Also, when we receive information about you from third parties;

– Publicly available sources – we may, for example, use sources to help us keep your contact details that we already possess accurate and up to date or for professional networking purposes or for providing our legal and other services.

In order to make your identity verification, we are using Ondato solution / KYC platform. Ondato solution is used for comparing live photograph data or video record of yourself and your ID card/passport in order to comply with client due diligence/”know your client”/anti-money laundering laws and other legal requirements. The result of the face recognition (match or mismatch) will be retained how long it is necessary to carry out identity verification and for the period required by anti-money laundering laws.

We conduct your identity verification using Ondato solution on a consent basis. If you do not feel comfortable with this method, you may contact us by email [email protected] for alternative way to identify yourself. Please read more about Ondato solution / KYC platform for identity verification here

Purposes and Legal Grounds for Collecting and Processing Personal Data, Processed Personal Data

We as a data controller, will process the Personal Data of Client, the Client’s representatives and other persons, which are related to the Client based on processing Personal Data for the purposes and legal grounds as indicated in the table below.

Purpose Legal grounds Processed Personal Data
Conclusion of the contract – to know and verify our Client. After request received from potential client, carry out required action until conclusion of the contract.

Legitimate interests in the fulfillment of requirements and duties provided for by law, regulation or government and supervisory authority decisions.




Basic Personal Data, contract data, identification and background verification data, other data necessary to identify the possibility of providing legal and other services.

This may include verifying Personal Data, which you provide on your identity, in relevant databases and contacting you for the identity verification or registering records of mutual communication activities to achieve compliance objectives.

Provision of legal and other services – administration and performance of our services, including execution of obligations arising from any of the agreements entered mutually.


Performance of the contract, legitimate interests (in order to fulfill obligations and provide services), professional rights and duties.  

Basic Personal Data, identification and background verification data, financial data, information related to legal requirements, Personal Data provided to us by or on behalf of you or generated by us in the course of providing our legal or other services.

Implementation of legal, regulatory or risk management obligations – comply with legal obligations (comply with client due diligence/ ”know your client”/anti-money laundering prevention, sanctions or reputation risk check-up, identify conflicts of interest).


Legal requirements, legitimate interests (cooperate with law enforcement and regulatory authorities, ensure that you have a risk profile that is acceptable to us and help fight crime and fraud activity). When we handle special categories of Personal Data, we may also rely on an overriding public interest (crime prevention and detection) or legal requirements.


Basic Personal Data, contract data, identification and background verification data, financial data, information related to legal requirements, Personal Data provided to us by or on behalf of you or generated by us in the course of providing our legal or other services.

This can include automated check-ups of Personal Data you provide about your identity in relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.


For research and business development purposes –  analysis in order to better understand you, and develop our services and offers, to provide you with the details on new services and to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions.


Legitimate interests (to allow us to improve our services). Basic Personal Data, Contact Data.
Recruitment – so we can handle applications for employment sent by email or on our website to assess your eligibility for certain positions that you apply for in the Law firm.


Legitimate interests, consent. Basic Personal Data, contract data, recruitment related data.
Submitting a response when you contact us by filling out the application form on our website. Legitimate interests, consent. Recruitment related data.

Who do We Share Your Personal Data with?

– Our professional advisors (e.g. legal, financial, business, risk management or other advisors);

– Supervisory authorities, pre-trial investigation institutions, State Tax Inspectorate;

– Third party service providers to whom we outsource certain functions such as information and document management, office support, technology and IT services, word processing, photocopying and translation services (we have agreements in place with these service providers to protect the confidentiality and security of information (including Personal Data) shared with them);

– Companies providing services for money laundering, politically exposed persons and terrorist financing check-up and other fraud and crime prevention purposes and companies providing similar services, including regulatory bodies with whom such Personal Data is shared;

– Third parties such as courts, attorneys, government officials or other parties where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, providing service or for the purposes of a confidential alternative dispute resolution process;

– If we have collected your Personal Data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;

– Other entities, including any government regulatory having a legitimate interest;

– Other entities under an agreement with us.

The Personal Data is provided in accordance with the principle of confidentiality between the client and the lawyer.

Your Personal Data may be transmitted to third parties, which are in the territory of the European Union and the European Economic Area and third countries, not specified above due to the provision of the legal services with your prior consent.

