Privacy note
AB LTG CARGO
PRIVACY NOTE
Last updated: 25 March 2022
AB LTG Cargo (hereinafter referred to as “LTG Cargo” or “The Company” or simply “we“) stores information about you in connection with the Processing of Data in connection with the General Data Protection Regulation of the European Union (referred to as “GDPR”[1]) and other data protection legislation.
1-Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
This Privacy Note provides answers to the most important questions – how we collect, use, and store information about you. Please read this important information carefully and from time to time visit our website and read the latest version of the Privacy Note published there.
AB LTG Cargo, legal entity code: 304977594, registered office address: Gelezinkelio str. 12, 02100 Vilnius, e-mail address: [email protected], telephone number: (8 5) 2692745.
|
No. |
Why do we collect information about you? | What information do we collect about you? | Why do we have the right to collect the information you provide? | How long do we use or store information about you? |
|---|---|---|---|---|
| 3.1. | We conclude and execute agreements with you and fulfill the related tax obligations
|
Name, personal identification number and/or date of birth, address of residence, e-mail address, telephone number, authorisation period and number of authorisation, signature, relationship with the person represented, position, payer code, billing information, settlement period, debt information, bank account number, contract, additions to the authorisation, amendments and annexes, acts of acceptance, date of conclusion, contract number, place of conclusion and performance of the contract, information on the performance of the contract, termination information, extract of the central data bank of the Real Estate Register and, as regards the performance of the contract, communication with you, other information that may be necessary for the proper performance of the contract | We conclude a contract with you and fulfl our contractual obligations (Art. 6 (1)(b) GDPR)
We must collect information according to the law (Art. 6.1.1.c. GDPR) |
During the term of the contract
|
| 3.2. | To maintain relationships with the private or legal persons you represent | Name, personal identification number and/or date of birth, address of residence, authorisation, period and number of the authorisation, signature, relationship with th person represented, position, telephone number, e-mail address, name of the connecttion to our systems, all information you provide to the Company (e.g. information about the person you represent, contracts concluded, etc.) and, as far as the performance of the contract is concerned, communication with you, other information that may be necessary fot the proper performance of the contract | We have a legitimate interest (to maintain relations with the persons you represent) (Article 6(1)(f)) of the GDPR)
|
During the term of the contract |
| 3.3. | For informing/questioning you about the Compnay’s services relevant to you | Name, function, telephone number, address, organisation represented, e-mail address | You agree that we will use information about you (Art. 6(1)(a) of the GDPR, Art. 69(1) of the Law on Electronic Communicatoins of the LR) or have purchased goods or services from us (Art. 69(2) of the Law on electronic communications of the LR)
|
2 years after the consent or the end of your relationship with us, unless you express your disagreement within this period
|
| 3.4. | When you have submitted to us an application, offer or complaint | Name, e-mail address, state, phone number, subject of request, request time, request content, query attachments, query response | We have your consent (Article 6(1)(a) of the GDPR, we are obligated to collect the information in accordance to the law (Article 6(1)(c), Article 29(1) of the Railway Transport Code of the Republic of Lithuania.
We have a legitimate interest (to examine your enquiries, requests or complaints) (Article 6(1)(f)) of the GDPR) |
1 year after last referral
|
| 3.5. | We record telephone conversations to ensure the quality of the services provided, to provide accurate information about the services provided and to provide advice, and to investigate inquiries, complaints and requests. | Telephone number, telephone records and data provided during conversations | We have a legitimate interest (to ensure the quality of customer service, to provide accurate information about the services provided and to provide advice, to ensure the appropriate quality of customer service, to examine requests, inquiries or complaints under Article 6(1)(f)) of the GDPR) | 1 year after conversation with you |
| 3.6. | We ensure the security of your health, life and trust and the property owned by the Company – in cases when you are filmed in the Company’s premises, their accesses, railway crossings, stations, and their access areas | Video (where appropriate, the image is recorded with sound) | We have a legitimate interest (security of property and persons) (Article 6(1)(f)) GDPR)
|
5 to 30 days (device dependent)
(at railway crossings – up to 3 months) |
| 3.7. | We may participate in legal proceedings relating to you | All information mentioned in this Privacy Note, documents and annexes sent to you, documents and annexes thereto, procedural documents, court orders, rulings, decisions | We have a legitimate interest (to defent the Rights of the Company in legal proceedings) (Article 6(1)(f)) of the GDPR | 10 years after the termination of the contract with you or 10 years after the legal proceedings have ended
|
| Information on criminal offenses and convictions | Data is needed to assert, enforce or defent legal claims (Article 9(2)(f)) of the GDPR
|
|||
