AB LIETUVOS GELEŽINKELIAI PRIVACY NOTICE
Last updated on 18 August 2023
AB Lietuvos geležinkeliai (hereinafter referred to as the LTG or the Company or simply us) protects your personal information while processing the data in accordance with the provisions of the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as the GDPR¹). This LTG Privacy Notice (hereinafter referred to as the Privacy Notice) provides detailed information in this regard.
¹ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
1. What is included in this Privacy Notice?
In this Privacy Notice, we provide answers to the most important questions, i.e., how we collect, use and store information about you. Please read this important information carefully and visit our website at https://ltg.lt from time to time as well as read the latest version of the Privacy Notice published there.
2. Who is responsible for protecting information about you?
3. Why and what information we collect about you?
4. What information must you provide and why?
Please see the answer to point 3 above – you must provide the information about yourself that is necessary in order to:
4.1. conclude contracts with you and fulfil contractual obligations (for the purpose referred to in clause 3.1);
4.2. conclude contracts with the persons you represent and fulfil contractual obligations (for the purpose referred to in clause 3.2);
4.3. conclude employment contracts with you and fulfil contractual obligations (for the purpose referred to in clause 3.1);
If you do not provide the information specified in clauses 3.1 and 3.2, we will not be able to conclude contracts and fulfil contractual obligations with you and/or the persons you represent.
5. Where do we get information about you?
You provide most of the information yourself, but we may receive some information from:
5.1. AB Lietuvos geležinkeliai (for all the purposes referred to in clause 3);
5.2. Legal entities that you represent or are employed by (for the purpose referred to in clause 3.2);
5.3. AB Lietuvos paštas (for the purpose referred to in clause 3.1);
5.4. the State Enterprise Centre of Registers (for the purpose referred to in clauses 3.1, 3.2).
6. Who do we transfer information about you to?
We transfer or share information related to you with partners, service providers, as well as the entities listed below only to the extent that it is necessary and permitted by applicable laws, as well as for the reasons listed in Clause 3:
6.1. Banks carrying out settlement operations (data transmitted for the purposes referred to in clauses 3.1 and 3.2);
6.2. Judicial, supervisory, law enforcement and other public authorities (data may be transferred for all the purposes referred to in clause 3);
6.3. Lawyers, notaries, bailiffs, auditors, consultants, information technology maintenance service providers, electronic communication service providers, insurance companies, companies providing archiving services and other services to the Company (data may be transferred for all the purposes referred to in clause 3).
We note that the Company selects as data processors only those persons who have provided the Company with a sufficient guarantee that they apply appropriate technical and organisational measures that ensure the safe processing of personal data and the appropriate level of data protection in accordance with the applicable European Union legislation.
7. Will your data be transferred outside the European Economic Area?
In most cases, personal data is processed and transferred within the territory of the European Union and the European Economic Area², but if necessary for the provision of certain services, data may be transferred and processed outside the mentioned territories, when an adequate level of personal data protection is observed. When permitted by law and required for the reasons specified in Clause 6 of this Privacy Notice, we disclose information about you:
7.1. In accordance with the decision of the European Commission on adequacy, meaning that the European Commission has recognised the country in which the third party is established and/or operates as ensuring an adequate level of personal data protection;
7.2. We have signed a contract with a third party based on the Standard Contractual Terms approved by the European Commission;
7.3. We have obtained the permission of the State Data Protection Inspectorate;
7.4. Using, if possible, other possible personal data protection measures and derogations.
² The European Economic Area is made up of all the member countries of the European Union plus Iceland, Liechtenstein and Norway.
