Privacy Policy

Home / Services / Insurance services / Privacy Policy

UADBB ALTAS INSURANCE BROKERIS PRIVACY POLICY

UADBB “Altas draudimo brokeris”, company code 135526534 (hereinafter referred to as “the Company ” or “we”), registered at Kalniečių g. 104, Kaunas, LT 50184, Republic of Lithuania, is an insurance brokerage firm entered in the list of insurance brokerage firms maintained by the Bank of Lithuania(https://www.lb.lt/lt/finansu-rinku-dalyviai?list=75).

In collecting and using Personal Data (” Personal Data“), we are obliged to use and process your Personal Data in accordance with this Privacy Policy (” Privacy Policy“) and applicable laws, including the Privacy Act 2016. 27 April Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania and other legal acts regulating the protection and processing of personal data.

Please note that if you provide us with information about anyone other than yourself, your employees, partners, insured persons, you must make sure that they are informed about how their data will be used.

This Privacy Policy sets out how we process personal data about you and our other customers: what personal data we collect and process, to whom we transfer it, where we obtain it from, for what purposes we use it, how we keep it secure and your right to privacy.

Definitions

The following terms should help you understand our Privacy Policy and any terms used:

1. ‘performance of a contract ‘ means the processing of your Personal Data in order to perform a contract between you and us (e.g. to provide you with services) or, at your request, to take appropriate measures prior to the conclusion of such contract;
2. ‘Legal Obligations‘ means processing your Personal Data where necessary to comply with legal or regulatory obligations to which we are subject (e.g. to respond to court orders, to comply with legal requirements);
3. ‘legitimate interests ‘ means the legal basis for using your Personal Data, for example, to provide and improve services, to improve our business relationship and/or for marketing;
4. ‘Services‘ means our products and services provided as an insurance brokerage firm included in the list of insurance brokerage firms maintained by the Bank of Lithuania;
5. ‘we‘, ‘us‘, ‘our‘ or ‘the Company‘ means UADBB ‘Altas Insurance Broker’, company code 135526534, registered at Kalniečių g. 104, Kaunas, Republic of Lithuania;
6. “You” means you as an applicant for employment with the Company, a potential, current and/or former customer, an employee of our customer or other parties such as beneficiaries, authorised representatives, other related parties and/or persons who contact us by email or other means of communication.

Privacy Policy Updates

We review this Privacy Policy regularly and reserve the right to change it at any time in accordance with applicable laws and regulations. Any amendments and revisions shall take effect immediately from the date we post the amended terms and conditions on our website: https://www.altas.lt/Draudimo-paslaugos/

Principles for processing personal data

Principles we follow when processing your Personal Data:

1. ‘Lawfulness, fairness and transparency ‘ – Your Personal Data is processed lawfully, fairly and transparently in relation to the data subject;
2. ‘Purpose limitation principle‘ – Your Personal Data is collected for specified, explicit and legitimate purposes and is not further processed in a way incompatible with those purposes;
3. ‘Data minimisation principle’ –Your Personal Data must be adequate, relevant and only necessary for the purposes for which it is processed;
4. ‘Accuracy Principle ‘ – Your Personal Data must be accurate and, where necessary, kept up-to-date; all reasonable steps must be taken to ensure that inaccurate Personal Data are erased or rectified without delay, having regard to the purposes for which they are processed;
5. The ‘retention period limitation principle ‘ – your Personal Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed;
6. ‘integrity and confidentiality principle‘ – your Personal Data must be processed in such a way as to ensure, by appropriate technical or organisational measures, adequate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Your Personal Data is considered confidential information and may be disclosed to third parties only in accordance with the rules and procedures set out in this Privacy Policy and applicable law.