| 3.8. | To investigate rail accidents or incidents | Witness in a rail transport accident, accident or incident: name, name of the person affected by a rail traffic accident, accident or incident, by order, sex, age, sobriety, personal actions, the name of the perpetrator of a railway accident, accident or incident and any other information we must handle under Order No 3-531(1.5 E) of 23 December 2015 of the Minister of Transport of the RL. , Annex 2 to the provisions on the reporting of accidents and incidents, the investigation of rail transport accidents, accidents and incidents and their response | We must collect information in accordance with the law (Article 6(1)(c) of the GDPR, Order No 3-531(1.5 E) of 23 December 2015 of the Minister of Transport of the LR, to approve the Regulations on the reporting of rail accidents and incidents, the investigation of rail accidents and incidents and their response) | 10 years after a rail traffic accident, accident or incident |
| 3.9. | To ensure the efficient and secure operation of our website | IP address, operating system version, settings of the device you are using, the time and duration of the start of the session, the request terms you enter on our website, and any information stored using cookies applied to your device (more about the cookies you use in section 11 of the Privacy Note). | We have a legitimate interest (to ensure the quality of our services, to improve and develop new services, to ensure that the Company’s website operates in a qualitatively secure manner and that the persons visiting it find relevant information) (Article 6(1)(f)) of the GDPR
|
60 days |
| 3.10. | Through the hotline channels, you provide us with information on possible fraud, corruption, other crimes, violations of law, violations of employment duties | If the person provides the information by telephone not anonymously – the data shall indicate the name, surname, etc. of the person, the content of the message, the telephone number from which the call was made, the start, end, duration and other personal data if provided by the person.
If a person provides information via email. by e-mail or via the websites www.litrail.lt, www.ltgcargo.lt – e-mail. postal address and additional information if the person provides information not anonymously – name, surname, telephone number, content of the message |
We have a legitimate interest (to prevent fraud, corruption, other criminal offenses, violations of law, duties and other violations – to prevent the committed acts, to take measures to prevent future acts, etc.) (Article 6 (1) (f) of the GDPR) | 1 year from the date of receipt of the information |
| 3.11. | You are submitting a request to enforce the data subject’s rights under the BDAR and we are enforcing the request | Depending on what personal data you provide: name, surname, phone number, address, date of birth, email address, table number, legal partner code, copy of identity document, request for exercise of data subject’s rights, date of request, place of request, specified method of replying to the request, content of the request and other information provided in the data subject’s request, reply to the data subject , other information related to the exercise of the data subject ‘s rights. | We have a legal obligation to enforce the rights of data subjects – (Chapter III of the GDPR) | Applications are kept for 5 years from the date of the reply |
Please review the answer to point 3 above – you must provide the information about you that is necessary in order to:
4.1 we would enter into agreements with you and fulfil our contractual obligations (for objective 3.1);
4.2. we would conclude contracts with the persons represented by you and fulfil our contractual obligations (for objective 3.2).
Failure to provide you with the information specified in paragraphs 3.1 and 3.2 will not be able to conclude contracts and fulfil contractual obligations with you and/or persons represented by you.
Most of the information you provide yourself, but we may receive some of the information from:
5.1. Joint-stock company Lietuvos geležinkeliai (for all purposes specified in Item 3);
5.2. Legal persons that you represent or employ (for the purpose specified in point 3.2);
5.3. AB Lietuvos paštas (for all purposes specified in Item 3.1);
5.4. VĮ Registrų centras (for all purposes specified in Item 3.1, 3.2).
We will only share or transfer information about you with our partners, service providers, and the following entities to the extent necessary and permitted by applicable law, including for the reasons listed in Section 3:
6.1. LTG Cargo AB to the parent company of Lietuvos Geležinkeliai AB and its subsidiaries (data may be transferred for all purposes specified in Item 3);
6.2. Banks carrying out settlement operations (data to be transferred for the purposes specified in points 3.1 and 3.2);
6.3. Courts, supervisory, law enforcement and other public authorities (data may be transmitted for all purposes specified in point 3);
6.4. Lawyers, notaries, bailiffs, auditors, consultants, information technology surveillance service providers, providers of electronic communications services, insurance companies, archiving services and other services to companies providing the Company (data may be transferred for all purposes specified in point 3).
In most cases, personal data are processed and transferred within the territory of the European Union and the European Economic Area2, but where necessary for the provision of certain services, data may be transferred and processed outside those territories, subject to an adequate level of protection of personal data. For the reasons set out in section 6 of this Privacy Note, we disclose information about you as permitted by law and for the reasons set out in section 6 of this Privacy Note:
7.1. On the basis of the adequacy decision of the European Commission, the European Commission has recognised the country in which a third party is established and/or operates as ensuring an adequate level of protection of personal data;
7.2. We have signed a contract with a third party based on the Standard Contractual Clauses approved by the European Commission;
7.3. We have obtained the permission of the State Data Protection Inspectorate;
Other possible measure and derogation for the protection of personal data, where possible.
