Privacy policy of INHUS group of companies

Data Controller

The data controller is INHUS group companies (hereinafter referred to as We). The companies of the INHUS group are:

  • INHUS Group, UAB, company number 302664113, registered headquarters address – Žarijų g. 6, Vilnius, LT, business address – Žarijų g. 6A, Vilnius, LT
  • INHUS, UAB, company number – 302863631, registered headquarters address – Žarijų g. 6, Vilnius, LT, business address – Žarijų g. 6A, Vilnius, LT
  • INHUS Prefab, UAB, company number – 121559766, registered headquarters address – Žarijų g. 6, Vilnius, LT, business address – Žarijų g. 6A, Vilnius, LT
  • INHUS Construction, UAB, company number 302891837, registered headquarters address – Žarijų g. 6, Vilnius, LT, business address – Žarijų g. 6A, Vilnius, LT
  • INHUS Engineering, UAB, company number 301545597, registered headquarters address – Žarijų g. 6, Vilnius, LT, business address – Žarijų g. 6A, Vilnius, LT
  • INHUS AB, company number Articles 556866-6977, address c/o ECIT Services AB, Box 30080, 104 25, Stockholm, Sweden;
  • INHUS, AS, company number 913144031, address c/o Merisma AS, St. Olavs gate 24, 0166, Oslo, Norway;
  • INHUS Engineering, YH, company number 110114-0247450, address Cheongdam Venture plaza 10F, 704, Seolleung-ro, Gangnam-gu, Seoul, South Korea;
  • INHUS LIMITED, company number 12429993, address Mills & Reeve Llp, 1 City Square, Leeds, West Yorkshire, United Kingdom LS1 2ES;
  • INHUS Engineering Oy, company number 3164704-2, address c/o Properta Asianajotoimisto Oy Unioninkatu 7 B 17, 00130, Helsinki, Finland.

This Privacy Policy (hereinafter - the Privacy Policy) is intended for entities and persons who purchase goods from Us, use Our services, visit Our territory or Our premises, are interested in finding employment with Us or visit Our websites (hereinafter referred to as Our websites):

  • www.inhus.eu
  • www.inhusengineering.eu
  • www.inhusprefab.eu
  • www.inhusconstruction.eu

Joint controllers

We may process personal data as a separate controller, but we may also process personal data together with other controllers (i.e. joint controllers within the meaning of Article 26 of the GDPR). A contract is concluded between the co-controllers of data, in which the co-controllers determine in a transparent manner their respective responsibilities for the fulfilment of obligations under the GDPR,
defines the respective actual functions of the co-controllers and their relations with the data subjects. In case of the written request of the data subject, the data subject shall be given access to the substantive provisions of this Contract. The data subject can exercise his rights as set out in the GDPR in respect of each of the data controllers.

General provisions

The Privacy policy establishes and defines the fundamental principles of personal data processing and the implementation of the data subject's rights. Additional information may be provided in sales, service and other contracts. 

By using Our services, purchasing goods, submitting their his data, sending or otherwise submitting a CV, visiting Our premises or territory, continuing to browse the website, the data subject confirms that he has read this Privacy Policy, understands its provisions and agrees to comply with it. If you do not agree to comply with this Privacy Policy, do not use Our Services, do not provide us with your personal data for other purposes, and do not browse Our websites.

Principles of processing personal data

We process personal data in accordance with the European Union and Lithuanian laws regulating the processing of personal data. The scope of processed personal data depends on the services provided or used, the goods and the information provided by the person when ordering goods and (or) the services, visiting or registering on the website, submitting their data for the purposes of the employment with Us or visiting Our premises or in Our territory. Data are only processed under the lawful processing criterion – to ensure the supply of goods and (or) the provision of services; with the consent of the person; when processing personal data, We are bound by relevant legislation; when the processing of personal data is required for the legitimate interest of the data controller or a third party. 

We seek to ensure that personal data is processed accurately, in good faith and lawfully, only for the purposes for which it was collected, in accordance with the principles and requirements for the processing of personal data clearly and transparently laid down by law.

Personal data sources

Personal data may be obtained directly from the data subject who provides them when sending their curriculum vitae (CV) or otherwise contacting Us; from the customer's activities, Our personal data processors or other external sources. Data can also be obtained from publicly available sources. 

Data can be generated when a person uses services, for example, by calling a phone, sending an instant message, email, ordering goods and (or) services, or visiting the internet website. A person is not obliged to provide any personal data, unless the personal data is necessary for concluding transactions with him (for example, for the sale of goods or provision of services, for invoicing).

