Privacy Policy - MRU

Privacy Policy

General Provisions

Mykolas Romeris University (hereinafter – MRU) manages the personal data of current and former employees, students and other individuals who have submitted their personal data to the University, on the basis of contractual and other legal relations in accordance with the procedure established by law.

Personal data at MRU is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (from hereon GDPR), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, other national legal acts and internal University-approved legal acts.

Personal data – any kind of information about a person, which he submitted himself or which the University received from other sources and which allows to identify an individual. This can be the name of the person, last name, ID code/student identification number, contact information, address, information about a person‘s contracts with employer/educational institution and other personal information allowing to identify the individual, which the University manages exercising its functions.

Data Subject – is an individual (employee, student) or legal entity (partners) whose personal data is received and further used by the University.

Other terms used in MRU‘s internal legal acts shall be understood as defined in the GDPR or other legal acts.

What Data and for What Purpose Do We Process About You?

MRU collects and uses personal data of the data subject, provided by the person himself, arising from a contractual relationship or obtained from other sources. MRU processes personal data only in accordance with the legal grounds identified in the personal data protection legal acts.

Personal data is processed for these main purposes:

  • seeking to employ a person or for admission to studies, it is necessary to determine a person‘s identify and to contact the person. The following basic data are collected: name, surname, personal identifical code/student ID number, date of birth, copy of ID card/document, address, telephone, e-mail, and other contact details;
  • in order to assess a person‘s qualification and competence, MRU collects information and documents attesting to the person‘s education, qualification and development of skills, completed tasks, completed work, published papers, submitted recommendations, information about current positions, study results, etc.;
  • in order to consult and present individuals proposals, organized training or other services at MRU and to evaluate potential needs of clients, information about service recepients and partner‘s contact information and other information is collected, which MRU presents during meetings or during a remote consultation period;
  • seeking to improve the quality of services provided by MRU and to this end analyzing personal data, including contact information, interest in and evaluation of events and services offered by MRU. By collecting and analyzing this personal data, MRU seeks to monitor and evaluate the trends in the services provided, to understand which services are most needed by potential service users, to improve the quality of services and their content;
  • in order to communicate with the data subject, – to answer questions, respond to requests, provide up-to-date information, send important messages, updates, security alerts, and administrative messages.

To Whom Do We Disclose Your Information?

Personal data of a data subject may be transferred, without a separate consent agreement to:

  • courts and other law enforcement and (or) dispute resolution institutions in the exercise of their legal powers or on the initiative of the University, in declaring, enforcing or seeking to defend legal claims;
  • legal entities providing courier and similar services
  • the Board of the State Social Insurance Fund;
  • Ministry of Education, Science and Sport of the Republic of Lithuania
  • Lithuanian Academic Electronic Library (eLABA);
  • other third parties, as far as it relates to the activities of the University, rendered services, public procurements, etc.

What Principles of Personal Data Protection Does the University Adhere to?

MRU adheres to the following principles, when collecting and using personal data entrusted to it by the data subject, as well as from other sources:

  • personal data is processed in accordance with the principles of lawfulness, fairness and transparency;
  • personal data are collected for specific, clearly defined and legitimate purposes and not further processed in a way incompatible with those purposes (purpose limitation principle);
  • personal data must be adequate, proper and only such which is necessary to meet goals for which information is processed (data reduction principle);
  • the personal data processed is accurate and, where necessary, kept up to date (principle of accuracy);
  • personal data are kept in such a form, which permits identification of a subject for not longer than is necessary for the purposes for which they are processed (principle of limitation on the retention period);
  • personal data are processed in such a way to ensure adequate security of personal data applying necessary technical or organizational measures, including protection against unauthorized or unlawful processing of data or against accidental loss, destruction or damage (principle of integrity and confidentiality).

What Do We Do to Protect Your Information?

MRU has taken all the necessary technical and organizational safety measures in order to ensure the security of your personal data. MRU processes personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) and other legal acts. MRU is in constant contact with the State Data Protection Inspectorate regarding personal data security issues.

Your Rights

A data subject has the right:

  • to become acquainted with personal data;
  • demand correction of inaccurate, incorrect or incomplete data;
  • restrict the processing of personal data until the lawfulness of processing has been verified at the request of the data subject;
  • request deletion of personal data;
  • Disagree with processing of personal data for direct marketing purposes and when personal data is processed seeking lawful interests of the University;
  • require the transfer of personal data to another data manager or to provide them directly to the data subject in a convenient form (applies to personal data provided by the person himself and processed by automated means on the basis of consent or on request or conclusion and implementation of a contract);
  • withdraw given consent, without any effect to the use of personal data prior to the withdrawal of the consent;
  • file a complaint with the State Data Protection Inspectorate.

How Will You Exercise Your Rights?

You can exercise your rights as a Data Subject in accordance with the procedure established by MRU Rules for the Exercise of Data Subject‘s Rights.

In order to exercise your rights as a data subject please contact the MRU Data Protection Officer by e-mail:


Cookies – it‘s not a very big information file, that a browser receives on the user‘s device (computer, phone or tablet) from a website that the user visits and is stored on the user‘s device. Cookies are used to improve functionality, for advertising, statistics and analysis (used to distinguish between the visitor and the workplace, to provide more relevant content, to collection information by analyzing website traffic, collecting statistics). In other words, cookies allow a website to remember information about a user‘s browsing habits, actions and setting. Third-party cookies, such as Google Analytics, LinkedIn, etc. are also used when visiting MRU websites. The website may also contain links to third party websites and other social networks that are not subject to MRU‘s cookie policy.

Types of Cookies:

  • session – these cookies are erased from the computer when the browser is closed;
  • permanent – these cookies are stored on the computer until they will be erased or their expiration time ends.

Due to the specifics of cookies operation, the MRU website does not have access to the information transmitted by these cookies, just as other entities do not have access to the information collected by the cookies set by MRU. In addition, MRU is not responsible for the contents of other Internet websites or their privacy policies they have implemented. So, if a user, clicks on a link, and from MRU’s Internet website goes to other websites, they should take a look at the privacy policy of the site.

Contact Information

If questions arise regarding processing of personal data at MRU, please contract the MRU Data Protection Officer by e-mail at: