Privacy policy

General Provisions

We are UAB Modus Asset Management (hereinafter referred to as the Company or We), legal entity code 302790959, Ozo St. 10A, LT-08200 Vilnius, Lithuania, e-mail info@modusam.com, tel. No. +370 5 235 6080.

We understand that the protection of personal data is important to individuals who cooperate with or use the Company’s services. For this reason, we take all necessary measures to ensure the privacy of each data subject and the exercise of personal data protection rights.

You can contact our appointed Personal Data Protection Officer at dpo@modus.group for any data protection questions.

This Privacy Notice shall provide all information about how We, as Data Controller, process personal data, including but not limited to the purposes of the processing of personal data, the legal basis for the processing, the categories of personal data processed, the retention periods, the data sources, etc.

The Privacy Notice is intended for Data Subjects who cooperate with or use the Company’s services, visit our website, use the self-service, make inquiries, or otherwise provide their data to us. Information for Investors about the processing of their personal data shall be provided on the Investors Self-Service Portal in the documents section.

This Privacy Notice is compliant with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR or the Regulation).

Data Sources

Depending on the nature of our cooperation, we shall process the following personal data:

  • Received directly from the data subject (you), e.g. when you send us inquiries, enter into contracts with us;
  • which are generated when you use our services, e.g. when you visit our website.
Purposes of the Processing of Personal Data
Processing of personal data of suppliers and partners

Execution and administration of contracts with suppliers, and subcontractors;

Processed personal data: name, surname, personal identification number, date of birth, contact telephone number, e-mail address, and address of suppliers’ and subcontractors’ representatives. Name, surname, position, and contact details of the person signing the contract;

Legal basis: Article 6 (1) (b) of the GDPR – performance of the contract;

Data retention period: 10 years after the end of the contract;

Assessment of material conflicts of interest of partner service providers in order to assess the relationship between individuals and the management company and the collective investment undertakings it manages.

Processed personal data: name, surname, personal identification number, the position of the person filling in, and list of controlled legal entities of the companies currently holding leading positions (name of the legal entity, code, percentage of rights to the authorized capital, potential conflicts of interest and their management measures). Names, surnames, kinship, and legal entities related to the named person. Other personal interests in relation to specific legal entities in which the owned shares amount to more than 5 percent of all shares, additional professional activities in which you participate, employment positions and additional professional activities in which you have participated in the last 2 years, positions held by the person and his/her close family members or close assistants in relation to political activities – nature of the political activity, organization, description of private interest, duties of close family members when working for other financial market participants (i.e. financial institutions, asset management, and similar services).

Legal basis: Article 6 (1) (b) of the GDPR, i.e. for the purpose of concluding and/or performing the contract, and Article 6 (1) (c) of the GDPR, i.e. the processing of data is required by law, special categories of personal data are processed in accordance with Article 9 (1) (g) of the GDPR.

Data retention period: at least 10 years after the information on the potential or actual conclusion of the Personal Transaction has been received.

Processing of Whistleblowers’ data

Assurance of the internal channel for the provision of information on infringements provided for in the Law on the Protection of Whistleblowers*

**Processed personal data: Name, surname, personal identification number, relation with the company, position, telephone number (contact notes), personal e-mail or residential address of the Whistleblower Name, surname, workplace, the position of the person (s) who committed the alleged violation; the content of the violation, the possible motives of the violator, the place where the violation was committed when and when it became known or noticed; information of other persons involved in the violation; Name, surname, workplace, position, telephone number, e-mail of the witness (es) who have information about the violation; what information the indicated person (s) may provide;

Legal basis: Article 6 (1) (c) of the Regulation – to comply with the requirements of legal acts arising from the Republic of Lithuania Law on the Protection of Whistleblowers and other legal acts

Retention period: 5 years after the examination of your report and the adoption of the final decision.

*In order to ensure the confidentiality of the Whistleblowers, the Whistleblowers may exercise their rights as data subjects by contacting the contacts specified in the Notification Submission Form.

**Persons providing information shall have the opportunity to remain anonymous and not provide their personal data. In such a case, personal data shall only be processed to the extent provided by the Whistleblower.

Processing of third-party data

Processing of personal data collected by cookies when visiting the Company website

Processed personal data: specific cookies shall be specified in the cookie management tools.

Legal basis: Strictly mandatory cookies for the functioning of the website shall be processed in accordance with Article 6 (1) (f) of the GDPR on the basis of a legitimate interest. All other cookies shall be installed in accordance with Article 6 (1) (a) of the GDPR with the consent of the visitors.

Retention period: Specific terms shall be specified in the cookie management tool.

