These personal data processing rules (hereinafter referred to as the Rules) establish the principles and procedures for the processing and protection of personal data, which the Company, as the controller of personal data, follows when processing the personal data of data subjects.

1. DEFINITIONS OF TERMS.

1.1. Personal data – any information directly or indirectly related to the Data Subject, as detailed further in these Rules.

1.2. Data subject/Data subject – tai bet kuris asmuo, kuris: (i) naudojasi (-ojosi) Bendrovės interneto svetaine www.talk2grow.lt and/or (ii) orders, purchases, or uses any services provided by the Company or its lecturers; and/or (iii) seeks to participate in an Event organized by the Organizer, e.g., by registering to participate in a live broadcast; and/or (iv) is (was) a Participant.

1.3. Personal data controller – Talk 2 Grow, UAB, legal entity code 307069767, email address: info@talk2grow.lt, tel. no.: +37065909194.

1.4. Ticket – a document, including an electronic one, confirming the purchase and sale agreement concluded between the Organizer and the Participant and granting the Participant the right to access and participate in a specific Event.

1.5. Participant – is an adult who purchases a Ticket for purposes related to their business, work, profession, or craft, except when it is clear from the theme of the Event that the purpose is personal, has paid the specified price, and has acquired the right to participate in the Event.

1.6. Event – an event organized and conducted by the Organizer, specified in the Ticket, which the Participant has the right to attend and participate in.

1.7. Profiling – any form of automated processing of personal data where personal data is used to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

1.8. Management – any action or series of actions performed on Personal Data by automated or non-automated means, including its collection, recording, accumulation, storage, classification, modification (completion or correction), granting of access, submitting queries, transferring, publishing, using, searching, disseminating or any other action or set of actions. Hereinafter, the word "process" and its forms used in the Rules shall have the same meaning as the term "Processing".

2. GENERAL PROVISIONS.

2.1. The Company processes Personal Data in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter referred to as the ADTAĮ), other laws and regulations of the Republic of Lithuania and the European Union governing the legal protection of personal data, as well as documents adopted by competent authorities, established requirements, and lawful instructions.

2.2. Nuo 2024 m. lapkričio 20 d. Bendrovė Asmens duomenis tvarko, vadovaudamasi dar ir tiesiogiai taikomu 2016 m. balandžio 27 d. Europos Parlamento ir Tarybos reglamentu (ES) 2016/679 dėl fizinių asmenų apsaugos tvarkant asmens duomenis ir dėl laisvo tokių duomenų judėjimo (toliau – Reglamentas).

2.3. The rules aim to ensure the protection of Personal Data, establish the basic principles for its processing, explain to the Data Subject the principles and procedures followed by the Company when processing their Personal Data, and to inform Data subjects about how, for what purposes and on what grounds their Personal Data is processed, what rights each Data subject has and how they can exercise those rights.

2.4. The personal data controller declares that the processing of personal data in accordance with the procedures and principles set out in the Rules is necessary for the Company to properly carry out its activities, conclude and execute various related civil contracts, ensure the effectiveness, quality, and compliance of the services provided to Data Subjects with their expectations, as well as to ensure the legitimate interests of the Data Subjects themselves, e.g., to be safe and healthy, and the legitimate interests of the Company itself (unless the interests of the Data Subject prevail).

2.5. The controller of personal data shall process personal data only for legitimate purposes specified in these Rules; this shall be done accurately, transparently, fairly and only to the extent necessary to achieve the specified purposes, in accordance with the principles of purposefulness and proportionality, without requiring processing or storing excessive data, periodically checking and updating the personal data already processed, and ensuring its adequate security.

3. AGREEMENT WITH THE RULES FOR PROCESSING PERSONAL DATA.

3.1. Prieš Asmens duomenų subjektui atliekant Taisyklių 1.2. p. nurodytus jį apibūdinančius veiksmus, Bendrovė suteikia Duomenų subjektui galimybę susipažinti su šiomis Taisyklėmis, www.talk2grow.lt by clicking on the link "Personal Data Processing Rules" at the bottom of the home page, after which the Data Subject is redirected to these publicly available Rules posted on the website.

3.2. The Company strongly recommends that the Data Subject thoroughly and comprehensively familiarize themselves with the Rules before performing the actions specified in clause 1.2 of the Rules. If you have any questions, please contact the Company by email at info@talk2grow.lt.

3.3. After the data subject has familiarized themselves with the Rules, Ticket, or other document, including electronic ones, they are given the opportunity to check the box next to the active link "Personal Data Processing Rules," thus expressing their active consent to the processing of their Personal Data described in these Rules and specified in Table A of Section 6.1 of the Rules. It is considered that the Data Subject, having performed the actions described in points 1.2 (ii), (iii) and (iv) of the Rules and ticked the box next to the active link "Personal Data Processing Rules," has confirmed that they fully understand the Rules and have given their informed and unambiguous consent to the processing of their Personal Data in accordance with these Rules, with regard to the Personal Data specified in Table A of Section 6.1, in the manner specified therein.