2 – The European Economic Area comprises all the Member States of the European Union plus Iceland, Liechtenstein and Norway.
The GDPR and other laws give you rights, provide for cases where you can exercise them, the procedures you need to comply with, as well as exceptions in which you may not exercise the rights granted. Once permitted by law, you can:
8.1. to access your personal data, i.e. receive a notification confirming whether LTG Cargo processes your personal data and, if processed, request access to the data processed and the information relating therein;
8.2. submit to us a request to correct or supplement inaccurate, incorrect information used when it is incomplete;
8.3. submit to us a request to delete information about you that we have if we use it illegally;
8.4. to submit to us a request to restrict the processing of existing information about you when you dispute the accuracy of the data or object to the processing of data, do not agree to the deletion of your unlawfully processed data, or the data you need in order to assert, enforce or defend legal requirements;
8.5. to object to the use of the data when we process your data for the legitimate interests of LTG Cargo and/or third parties;
8.6. submit to us a request to transfer /receive data that you have provided us under contract or consent to the processing and which we process by automated means in a shared electronic form;
8.7. to object to a fully automated decision, including profiling, if such decision-making may have legal effects or similar significant effects on you;
8.8. to withdraw the consents given to us regarding the use of information about you when we use the data on the basis of your consent;
8.9. lodge a complaint with the supervisory authority, in particular in the Member State where you are domiciled or the place where the alleged violation of the GDPR was committed and to apply for judicial remedies.The supervisory authority in the Republic of Lithuania is the State Data Protection Inspectorate (A. Juozapavičiaus St. 6, 09310 Vilnius; tel. (8 5) 271 2804, 279 1445; e-mail: [email protected]).
In order to exercise your rights under clause 8 of this Privacy Note, you must::
9.1. personally present the request for the exercise of the rights of the data subject (hereinafter referred to as the Application)3 to the office of the Company or to the Data Protection Officer at the addresses specified in item 13 of this Privacy Note (the application must be accompanied by an identity document);
9.2. to send the Request to the Company or Data Protection Officer at the postal addresses specified in Item 13 of this Privacy Note (a copy of the identity document, certified by a notary or other procedure established by legal acts must be attached to the Application);
9.3. submit a request to the Company or data protection officer with the e-mail addresses specified in clause 13 of this Privacy Note (the request submitted by e-mail must be signed with a secure electronic signature).
3-The recommended application form for the exercise of the data subject’s rights is available here.
The Company may profile you for statistical purposes, as well as to prevent sending of unwanted marketing offers, we assign you categories according to the date of conclusion of the contract, the term of the contract, the status of the contract.
Yes, we use cookies as shown in the table below. Cookies are small text files stored in your device’s browser (e.g. computer, mobile phone, tablet) when you browse websites. Other technologies, including data that we store in your browser or device, identifiers related to your device and other software, may be used for similar purposes. Cookies are widely used to make websites work or work better and more efficiently.
| Name | Period | Purpose |
| GUEST_LANGUAGE_ID | 1 year | Store information about the language of the visitor for the page |
| JSESSIONID | Until the end of the session | Store session data necessary to ensure functionality of the site and maintain the visitor session |
| __utma | 2 years | Store information about the number of visits to the page |
| __utmb | 1 day | Store information about the page opening time |
| __utmc | Until the end of the session
Until you delete it |
Store information about the time the page closes |
| __utmt | 1 year | Store information about the time on which the page consent was downloaded |
| __utmz | 6 months | Store information, whether the visitor visited the page using the search function, or learned about the page from other sources |
| COMPANY_ID | Until the end of the session | Provide and store a visitor’s user ID so that one visitor can be properly separated from another |
| ID, USER_UUID | Until the end of the session
Until you delete it |
Store visitor ID information to support automatic sign-in functionality |
| __cfduid | 1 month | Store visitor identification information on the cyber security platform cloudflare.com. |
| cookieconsent_status | 1 year | Store information about whether a cookie message has been displayed |
You can configure your browser to opt out of some or all of the cookies or to request your permission before they are accepted. Please note that deleting cookies or disabling the use of cookies in the future may prevent certain Web Parts or Features of our Web Pages from being accessed. For information about how you can change your browser settings, go to www.allaboutcookies.org/manage-cookies.
For more information about third-party cookies and management capabilities, please refer to these third-party cookie notifications.
If you have questions, comments or complaints about how we collect, use and store information about you, or whether you want to exercise your rights as a data subject, you can contact:
13.1. Company at: Gelezinkelio st. 12, 02100 Vilnius, tel. (8 5) 2692745, e-p. [email protected];
13.2. Data Protection Officer at: Prusu str. 1 Vilnius, e-p. [email protected].