Receipt and handling of complaints

Processed personal data: name and surname of the complaining customer or name of the legal entity, contact telephone number and address to which a reply is sought; the actions of the Management Company, its employees, and/or representatives complained of, the circumstances of the dispute and the motivated, precise and clear requirements of the customer; the signature of the customers (or its representative); if the complaint is filed by the customer’s representative, the complaint must be accompanied by a power of attorney or other document confirming the representative’s authority to act on behalf of the customer.

Legal basis: Personal data shall be processed in accordance with Article 6 (1) (c) of the GDPR – enforcement of a legal obligation and Article 6 (1) (b) of the GDPR, i.e. the performance of a contract to which the data subject is a party.

Retention period: 3 years since the last reply.

Video surveillance in the Company’s territories (for property protection purposes)

Video surveillance in the Company’s territories (for property protection purposes)

Processed personal data: Persons entering the field of view of the video surveillance cameras and the images captured by them. Legal basis: Article 6 (1) (f) of the GDPR, i.e. having a legitimate interest in the protection of property.

Retention period: 30 days.

How do we protect your data?

In order to ensure an appropriate level of security in the processing of personal data, we have assessed the risks posed by the processing of personal data and implemented appropriate technical and organizational measures.

Who do we provide your data to?

The Company, with the help of data processors, shall place extremely high requirements on them in the field of data protection. Personal data processing agreements have been signed with all data processors involved, which define strict requirements for the implementation of technical and organisational measures, cooperation
and liability.

The Company may transfer data:
  • in accordance with the procedure provided by law for state institutions;
  • to companies that provide data center, cloud, website administration, and related services, create, provide, maintain, and develop software, companies providing information technology infrastructure services, companies providing communication services;
  • to their legal and compliance consultants to external audit firms;
  • to subcontractors;
  • to law enforcement authorities at their request or on our own initiative if there is a suspicion that a criminal offense has been committed, as well as to courts and other dispute resolution bodies.
Do we process your data outside the European Union and the European Economic Area?

We ensure that your data shall be processed in accordance with the requirements and standards set out in European Union legislation and inform you that your data shall be processed only within the European Union and the European Economic Area (EEA).

Consequences of Non-Submission of Data

You shall have the right to refuse to provide your personal information, but the provision of your personal information is required and necessary for the purposes set out in this Privacy Notice, and if you do not provide your personal information, we may be unable to provide the services requested.

What rights do you have?

In accordance with the provisions of the GDPR, you, as a Data Subject, may exercise the following rights:

  1. Right, of access to personal data – to submit a request for information on whether your personal data is being processed, and if personal data is being processed, you shall have the right to access your personal data being processed.
  2. Right, to rectify personal data – to submit a request to rectify your personal data if you determine that the personal data we process is incorrect, incomplete, or inaccurate.
  3. Right, to delete data (right to be “forgotten”) – to request the deletion of your personal data if you believe that your data has been processed illegally or fraudulently.
  4. Right, to restrict the processing of data – to request the restriction (suspension) of the processing of your personal data other than retention – in case, for example, you request the rectification of your personal data (while the accuracy of personal data is checked and/or corrected), you object to the processing of your personal data, etc.
  5. Right, to transfer data – to submit a request to transfer your personal data, which is processed by automated means, to you and/or another data controller in a structured, commonly used, and computer-readable format.
  6. Right, to object to the processing of data – to object to the processing of personal data where the data are processed on the basis of a legitimate interest.
You may exercise your rights:
  1. By sending us a free-form request to dpo@modus.group. The request must be electronically signed. If this is not possible, in order for us to verify your identity, the person executing the request may ask for additional information proving your identity.
  2. By sending the request by registered mail to Ozo St. 10, Vilnius, Lithuania; the request must be signed.

The request must be legible, signed, and contain the name, address, and other details of the data subject in the preferred form of communication, information on which of the data subject’s rights, and to what extent the data subject wishes to exercise.

We shall provide a response to your request no later than 30 (thirty) calendar days from the date of receipt of the request. In exceptional cases requiring additional time, we shall have the right, after notifying you, to extend the deadline for submitting the requested data or processing other requirements specified in your request to 60 (sixty) calendar days from the date of your request.

Where can you apply for questions about personal data?

If you have any questions about the information contained in this Privacy Notice or the protection of your personal data and the exercise of your rights in the Company, please contact our data protection representative in any way convenient for you:

If a mutually acceptable solution cannot be found, you shall have the right to contact the State Data Protection Inspectorate at: L. Sapiegos St. 17, Vilnius, by e-mail: ada@ada.lt.

Final Provisions of the Privacy Notice

The Privacy Notice shall be subject to change at the discretion of the Data Controller or as a result of changes in the requirements of applicable law.

The current version of the Privacy Notice shall be published on the Website, so it is recommended that you read the latest version.

The Privacy Notice was last updated on April 2022.