Purposes for personal data processing

We process personal data for the following purposes: fulfilment of contractual obligations; vehicle tracking and control (GPS tracking); administration of road traffic offense reports; debt recovery; handling of queries; website traffic statistics; protection of property and individuals; identification of persons; submission, performance and defence of legal claims; search of employees; conclusion, execution, administration of employment contracts and other purposes related to the management of Our human resources. 

Data subject Groups – Buyers (clients); representatives of buyers (clients); suppliers; representatives of suppliers; carriers; representatives of carriers; customers; representatives of customers; independent work contractors; representatives of independent work contractors; business partners; representatives of business partners; employees; job seekers; persons entering Our premises and territory; Our interested parties. The following main categories of personal data may be processed, but are not limited to: name, surname, place of work, position title, personal identification number, mobile phone number, CV, email address, videos, information about visiting Our premises and territory, vehicle registration numbers, other information necessary for the sale of goods and the provision of services, maintenance of relations and administration of contracts; IP address, site browsing history and date. Data recipients and groups of recipients: state bodies and institutions, law enforcement agencies; auditors, legal and financial advisers; third-party registry management software; debt collection companies;

Processing of personal data for the purpose of ensuring personal security and property protection, continuous and stable operation with Us 

Interested parties who visit Us may be registered for insuring the protection of personal security and property, uninterrupted and stable activities with Us. Interested party data can be logged and stored in a journal or electronically on Proxyclick SA servers in accordance with the personal data processing policy https://www.proxyclick.com/privacy. The following personal data may be collected: name, surname of the interested party, name of the organisation, Our employee visited, time of arrival and departure. Data are obtained from the data subject – the interested party. Our interested parties are informed about the processing of their data orally or by giving them a written notice upon arrival to Us, and may find out more about it in Our Privacy Policy.

Video surveillance for the purpose of protection of Our property and individuals

We perform Video surveillance only in the premises and (or) the territories managed by Us. The image is monitored in the premises and areas of Our activity. 

Video surveillance is carried out for the purpose of protecting Our assets and those of individuals. Data collected: videos. Video surveillance is organised by Us in such a way that the area (premises, parts of premises) does not exceed the necessary area of observation. Video surveillance on the premises and (or) areas intended for private use of persons, i.e. toilets, showers, changing rooms, etc. are not carried out. When the time of video data storage is expired, another image data is automatically recorded on top, thus deleting the oldest data. Videos may only be used to disclose alleged violations of law or to prove damage caused by Our employees, service providers, third parties, damage to Our property, and may only be transferred to persons entitled to receive this data in accordance with the procedure established by law. 

Videos may be allowed to be reviewed and, if necessary, transmitted to law enforcement authorities upon written request from law enforcement authorities. If the videos are viewed outside of law enforcement institutions or out of court, then the review of videos must take place indoors in Our premises. The data subject and Our responsible employee shall have the right to participate during such review. When there is reason to believe that the surveillance material contains an offense, the necessary video data (episodes) are transferred to secure media and stored for as long as there is an objective need. The data subject’s request for submission of videos must specify the exact circumstances of the incident (including: Address of the premises/territory managed by Us; the specific location of the premises/area where the incident has occurred; date and time of the incident (to the accuracy of the nearest half hour)). The response to the data subject's request to review the videos must be provided no later than 30 business days from the date of receipt of the request in the same form or in the manner specified in the data subject's request, provided that the data subject confirms that such transmission will ensure data security, or information on the refusal of such a request, stating the reasons for refusal.

Processing of personal data for the purpose of employment with Us

Our potential employees (candidates, job seekers) provide the following personal data to Us: CV, name, surname, contact information. During the first contact the potential employees are informed about the processing of their personal data and the terms of data retention. In addition, potential employees can access information about their personal data in this Privacy Policy.

Processing of personal data of employees for the purpose of controlling the spread of COVID-19 disease (coronavirus infection) (applies only to INHUS Prefab, UAB)

INHUS Prefab, UAB (hereinafter in this section - the Company) in order to:

a) to determine the compliance of persons with at least one of the criteria specified by the Minister of Health of the Republic of Lithuania of 21 April decision No. V-891 "On the approval of the eligibity criteria for individuals",

b) to implement the obligation on the Company arrising from the Government of the Republic of Lithuania of 7 May Resolution “On approval of the List of works and activities, in which are permitted to work only employees pre-checked and subsequent periodic checked for communicable diseases, the List of works and activities, in which are permitted to work employees pre-checked and (or) periodically checked for a communicable disease for which a state-level emergency and (or) quarantine has been declared and the Procedure for health examinations of these employees ”(summary from 13 September 2021) to allow to work only employees who have perform periodic preventive health examinations for COVID-19, who have passed the disease of COVID-19 or who have been vaccinated against COVID-19,

and providing employees with access to unrestricted or partially restricted working conditions, according to requirements from law, and implementing measures for the prevention and control of COVID-19 (coronavirus infection),

The Company's authorized representative will verify validity and authenticity of the Opportunity Passport, European Union Digital COVID Certificate or other document providing analogous information specified in the legal act referred to in point (a) above (hereinafter referred to as the Document) or a certificate confirming the periodic preventive medical examination due to COVID-19 disease (hereinafter referred to as the Certificate), submitted by an employee of the Company.

Upon submission of the Opportunity passport or the European Union digital COVID certificate in electronic or paper form by an employee of the Company, the Company's authorized representative will scan (check) the QR code in the document, containing encoded information of the employee's general data (name, surname and year of birth) and validity start and end dates (year, month, day) and time (hours, minutes).

The personal data of the Company's employee is processed only for the period of verification of the Opportunity passport or the European Union digital COVID certificate during the period when such document is checked with a special app. The processing of personal data when checking another Document or Certificate submitted by an employee lasts only until the authorized representative of the Company reviews the document.

When a document is submitted by an employee of the Company who is required to perform a periodic preventive health examination for COVID-19, the Company also records the fact that the employee has a Document or Certificate and the date until which such Document or Certificate is valid (this information is processed by the Company until legal acts requiring employees to perform periodic preventive health examinations due to COVID-19 disease is valid).

The Company processes the personal data of its employees for the above-mentioned purposes in accordance with point (c) of Article 6(1) of the GDPR and point (b) of Article 9(2) of the GDPR.

The personal data of the employee specified in the Document or the Certificate are obtained directly from him when it is submitted to the authorized representative of the Company.

More information on how to obtain an Opportunity Passport or a European Union digital COVID certificate and what personal data is processed when a request for the said document is received can be found here: www.gpasas.lt or here: https://sam.lrv.lt/lt/koronavirusas/informacija-visuomenei/es-skaitmeninis-covid-pazymejimas.

Our managed accounts on social media

We manage accounts on Facebook, LinkedIn, Instagram social media. Information provided by a person on social media (including messages, use of the Like and Follow fields, and other communications) or received by a person visiting Our accounts on social media is controlled by social network managers on Facebook, LinkedIn, Instagram. Facebook, LinkedIn, Instagram social network managers collect information about the type of content a person views, what they perform on a social network, with whom they interact, and other information. Therefore, We recommend that you read the privacy notices of social networking managers. You can learn more about social network manager Facebook's privacy policy at: https://www.facebook.com/policy.php, you can learn more about the social network manager’s LinkedIn privacy policy here: https://www.linkedin.com/legal/privacypolicy, You can learn more about social network Instagram's privacy policy here: https://help.instagram.com/402411646841720. 

As administrators of social network accounts, We select the appropriate settings based on our target audience and our business management and promotion goals. By creating and administering accounts on social networks, We cannot control what information about the data subject will be collected by social network managers when We create accounts on social networks. 

All such settings may affect the processing of personal data by the data subject via social media, visiting Our accounts or reading Our messages on social networks. As a general rule, social network managers process the data subject's personal data (even those collected when We choose additional account settings) for the purposes set by the social network managers, based on the privacy policies of social network managers. However, when a data subject uses social networks, communicates with Us through social networks, visits Our accounts on social networks, tracks records in them, We receive information about the data subject. The amount of data We receive depends on the account settings We choose, the agreements with social network managers on ordering additional services and the cookies set by social network managers.

Storage term of personal data

Personal data is processed for no longer than necessary for the purpose of data processing or for no longer than required by data subjects and (or) provided by law. Usually, data is processed for 10 years from the expiration of the contract or the end of the relations with the customer. Videos are retained for 14 days, unless longer terms are specified in this Policy or in the register of personal data. Before the videos are deleted, it is verified that there are no requests from data subjects received for them. 

The data provided by persons interested in the possibility of employment with Us is retained for 1 year with their consent. Specific terms for the storage of personal data are set in the personal data register.