8. What rights do you have?
The GDPR and other legal acts grant you rights, provide cases when you can use them, the procedure you must follow, as well as exceptions in which cases you cannot use the granted rights. Where permitted by law, you may:
8.1. have access to your personal data, i.e., receive a notification confirming whether LTG processes your personal data and, if it does, request access to the processed data and related information;
8.2. submit a request to us to correct inaccurate, incorrect information used or supplement it when it is not complete;
8.3. submit a request to us to delete the information we have about you if we use it illegally;
8.4. submit a request to us to limit the processing of available information about you, when you dispute the accuracy of the data or object to data processing, you do not agree to the deletion of your illegally processed data, or you need the data in order to assert, fulfil or defend legal claims;
8.5. object to the use of data when we process your data in pursuit of the legitimate interests of LTG and/or third parties;
8.6. submit a request to us to transfer (receive) data that you have provided to us pursuant to a contract or by giving consent for data processing and which we process by automated means in a commonly used electronic form;
8.7. object to the application of fully automated decision-making, including profiling, if such decision-making may have legal consequences or similar material impact on you;
8.8. withdraw the consents given to us regarding the use of information about you, when we use the data based on your consent;
8.9. submit a complaint to a supervisory authority, primarily in the member state where you have your permanent residence or the place where the suspected GDPR violation was committed and apply for judicial remedies. In the Republic of Lithuania, you may appeal to the State Data Protection Inspectorate acting as a supervisory authority (L. Sapiegos Str. 17, Vilnius; email: [email protected]), but we recommend contacting us first, and we will try to solve all your requests together with you.
9. How could you enforce your rights?
In order to enforce your rights specified in Clause 8 of this Privacy Notice, you must:
9.1. personally deliver the request to exercise the rights of the data subject (hereinafter referred to as the Request³)14 to the Company’s headquarters or to the data protection officer at the addresses specified in Clause 14 of this Privacy Notice (a document confirming personal identity must be submitted for inspection together with the Request);
9.2. submit the Request to the Company or the data protection officer to the postal addresses specified in Clause 14 of this Privacy Notice (the Request must be accompanied by a copy of the document confirming the identity of the person, certified by a notary public or in the way specified by other legal acts);
9.3. submit the Request to the Company or the data protection officer at the email addresses specified in Clause 14 of this Privacy Notice (the request submitted by email must be signed with a secure, qualified electronic signature).
³ It is recommended to use the Request to exercise data subject rights form here (in the original language).
10. Do we profile you and make automated decisions?
The Company may profile you for statistical purposes, and in order to prevent the sending of unsolicited marketing offers, we categorise you according to the date of conclusion of the contract, the term of validity of the contract, and the status of the contract.
11. Does our website leave cookies on your computer or device?
12. How can cookies be managed?
You can choose which cookies you want to accept and which to reject in your browser settings. You can delete any cookies already on your computer, and most browsers can prevent cookies from being saved. The location of these settings depends on the browser you are using.
If you do not agree to cookies being saved on your computer or other device, you can withdraw your consent at any time by changing the settings on the website and deleting the saved cookies in your browser. If you choose to delete cookies, remember that all the options you have set will also be removed. In addition, if cookies are completely blocked, many websites (including www.ltg.lt) may not function properly. For these reasons, we do not recommend disabling mandatory cookies.
13. How to remove cookies from a device?
To prevent your personal data from being processed with the help of cookies, you can change the settings of your internet browser so that cookies are not accepted or delete saved cookies.
You can change the cookie settings in your browser at any time. All browsers have the option to delete cookies. More detailed instructions depend on the browser you are using, you can find them in the options menu of the browser you are using:
For more information see https://www.allaboutcookies.org/
We reiterate that removing or blocking the cookies used may affect the operation of the website and some of its functionalities, as well as may negatively affect the use of the services available on the portal.
To get more information about cookies and how to manage or remove them, just visit https://www.allaboutcookies.org/ and your browser’s help page.
14. How to contact the Company or the Data Protection Officer?
If you have questions, comments, or complaints about how we collect, use and store information about you, or if you want to exercise your rights as a data subject, you can contact:
14.1. The Company, at the address: Geležinkelio g. 16, 02100 Vilnius, tel.: (8 5) 269 2038, email: [email protected];
14.2. Data Protection Officer, at the address: Pelesos g. 10 Vilnius, email: [email protected]
15. Candidate’s Privacy Notice