This Privacy Statement (hereinafter referred to as ‘the Statement’) provides information on how UAB “Ignitis”, legal entity identification number: 303383884, registered office address: Laisvės pr. 10, LT-04215 Vilnius (hereinafter referred to as ‘the Company’) processes personal data.
The provisions of the Statement shall apply to the following natural persons whose data are processed by the Company:
– clients who are using, used, have expressed intent to use, or are otherwise associated with the services provided
by the Company (hereinafter referred to as ‘the Clients’);
– persons who have applied to the Company by submitting requests or claims either directly or by means of remote communication, including by phone or e-mail;
– persons who have visited the Company’s website, etc.
Terms and Definitions
The terms and abbreviations used in this Privacy Statement shall have the following meanings:
- ‘Personal data’ shall mean any information related to the natural person, who can be identified either directly or indirectly (e.g. first name, surname, contact details, etc.).
- ‘Person’ shall mean the natural person (data subject) whose data are processed (e.g. the Company’s Clients, persons who have applied to the Company by submitting requests or claims, users of the Company’s website or self-service website, etc.).
- ‘Processing’ shall mean any action performed in respect of the Personal Data (e.g. collection, recording, storage, granting of access, transfer, etc.).
- ‘Services’ shall mean any goods and services provided by the Company.
Other terms used in the Statement shall be understood as they are defined in legal acts governing the protection of personal data (General Data Protection Regulation (EU) 2016/679, the Law of the Republic of Lithuania on the Legal Protection of Personal Data, etc.).
Purposes of and legal grounds for the processing of personal data
The Company shall process Personal Data only for specific purposes, in accordance with the legal grounds established in legal acts:
- when processing of data is necessary in order to conclude and/or execute a contract concluded with the person;
- the person has given consent to the processing of his data for one or more specific purposes;
- Company must process Personal Data in executing requirements of legal acts;
- Personal Data must be processed in the pursuit of the Company’s legitimate interest.
The main purposes sought by the Company in the processing of Personal Data:
- Performance of the functions of the public electricity supplier provided for in legal acts. The Company shall process Personal Data in performing its functions and obligations and exercising its rights provided for in legal acts as those of a public supplier.
- Performance of the functions of the natural gas and electricity supplier provided for in legal acts. The Company shall process Personal Data in performing its functions and obligations and exercising its rights provided for in legal acts as those of an independent natural gas and electricity supplier.
- Provision of services and conclusion and execution of contracts. The Company shall process Personal Data in order to ensure the proper conclusion and execution of contracts with the Clients, provision of services or supply of goods to the Clients on the basis of contracts, including the proper provision of the Client with information about issues related to the goods, services, and contract, on the grounds of the requirements of the contract or legal acts.
- Drawing-up of commercial offers. The Company shall process Personal Data in order to provide the Client with a commercial offer on the services that the Client wishes to acquire.
- Administration of settlements. The Company shall process Personal Data related to settlement for the Services provided on the grounds of the requirements of the contract and legal acts.
- Management of debts. In case of a debit, the Company shall process Personal Data related to the debt and perform actions for recovery on the grounds of the requirements of legal acts and legitimate interest.
- Solving questions provided. The Company shall process Personal Data in considering and resolving provided questions and complaints on the grounds of the requirements of the contract, consent, or legal acts.
- Solving submitted questions on the Company's Facebook account. For the purposes of processing the request, the Company may collect the following data of the person applying: name of the person's social network profile, profile photo, first name, last name, phone number, e-mail address, object address, Client code or the last 3 digits of the personal code, other contract data important for executing Personal requests. These Personal Data will be processed on the basis of the Person's request to provide a response (Person's consent) and/or in order to contact the Person. The provided Personal Data will be stored during the validity of the contract and for 10 years after the termination of the contract. In the absence of a contractual relationship, the data provided is stored as long as the Company actively uses its social network account, unless the Person himself deletes (or asks the Company to delete) the Personal data he provided earlier at any time. When a Person submits personal data through a request, it becomes available to Facebook (Meta Platforms Ireland Limited). Information on how data provided by Facebook is handled can be found in Facebook's privacy settings.
