About us
Regulatory affairs
Pharmacovigilance
Contact
HomeAbout us
Regulatory affairs
Pharmacovigilance
Contact
Menu
Get started

Let’s work togerther.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Privacy notice

Introduction

We, UAB “Sveikuva”, trademark Evigrow (hereinafter – the Organization), take care of the security of your personal data (personal data means any information that relates to an identified or identifiable living person, such as the name, surname, address, email address, website behaviour, etc.). The Privacy Notice below is addressed to all persons who contact, employ, apply for, or otherwise engage with the Organization, use the Organization’s services, or otherwise provide their personal data to the Organization.

This Privacy Notice is based on applicable legal acts and guidelines, such as the General Data Protection Regulation (hereinafter – the GDPR), the Law on Legal Protection of Personal Data, and the guidelines of the State Data Protection Inspectorate (hereinafter – the SDPI). The purpose of the Privacy Notice is to set out the rights and obligations of data subjects, as well as other information that is required to be provided under the GDPR.

The services of the Organization are not intended for children (i.e. persons under 14 years of age).

Data Controller

UAB “Sveikuva”, legal entity code: 210893160, registered office address Vytauto pr. 23, LT-44352 Kaunas, Lithuania, is the data controller (as defined in the GDPR) of the personal data described in this Privacy Notice.

Data Protection Officer

Organization has appointed the Data Protection Officer (hereinafter – the DPO) in accordance with Article 37 of Section 4 of the GDPR, who can be contacted by email: dap@evigrow.com.

When do we process your data?

Data may be processed, for example, in the following cases, when:

  • You provide the data yourself, for example, when applying for a job, browsing a website or social networks, making an email enquiry or subscribing to a newsletter.
  • The data is provided by the organization you work or otherwise belong, and which has a contractual or legal relationship with Organization.
  • When you use our services.
  • The we submit a request on the basis of the legitimate interest (e.g., to social insurance, credit rating companies, public registers, etc.)
  • We receive data from other sources who pass it on to us as part of our work to comply with orders of public authorities, etc.
  • We obtain data from public sources when it is published by you or the company / Organization you represent.
  • We conduct services based on our client orders (acting as a data processor on behalf of our client).
What principles do we follow when processing your data?

The processing shall be carried out on the basis of the following principles specified in Article 5 of the GDPR:

  • the principle of lawfulness, fairness and transparency
  • the principle of purpose limitation
  • the principle of data minimisation
  • the principle of accuracy
  • the principle of storage limitation
  • the principle of integrity and confidentiality.

The Organization takes appropriate technical and organisational measures to ensure that it can meet the obligation under the accountability principle.

How do we protect your data?

To protect your data, we have taken organisational and technical measures that are designed to properly regulate and process your data. Such measures include but are not limited to the SDPI guidelines, the measures set out in the ISO/IEC 27001:2022 /ISO/IEC 27002:2022 information security management standard, the EDPS (European Data Protection Supervisor) and WP29 (Working Party 29) guidelines and recommendations.

The organisational measures for the protection of personal data include, but are not limited to, the following: privacy policy, data subject access request procedures, risk assessments, information security incident management procedures, information security documents, records of data processing activities, data processing agreements with data processors, various staff procedures, ongoing staff training, etc.

Technical measures for the protection of personal data are implemented based on information security documents. Data processing agreement is always concluded when data processors are involved.

What data do we process about you?

