In this Privacy notification (hereinafter referred to as the Notification), information related to how the AB “Ignitits gamyba”, company code 302648707, registered office Elektrinės g. 21, LT-26108, Elektrėnai Vilnius (hereinafter referred to as the Company) processes Personal data.
The provisions of this notification are applicable to all natural entities whose data is processed by the Company:
- To clients that use, used, have expressed an intention to use or are otherwise related to the services provided by the Company (hereinafter referred to as the Clients);
- To persons that make applications, requests to the Company either directly or through remote communication means, including via telephone or email.
- To persons that visit the website of the Company etc.
The main provisions of personal data processing are provided in this Notification. Additional information related to how the Company processes personal data can be provided in agreements, other documents, on the website http://ignitisgamyba.lt/ of the Company or via channels of customer service (telephone, email etc.).
The Company reserves the right to unilaterally alter the main provisions of personal data processing. The Company will inform about such alterations by publishing a notification on the website of the Company. In particular cases, the Company may inform persons about the changes via email or other ways (for instance announcing to the press).
The definitions and abbreviations used in this Notification bear the following meanings:
- Personal data – any information related to a natural entity that can be directly or indirectly identified (e.g. name, surname, contact data etc.).
- Person – natural entity (data subject) whose data is processed (e.g. Clients of the Company, persons who make applications, requests to the Company, users of the website of the Company or users of the self-service website etc.).
- Data processing – any action performed using personal data (e.g. collecting, recording, storage, provision of access, transfer etc.).
- Services – any goods and services provided by the Company.
Other definitions used in the Notification are to be understood as they are defined in the personal data protection legislation (General Data Protection Regulation (EU) 2016/679, The Republic of Lithuania Law On Legal Protection of Personal Data and other).
Purpose and legal basis for personal data processing
The Company processes personal data for specific purposes, following the legal basis set by legislation – when it is necessary to process data in order to conclude or to carry out an agreement concluded with the person and the person has given a consent that their data will be processed for one or several specific purposes, the Company must process the personal data according to the requirements of legislation or in order to achieve legal interests of the Company.
The main purposes of the Company for processing Personal data:
- Service provision, conclusion and carrying out of agreements. The Company processes Personal data in order to ensure appropriate conclusion and carrying out of agreements with Clients, service provision to Clients on the basis of agreements, including appropriate notification of the clients about issues related to the goods, services or agreements, following the requirements of legislation or agreements.
- Preparation of commercial offers. The Company processes Personal data seeking to make a commercial offer to the Client, related to the service that the Client wishes to purchase.
- Administration of settlements. The Company processes Personal data related to the settlement for Services provided, on the basis of agreement or legislation.
- Debt management. In case of a debt, the Company Processes Personal data related to the debt and performs actions of recovery, on the basis of the agreement, requirements of legislation and legal interest.
- Resolution of issues. The Company processes personal data in order to investigate and resolve issues and complaints, on the basis of consent or requirements of legislation.
- Control of service provision quality and evaluation of Client experience. The Company processes Personal data in order to ensure quality of Services: by asking for feedback from Clients in respect of provided services and by recording phone conversations when Clients contact the Company via Customer service channels or, when employees of the Company call Clients, on the basis of consent.
- Direct marketing. The Company may process Personal data to make offers and provide information related to its Services and events on the basis of consent.
- Credit and risk evaluation. The Company may process Personal data upon receiving consent of a Client before concluding an agreement in order to evaluate the risk of credit, to estimate what Services and conditions can be offered to the Client.
- Other purposes. The Company may process personal data for other purposes if it has the consent of a Person. The Company must process personal data in order to fulfil the requirements of legislation or has the right to process data due to a legal interest.
In all of the above mentioned cases, the Company processes Personal data only as much as is required to achieve clearly defined and legal purposes, considering the requirements of Personal data protection.
Volume of processed Personal data (categories)
The main categories of personal data and data which are processed by the Company for the purposes listed above and on legal basis:
- Identity details – name, surname, personal number, date of birth etc.
- Contact details – address, phone number, email address etc.
- Data related to Service provision, conclusion and carrying out of agreements – information related to provided Services, agreement details, ordering and consumption data, data obtained by the Company communicating via direct or remote communication means (telephone, email etc.)
- Payment details – payable sums, unpaid debts, payment history etc.
- Cookie data – information regarding the location of a person to the accuracy of the city, their likings, behaviour on the website of the Company or while using self-service, interests etc. (more information regarding this is provided below under “Cookies and their use”).
- Other data processed by the Company on the basis of legislation.
On all previously mentioned cases, the Company only processes Personal data as much as is needed to achieve clearly defined and legal purposes, according to the requirements of Personal data protection.
Obtainment of personal data
The Company Processes Personal data provided by the persons themselves or which the Company obtains from other sources (e.g. the state or registers managed by private persons) or third parties (e.g. energy distribution operator (ESO), energy providers), as is necessary on the basis of agreement, consent, legislation or legal interest of the Company.
Provision of Personal data
The Company, observing the requirements of legislation, may provide Personal data to receivers of following categories:
- Service providers. The Company may provide Personal data to legal entities operating on behalf of the Company and/or by its order which provide the Company customer service, software maintenance, designing, contracting, accounting, correspondence sending or other services in order to ensure appropriate Service provision, managing and development of the Company. In such cases, the Company implements necessary measures in order to ensure that the employed service providers (data processors) process Personal data only for purposes for which the Personal data has been provided to them, ensuring appropriate technical and organisational security measures, following the instructions given by the Company and the requirements of legislation.