- Direct marketing and evaluation of Client experience. The Company can process Personal data (name, surname, e-mail address, e-mail interaction information) by providing profiled offers and news about the Services provided, information about ongoing events and inquire about the quality of the Services provided. This data is processed and information is sent to the Individual only if the Individual has given consent for direct marketing and profiling. For the purpose of profiling, in order to identify whether the information sent is relevant to the Client and to offer content tailored specifically to the Client's needs, the Company may process information about the sent direct marketing e-mails interaction (whether the message was read, when and how many times).
- Credit and risk assessment. Prior to entering into a contract with the Client, upon receipt of the Client’s consent, the Company may process Personal Data in order to assess the credit risk for the purpose of determining which Services and on which terms may be offered to the Client.
- Security of persons and facilities. In order to ensure the security of its employees, Clients, and other persons who enter the field of view of video surveillance equipment as well as its assets and facilities, the Company may implement video surveillance on the grounds of the requirements of legal acts or legitimate interest.
- Mediation. The Company may process Personal Data as a mediator in order to conclude contracts for the purchase or rent of remote solar power plants Services.
- Technical suitability of objects for providing Services. The Company can process data on the suitability of buildings owned by the Person for the installation of a solar power plant and the possible/future economic efficiency of the installed power plant due to the proper provision of the Service.
- General statistics. The company can process non-personalized general statistical data of e-mail interactions in order to manage Clients‘ flows in Clients‘ Service channels and to evaluate effectiveness of the communication carried out by e-mail. For this purpose, the Company will not process any personal data or other information that could identify the Client as a specific person. General statistics do not have any legal or similar significant effect on Client.
- Other purposes. The Company may also process Personal Data for other purposes provided that it has received the consent of the person and must process Personal Data in executing the requirements of legal acts or has the right to process data for legitimate interest.
In all the cases mentioned above, the Company shall process Personal Data only to the extent required to archive the
respective clearly defined and legitimate purposes, with regard to personal data protection requirements.
The scope (categories) of Personal Data undergoing processing
The main categories of Personal Data and data which are processed by the Company for the purposes and on the legal grounds set out above:
- Identification data: the first name, surname, personal identification number, date of birth, etc.
- Contact data: address, phone number, e-mail address, etc.
- Data related to the provision of the Services and conclusion and execution of contracts entered into: information about the Services being provided, contract data, order and consumption data, data received by the Company in the course of cooperation with persons either directly or by means of remote communication (by phone, e-mail), etc.
- Payment data: amounts payable, outstanding debts, payment history, etc.
- Financial data: information about obligations and debts owed to third parties, when the Company assesses the Client's solvency before starting to provide Services.
- Data of video and sound records: video data recorded in the Company’s divisions, data of records of telephone conversations, etc.
Other data processed by the Company on the legal grounds provided for in legal acts.
Receipt of Personal Data
The Company shall process Personal Data which the persons provide themselves or which the Company receives from other sources (e.g. registers managed by the state or individuals) or third parties (e.g. the energy distribution operator) to the extent necessary on the grounds of the contract, consent, legal acts or the Company’s legitimate interest.
The Company has the right to collect Personal Data from VĮ Registrų Centras (the State Enterprise Centre of Registers) for the purpose and on the ground of the conclusion of contracts on the purchase and sale of electricity and provision of services in accordance with the Rules for the Supply and Use of Electricity approved by an order of the Minister of Energy of the Republic of Lithuania.
Provision of Personal Data
In compliance with the requirements of legal acts, the Company may transfer Personal Data undergoing processing to recipients of the following categories:
- Energy distribution operator. In order to ensure the proper execution of the contract on the purchase and sale of electricity and provision of services, the Company shall transfer the Client’s Personal Data undergoing processing (identification data, the readings of electricity metering devices declared by the Client, and other information that is necessary for the performance of the functions of the energy distribution operator established in legal acts).
- Gas distribution operator. The Company may transfer Personal Data undergoing processing (identification data, contact data related to the provision of the Services, and other necessary data) for the purposes of guaranteed gas supply, accounting of transported gas, determination and compensation of damage, assurance of the reliability and technical safety of gas systems, management of emergencies, and for other legitimate purposes in accordance with the requirements of the Law of the Republic of Lithuania on Natural Gas, the Rules of the Supply and Use of Natural Gas, the Rules of Trade in Natural Gas, and other applicable legal acts.