Processing of personal data of clients or other participants in the insurance relationship

Categories of personal data processed about clients or other participants in the insurance relationship

Depending on the insurance products, we collect and process different types of personal data. Below are the main, but not all, categories of personal data processed by the Company:

1. Personal identity and activity data: name, surname, personal identification number (if the client is a natural person) or date of birth (age), job title;
2. Details of the insurance policy: type of insurance, series and number of the policy, policyholder code, effective date, expiry date of the policy, sum insured, premium amount, date of payment of premiums, amount of premiums received, number of the premium payment document, and other details;
3. Data on other participants in the insurance relationship: beneficiaries, insured persons, injured third parties;
4. Data relating to the insured object and to the insured event: depending on the insurance contract, information relating to non-life insurance, such as property insurance, motor insurance, third party liability insurance, travel insurance, surety, cargo insurance, etc., as well as the data that are processed in the event of an insured event;
5. Details of the person’s occupation and hobbies;
6. Data relating to the provision of services: data on the performance or non-performance of contracts, contracts in force or expired, requests made, complaints, insured events, etc;
7. Financial data: name of the payer, purpose of the premium, due date, amount of the premium, date of payment, number of the payment order, whether the premium is paid directly to the insurer, bank account number, the policyholder’s debt, whether the premium is deferred;
8. Contact details: mailing address, telephone number, email address, contact details. postal address.

Please be aware that data not listed above, which you have provided to us or on your behalf or which we have generated in the course of providing services to you, may also be collected and processed.

Purpose and legal basis for processing of data relating to customers or other participants in the insurance relationship

We only collect personal data of customers or other participants in the insurance relationship for predefined, defined purposes:

Processing of personal data relating to the prevention and control of COVID-19 disease (coronavirus infection)

In accordance with the Government of the Republic of Lithuania’s Resolution “On Declaring a State Level Emergency” and other legal acts that impose obligations on companies, institutions and organisations related to the prevention of the outbreak of the COVID-19 disease (coronavirus infection) in the country, we may process personal data of clients, other participants in the insurance relationship, or other data subjects in relation to the passport of opportunity in cases where we provide contact services.

Personal data (including health data) of data subjects are processed for the purpose of determining whether a person falls within at least one of the criteria set out in the legislation, enabling them to benefit from the lighter quarantine measures in the cases specified in the legislation, and for the implementation of the measures for the prevention and control of COVID-19 (coronavirus infection).

The data processed to verify the access passport are: a QR code encoding the general data of the data subject – name and year of birth – and information on the starting and ending dates (year, month, day) and the time (hour, minute) of the access passport.

The QR code information is not stored on our device, but is only verified (viewed and checked on the device) to determine whether the person has a valid passport.

Processing of personal data of candidates for employment with the Company

Categories of personal data processed on candidates for the Company’s employees

We collect and process different types of personal data depending on the position. Below are the main, but not all, categories of personal data processed by the Company:

1. Personal identification data: name, surname, date of birth (age) of staff candidates;

2. Details of qualifications and experience: Information on the candidate’s work experience (employer, period of employment, duties, responsibilities and/or achievements), Information on the candidate’s education (training institution, period of training, education and/or qualification obtained), information on further training (training attended, certificates obtained), information on language skills, information technology, driving skills, other competences, other information provided by the candidate in his/her curriculum vitae (CV), cover letter or other application documents;

3. Recommendations and employer feedback: the person recommending or giving feedback, their contact details and the content of the recommendation or feedback;

4. Personal data of good repute: data processed by the Company for the purpose of exercising the control of the insurance broker’s good repute provided for in the Insurance Law of the Republic of Lithuania, including data on criminal records;

5. Contact details: residential address, correspondence address (if different from the permanent address), telephone number, e-mail address, telephone number, telephone number, e-mail address, telephone number, telephone number, e-mail address, telephone number, e-mail address. postal address.

Purpose and legal basis for the processing of data on candidates for employment with the Company

We only collect personal data of candidates for the Company’s employees for predefined, specified purposes:

Ways of obtaining personal data

We receive your Personal Data when you provide it directly to us, for example, by becoming a customer and/or by providing information to us electronically (e.g. by filling in a form on our website).

We also collect personal data about you from third parties and/or publicly accessible registers or other sources to the extent provided for by applicable law, such as public registers, institutions, bodies, other legal entities, etc.

In certain cases, we may receive your data when you insure another person. In this case, you are obliged to inform and obtain the consent of that person, and when we receive such data, we shall consider that you do so with the knowledge and consent of that person.

We receive your data directly from you as a candidate for the Company’s employees, for example, when you send your curriculum vitae (CV) and/or cover letter and other application documents.

