Previous Next
Month 11 2023
Mo Tu We Th Fr Sa Su
30 31
01 02 03

Personal Data Protection

The Centre for Quality Assessment in Higher Education (SKVC) respects and protects the privacy of every person who contacts the SKVC and every website visitor, and it undertakes to process and store provided personal data in a fair and lawful manner. Personal data protection issues are particularly important, thus the SKVC pays special attention to ensure security. 

Personal Data Controller 

Personal data controller is the SKVC, legal entity code: 111959192, head office address: A. Goštauto g. 12, Vilnius. 
In implementing the requirements of the General Data Protection Regulation (GDPR), the SKVC has designated a data protection officer who addresses all issues related to personal data protection and provides guidance in the field of personal data protection. 
If you have any questions related to ensuring personal data protection, please email to

How the SKVC collects and uses personal data 

The SKVC collects personal data on:
  • persons who apply to the SKVC for a public service;
  • persons who take part in activities and events organised by the SKVC;
  • persons who subscribe to newsletters or agree to receive SKVC’s information by e-mail;
  • website visitors (Cookies);
  • persons who work or apply for work at the SKVC.
The collected data are used for the following purposes:
  • provision of a public service applied for by a person;
  • organisation and administration of activities and events in which a person takes part;
  • sending of e-mails containing news, publications and information on events, having obtained a consent from a website visitor;
  • internal administration (only employees’ data);
  • protection of SKVC’s property (video surveillance);
  • improvement of website functioning. 
The SKVC does not transfer personal data to any unrelated third parties, except for the following cases:
  • where it is necessary for the provision of a service applied for by a person or where this obligation is provided for by legal acts;
  • to law-enforcement authorities in accordance with the procedure established in the legal acts of the Republic of Lithuania;
  • to SKVC service providers (IT system support companies, companies providing document handling services, where such a transfer is necessary for the provision of a service and if the service provider ensures adequate data protection).

How the SKVC protects personal data 

Personal data are protected against unauthorised use, alteration and loss. The SKVC has implemented organisational and technical measures for the protection of collected personal information. 
Data are stored as long as they are necessary for the purpose for which they have been collected, but no longer than for a specified period.
After the data storage period is over or a consent to the processing of provided data by the SKVC (if the data are processed on the basis of consent given by a person who provides data) is withdrawn, data will be irretrievably destroyed. 

What are data subjects’ rights? 

Data subjects have the right:
  • to know (be informed) about the processing of their personal data by the SKVC (Articles 13, 14 of the GDPR);
  • to access their personal data processed by the SKVC and information on how they are processed (Article 15 of the GDPR);
  • to request rectification of their personal data processed by the SKVC (Article 16 of the GDPR);
  • to request erasure of their data (“right to be forgotten”) (Article 17 of the GDPR). 
    This right may be exercised upon presence of one of the following grounds: 
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
    • the personal data have been unlawfully processed;
    • the personal data have to be erased for compliance with a legal obligation in European Union or national law.
  • to request restriction of processing of their personal data where the processing does not comply with the provisions of the Regulation and other legal acts (Article 18 of the GDPR);
  • to request data portability (Article 20 of the GDPR) – the data subject has the right to receive the personal data concerning him or her, which he or she has provided to the SKVC, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance from the SKVC, where: 
    • the processing is based on consent or on a contract;
    • the processing is carried out by automated means. 
      IMPORTANT: This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the SKVC. 
  • to object to the processing of personal data (Article 21 of the GDPR);
  • to lodge a complaint with the State Data Protection Inspectorate
A person seeking to exercise the above rights must submit a written request to the SKVC (personally, by post, through a representative or by means of electronic communications (signed with an electronic signature). The request is subject to the following requirements:
  • The request has to be legible, signed by a person and contain the following details: person’s name, surname, place of residence, contact phone number and e-mail address, and information on which of the above rights and to what extent a person requests to exercise, as well as the way in which a person wishes to receive the response.
  • When submitting the request, a person must prove his or her identity: 
    • if the request is submitted personally by coming to the SKVC – by providing a personal identity document or a copy thereof certified in accordance with the procedure established by legal acts of the Republic of Lithuania;
    • if the request is submitted by post – by providing a copy of a personal identity document certified in accordance with the procedure established by legal acts of the Republic of Lithuania;
    • if the request is submitted through a representative – by providing a document certifying representation;
    • if the request is submitted by means of electronic communications – by signing it with an electronic signature.
The request is examined and the response is provided to a person no later than within 1 month from the date of receipt of the request. The period of examination of the request may be extended for 2 months. In such a case the data subject must be notified of the extended period of request examination and the grounds for extension.


Cookies are small files consisting of letters and digits which are saved on the browser or the computer’s hard disk. 
Most browsers allow rejecting all cookies, whereas some browsers allow rejecting only third-party cookies. A website visitor may use these options, yet blocking all cookies might have a negative impact on the use of a website. 
The SKVC website uses: 
  • Session cookies that improve website functioning (PHPSESSID). They improve the functioning of the website and collect general (anonymous) information on the use of the website. These cookies are stored until the browser is closed.
  • Analytical cookies (Google Analytics _ga). These cookies allow to recognise and count website visitors for the purpose of visitor statistics. These cookies are stored for two years.