PERSONAL DATA

PROCESSING HANDBOOK
Personal data – any information about a
person who is or can be identified with
certain information:

name, surname workplace

shoe size pet GPS

eye color e-mail, etc.

03
01 02
Identify the purpose for
Do not collect any Process the personal data
which you collect the
personal data unless it is only according to a valid
data and do not process
necessary for the activity. lawful basis: consent;
it for any other
contract; legal obligation;
irrelevant purpose.
legitimate interest; vital
interest; public task.

06 05
04
Do not store the personal
data longer than it is Inform the data subject
necessary for the purposes Process only accurate about the processing of
that the data was being personal data. their data. The articles 13
processed. and 14 of the GDPR
provide the mandatory
information the data
subjects must be
07 08 informed about.

Collect the evidence to

Process the personal data
with confidentiality and prove compliance with 09
according to appropriate the above-mentioned
technical and organizational requirements.
security measures. Confirm the reliability of the
service provider, who will be
processing the data on
behalf of your company.
12 Form and sign a data
11 processing agreement.

In the event of a data Every data subject has

breach (unauthorized these rights: to be
disclosure, stolen data, a lost informed; the right of 10
device containing the data, access; the right to
data sent to the wrong rectification; the right to
recipient, etc.), notify your erasure; the right to restrict
company data protection Transfer the processed
processing; the right to data to other independent
officer or other responsible data portability; the right to
person and the ASG data data controller only if you
object; rights concerning have one of the
protection officer automated decision
[email protected] above-discussed legal
making and profiling; right basis.
immediately. to lodge a complaint with a
supervisory authority.

If you are new to the data processing activities or have any questions
regarding GDPR, feel free to contact your company’s data protection officer
or other responsible person and/or the ASG Data Protection Officer at
[email protected] or tel. +370 639 36 814
CYBERSECURITY MEASURES
SHOULD BE FOLLOWED
Cybersecurity is meant to protect the
information of the Group, its’ customers,
partners, and employees, as well as ensure
the proper functioning of IT infrastructure
and business continuity of the Group.
Get to know several simple rules and
habits that will strengthen the Group’s
cyberspace and internal cybersecurity
culture.

1
In case you have doubts
2
Group’s IT staff will never
3
Activate the password or
about the security of the ask for your login or PIN feature on your phone
links or files you received, password. Ignore emails or to restrict access to internal
do not open them, and, if other requests to provide data for other people.
needed, consult the such data.
Group’s IT staff.

6 5
Hold your passwords in
secret and do not store
passwords in plain sight
4
Use strong, complex
passwords and change
them at least every 90 days.
Do not use the same
or any other easily
passwords on Group’s and
accessible form.

9
personal usage IT systems.

7
Change your credentials 8
Do not use unprotected
Use only the Group’s IT
tools and systems for
immediately if you public Wi-Fi access points information management
suspect that they have if they do not belong to the and storage. Do not use
become known to other Group or you are uncertain public recourses such as
people. of their security. Google Drive, Google Docs,
DropBox and etc.

12
Do not leave the IT
equipment unattended
11
Activate computer screen
10
Do not store any
unnecessary or irrelevant
(do not leave it in public lock every time you leave information about the
places, car and etc.) and your workplace. Do not group on your computers
do not give it to third leave personal data or phones. By storing
persons. containing documents on personal data in your
your desk or other locations e-mails, you make it difficult

13
accessible to third persons. to ensure the GDPR
requirements.

If you suspect that your computer or phone is malfunctioning due to malicious

software, inform your Group’s IT department, who will identify possible causes.