This Privacy Statement (hereinafter referred to as ‘the Statement’) provides information on how UAB “Ignitis”, legal entity identification number: 303383884, registered office address: Žvejų g. 14, LT-09310 Vilnius (hereinafter referred to as ‘the Company’) processes personal data.
The provisions of the Statement shall apply to the following natural persons whose data are processed by the Company:
– clients who are using, used, have expressed intent to use, or are otherwise associated with the services provided by the Company (hereinafter referred to as ‘the Clients’);
– persons who have applied to the Company by submitting requests or claims either directly or by means of remote communication, including by phone or e-mail;
– persons who have visited the Company’s website, etc.
This Statement sets out the main provisions of the processing of personal data. Additional information on how the Company processes personal data may be provided in the Company’s agreements, other documents, on the website www.ignitis.lt, self-service website e.ignitis.lt or by remote channels of servicing the Clients (by phone, e-mail, etc.).
The Company has the right to unilaterally amend and/or supplement the Statement. The Company shall inform of amendments to this Statement by making respective publications on the Company’s website. In certain cases, the Company may also inform persons about amendments in writing, by e-mail, or otherwise (e.g. by publication in the press).
Terms and Definitions
The terms and abbreviations used in this Privacy Statement shall have the following meanings:
- ‘Personal data’ shall mean any information related to the natural person, who can be identified either directly or indirectly (e.g. first name, surname, contact details, etc.).
- ‘Person’ shall mean the natural person (data subject) whose data are processed (e.g. the Company’s Clients, persons who have applied to the Company by submitting requests or claims, users of the Company’s website or self-service website, etc.).
- ‘Processing’ shall mean any action performed in respect of the Personal Data (e.g. collection, recording, storage, granting of access, transfer, etc.).
- ‘Services’ shall mean any goods and services provided by the Company.
Other terms used in the Statement shall be understood as they are defined in legal acts governing the protection of personal data (General Data Protection Regulation (EU) 2016/679, the Law of the Republic of Lithuania on the Legal Protection of Personal Data, etc.).
Purposes of and legal grounds for the processing of personal data
The Company shall process Personal Data only for specific purposes, in accordance with the legal grounds established in legal acts, i.e. when the processing of data is necessary in order to conclude and/or execute a contract concluded with the person, the person has given consent to the processing of his data for one or more specific purposes, the Company must process Personal Data in executing requirements of legal acts, or Personal Data must be processed in the pursuit of the Company’s legitimate interest.
The main purposes sought by the Company in the processing of Personal Data:
- The performance of the functions of the public electricity supplier provided for in legal acts. The Company shall process Personal Data in performing its functions and obligations and exercising its rights provided for in legal acts as those of a public supplier.
- The performance of the functions of the natural gas and electricity supplier provided for in legal acts. The Company shall process Personal Data in performing its functions and obligations and exercising its rights provided for in legal acts as those of an independent natural gas and electricity supplier.
- The provision of services and conclusion and execution of contracts. The Company shall process Personal Data in order to ensure the proper conclusion and execution of contracts with the Clients, provision of services or supply of goods to the Clients on the basis of contracts, including the proper provision of the Client with information about issues related to the goods, services, and contract, on the grounds of the requirements of the contract or legal acts.
- The drawing-up of commercial offers. The Company shall process Personal Data in order to provide the Client with a commercial offer on the services that the Client wishes to acquire.
- The administration of settlements. The Company shall process Personal Data related to settlement for the Services provided on the grounds of the requirements of the contract and legal acts.
- The management of debts. In case of a debit, the Company shall process Personal Data related to the debt and perform actions for recovery on the grounds of the requirements of legal acts and legitimate interest.
- The resolution of questions provided. The Company shall process Personal Data in considering and resolving provided questions and complaints on the grounds of the requirements of the contract, consent, or legal acts.
- The control of the quality of the provision of the Services and assessment of the Clients’ experience. The Company shall process Personal Data in order to ensure the quality of the Services being provided: by inquiring the Clients’ opinion on the Services provided and recording telephone conversations when the Clients contact the Company by the Client service channels or the Company’s employees phone the Clients based on consent.
- Direct marketing. The Company may process Personal Data in providing offers and news on the Services being provided and information on ongoing events on the grounds of personal consent.
- Credit and risk assessment. Prior to entering into a contract with the Client, upon receipt of the Client’s consent, the Company may process Personal Data in order to assess the credit risk for the purpose of determining which Services and on which terms may be offered to the Client.
- The security of persons and facilities. In order to ensure the security of its employees, Clients, and other persons who enter the field of view of video surveillance equipment as well as its assets and facilities, the Company may implement video surveillance on the grounds of the requirements of legal acts or legitimate interest.
- Other purposes. The Company may also process Personal Data for other purposes provided that it has received the consent of the person and must process Personal Data in executing the requirements of legal acts or has the right to process data for legitimate interest.