How do We Protect Your Personal Data

We ensure the implementation of appropriate technical and organizational measures required to ensure the security of your Personal Data processing in order to protect Personal Data from accidental or unlawful destruction, modification, disclosure, and any other unlawful handling.

Everyone at the Law firm and any third-party service providers we may engage that will process Personal Data on our behalf (for the purposes listed above) are also contractually obligated to respect the confidentiality of Personal Data.

Retention Terms of Personal Data Processing

We shall store your data for as long as it is needed for the purpose for which your data was collected and processes or required by laws and regulations. This means that we store your data for as long as it is necessary for providing services and as required by retention requirements in laws and regulations. Personal Data will be saved as long as the contractual relationship are in force and up to 10 years after the relationship between the client and the Law firm has ended. The Personal Data collected for the implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention shall be stored in accordance with the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania for 8 (eight) years.

The Personal Data submitted by you through our website is kept for an extent necessary for the fulfilment of your request and to maintain further cooperation, but no longer than 6 months after the last day of the communication.

If you do not become a client, your Personal Data is stored for no longer than 6 months.

We note that when you send us your curriculum vitae or other Personal Data for recruitment purposes, we have the right to store and use such data for the purpose of recruitment for no longer than 6 months.

If the legislation of the Republic of Lithuania does not provide any period of retention of Personal Data, this period shall be determined by us, considering the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of Personal Data.

Your Personal Data might be stored longer if:

– It is necessary in order for us to defend ourselves against claims, demands or action and exercise our rights;

– There is a reasonable suspicion of an unlawful act that is being investigated;

– Your data is necessary for the proper resolution of a dispute/ complaint;

– Under other statutory grounds.

What Rights do You Have in Relation to Your Personal Data?

If you have any questions about the use of your Personal Data, you should first contact us via the details provided below. Under certain circumstances and in accordance with EU or other applicable data protection laws, you may have the right to require us to:

– Get familiar with your Personal Data and how it is processed;

– Demand correcting incorrect or incomplete data, erasing your Personal Data or restricting the processing of your Personal Data when Personal Data is processed without complying with legal requirements or when there is another legal basis;

– Transfer your Personal Data to another data controller or provide directly to you in a convenient format (NOTE: applicable to the Personal Data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of the contract);

– Object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;

– To withdraw your consent so that we stop that particular processing, when the processing is based on consent;

– Lodge an appeal to the State Data Protection Inspectorate.

We exercise your rights only after receiving your written request to exercise a particular right and only after confirming the validity of your identity.

After identifying yourself and signing the written request to exercise your rights, the request shall be submitted to us by personally appearing at the registered office address of the Law firm, by ordinary mail or by e-mail: [email protected]

If submitted by e-mail, the format and content of the request must be in an electronic format, recognized, opened and processed by electronic document management systems or other information technology tools used by us.

The request shall be provided in the official language of the Republic of Lithuania, be legible, contain information on the right specified above in this section, to what extent you would like us to exercise your rights and information on how you would like to receive a response. In case you do not have an objective possibility to submit the request in Lithuanian language, you may provide the request in English.

Your request shall be accepted or refused. In case of refusal, the reasons of such refusal shall be specified within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving a prior notice to you if the request is related to a great scope of Personal Data or other simultaneously examined requests. A response to you will be provided in a form of your choosing as the requester.

You can also file a complaint regarding the Personal Data in the same manner as specified above in this section.

You can address the State Data Protection Inspectorate with a claim regarding the processing of your Personal Data if you believe that the Personal Data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the State Data Protection Inspectorate and which may be found by clicking here.

How can You Contact Us?

If you have any questions about this Privacy notice or how we process your Personal Data, please contact us by sending an email to: [email protected] or by writing:

ECOVIS ProventusLaw law firm Kvainauskas, Andziulytė ir partneriai

Mėsinių str. 5, Vilnius, LT-01133, Lithuania.

How We may Update this Privacy Policy?

We are constantly working on improving and developing our services; therefore, we may change this Privacy Policy from time to time. We will not diminish your rights under this privacy policy or under applicable data protection laws. Please review this Privacy Policy from time to time to stay updated on any changes.