We may also obtain information about your candidacy, your curriculum vitae (CV) and/or other candidacy documents from entities providing job search, selection and/or placement services, such as the Labour Exchange of the Republic of Lithuania, recruitment agencies, and/or career portals.

We may receive certain information from third parties, such as people who recommend you, current or former employers, but we will only collect such information if we have a legal basis to do so, e.g. if you give your consent to be contacted by the employer and/or other person you name.

Transfer of personal data to third parties

We may only disclose and/or transfer your Personal Data in accordance with legal requirements and confidentiality principles to the following categories of recipients:

1. State and municipal institutions, bodies, organisations and other public administration bodies;
2. Pre-trial investigation agencies, courts, bailiffs, notaries;
3. Commercial banks, other financial institutions;
4. Legal, finance, tax, business management, HR, accounting advisors, etc;
5. To our partners, insurance companies or other persons who are a necessary part of the provision of our products and services;
6. Other persons with whom we intend to enter into or have entered into contract(s).

We may also disclose your Personal Data if we are under an obligation to disclose or share your Personal Information in order to comply with any legal or regulatory obligation or request.

International transfer of Personal Data

Please be advised that your Personal Data may be transferred and processed outside the European Union (” EU“) and the European Economic Area (” EEA“).

The transfer of personal data may be considered necessary in situations such as:

1. to enter into a contract between you and us and/or to perform the obligations set out in such a contract;
2. to protect our legitimate interests, in cases specified by law, e.g. to take legal action in court / before other bodies;
3. to comply with legal requirements or to further the public interest.

When transferring your Personal Data internationally, we ensure that appropriate safeguards are implemented in accordance with the requirements of the law.

When transferring data to countries outside the EEA for which the European Commission has not adopted a data protection adequacy decision, we will ensure data protection by signing standard contractual clauses approved by the European Commission with the recipient of the data or by obtaining a special authorisation from the Inspectorate.

Before signing a contract for the provision of Personal Data with a Data Recipient or Processor located outside the EEA in accordance with the Standard Contractual Clauses approved by the European Commission, the Company shall assess it, taking into account the technical organisational security measures applied by the Data Recipient/Processor, the legislation in force in the country of the Data Recipient, the Data Recipient/Processor’s reputation, financial situation and other circumstances.

We may transfer Personal Data to a third party by taking other measures, provided that these ensure appropriate safeguards as set out in the GDPR.

How do we protect your Personal Data?

We take various security measures to guarantee the security of your Personal Data. In our practice, we use technical and organisational data protection measures in line with the latest data protection practices to protect against unauthorised access, loss, misuse, accidental or unlawful destruction, alteration, disclosure or any other unauthorised processing of Personal Data. These include firewalls, secure equipment, access control and restriction of rights, monitoring of the systems where data is stored, staff training and careful selection of subcontractors.

We and any third-party service providers who may process Personal Data on our behalf are also contractually bound to respect the principles and requirements of confidentiality of Personal Data.

Principles and time limits for the retention of personal data

We keep personal data for as long as it is needed for the purposes for which it was collected or as required by law. This means that we will retain your Personal Data for as long as it is necessary for the purposes for which your data was collected and processed, but no longer than required by applicable laws and regulations. The period of retention of personal data depends on the contracts entered into, legal requirements or the legitimate interest of the Company.

If the legislation of the Republic of Lithuania does not provide for any retention period for Personal Data, we will determine this period taking into account the legitimate purpose of the retention of the data, the legal basis for the retention and the principles of lawful processing of Personal Data.

The following are the main retention periods applicable to Personal Data at the Company:

1. We keep Personal Data processed on the basis of consent for as long as your consent is valid, unless there are no other objective circumstances to keep this Personal Data longer;
2. We will destroy all your personal data collected for the purposes of the selection process without your consent for further processing of the data after the end of the selection process. The closing date of the selection shall be the date on which the contract of employment for the advertised position is concluded;
3. Your CV, applications and other documents submitted for the purpose of providing information for future recruitment and selection processes shall be stored for 1 year from the date of the end of the recruitment process, provided that your consent is obtained for such further processing of personal data. The closing date of the selection shall be the date on which the contract of employment for the advertised position is concluded;
4. Your Personal Data processed for the purpose of concluding a contract with you and other pre-contractual activities (to know and identify you) shall be kept for 1 year from the date of receipt of the offer, unless we have a legitimate interest in keeping such data for longer;
5. Your Personal Data processed in the performance of contracts is stored for 10 years after the end of the contract;
6. Your Personal Data provided by you through our website is retained for as long as necessary to fulfil your request and to maintain further cooperation, but no longer than 6 months from the date of the last communication, unless there is a legal requirement to retain it for longer.