In all the cases mentioned above, the Company shall process Personal Data only to the extent required to archive the respective clearly defined and legitimate purposes, with regard to personal data protection requirements.
The scope (categories) of Personal Data undergoing processing
The main categories of Personal Data and data which are processed by the Company for the purposes and on the legal grounds set out above:
- Identification data: the first name, surname, personal identification number, date of birth, etc.
- Contact data: address, phone number, e-mail address, etc.
- Data related to the provision of the Services and conclusion and execution of contracts entered into: information about the Services being provided, contract data, order and consumption data, data received by the Company in the course of cooperation with persons either directly or by means of remote communication (by phone, e-mail), etc.
- Payment data: amounts payable, outstanding debts, payment history, etc.
- Data of video and sound records: video data recorded in the Company’s divisions, data of records of telephone conversations, etc.
- Data of cookies: information about the person’s location with a precision of a city, the person’s preferences, his behaviour on the Company’s website or self-service, interests, etc. (for more details, see ‘Cookies and their use’ below).
- Other data processed by the Company on the legal grounds provided for in legal acts.
Receipt of Personal Data
The Company shall process Personal Data which the persons provide themselves or which the Company receives from other sources (e.g. registers managed by the state or individuals) or third parties (e.g. the energy distribution operator) to the extent necessary on the grounds of the contract, consent, legal acts or the Company’s legitimate interest.
The Company has the right to collect Personal Data from VĮ Registrų Centras (the State Enterprise Centre of Registers) for the purpose and on the ground of the conclusion of contracts on the purchase and sale of electricity and provision of services in accordance with the Rules for the Supply and Use of Electricity approved by an order of the Minister of Energy of the Republic of Lithuania.
Provision of Personal Data
In compliance with the requirements of legal acts, the Company may transfer Personal Data undergoing processing to recipients of the following categories:
- The energy distribution operator. In order to ensure the proper execution of the contract on the purchase and sale of electricity and provision of services, the Company shall transfer the Client’s Personal Data undergoing processing (identification data, the readings of electricity metering devices declared by the Client, and other information that is necessary for the performance of the functions of the energy distribution operator established in legal acts).
- The gas distribution operator. The Company may transfer Personal Data undergoing processing (identification data, contact data related to the provision of the Services, and other necessary data) for the purposes of guaranteed gas supply, accounting of transported gas, determination and compensation of damage, assurance of the reliability and technical safety of gas systems, management of emergencies, and for other legitimate purposes in accordance with the requirements of the Law of the Republic of Lithuania on Natural Gas, the Rules of the Supply and Use of Natural Gas, the Rules of Trade in Natural Gas, and other applicable legal acts.
- To service providers. The Company may transfer Personal Data undergoing processing to third parties acting on behalf and/or under the instruction of the Company that provide the Company with client service, software maintenance, design, contract work, accounting, correspondence dispatch, and other services in order to ensure the proper provision, management, and development of the Company’s Services. In such cases, the Company shall take necessary measures in order to ensure that the engaged service providers (data processors) process the Personal Data being provided only for those purposes for which those were provided, while ensuring proper technical and organisational safeguards, in accordance with the requirements of the Company’s instructions and effective legal acts.
- Public authorities, law enforcement agencies, and supervisory institutions. The Company may provide Personal Data undergoing processing to public authorities or law enforcement agencies (e.g. police, prosecutor’s office, the Financial Crime Investigation Service, etc.), supervisory institutions (e.g. the State Energy Regulation Service, the State Energy Inspectorate, etc.), when it is mandatory in accordance with effective legal acts or in order to ensure the legitimate interests of the Company or third parties.
- Debt administration enterprises. If the Client fails to properly and timely perform the payments to be made by the Client in accordance with the Contract, the Company, having informed the Client by post or e-mail 30 days in advance, has the right to provide the Client’s personal data to the data controllers who process the consolidated data of debtors, debt management and recovery enterprises, courts, notaries, and bailiffs.
- Other third parties. The Company provide Personal Data to data to other data recipients on the legal grounds defined in legal acts.
Storage of data
The Company shall process Personal Data not longer than it is required by the specified purposes of data processing or provided for by applicable legal acts if they establish a longer data storage period.
To determine the data storage period, the Company shall apply criteria which correspond to the obligations established in legal acts, also taking into account the rights provided for by the person, e.g. envisages for such a data storage period within which claims related to the execution of the contract, if any, may be filed, etc.
The Company shall ensure the confidentiality of Personal Data in accordance with the requirements of effective legal acts and appropriate technical and organisational measures intended to protect Personal Data from unauthorised access, disclosure, accidental loss, change or destruction or other unlawful processing.
Rights of persons.
