Privacy Policy
Effective date: 20/10/2025
Applies to: Registration and access management for the GrowingEurope conference and associated events taking place in Vilnius, Lithuania on 17–18 November 2025 (including entry to the Presidential Palace and other venues).
Who we are (Controller)
Controller: Association of Premature Babies “Neišnešiotukas”, operating the GrowingEurope Conference
Registered address: Ogmios Miestas, Verkių g. 29, LT-09108, Vilnius, Lietuva
Contact: Asta@auginulietuva.lt / +370 615 57028
What personal data we collect
We collect the information you provide via our Google Forms registration:
- Email Address (official/work email preferred)
- Repeat Email Address (for confirmation)
- Full Name
- Institution / Company Name
- Job Title / Position
- Title (e.g., Ms/Mr/Dr)
- City
- Country / Region
- Mobile / Telephone Number (with country code)
- Date of Birth (MM/DD/YYYY)
- Are you a member of a delegation? If yes, please specify which one
- Will you attend the Reception on the evening of 17 November? (Yes/No)
- Will you participate in the Press Conference at the Parliament of the Republic of Lithuania on 18 November?
Notes on data minimisation
- The “Repeat Email Address” is used solely to confirm accuracy. We delete any duplicate field once validation is complete.
- Please do not provide any special category data (e.g., health, political opinions, religious beliefs) in free‑text fields. We do not request such data for this event.
Children: The event is intended for professional adult attendees. We do not knowingly collect data from children. If you are under the age required by your country’s law to provide valid consent/contract (typically 16 and not lower than 13), a parent/guardian must register on your behalf or contact us at Jolanta@auginulietuva.lt.
Why we use your data and our legal bases (GDPR Art. 6)
| Purpose | What we use | Legal basis | Our legitimate interests (if applicable) |
|---|---|---|---|
| Event registration and attendee management (creating your record, confirmations, updates) | Name, contact details, organisation, role | Contract (Art. 6(1)(b)) or steps prior to entering into a contract | — |
| Access control, venue security vetting, creation of entry lists/passes | Name, date of birth, organisation, country/region, contact details | Legitimate interests (Art. 6(1)(f)) to keep the event secure and manage access; and/or Legal obligation (Art. 6(1)(c)) where required by venue or public‑security rules | Ensuring safety and controlled access to the Presidential Palace and other venues |
| Operational communications (programme changes, logistical notices, emergency messages) | Email, phone | Legitimate interests (Art. 6(1)(f)) | Effective event operations and safety |
| Attendance logistics (reception; parliamentary press conference) | Names and “Yes/No” responses | Contract (Art. 6(1)(b)) and/or Legitimate interests (Art. 6(1)(f)) | Capacity planning and access permissions |
| Incident handling and regulatory compliance (audit logs, security incidents) | Relevant data from above as needed | Legal obligation (Art. 6(1)(c)); Legitimate interests (Art. 6(1)(f)) | Compliance and safeguarding |
No marketing: We do not use your information for marketing, sponsorship outreach, newsletters, or unrelated communications.
No automated decisions: We do not use your data for automated decision‑making or profiling that produces legal or similarly significant effects (GDPR Art. 22).
Where we get your data
Directly from you through the Google Form. We do not collect your personal data from third‑party sources for registration.
Who we share your data with
We disclose only what is necessary for the purposes described above:
- Venue and institutional recipients (independent controllers):
- Presidential Palace, Vilnius (security/administration) – for access control and security vetting.
- Parliament of the Republic of Lithuania (press office/administration) – for press conference participation and building access.
These bodies process your data under their own legal responsibilities and privacy notices.
- Event operations (processors acting on our instructions):
- Registration/IT tools (Google Forms/Drive) and related IT support providers.
- Accreditation/badge printing vendors (entry lists, badges).
- On‑site security service providers (if engaged by us) for identity checks at other venues.
We require our processors to sign data processing terms consistent with GDPR (Art. 28) and to implement appropriate security measures.
International data transfers
We collect responses using Google Forms. Depending on account configuration and infrastructure, your data may be processed or accessed from outside the EEA/UK (e.g., by Google group companies or sub‑processors). We implement appropriate safeguards, which may include:
- EU‑U.S. Data Privacy Framework (DPF) certification of relevant providers (where applicable);
- Standard Contractual Clauses (SCCs) and, where needed, additional technical/organisational measures (encryption, access controls);
- UK Addendum to the SCCs for UK transfers (if relevant).
Google’s role:
- Where we use Google Workspace with a Data Processing Addendum, Google acts as our processor for Forms/Drive.
- If a consumer (non‑Workspace) account is used, Google may act as an independent controller for limited service‑provision and security purposes.
In all cases, “Neišnešiotukas” remains the primary controller for your registration responses.
You can request more information about transfer safeguards (and copies where legally permitted) via Jolanta@auginulietuva.lt.
How long we keep your data (retention)
We keep personal data only as long as needed for the event and related obligations:
- Core registration record (name, contact, organisation, role, attendance selections): retained until 6 months after the event to handle post‑event queries and reconciliation, then securely deleted/anonymised.
- Access control and security vetting lists (including date of birth): retained for 30 days after the event unless a longer period is required by law or incident review.
- Incident logs / security investigations (if any): retained for up to 3 years where needed to establish, exercise, or defend legal claims.
- “Repeat email” validation artefacts: deleted after verification.
If accounting/tax records arise (e.g., if fees or reimbursements are involved), related records may be retained for the statutory period required by applicable law.
How we protect your data (security)
We apply appropriate technical and organisational measures, including role‑based access controls, multi‑factor authentication on administrator accounts, encryption in transit and at rest (as provided by our IT tools), secure transfer of guest lists to venues, staff/vendor confidentiality undertakings, and least‑privilege principles. We maintain procedures to assess and, where required, notify personal data breaches to competent authorities and affected individuals.
Your rights under the GDPR
You have the right to:
- Access your personal data and obtain a copy;
- Rectify inaccurate or incomplete data;
- Erase your data (right to be forgotten) where applicable;
- Restrict processing in certain circumstances;
- Object to processing based on our legitimate interests (we will assess your objection; note that essential security/access processing may still be required to attend the event);
- Data portability where processing is based on contract and carried out by automated means;
- Withdraw consent at any time where we rely on consent (with no effect on prior processing).
To exercise your rights, contact Jolanta@auginulietuva.lt. We may need to verify your identity before responding.
Right to complain: You can lodge a complaint with your local supervisory authority or with the Lithuanian State Data Protection Inspectorate (as the event location). We welcome the chance to address your concerns first.
Is providing data mandatory?
Providing the requested information is necessary to register you and to comply with venue access/security requirements. If you choose not to provide required fields (e.g., name, contact details, date of birth for security vetting), we may be unable to complete your registration or grant access to the venues.
Changes to this notice
We may update this notice to reflect operational or legal changes. We will indicate the “Effective date” above and, where appropriate, notify registered attendees of material changes.
Contact
For any questions or to exercise your rights, please contact:
Neišnešiotų naujagimių asociacija „Neišnešiotukas“
Naujakurių g. 41
Kuprioniškės LT-13279
Vilniaus r., Lietuva
Asta Radzevičienė (Founder & President Neišnešiotukas/ Growing Lithuania):
Asta@auginulietuva.lt
+370 615 57028
Jolanta Grigorjevienė (Head of Public Relations Neišnešiotukas/ Growing Lithuania):
Jolanta@auginulietuva.lt
+370 611 25183
