Privacy Policy

The Privacy Policy of Vilnius College of Technology and Design (hereinafter referred to as the "College") defines the provisions applicable to the processing of personal data at the College (for more detailed information, please refer to the Personal Data Processing Rules).

General provisions

Personal data are processed at the College in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, the Labour Code of the Republic of Lithuania, and other legal acts.
Basic concepts:
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, personal identification number, or to one or more factors specific to the natural person's physical, physiological, economic, cultural or social identity.
Recipient of the data means the natural or legal person to whom the personal data are disclosed.
Processor' means a natural or legal person who processes personal data on behalf of the controller.
'Controller' means the natural or legal person who, alone or jointly with others, determines the purposes and means of processing.
Data subject' means a natural person whose personal data are processed by a controller or processor.
'Processing' means any operation or sequence of operations which is performed upon personal data or sets of personal data, whether or not by automated means, i.e. collection, recording, sorting, organisation, storage, adaptation or alteration, retrieval, access, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination with other data, restriction, erasure, destruction, or any other operation or set of operations.
Automatic processing means the processing of personal data wholly or partly by automatic means.The College is the controller of all personal data collected in the course of the College's activities, as well as the processor of personal data transmitted by other controllers.

Personal data is processed at the College for the following purposes:

  • For the purpose of admission of students, pupils and listeners.
  • The purpose of financing the studies and training of students, pupils and listeners.
  • The purpose of keeping records of students, pupils and listeners.
  • The purpose of recording the organisation and results of studies, teaching and learning.
  • Purpose of the administration of the conduct of applied scientific, experimental development and artistic activities.
  • Objective of publicising the results of applied scientific, experimental development and artistic activities.
  • The purpose of the administration of labour relations between employees.
  • The purpose of the administration of the public competition for the recruitment of candidates and applicants for posts.
  • Purpose of registration and publicity of the members of the governing bodies of the College.
  • The purpose of reporting to College staff, students, pupils and members of the College Council.
  • The objective of managing the material and financial resources available.
  • The purpose of the internal administration of the Library - the management of personal data of current and former staff and students, pupils and listeners.
  • The purpose of authentication of data subjects in information systems.
  • The purpose of user account administration and identification.
  • The purpose of organising and conducting conferences, other events and activities related to the implementation of projects.
  • Purpose of communication.
  • Purpose of financial obligations, settlements (excluding settlements with students, listeners, pupils and staff).
  • The purpose of dealing with complaints, requests and other appeals from individuals.
  • The purpose of security of persons and property, including but not limited to video surveillance and access control at the College.
  • The purpose of entering into, performing and administering contracts (other than with staff, students, pupils and listeners).
  • Purpose of public procurement.
  • The purpose of accommodation.
  • The purpose of providing and publicising information about the College and its activities.
  • Purpose of carrying out tasks and assignments related to public health in the event of an emergency, quarantine and/or declaration of a state of national emergency.
  • The purpose of the induction, on-the-job training of staff, students, pupils and listeners and of persons living in the College's dormitories on health and safety, fire safety, electrical safety and the use of gas stoves.
  • The purpose of organising and conducting sports activities for students.
  • The purpose of the additional services provided by the College Library (information literacy counselling, printing, copying, scanning, etc.).
  • Purpose of the recovery of financial debts owed to the College.
  • Purpose of non-professional cultural and artistic activities.
  • Objective of monitoring the careers of graduates.
  • Objective of monitoring the participation of members of the College community, representing the College, in public life in order to ascertain the impact of the College community on the region.
  • The objective of the dissemination of artistic works published by the College (in all types of dissemination and by all means).
  • The objective of publicising the members of the Academic Council, the Research Ethics Compliance and Ethics Committees.

Processing of personal data

The College processes all personal data in accordance with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, limitation of retention periods, integrity and confidentiality.

The College shall only process personal data, whether or not by automated means, and only for such purposes as are necessary or appropriate for the operation of the College or as required by law.

The College receives personal data directly from the data subject or, on the basis of contracts or legal acts, from third parties entitled to process and provide personal data to the College.

Video surveillance of the College's teaching buildings, dormitories and grounds is carried out on the basis of legitimate interest in order to ensure the safety of all persons and property within the College.

The College, as data controller, shall: ensure that personal data are processed at the College only by those persons who need to do so for the performance of their job functions and only to the extent necessary to achieve the intended purposes of their job functions, and shall ensure that personal data are:

  • collected for specified and legitimate purposes and, once collected, not processed for purposes incompatible with those identified prior to the collection of personal data;
  • personal data are accurate and kept up to date where necessary as a result of the processing of the personal data; personal data which are inaccurate or incomplete are rectified, supplemented, erased or their processing is suspended;
  • identical, relevant and only to the extent necessary for their collection and further processing;
  • processed in such a way that the data subject can no longer be identified than is necessary for the purposes for which the data were collected and processed.