3.4. Therefore, if the Data Subject does not agree with the processing of Personal Data (specified in Table A of Section 6.1 of these Rules) described in these Rules, for the sake of the Data Subject's own personal data protection, he/she: (i) shall not have the right to use the Company's website www.talk2grow.lt  and/or (ii) order, purchase, or use any services provided by the Company or its lecturers; and/or (iii) seek and/or participate in an Event organized by the Organizer; (iv) purchase a Ticket.

3.5. When the Data Subject, having performed the actions described in clause 1.2. (i) of the Rules, continues to visit the website www.talk2grow.lt His Personal Data is processed only in the manner specified in the Rules using Cookies and only to the extent possible to depersonalize Personal Data.

3.6. Regarding the processing of personal data specified separately in Tables B and C of Rules 6.2 and 6.3, the Data Subject is given the opportunity to express their will separately in the Ticket or other document, including electronic, for each of the specified cases by ticking the box next to "I agree that my personal data may be processed for direct marketing purposes" and/or "I agree that my personal data obtained by video surveillance means may be processed for advertising or other commercial purposes." In cases where the Data Subject ticks the boxes next to the above consents or any one of them, it is considered that the Data Subject has actively given their informed, unambiguous consent to the Personal Data Controller to process their Personal Data in accordance with the procedure set out in these Rules (with regard to the Personal Data detailed in Tables B and C in sections 6.2 and 6.3).

3.7. In the cases specified in clause 3.6 of the Rules, the Data Subject has the right to choose whether to consent to such processing of his or her Personal Data.

3.8. The Company has the right to unilaterally amend these Rules at any time, with the new amendments coming into force after their publication on the Company's website. If the Data Subject performs the active actions specified in clause 1.2 of the Rules after the amendments to the Rules have been made, it shall be deemed that he/she agrees to all amendments to the extent that his/her Personal Data was processed previously. If the Data Subject does not agree with the amended Rules, the consequences specified in clause 3.4 of the Rules shall apply to him/her. The Personal Data Controller encourages the Data Subject to take an active interest in how his/her Personal Data is processed.

3.9. The Company may engage data processors for the processing of personal data. In such cases, it shall take the necessary measures to ensure that such data processors process personal data in accordance with the Rules and applicable laws.

4. RIGHTS OF THE DATA SUBJECT.

4.1. The data subject has the right to:

4.1.1. obtain information about whether and what Personal Data is being processed, as well as access it, and find out how long and what data is stored by the Company;

4.1.2. to receive the Personal Data submitted by him/her to the Data Controller, which is processed on the basis of his/her consent, the legitimate interests of the Data Subject and/or the Company, or the performance of the contract concluded between the Participant and the Organizer, in writing or in a commonly used electronic form, and to transfer such Personal Data to another service provider (data portability);

4.1.3. request that any automated assessment be reviewed manually;

4.1.4. request the correction of incorrect, incomplete, or inaccurate Personal Data, as well as its adjustment and supplementation. Also, to delete such data when the right to be forgotten is provided for in the Regulation and other legal acts. In cases where the Company receives Personal Data from the Data Subject himself, the Data Subject himself is responsible for its correctness, accuracy, and completeness when submitting it;

4.1.5. withdraw their consent to the processing of Personal Data when this is done solely on the basis of the consent of the Data Subject or when it is processed on the basis of the Company's legitimate interest and it becomes apparent that the interests of the Data Subject prevail; as well as to request that such Personal Data be processed only for storage purposes. Please note that upon withdrawal of consent, the Company may no longer be able to continue to provide services and/or offer the best solution, which may affect the quality and/or effectiveness of the services provided. Withdrawal of consent does not affect the lawfulness of data processing based on consent prior to withdrawal of consent;

4.1.6. request the deletion of their Personal Data, which is processed only with the consent of the Data Subject, when the Data Subject revokes that consent (right to be forgotten). This right does not apply if the Personal Data requested to be deleted is processed on another legal basis, e.g.: when the obligation to process Personal Data is imposed on the Company by relevant legislation, when the processing of Data is necessary for the performance of a contract to which the Data Subject is a party; as well as on the basis of regulations provided for by law;

4.1.7. request the suspension of the processing of your Personal Data in the cases provided for in the Regulation;

4.1.8. object to the use of Personal Data for direct marketing purposes;

4.1.9. other rights enshrined in the ADAĮ and the Regulation;

4.1.10. If the Data Subject has any questions or concerns regarding the Company's actions/inaction that may not comply with the Rules or violate the protection of the Data Subject's personal data, the Data Subject may contact the Company using the contact details specified in clause 1.3 of the Rules;

4.1.11. lodge a complaint regarding the processing of personal data with the State Data Protection Inspectorate.