- Service providers. The Company may transfer Personal Data undergoing processing to third parties acting on behalf and/or under the instruction of the Company that provide the Company with client service, software maintenance, design, contract work, accounting, correspondence dispatch, and other services in order to ensure the proper provision, management, and development of the Company’s Services. In such cases, the Company shall take necessary measures in order to ensure that the engaged service providers (data processors) process the Personal Data being provided only for those purposes for which those were provided, while ensuring proper technical and organisational safeguards, in accordance with the requirements of the Company’s instructions and effective legal acts.
- Public authorities, law enforcement agencies, and supervisory institutions. The Company may provide Personal Data undergoing processing to public authorities or law enforcement agencies (e.g. police, prosecutor’s office, the Financial Crime Investigation Service, etc.), supervisory institutions (e.g. the State Energy Regulation Service, the State Energy Inspectorate, etc.), when it is mandatory in accordance with effective legal acts or in order to ensure the legitimate interests of the Company or third parties.
- Debt administration enterprises. If the Client fails to properly and timely perform the payments to be made by the Client in accordance with the Contract, the Company, having informed the Client by post or e-mail 30 days in advance, has the right to provide the Client’s personal data to the data controllers who process the consolidated data of debtors, debt management and recovery enterprises, courts, notaries, and bailiffs.
- Other third parties. The Company provide Personal Data to data to other data recipients on the legal grounds defined in legal acts.
Generally, the Company stores personal data in the territory of the European Union or the European Economic Area (EU/EEA). If there are cases when personal data shall be transferred outside the EU/EEA, that can be done only if at least one of the following conditions is met:
- • The European Commission has recognized that the country to which the data is transferred ensures a sufficient level of personal data protection;
- • A data processing contract has been concluded in accordance with standard conditions approved by the European Commission;
- • Codes of conduct are followed and other safeguards in accordance with the Regulation are applied.
Storage of data
Purpose of processing personal data
Processing personal data of the callers for the purpose of solving submitted questions
2 months from the date of recording the call
Processing personal data for the purpose of direct marketing
5 years from the date consent or until the moment of withdrawal of the Client's consent
Processing personal data of Clients‘ for the purpose of execution of the contract
During the term of the contract and 10 years after the end of the contract
The Company shall process Personal Data not longer than it is required by the specified purposes of data processing or provided for by applicable legal acts if they establish a longer data storage period.
To determine the data storage period, the Company shall apply criteria which correspond to the obligations established in legal acts, also taking into account the rights provided for by the person, e.g. envisages for such a data storage period within which claims related to the execution of the contract, if any, may be filed, etc.
The Company shall ensure the confidentiality of Personal Data in accordance with the requirements of effective legal acts and appropriate technical and organisational measures intended to protect Personal Data from unauthorised access, disclosure, accidental loss, change or destruction or other unlawful processing.
Automated decision making and profiling
The company does not manage personal data by means of automated individual decision-making, as provided for in Article 22 of the Regulation. The Company only carries out profiling (i.e. automated processing of personal data, where personal data is used to evaluate certain personal aspects related to a natural person), but this does not create legal consequences or similar significant effects for the Individuals. The Company performs profiling in order to control the sending of unwanted and irrelevant marketing offers, assigning Clients to categories based on the types of Services used, the method of payment, etc.
Rights of persons.
The person who has contacted the Company has the right:
- to familiarise himself with his Personal Data being processed by the Company;
- to require the rectification of his/her incorrect, incomplete, or inaccurate Personal Data;
- to request the destruction of Personal Data or to suspend, except for storage, actions for the processing of the Personal Data if it is made in violation of the requirements of applicable legal acts or the person’s data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- to receive Personal Data related to himself/herself, which the person has provided himself/herself, in a systematised, commonly used and machine-readable format;
- to request the erasure of the Personal Data processed by the Company when the Personal Data are processed in violation of the requirements of legal acts or the Personal Data are no longer necessary to achieve the purposes for which they were collected or otherwise processed;
- to restrict the processing of his Personal Data in accordance with applicable legal acts, i.e. for the period within which the Company will assess whether the person has the right to request that his Personal Data should be erased;
to object to the processing of his Personal Data and/or in case Personal Data are processed on the grounds of
consent, to withdraw the consent to the processing of his Personal Data at any time, without affecting the
lawfulness of processing based on consent before its withdrawal. You can withdraw your consent to direct marketing
by calling the Client Service number: 1802 and +370 611 21802, through self-service website or by submitting
request through the Company's
Implementation of the rights of individuals.