Where the College acts as a processor: personal data shall be processed in accordance with the instructions and legal requirements set out in the controller's documents (including, but not limited to, contracts with the controller) and only to the extent and for the purposes set out in such documents or legal requirements.

Transmission of personal data

In the cases and according to the procedure established by the legislation, the College shall provide personal data processed by the College to the Ministry of Education, Science and Sports of the Republic of Lithuania, the Ministry of Finance of the Republic of Lithuania, the Office of the Ombudsman for Academic Ethics and Procedures of the Republic of Lithuania, the State Tax Inspectorate under the Ministry of Finance of the Republic of Lithuania, the Special Investigation Service of the Republic of Lithuania, and the State Security Department of the Republic of Lithuania, the State Social Insurance Fund Board under the Ministry of Social Security and Labour, the State Enterprise "Infostruktūra", the National Cyber Security Centre under the Ministry of National Defence, the Communications Regulatory Authority of the Republic of Lithuania, and other third parties in accordance with the legislation, a request (in the case of a one-off collection of personal data), or a contract for the provision of personal data (in the case of a multiple collection of personal data).

The data subject whose data are processed in the course of the College's activities has the right to:

  • to know (be informed) about the processing of his/her data (right to know);
  • to have access to his/her personal data and how they are processed (right of access);
  • to request the rectification or, taking into account the purposes for which the personal data are processed, the completion of incomplete personal data (right to rectification);
  • request the erasure of his/her personal data (right to be forgotten);
  • require the College to restrict the processing of personal data (right to restrict);
  • to data portability (right to port);
  • to object to the processing of personal data;
  • other rights provided for by the legislation applicable to the processing of personal data.

The data subject's rights are not absolute, but are exercised (upon written request) in the light of the College's legal obligations and legitimate interests.
Note: Rules for the implementation of the rights of the data subject at Vilnius College of Technology and Design.

Measures to protect personal data

The College implements organisational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any unauthorised processing for all personal data processed: infrastructural measures (proper layout of premises, proper location and maintenance of technical equipment, strict adherence to fire safety norms, controlled access to the College's buildings, locked premises (limiting unauthorised persons from entering the relevant premises, premises are used by the staff of the department concerned only, etc.) (e.g. the use of lockers (e.g., the use of the department's premises for the storage of personal data, the use of the wardrobes where personal data are stored, etc.); administrative measures (proper organisation of work, adequate and timely information to employees, the obligation to ensure the confidentiality of personal data for employees authorised to process personal data, the amendment of the internal legal acts, the proper storage of documents in accordance with the retention periods specified in the Documentation Plan (to be agreed annually with the Vilnius Regional Archives), etc.).

Organisational and technical measures are taken to protect personal data using the College's information technology: access to personal data is granted only to the extent and to those persons who need the data for the performance of their work functions; protection of personal data against unauthorised access to the internal computer network is ensured; protection of computer equipment against malicious software is ensured; personal data are deleted from all systems once the purpose of their use has been achieved, with the exception of storage in the order laid down by the legislation, etc.


We collect the data of visitors to the College's website in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, other related legal acts and the instructions of the controlling authorities.

The College's website may contain links to the websites of other persons, companies or organisations. Please note that the College is not responsible for the content of such websites or the privacy practices employed by them. Therefore, if you follow a link from the College's website to other websites, you should consult their privacy policies separately.

In order to ensure the quality of our services and the operation of our website, we use cookies on the College's websites and collect data about the use of our services.

How to manage and delete cookies

When you use your browser to access our content, you can configure your browser to accept all cookies, reject all cookies or to notify you when a cookie is sent. Every browser is different, so if you don't know how to change your cookie preferences, please check your browser's help menu. Your device's operating system may have additional cookie controls. If you do not want information to be collected by cookies, you can use a simple procedure in most browsers that allows you to opt out of cookies. To learn more about how to manage cookies, please visit

Contact information

If you have any questions regarding the information contained in this privacy policy, the protection of personal data or the exercise of your rights at the College, please contact the College's Data Protection Officer, Liudmila Zumerienė:
phone: (8 5) 234 4494;
Antakalnio g. 54, 10303 Vilnius.

Final provisions

This Privacy Policy and the Personal Data Processing Rules may be updated from time to time. The most up-to-date information is always available on the College's website.