The person who has contacted the Company has the right:
- to familiarise himself with his Personal Data being processed by the Company;
- to require the rectification of his/her incorrect, incomplete, or inaccurate Personal Data;
- to request the destruction of Personal Data or to suspend, except for storage, actions for the processing of the Personal Data if it is made in violation of the requirements of applicable legal acts or the person’s data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- to receive Personal Data related to himself/herself, which the person has provided himself/herself, in a systematised, commonly used and machine-readable format;
- to request the erasure of the Personal Data processed by the Company when the Personal Data are processed in violation of the requirements of legal acts or the Personal Data are no longer necessary to achieve the purposes for which they were collected or otherwise processed;
- to restrict the processing of his Personal Data in accordance with applicable legal acts, i.e. for the period within which the Company will assess whether the person has the right to request that his Personal Data should be erased;
- to object to the processing of his Personal Data and/or in case Personal Data are processed on the grounds of consent, to withdraw the consent to the processing of his Personal Data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Implementation of the rights of individuals.
Individuals may appeal regarding the processing of personal data exercised by the Company by the following address: Žvejų g. 14, LT-09310 Vilnius; by e-mail: email@example.com; client service phone: 1802 and +370 5 232 77 00; calls by the number 1802 are charged in accordance with the rate applied to you by the communication operator; calls by the long number are charged as those to Telia network) or if you visit any “Ignitis” client service centre.
The contact details of the Company’s data protection officer: firstname.lastname@example.org
For the purposes of the exercise of his rights in accordance with General Data Protection Regulation (EU) 2016/679, the person shall submit to the Company a written request in person, by post, via a representative, or by means of electronic communications. The request shall be readable, signed by the person, contain the first name and surname, residential place address, and contact details of the person for communication and information on for which reasons, which rights and to which extent the person wishes to implement as well as information on which way the person wishes to receive the reply.
When submitting the request, the person must confirm his identity:
- if the request is submitted directly, to an employee of the Company’s division responsible for the servicing of individuals, the person must present a personal identity document;
- if the request is submitted by post, the request shall be attached with a notarised copy of the personal identity document;
- if the request is submitted via a representative, the representative shall indicate his first name and surname as well as contact details for communication, by which the individual’s representative wishes to receive the reply and the first name, surname, and personal identification number of the represented person and present a notarised copy of the personal identity document and a copy of the document of the representation document certified in accordance with the established procedure;
- if the request is submitted by means of electronic communication, the request shall be signed by a qualified electronic signature or formed by electronic means which allow ensuring the integrity and inalterability of the text.
The Company may refuse to take actions under the person’s request if the person’s request is obviously unjustified or non-proportional.
Not later than within one month from the day of receipt of the request, the Company shall provide the person with a reply indicating information about the actions taken upon receipt of the request, in accordance with Articles 15–22 of the General Data Protection Regulation (EU) 2016/679. That period may be extended by two further months where necessary, taking into account the complexity of the request and number of the requests under consideration. Within one month from the receipt of the request, the Company shall inform the person of the extension of the term for the consideration of the request, while indicating the reasons for the extension.
The Company has the right to refuse to provide the person with information requested by that person if:
- the personal data have been collected directly from the person and that information has already been provided to the person;
- the personal data have been received not from the person himself;
- the provision of information requested by the person is impossible or would require non-proportional efforts;
- where the personal data must remain confidential subject to an obligation of professional secrecy regulated by the law of the European Union or the Republic of Lithuania, including the obligation to protect professional secret.
In implementing the person’s right to familiarise himself/herself with his/her Personal Data being processed by the Company:
- has the right to request the person to specify the presented request if the Company processes a big amount of information related to the person;
- to provide the person with information to the extent as not to infringe the rights of other persons if certain information about the person is also related with other persons.
If the issues related to the processing of personal data carried out by the Company and/or personal rights, the person shall also have the right to address the State Data Protection Inspectorate with a complaint.
Obligations of persons.
When providing their personal data to the Company, persons confirm that they have properly familiarised themselves with the terms of the processing of personal data presented in this Statement, do not object that the Company shall process the personal data provided by the persons, the data and information provided by the persons are accurate and correct, and the Company is not responsible for the presentation and processing of excessive data if such data are provided by the person to the Company through negligence.
The person undertakes to inform the Company about changes in the data presented or other related information.
Cookies and their use
The cookies used in the Company’s website may be of three types:
- Mandatory: such cookies are necessary in order to enable the person to browse the website and use its functions, such a access to the secure areas of the website.
- Operation-improving: such cookies collect information on how the visitors of the website use the website, for example, which pages are visited most frequently and whether the visitors receive any erroneous notifications from the websites. Those cookies do not collect information that allows identifying the website visitor. All the information collected by those cookies is of general character and, therefore, is anonymous. It is used only for the improvement of the operation of the website.
- Functional: those cookies allow remembering the subjects selected by the visitor of the website (such as the name, language or region), prior consent with the privacy rules applied at the website and propose improved functions that are adapted to you personally. Those cookies cannot monitor the browsing activities in any other websites.