Privacy Policy

This privacy policy (hereinafter referred to as the “Privacy Policy”) describes how the law firm SPES (hereinafter referred to as “SPES”) and/or an attorney under specific authorisation or order (hereinafter SPES and/or an attorney authorised or ordered to carry out specific activities is referred to as the “Data Controller”) handles your personal data, which you can access in our office, on our website (hereinafter referred to as the “Website”), by contacting us by email or phone, as well as all data the Data Controller obtains when implementing contracts with partners or business clients (entities), if you are their employee or representative/agent.

Should you have any questions in relation to this Privacy Policy or any requests related to the processing of your personal data, please do not hesitate to contact us by email:

This Privacy Policy may be updated or amended. SPES will notify the Website visitors of any updates by placing the updated privacy policy on the Website.

Your personal data is processed on the following basis:

  • on the basis of your consent which you give pro-actively, i.e. by addressing us or by providing your personal data or by any other your deliberate actions;
  • pursuance of our legitimate interests (e.g., in order to manage and administer the Website, inform our clients of the offered services, etc.);
  • fulfilment of obligations imposed by legislation.

The Data Controller puts every effort to make sure that your personal data is processed accurately and lawfully and solely for the purposes for which it was collected in accordance with the principles and requirements applicable for the processing of personal data as set forth in legislation.


For the purposes of providing legal services and administering, the Data Controller processes the following personal data of the data subject who concludes a Contract for Legal Services with the Data Controller (hereinafter referred to as the “Client”):

  • personal data (name, surname, personal identification code, represented company, position);
  • contact details (email, residential address, phone number);
  • other details which you provide when signing and implementing a contract for legal services with our company;
  • personal data which have to be necessarily processed by the Data Control due to the fulfilment of the applicable legal obligations;
  • other details which we collect from legal sources when providing legal services.

This data is processed as a result of fulfilment of the requirements set forth in the contract and/or legislation and/or on the grounds of legitimate interests, due to the need to implement the contract and/or in order to take action at your request before signing a Contract for Legal Services.


The Data Controller processes your personal data for the purpose of direct marketing in the following cases:

  • when the Data Controller receives your explicit consent to the processing of data  (the basis of data processing is your consent);
  • when you are a Client who has not objected to the processing of your data for the purposes of direct marketing or to similar services for marketing (the basis of data processing is legitimate interest of the Data Controller to inform its Clients about the provided services).

Your personal data we process for the purpose of direct marketing includes the following: name, surname, email, phone number.

Your personal data may be processed for the purpose of direct marketing in the following ways:

  • you may receive invitations to events or similar information by email;
  • to invite you to an event which is relevant to you we might contact you by phone.

You may also refuse to get information about events or any other information we send at any time by sending us a notification to


The Data Controller processes your data also in cases when you contact us by sending an email to the corporate email address of SPES, when you send us your inquiry, questions or information using contact details specified on our Website.

In the aforementioned cases you provide your data by pro-actively giving your consent, i.e. by addressing us.

We recommend that you comply with at least the following minimum requirements for data protection: do not give your personal data in the title of your email, request or inquiry, in the names of attachments (e.g., name, surname, address, phone number email, personal identification code, date of birth, details on health, other special (sensitive) details, etc.); do not give your or any other person’s personal identification code, details on health or other special (sensitive) details, financial details, other excessive or unnecessary details in the text of an email, inquiry or request or in the text of the file (attachment) sent; any other personal data should be given to the extent to which it is necessary for the purposes for which the email, request or inquiry is sent.


Your personal data which is processed for the purpose of direct marketing will be stored for two years from the last communication with you (if a separate consent was given) or until the date the contract is implemented or until its expiry date.

On the grounds of our legitimate interest to collect evidence on the received inquiries, responses to them as well as on the provided services and the fact of a contact/communication, depending on the type of data and circumstances, your personal data is stored as long as the details meet the purposes for which the data was collected.

Your personal data may be stored longer, when:

  • this is necessary for us to be able to protect ourselves  against claims or lawsuits and to exercise our rights;
  • there are reasonable suspicions regarding illegal activities into which an investigation is being carried out;
  • your data is necessary for appropriate resolution of a dispute or complaint;
  • backup copies are needed or for similar purposes;
  • for other reasons established in legislation.

In any case, your personal data will be stored no longer than the period corresponding to the time limit for prescription established in the laws of the Republic of Lithuania. On the date this Privacy Policy was made public, the time limit for prescription comprised a period of ten years (Article 1.125(1) of the Civil Code).

When the specified period expires, your personal data will be destroyed within a reasonable time.


You have the right:

  • to submit a written request asking us to provide you with information on whether any data relating to you is processed; in case your data is processed, you have the right to access your personal data and the following information: purposes of the data processing; categories of respective personal data; data recipients or categories of data recipients to whom your personal data was or will be disclosed; if possible, the estimated period for which the personal data will be stored or, if it is impossible, the criteria used for determining such period;
  • to request to rectify inaccurate or to have incomplete personal data relating to you completed;
  • to request to transfer your personal data to another data controller or directly to you in the form convenient to you (applicable to personal data you have provided and which is processed by automated means on the grounds of the contract or your consent);
  • to object to processing of your personal data if it is processed on the grounds of legitimate interests, except for the cases where there are legal reasons for such processing or with the aim to bring, enforce or defend legal claims;
  • in cases where your personal data is processed on the basis of an individual consent, you have the right to withdraw your consent to the processing of your personal data at any time.

To exercise your rights, send us your requests, complaints or claims in writing:

  • by email:;
  • via postal services at the postal address: Kalvarijų 28, 09309 Vilnius, Republic of Lithuania;
  • or bring them to our SPES office at the address Kalvarijų g. 28, 09309 Vilnius, Republic of Lithuania.

If you think that your personal data is processed unlawfully or that your rights in relation to data processing are breached, you have the right to address a respective data protection body and lodge a complaint to it.

To find a suitable solution to the problem, SPES recommends that you contact us by email ( before lodging an official complaint.