The Organization, as the data controller, shall process your personal data:

Purpose of processing personal data
Personal data processed
How long the personal data is stored
Legal basis for processing personal data
Handling of requests and communication
Name, surname, telephone, email, address, message
10 years after receipt of the message
Legitimate interest, Article 6(1)(f) of the GDPR
Establishing and executing the Organization’s contracts with legal entities
Representatives of the legal entity: name, surname, contact details (telephone number, email address, etc.), details of the legal entity represented, details of the contract concluded
10 years after the end of the contract
Legal obligation, Article 6(1)(c) of the GDPR
Legitimate interest, Article 6(1)(f) of the GDPR
Concluding and performing the Organization’s agreements with natural persons
Representatives of natural persons: name, surname, personal ID / date of birth, contact details (telephone, email address, etc.), number of individual activity / business licence / certificate, details of contract concluded, expert CV and qualification evidences (when required by the nature of services provided)
10 years after the end of the contract
Legal obligation, Article 6(1)(c) of the GDPR
Recruitment for vacant job positions
Candidate's: name, surname, email address, phone number, salary expectations, when they can start working, CV and other information provided by the candidate, information from the recruitment Organization / partner / labour exchange
Until the end of the recruitment. With the data subject's consent - up to 3 years
Consent, Article 6(1)(a) of the GDPR
Conclusion and performance of a contract, Article 6(1)(2) of the GDPR
Direct marketing
Name, surname, email address, statistical information
Until withdrawal of consent
Legitimate interest, Article 6(1)(f) of the GDPR
Consent, Article 6(1)(a) of the GDPR
Managing a database of contacts of potential business partners
Name, contact details, company information, other data provided by the potential partner
Until withdrawal of consent
Legitimate interest, Article 6(1)(f) of the GDPR
Consent, Article 6(1)(a) of the GDPR
Market research
Dependent on the specific research topic, it may be: name, surname, demographic information (gender, age, citizenship, country of residence, etc.), employment / experience information (employer information, experience, economic activities, position, etc.), contact information (telephone number, email address, address, etc.), interview / survey information (video / audio recording upon consent, interview notes, survey answers.
Until withdrawal of consent
Until the results of the research are compiled and presented
Consent, Article 6(1)(a) of the GDPR
Events, seminars,
webinars, training, hackathons, consulting and organising, disseminating statistical material
Participant's: name, surname, telephone number, email, address, particulars of the organisation (name, address, etc.) which is being represented
2 years after the end of the event / project
Consent, Article 6(1)(a) of the GDPR
Optimising website security, traffic and content
Information about visitors to web pages collected using cookies
In accordance with Google privacy policy
Consent, Article 6(1)(a) of the GDPR
Legitimate interest, Article 6(1)(f) of the GDPR
Social media management for Facebook, LinkedIn, Instagram, Twitter
Data specified in the privacy policy of the social network
Time limits specified in the privacy policy of a social network
Consent, Article 6(1)(a) of the GDPR
Publicising the Organization's activities
Name, surname, position, email, phone number, organisation name, description
Until withdrawal of consent
Legitimate interest,
Article 6(1)(f) of the GDPR
Consent, Article 6 of the GDPR
Decision
Provision of services: Service for the registration of medicinal products, supplements, and medical devices
Expert’s CV and personal data on a file, and, if required, we additionally collect documents and data on files that confirm expert’s qualification, competence, and knowledge
10 years after the end of the contract
Legal obligation, Article 6(1)(c) of the GDPR
Pharmacovigilance service
Patient: country, date of birth and/or age, gender, medical data (e.g. type and details of adverse reactions, generic name of the drug, daily doses, indications for use, therapy dates and duration, etc.).
Normally, we do not process the initials of the patients unless we identify adverse reactions to a medication when analysing medical literature and initials of the patients are provided in medical publications (copy of a respective medical publication is normally attached to the case of suspected adverse reaction).
Third parties that report potential adverse reactions (e.g. health care specialists): name, surname, profession, address, tel. number and e-mail address
10 years after the end of the contract
Legal obligation, Article 6(1)(c) of the GDPR
Pharmacovigilance training
Attendee: name, surname, company name, position, and telephone number.
10 years after the end of the contract
Legal obligation, Article 6(1)(c) of the GDPR
Package leaflet readability tests
Individuals participating in the tests: name, surname, gender, age, education (e.g. secondary school, junior college, higher education), general information about profession may be collected (e.g. director, accountant, seller, etc.), and voice record may be conducted
10 years after the end of the contract
Legal obligation, Article 6(1)(c) of the GDPR
Translation services
Any information in the documents to be translated
10 years after the end of the contract
Legal obligation, Article 6(1)(c) of the GDPR
Social networks and websites
1. Social networks

Organization operates various websites which also process personal data generated during browsing (such as IP address, page visited, browser data, etc.), collected when ordering specialised information (e.g., market / sector reports), through contact forms, subscribing to newsletters, through cookies placed on websites and processed in social networks. Please find detailed information on this below.