- Government, law enforcement institutions. The Company may provide Personal data to the government or law enforcement institutions (e.g. the police, prosecutor’s office, financial crime investigation service etc.), if it is necessary according to the valid legislation or in order to ensure legal interests of the Company or third parties.
- Debt administration companies. In case a Client does not make payments as is stipulated in the agreement, the Company having informed the Client, 30 calendar days in advance, via email or regular mail has the right to provide the Personal data of the Client to managers of united debtor data files, debt management and recovery companies, courts, prosecutors, bailiffs.
- Other third parties. The Company may provide Personal data to other receivers on the basis defined in legislation.
The Company Processes Personal data no longer than it is necessary according to its purposes or is stipulated by the applicable legislation, if a longer data processing term is stipulated in the said legislation.
In order to determine the period of data protection, the Company applies criteria which correspond with obligations stipulated by legislation, as well as considering the rights of a Person, e.g. the Company provides a period of data protection during which agreement related requests may be provided, if there are such etc.
Applicable security measures
The Company ensures confidentiality of Personal data according to the requirements of valid legislation and implementation of appropriate technical and organisational measures which are designated for Personal data protection from illegal access, disclosure, accidental loss, alteration or destruction or other illegal processing.
Rights of persons
Persons, having contacted the Company, have the following rights:
- To familiarise with their Personal data processed by the Company;
- To request of adjustment of their incorrect, incomprehensive or inaccurate Personal data;
- To request to destroy Personal data or to halt, except for protection, all actions of Personal data processing, if they are carried out violating the requirements of applicable legislation or if the personal data is no longer needed to achieve purposes for which they were collected or otherwise processed;
- To receive all Personal data related to them, which the Person has provided themselves, in a systematic, simply accessible and computer read format;
- To request deletion of Personal data processed by the Company, if the Personal data is processed violating the requirements of applicable legislation or if the Personal data is no longer required to achieve purposes for which they were collected or otherwise processed.
- To limit processing of their Personal data according to the valid legislation, e.g. for a period during which the Company shall evaluate whether the Person has the right to request deletion of their personal data;
- To disagree with processing of their Personal data and/or in case, when the Personal data is processed on the basis of consent – to revoke their consent regarding processing of their Personal data at any time, without any effect on the data processing on the basis of consent until the legality of revocation of consent.
Implementation of personal rights
Persons may contact the Company regarding processing of personal data in writing at: Elektrinės g. 21, 26108 Elektrėnai, via email: email@example.com, via phone: +370 618 37392.
The contact details of the data protection officer of the Company: firstname.lastname@example.org
A Person, seeking to implement their rights according to the General Data Protection Regulation (EU) 2016/679, must submit a written application to the Company personally, via mail, through a representative or via electronic communication means. The application must be legible, signed by the Person, the name, surname, place of residence, contact details for communication and information regarding the reason, what rights and to what extent The person wishes to implement have to be indicated in it, as well as in what way the Person wishes to receive a reply.
A Person, submitting an application, must verify their identity:
- If an application is submitted directly to an employee of the department responsible for the customer service of the Company, the Person submitting the application must submit a document which verifies their identity;
- If an application is submitted via mail, a notarised copy of a document verifying the identity of the applicant must be provided as well;
- If an application is submitted through a representative, the representative must provide their name, surname, address and contact details for communication, which will be used to give a reply, as well as the name, surname and personal number of the Person they represent and a notarised copy of a document that verifies the identity of the represented Person, as well as a copy of the document verifying representation or a copy of representation document verified according to legislation;
- If an application is submitted via electronic communication means, the application must be signed using a valid electronic signature or formed using electronic means which allow ensuring the integrity and inalterability.
The Company may refuse to take action according to an application of a Person, if the application of the person is evidently unreasonable or out of proportion. The Company, no later than within a month of receiving an application, will reply to the Person and provide information regarding actions which were taken after receiving the application, according to the articles 15 -22 of The General Data Protection Regulation (EU) 2016/679. This period may be extended, if necessary, by two months considering the complexity of the application and the number of applications being investigated. The Company will, within one month of the submission of the application, inform the Person regarding the extension of the investigation period and will provide reasons for the extension.
The Company reserves the right to refuse to provide to a Person information that the Person requests, if:
- The Personal data has been collected directly form the Person and has already been provided to the Person;
- The Personal data has been received not from the Person themselves;
- It is impossible to provide the requested information or it requires unreasonable effort;
- The Personal data must remain confidential pursuant to the professional secret obligation regulated by the legislation of the European Union and the Republic of Lithuania, including the obligation to protect professional secret.
The Company when implementing the right of a Person to familiarise with their Personal data processed by the Company:
- has the right to request the Person to specify their request, if the Company processes a large amount of data related to the Person;
- to provide only so much information that no rights of other Persons are breached, in case certain information about the Person is related to other Persons.
In case issues related to Personal data processing carried out by the Company and/or the rights of a Person cannot be resolved, the Person has the right to address and submit a complaint to the State data protection inspectorate
Obligations of persons
Persons, by providing their Personal data to the Company, confirm that they are familiar with the conditions of personal data processing set out in this Notification, that they do not oppose that the Company processes their data, that the personal data and information provided by the Person are accurate and correct. The Company is not responsible for provision and processing of excess information if a Person provides such data due to indiscretion.
A Person undertakes to inform the Company regarding changes in the provided information or other related information.
Cookies and their use
In case of any dispute relating to interpretation of this notification, the Lithuanian version shall prevail.