5. EXERCISE OF THE RIGHTS OF THE DATA SUBJECT.

5.1. In order to exercise their rights, the Data Subject must submit a written request to the Data Controller: in person to the Company, by registered mail, or by electronic means. The request must be signed and must include the Data Subject's name, surname, place of residence, contact information, information about what right, for what reasons and to what extent the Data Subject wishes to exercise, as well as how, i.e. by e-mail/other means of communication or by post, they wish to receive a response.

5.2. When submitting the request referred to in clause 5.1 of the Rules, the data subject must confirm their identity to the personal data controller:

5.2.1. when submitting the application in person – to present the original identity document;

5.2.2. when submitting an application by registered mail, a copy of the identity document certified by a notary or a copy of this document certified in accordance with the procedure established by law must be submitted;

5.2.3. when submitting a request by electronic means, sign it with an electronic signature.

5.3. The personal data controller indicates that this procedure is provided for in order to ensure the protection of the data subject's personal data so that no other person without a legal basis would obtain his or her personal data.

5.4. Upon receipt of a request from the Data Subject, the Data Controller shall examine it and provide a response free of charge no later than within 30 (thirty) calendar days from the date of the Data Subject's request. The response shall be provided in one of the ways specified in the request.

6. CATEGORIES, PURPOSES AND BASIS OF PROCESSED PERSONAL DATA.

6.1. The data subject, having consented to the processing of his/her personal data in accordance with the procedure specified in clause 3.3 of the Rules, specifically, clearly and unambiguously confirms that his/her personal data will be processed for the purposes, on the grounds, to the extent and in the manner specified in Table A below:

No.	Personal data	How/when collected	Basis for processing	Management objectives
1)	Data subject's name, surname, personal identification number, date of birth, address, telephone number, e-mail address, personal payment details (e.g., bank account number, etc.).	Provided by the Data Subject himself when purchasing a Ticket, paying for a Ticket, registering for an Event, paying, etc.	– a contract is concluded and/or performed on the basis of the Ticket between the Data Subject and the Data Controller; – there is a legitimate interest of the Data Controller.	– to properly conclude and perform the contract concluded between the Data Subject and the Company; – to properly provide the Data Subject with the services ordered; – when performing ticket sales accounting; – debt collection, etc.
2)	The age, health status, and other data of the Data Subject that the Data Subject voluntarily provides to the Company.	Provided by the Data Subject when filling out questionnaires and/or other forms related to a specific Event.	– protecting the vital interests of the Data Subject; – where there is a legitimate interest of the Data Controller; – only with the data subject's explicit consent to the processing of their data.	– To ensure the safety of the Data Subject and other Participants; – To ensure that the Data Subject does not experience any health problems during the Event; – to better assess the Participant's expectations and offer the service that best suits their interests.
3)	Video data captured by the Company's video surveillance equipment and cameras during events.	When conducting video surveillance during specific Events, filming Participants' statements about the Event.	– protecting the vital interests of the Data Subject; – where there is a legitimate interest of the Data Controller; – only with the data subject's explicit consent to the processing of their data.	– To ensure the security of the data subject and other Participants, their property, and to identify potential violators.

6.1.1. Upon completion of a specific Event, provision of a service, and/or fulfillment of a contract concluded between the Data Subject and the Data Controller, the Data Subject shall have the right, in accordance with the procedure set out in paragraph 4 of the Rules, to request the deletion of the Personal Data referred to in Table A2) relating to the Data Subject's health status, notwithstanding the fact that such Personal Data is processed on legal grounds other than the consent of the Data Subject.

6.1.2. The Personal Data detailed in Table A above will only be transferred to other persons in accordance with the procedure set out in Section 8 of the Rules.

6.2. By ticking the box next to "I agree to my personal data being processed for direct marketing purposes" in accordance with clause 3.5 of the Rules, the data subject gives their specific, clear and unambiguous consent that their personal data described in Table B below will be processed for direct marketing purposes without separate notification in accordance with the procedure specified in Table B:

No.	Personal data	How/when collected	Basis for processing	Management objectives
1)	Data subject's first name, last name, date of birth, age, address, telephone number, email address, gender.	Provided by the Data Subject himself when purchasing a Ticket, paying for a Ticket, registering for an Event, paying for a Ticket, etc.	– with the consent of the data subject.	– for direct marketing purposes, in order to offer the person the services provided by the Company, provide information about them and applicable discounts; – to congratulate customers on personal and other holidays by sending the Data Subject a small gift, etc.
2)	Other Data Subject data that he/she provides to the Data Controller.	Provided by the Data Subject when filling out questionnaires and/or other forms related to a specific Event, purchasing a Ticket, paying for it, participating in the Event, ordering the Company's services, giving interviews, filming/photographing, and in other ways.	– with the consent of the data subject.	– to better assess the Participant's expectations and offer the service/offer that best suits their interests; – for advertising purposes.