We currently hold the following social media accounts:

Account
Account link
Privacy Notice Social network
LinkedIn account
https://www.linkedin.com/company/evigrow/
https://www.linkedin.com/legal/privacy-policy

The information you provide to social media is controlled by the operator of the social network in question. The Organization, having access to this data, shall use it only for the purpose of managing its social media accounts.

2. Cookies – general information
2.1. What are cookies?

Cookies are simple text files that are placed in the browser memory of your device (e.g., computer, mobile phone, tablet) with your consent when you browse a website. Cookies can be used to ensure the security of the website, to identify unique users, to store information about cookie options you have chosen, the pages you have browsed, what you have clicked on, etc. This is a common practice when browsing websites.

Please note that cookies are in many cases managed in conjunction with the company that collects and processes the cookie information, e.g., Google, Meta (formerly Facebook), and you should also read the Privacy Notices of these companies.

2.2. How do I control cookies?

If you do not want your personal data to be processed by cookies, you can change the settings of your web browser so that cookies are not automatically accepted or delete cookies that have already been stored. You can do this at any time, as all browsers have an option to delete cookies. More detailed instructions depend on the browser you are using; you can find instructions for the most commonly used browsers here:

2.3. How do we use cookies?

In most cases, we set cookies together with our technology partners through their use of, for example, cookie management tools, fonts etc. In other cases, certain security, analytical, advertising functions are performed by general data controllers. Here is a list of such partners and their privacy policies:

Technology partner
Technology Partner Privacy Policy
Analytics (HubSpot)
https://legal.hubspot.com/privacy-policy
3. Cookies on https://EVIGROW.com
Cookie
Description
Domain
Controller
Lifetime
Category
Basis of processing
elfsight_viewed_recently
Elfsight widgets to prevent duplicate view counts from the same user within 15 seconds.
evigrow.com
Elfsight
15 sec
Analytics
Consent
__hstc
The main cookie for tracking visitors. It contains the domain, user token (hubspotutk), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number.
evigrow.com
HubSpot
6 months
Analytics
Consent
hubspotutk
Keeps track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
evigrow.com
HubSpot
6 months
Analytics
Consent
__hssrc
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
evigrow.com
HubSpot
Session
Analytics
Consent
__hssc
This cookie keeps track of sessions. It is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
evigrow.com
HubSpot
30 minutes
Analytics
Consent
__cf_bm
This cookie is used to support Cloudflare Bot Management. It helps manage incoming traffic that matches criteria associated with bots.
hubspot.com
Cloudflare
30 minutes
Necessary
Legitimate interest
_cfuvid
Cloudflare deploys _cfuvid as part of its Web Application Firewall (WAF) and rate-limiting rules to identify unique visitors, preventing excessive traffic from one IP from affecting others. This helps mitigate bots, DDoS attacks, and abuse by assigning a temporary unique ID per browser session.
www.evigrow.com
Cloudflare
session
Necessary
Legitimate interest
What rights and responsibilities do you have?
  • The right to be informed in a transparent way, including the rights you have. We inform you by means of this Privacy Notice.
  • The right to be informed about the processing of your data, and to know what data we process about you. You can request a copy of your data by contacting the DPO.
  • The right to data rectification and erasure. If you find that your data is incomplete or inaccurate, you can contact the DPO and we will look into your case. You can also ask us to remove your data. We will be able to do this if there are no other legal acts that oblige us to keep the data.
  • The right to restriction of processing. For example, until we clarify inaccuracies.
  • The right to data portability.
  • The right to object to our processing of your data and to withdraw your consent at any time.
  • The right to object to automated decision-making, including profiling, which has significant consequences for you. The Organization does not currently apply such decision-making.
Please note that to exercise your rights, we will need to establish your identity. Also, if a request is of a large volume, we may charge a fee for its fulfilment.
When the Organization acts as a data processor, we follow the data controller’s instructions and the provisions of the data processing agreement.
You are responsible for ensuring that the data you provide to us is accurate, correct and complete. If the data you have provided changes, you must inform us immediately by email. We will not be liable in any event for any damage caused to you because of you providing incorrect or incomplete personal data or failing to inform us of any changes to such data.
Information published on the Organization’s websites, its copying, reproduction, links to it are allowed only with written permission of the Organization. It can be obtained by applying to info@evigrow.com. This permission shall not imply any transfer of rights in the material.
To whom and when can we transfer your data?
We may transfer your personal data when:
  • You have given your consent to the transfer
  • We must do so in the manner prescribed by laws when required by a public authority / law enforcement body / pre-trial investigation authority, court or their representatives, when suspecting a criminal offence, in the event of a dispute, for example, by the Police and other authorities.
  • We use a data processor or partner for certain data processing operations or legal obligations:
  • auditors
  • consultants for finances, operations, security, processes, etc.
  • insurance companies
  • companies, which provide information technology services for us
  • public media service companies
  • archiving / data destruction service providers
  • accounting service providers
  • communications service providers
  • providers of physical security services
  • parties concerned – in the case of reorganisation or other restructuring of the Organization
  • similar data processing operations
  • and in other cases when the data recipient has a lawful basis for processing your personal data.
All your data shall be processed within the European Economic Community and shall not be transferred to third countries. If it is necessary to transfer data to other countries, we may rely on the European Commission’s adequacy decision (if the European Commission decides that the adequate level of data protection is ensured in the specific country where the data recipient is established and/or carries out its business). Other mechanisms may also be used to ensure adequate data protection, such as standard contractual clauses enshrined in legal acts regulating personal data protection.
How can you contact us with questions or in order to exercise your rights?
If you have any questions or want to exercise your rights, you can contact us in any way that suits you:
  • By email: dap@evigrow.com
  • By post to the address: UAB “Sveikuva”, Vytauto pr. 23, LT-44352 Kaunas, Lithuania
  • Visiting our head office at the address: UAB “Sveikuva”, Vytauto pr. 23, LT-44352 Kaunas, Lithuania
Please note that in order to implement your rights, we will need to establish your identity. If the scope of the request is unjustified or repetitive, we may charge you a fee for its fulfilment. Possible ways to verify your identity:
  • By submitting a document directly to the Organization and presenting a personal identity document to Organization employee;
  • If the request is submitted by post or via persons providing postal or other parcel delivery services: the application must be accompanied by a copy of the personal identity document certified by a notary public or in other manner established by legal acts;
  • If the request is submitted by email: it shall be signed with a qualified electronic signature. Signing the request with a qualified electronic signature allows the Organization properly identify the sender and ensure that the requested information or information on the fulfilment (refusal) of the requested action is only disclosed to the intended recipient.
We will always try to find a mutually satisfactory solution, yet if you still have concerns about our acts or omissions, you can always contact the State Data Protection Inspectorate (details at https://vdai.lrv.lt).
Validity and review of the Privacy Notice

We regularly review this Privacy Notice for compliance with legal acts and personal data processed by the Organization.

We may update or amend this Privacy Notice at any time. Such updated or amended Privacy Notice shall enter into force from the date of its posting on our website.

This Privacy Notice was last modified on 12 Dec 2025.

Solution
Regulatory affairs
Pharmacovigilance
Medical & technical writings
Company
About usContactEU project
Follow us
LinkedIn
Legal
Privacy noticeManagement notice
©2025 EVIGROW. All rights reserved.