Other data not listed here are stored in accordance with the legislation of the Republic of Lithuania.

Please also note that in certain cases your Personal Data may be stored for longer:

1. as necessary to enable the Company to defend itself against claims, demands or actions and to enforce its rights;
2. there are reasonable grounds for suspecting the unlawful activity under investigation;
3. Personal data is necessary for the proper resolution of a dispute or complaint;
4. a request is received from the Data Subject for access to his or her Personal Data;
5. on other grounds provided for by law.

What rights do you have in relation to Personal Data?

As a data subject, you have the following rights:

1. The right to be informed about whether the Company processes your personal data and, if so, to have access to your personal data

You have the right to be informed about what Personal Data we process, where it comes from, for what purposes it is processed, how long it is stored, to whom it is disclosed etc. It should be noted that your right of access may be limited by law, the protection of the privacy of others and for reasons related to our business and practices.

2. The right to have inaccurate Personal Data relating to you rectified

If it becomes apparent that we are processing inaccurate or incomplete Personal Data about you, you have the right to request the rectification or completion of your Personal Data.

3. The right to request erasure (“right to be forgotten”)

You have the right to request the erasure of some or all of the Personal Data we process about you if we no longer have a legal basis for processing it or if there are other grounds provided for by law.

4. Right to request restriction of processing of Personal Data

You also have the right to request that we restrict the processing of your Personal Data for a certain period of time. This may be, for example, where you believe that such processing is unlawful and/or the data about you is inaccurate and we need to verify this.

5. The right to object to the processing of Personal Data where it is based on our legitimate interests

Where we process your data on the basis of our legitimate interests, you have the right to object to our processing of your Personal Data, unless our processing interests override yours.

6. Right to portability of Personal Data

In certain cases, you have the right to request the transfer of the personal data relating to you that you have provided to us in a commonly used and computer-readable format, and you have the right to request that it be transferred to another controller.

7. Right to withdraw consent

You have the right to withdraw your consent to the processing of your Personal Data if the Personal Data was processed on the basis of consent. Withdrawal of consent shall not affect the lawfulness of processing based on consent carried out before the withdrawal of consent.

8. Right to lodge a complaint with the supervisory authority

If you believe that the processing of your Personal Data by us infringes your rights and legitimate interests under applicable law, you may lodge a complaint with the supervisory authority, the State Data Protection Inspectorate. The State Data Protection Inspectorate’s complaints procedure can be found here: https://vdai.lrv.lt/lt/atmintines/atmintine-asmenims-ketinantiems-kreiptis-i-valstybine-duomenu-apsaugos-inspekcija-del-skundo-pateikimo/kaip-kreiptis-i-inspekcija.

Enforcing your rights

The above rights will only be exercised upon our receipt of your written request to exercise the above rights and upon confirmation of your identity. Such a written request shall be made to us in person at our registered office address at Kalniečių g. 104, LT-50184 Kaunas, by post or by e-mail: ad_brokeris@altas.lt

Your request will be processed within 30 (thirty) calendar days of receipt. In special cases, depending on the complexity of the requests and the amount of Personal Data, the period of 30 (thirty) calendar days may be extended upon prior notice to you. The reply to your request will be in the same form as the request, unless you wish to receive the information electronically.

Contact us/DAP

If you have any questions about how your Personal Data is processed or wish to exercise your rights, you can contact us by emailing. by e-mail ad_brokeris@altas.lt or to the address of UADBB “Altas draudimo brokeris”- Kalniečių g. 104, LT-50184 Kaunas, Republic of Lithuania.

You can also contact our Data Protection Officer by sending an email to. email: ad_brokeris@altas.lt.