Individuals may appeal regarding the processing of personal data exercised by the Company by the following address: Laisvės pr. 10, LT-04215 Vilnius; Client Service phones 1802 and +370 611 21802, submit request through the Company's Help Center or to visit any Client Service centre.
Calls by the number 1802 are charged in accordance with the rate applied to you by the communication operator; calls by the long number are charged as those to Telia network).
The contact details of the Company’s data protection officer: [email protected]
For the purposes of the exercise of his rights in accordance with General Data Protection Regulation (EU) 2016/679, the person shall submit to the Company a written request in person, by post, via a representative, or by means of electronic communications. The request shall be readable, signed by the person, contain the first name and surname, residential place address, and contact details of the person for communication and information on for which reasons, which rights and to which extent the person wishes to implement as well as information on which way the person wishes to receive the reply.
When submitting the request, the person must confirm his identity:
- if the request is submitted directly, to an employee of the Company’s division responsible for the servicing of individuals, the person must present a personal identity document;
- if the request is submitted by post, the request shall be attached with a notarised copy of the personal identity document;
- if the request is submitted via a representative, the representative shall indicate his first name and surname as well as contact details for communication, by which the individual’s representative wishes to receive the reply and the first name, surname, and personal identification number of the represented person and present a notarised copy of the personal identity document and a copy of the document of the representation document certified in accordance with the established procedure;
- if the request is submitted by means of electronic communication, the request shall be signed by a qualified electronic signature or formed by electronic means which allow ensuring the integrity and inalterability of the text.
The Company may refuse to take actions under the person’s request if the person’s request is obviously unjustified or
Not later than within one month from the day of receipt of the request, the Company shall provide the person with a reply indicating information about the actions taken upon receipt of the request, in accordance with Articles 15–22 of the General Data Protection Regulation (EU) 2016/679. That period may be extended by two further months where necessary, taking into account the complexity of the request and number of the requests under consideration. Within one month from the receipt of the request, the Company shall inform the person of the extension of the term for the consideration of the request, while indicating the reasons for the extension.
The Company has the right to refuse to provide the person with information requested by that person if:
- the personal data have been collected directly from the person and that information has already been provided to the person;
- the personal data have been received not from the person himself;
- the provision of information requested by the person is impossible or would require non-proportional efforts;
- where the personal data must remain confidential subject to an obligation of professional secrecy regulated by the law of the European Union or the Republic of Lithuania, including the obligation to protect professional secret.
In implementing the person’s right to familiarise himself/herself with his/her Personal Data being processed by the Company:
- has the right to request the person to specify the presented request if the Company processes a big amount of information related to the person;
- to provide the person with information to the extent as not to infringe the rights of other persons if certain information about the person is also related with other persons.
If the issues related to the processing of personal data carried out by the Company and/or personal rights, the
person shall also have the right to address the State Data Protection Inspectorate with a complaint.
Obligations of persons.
When providing their personal data to the Company, persons confirm that they have properly familiarised themselves with the terms of the processing of personal data presented in this Statement, do not object that the Company shall process the personal data provided by the persons, the data and information provided by the persons are accurate and correct, and the Company is not responsible for the presentation and processing of excessive data if such data are provided by the person to the Company through negligence.
The person undertakes to inform the Company about changes in the data presented or other related information.
Privacy statement validy and changes
This Statement sets out the main provisions of the processing of personal data. Additional information on how the Company processes personal data may be provided in the Company’s agreements, other documents, on the website www.ignitis.lt, self-service website e.ignitis.lt or by remote channels of the Client Service (by phone, e-mail, etc.).
The Company has the right to unilaterally amend and/or supplement the Statement. The Company shall inform of amendments to this Statement by making respective publications on the Company’s website. In certain cases, the Company may also inform persons about amendments in writing, by e-mail, or otherwise (e.g. by publication in the press).