6.2.1. The Personal Data detailed in Table B above will be transferred to other persons only in accordance with the procedure specified in Section 8 of the Rules.

6.3. By checking the box next to "I agree that my personal data obtained by video surveillance means may be processed for advertising or other commercial purposes" in accordance with the procedure set out in clause 3.5 of the Rules, the data subject gives their specific, clear and unambiguous consent that their personal data described in Table C below will be processed without separate notice in the manner specified in Table C:

No.	Personal data	How/when collected	Basis for processing	Management objectives
1)	Video data captured by the Company's video surveillance equipment, cameras before/during/after Events.	When conducting video surveillance during specific Events, filming Participants' statements about the Event, taking photographs.	– with the explicit consent of the data subject.	– for the purpose of using videos/parts thereof and/or photos for advertising or other commercial purposes.

6.3.1. The Personal Data specified in Table C above will be transferred to other persons only in accordance with the procedure specified in Section 8 of the Rules. The Personal Data Controller draws the attention of the Personal Data Subject to the fact that the Personal Data specified in Table C will be disclosed for advertising or other commercial purposes.

7. COOKIES, PROFILING.

7.1. The Data Controller informs the Data Subject that on the website www.talk2grow.lt, In order to improve the experience of the Data Subject and for statistical purposes, cookies are used – small pieces of text information that are automatically created when browsing the website and are stored on the Data Subject's computer or other terminal device. Cookies are used to recognize the Data Subject as a visitor to the website, and the content of the website is tailored to their needs.

7.2. The information collected by cookies allows us to ensure that the Data Subject can browse more conveniently, provide the most attractive offers, and learn more about the behavior of the website user, analyze trends, and improve both the website and the services and customer service provided.

7.3. The data subject has the option to choose whether they want cookies to be used. They can do this by changing their browser settings and disabling cookies or individual cookies. The Company informs the Data Subject that such a choice may slow down the operation of the website and/or limit the Data Subject's ability to use certain services provided by the Company and/or restrict access to the website.

7.4. The data controller uses the cookies listed in Table D below in the following manner and for the following purposes:

No.	Personal data	How/when collected	Basis for processing	Management objectives
1)	Google Analytics
	—	– information about the behavior of personal data on the website; – information about the number of visitors, the number of new visitors; – IP addresses – information about how the Data Subject reached the website.	The cookie is activated when the data subject visits the website.	To collect statistics on visitors to the data controller's website, e.g., used to distinguish visitors to the website, record new visitors, number of visits, etc., to assess the effectiveness and relevance of advertising.
2)	Hotjar
	—	– information about the behavior of personal data on the website; – information about the number of visitors, the number of new visitors; – information about the effectiveness of marketing activities.	Once the data subject has completed the relevant questionnaire, consent form, etc., the data controller shall be deemed to have obtained the data subject's consent to the processing of their personal data.	To perform statistics on visitors to the data controller's website, e.g., to distinguish between visitors to the website, record new visitors, the number of visits, etc. To ensure that the Data Subject is offered website content that best suits their interests.

7.5. More detailed information about cookies is available at https://policies.google.com/technologies/ads. The data controller strongly recommends that the data subject familiarize themselves in detail with all information about the cookies used by the Company.

7.6. Profiling performed by the Personal Data Controller is related to the Personal Data specified in the tables above in order to assess certain characteristics of the Data Subject and thus analyze and predict, for example: personal choices, interests, risks, etc. This is intended to provide the Data Subject with an appropriate service, by selecting the service that best suits their interests, assessing risks in order to protect the interests of the website and all Data Subjects using it from harmful actions of others, in order to prevent fraud, etc. Profiling is based on the legitimate interests of the Company and the Data Subjects themselves, the performance of contracts, and the consent of the Data Subject.

8. PROVISION OF PERSONAL DATA.

8.1. The personal data controller shall provide the data subject's personal data, without separate notice, only to third parties related to the data controller on the basis of employment, service provision, copyright and other legally concluded/concluding contracts, ensuring compliance with the Rules. These may include auditors, debt collection companies, etc.

8.2. The personal data controller shall provide the data subject's personal data in cases where such an obligation is imposed on the personal data controller by law, e.g. upon receipt of a lawful request from state or municipal authorities in order to prevent criminal acts, etc.

8.3. Personal data will be stored by the Company only to the extent necessary to achieve legitimate purposes.