Provision of data processed to other entities

We do not provide processed data to third parties without prior consent of the personal (data subject), except for personal data provided in accordance with the procedure established by law and except for the sharing of data between Concretus group companies.

Data Processors

Data can be managed by processors providing accounting, site maintenance, data centre and (or) server rental, IT maintenance, external audit, security and other services to Us. Data processors have the right to process personal data only in accordance with Our instructions and only to the extent necessary for the proper fulfilment of obligations laid down in the contract. Through our controllers, we seek to obtain their confirmation that the data controllers have appropriate organisational and technical security measures in place and will maintain the confidentiality of personal data.

Data Protection Officer

We have appointed a data procetion officer. The data protection officer can be contacted by e-mail dap@conretus.lt.

Rights of the data subjects

Every data subject has the following rights:

a) the right to know (be informed) about the processing of your personal data;

b) the right to access personal data processed by the processors and the manner in which they are processed, namely, to obtain information on the period of storage of personal data, technical and organizational measures applied to ensure data security, to obtain information from what sources, and what of one’s personal data is collected, for what purpose they are processed, to whom they are provided;

c) the right to request the correction, destruction or deletion of personal data or to discontinue the processing of personal data, except the storage, when the data are processed without complying with legal provisions;

d) the right to disagree with the processing of one’s personal data, except where such personal data are processed due to a legitimate interest pursued by the later controller or a third person to whom personal data are provided and if the interests of the data subject are not more important;

e) the right to require that the personal data provided be destroyed;

f) the right to demand the restriction of processing of personal data;

g) the right to require that the personal data provided by him, if they are processed on the basis of his consent or contract, and if they are processed by automated means, would be forwarded by the data controller to another data controller, if this is technically feasible (data portability);

h) the right to submit a complaint regarding the processing of personal data to the State Data Protection Inspectorate.

A data subject who has submitted an identity document or in accordance with the procedure established by legal acts or by electronic means that allow proper identification of a person who has confirmed their identity, shall have the right to submit a written request in person or through a representative, by post, via courier or e-mail. Upon receipt of the request, We will provide a response no later than in 30 calendar days from the date of receipt of the request. 

You can submit your request in the following ways: by e-mail dap@concretus.lt, signed with a qualified electronic signature, or upon arrival to the office at the address Žarijų g. 6A, Vilnius.

Assurance of data security

We aim to implement appropriate, technically feasible and cost-effective organisational and technical data security measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, as well as from any other unlawful processing. All personal data and other information provided by the data subject shall be treated as confidential. Access to personal data is restricted to the employees, service providers and authorized data processors who need it to perform the functions assigned to their organizational unit. The General Manager of UAB Concretus group has access to personal data.

Privacy policy of INHUS group of companies

Access to personal data is restricted to the employees, service providers and authorized data processors who need it to perform their work functions or to provide services. The General Manager of UAB Concretus group has access to personal data.


Cookies are small pieces of textual information that are automatically generated when you browse the website and are stored on your computer or other terminal device in order to improve your website traffic.
Description of the cookies used on Our websites:



These cookies allow Us to count visits and traffic sources so We can measure and improve your site's performance.

2 years


These cookies allow Us to count visits and traffic sources so We can measure and improve your site's performance.

1 day


These cookies allow Us to count visits and traffic sources so We can measure and improve your site's performance.

1 day


These cookies allow Us to count visits and traffic sources so We can measure and improve your site's performance.

30 min.


These cookies allow Us to count visits and traffic sources so We can measure and improve your site's performance.

Before closing the browser


These cookies allow Us to count visits and traffic sources so We can measure and improve your site's performance.

Before closing the browser

october_session Saving the website language setting. 1 hours

The information collected by cookies allows to navigate the website more conveniently, make suggestions and learn more about the behaviour of users of our websites, analyse trends and improve both the website and the services rendered.

If you do not agree that cookies are stored on Your computer or other end device, You can change your web browser settings and turn off all cookies or turn them on/off one by one. However, please bear in mind that in some cases this may slow down the speed of browsing, restrict the functionality of certain sites or block access to the website.


Website visitor statistics are analysed using Google Analytics. Information collected by the cookies of Google Analytics about Your site's browsing history may be transferred and stored on Google servers.


We may, in Our sole discretion, change this Privacy Policy, which shall take effect upon its publication on Our Sites. Last updated on 2021-09-10.