This Privacy notice (hereinafter referred to as ‘the Notice’) contains information on how the UAB ‘Ignitis’, legal entity’s code 303383884, registered address Žvejų g. 14, LT-09310 Vilnius (hereinafter referred to as ‘the Company’) processes personal data.

Provisions of the present Notice are applicable to natural persons, who use the Ignitis ON mobile application (hereinafter referred to as ‘the Application Users’).

Additional information on how the Company processes personal data is provided in the Privacy Notice of the Company on the ignitis.lt website.

The Company shall have the right to unilaterally amend and/or supplement the present Notice. The Company shall publish the information about all the amendments of the present Notice within the Ignitis ON mobile application.

Definitions

– ‘Personal data’ means any information related to an identified or unidentified natural person (e.g. name, surname, contact details, etc.).

– ‘Data processing’ means any operation performed on personal data (e.g. collection, recording, storage, access authorization, transmission, etc.).

– ‘Services’ means ‘Ignitis ON’ electric vehicle charging services.

Other definitions used in the present Privacy Notice shall be interpreted pursuant to the definitions provided in legislation regulating the protection of personal data (General Data Protection Regulation (EU) 2016/679, Law on Legal Protection of Personal Data of the Republic of Lithuania and other legislation).

Purposes for which the Company processes personal data:

Provision of services. The Company processes personal data in order to ensure appropriate provision of the Ignitis ON service (hereinafter referred to as “the Service”) on the basis of the contract implementation.

Administration of payments. The Company processes personal data related with the payment for services rendered on the basis of implementation of contracts and/or requirements laid down by law.

Resolutions of submitted enquiries. The Company processes personal data by handling and resolving submitted enquiries and/or complaints on the basis of contract implementation, consent or requirements laid down by law.

Other purposes. The Company may also process personal data for other purposes, if the Company has a personal consent for such processing, is obliged to process Personal data by law or exercises the right to process personal date due to legitimate interest.

In all the aforementioned cases, the Company shall process personal data only to the extent it is needed to achieve clearly defined and legitimate objectives, taking into account the requirements for personal data protection.

The scope of personal data processing (categories)

The following are the main categories of personal data and the data, which is processed by the Company for the aforementioned purposes and legal bases:

Identity details – name, surname;

Contact details – address, phone number, email;

Details in relation with provision of services – information on the Services rendered and to be rendered, details obtained by the Company while communicating with persons directly or via means of remote communications (via phone, email), etc.

Payment details – payment history, etc.

Sound recording details – such details of sound recordings, which were made while communicating by phone, etc.

Cookie details – an information on the location of the person with accuracy to the city level, preferences of a person, their behaviour on the website or self-service portal of the Company, their interests, etc. (more detailed information is available in the section “cookies and their use” below).

Other details, which are processed by the Company on bases provided by law

Supply of personal data

Following the requirements laid down by law, the Company can transfer processed personal data to the recipients within the following categories:

Service providers. The Company may transfer processed personal data for third persons acting on behalf of the Company and/or as commissioned by the Company, which provide the customer support (TRANSCOM WORLDWIDE VILNIUS UAB), IT services (Fortum Charge and Drive B.V., Claudius Prinsenlaan 136, 4818CP Breda, the Netherlands, providing the cloud services), payment administration (Stripe Payments Europe Ltd.) and other services to the Company, in order to ensure proper provision, management and development of services of the Company. In such cases, the Company shall take the necessary measures to ensure that the service providers (data processors) processed the supplied personal data only for the purposes for which such data was supplied, by ensuring the proper technical and organizational safety measures, pursuant to the instructions by the Company and requirements laid down by law.

Institutions and supervisory bodies. The Company may submit the processed personal data for governmental, law enforcement or supervisory institutions, where such submission is mandatory according to the current legislation or in order to ensure the rights of the Company or the safety of the customers, employees and assets of the Company.

Other third parties. The Company may supply personal data to other recipients on legitimate bases defined by law.

Storage of data

The Company shall process personal data no longer than it is needed to achieve the aforementioned purposes of data processing or than it is indicated in the applicable law, if they set a longer period for the storage of data.

In order to determine the data storage period, the Company shall apply the criteria corresponding with the obligations laid down by law, as well as take into account the anticipated rights of the person, e.g. foreseeing the data storage period, during which the demands regarding the implementation of contract, if any, could be submitted, etc.

Applied safety measures

The Company shall ensure the confidentiality of personal data according to the requirements laid down by current legislation and the implementation of appropriate technical and organizational measures, designed to protect personal data from unlawful access, disclosure, accidental loss, change, destruction or other unlawful processing.

Rights of persons

Having contacted the Company and upon being identified by the Company, a person shall have the right:

a) to access their personal data processed by the Company;

b) to rectify incorrect, incomplete or inaccurate personal data;

c) to demand destruction of personal data or stopping the processing of personal data, with the exception of their storage, if such actions are carried out in breach of the requirements of the applicable law;

d) to obtain personal data that the person has submitted by themselves, in a structured, commonly used and computer-readable format;

e) to request to delete the personal data processed by the Company, where the personal data is processed in breach of requirements of the applicable law or where such personal data is no longer needed to achieve the purposes for which it was collected or otherwise possessed;

f) to limit the processing of their personal data according to the applicable law, e.g. for a period of time during which the Company would assess if the person has the right to request deletion of their personal data;

g) oppose the processing of their personal data and/or, in case the data is processed on the basis of the consent, to revoke the consent regarding the processing of the personal data, without any impact on the lawfulness of the data processing prior to the revocation of the consent.

Persons may apply in writing, regarding the present Rules or processing of personal data carried out by the Company, at the address Žvejų g. 14, LT-09310 Vilnius, by email at info@ignitis.lt or by phone: +370 611 21802

Contact details of the data protection officer of the Company: dap@le.lt

Where the resolution of the issues, regarding the processing of personal data by the Company and/or the rights of a person, cannot be reached, the person shall also have the right to apply and submit a complaint to the State Data Protection Inspectorate.

Rights of the persons

Upon trusting the Company with their personal data, the persons confirm that they have been duly informed about the conditions for personal data processing, which are indicated in the present Notice, that they do not object that the Company processed their submitted personal data, that the personal data and information, submitted by the person, is accurate and correct and that the Company shall not bear the responsibility for submission and processing of superfluous data, if such data was submitted to the Company by a person through negligence.

The person shall undertake to inform the Company about any changes in the submitted data or other related information.

Cookies and their use

In order to make using of the present self-service portal faster and more convenient, the Company uses cookies. Cookies are small files, sent and installed in the computer of the visitor of the website. The Company uses the installed information to identify the person and to monitor the website traffic statistics.

There can be three types of cookies used on the Company’s website:

Necessary: such cookies are necessary in order for the person to look around on the website and use its functions, such as access to the secure areas of the website.

Experience improvement: such cookies gather information on how the visitors use a certain website, e.g. which pages are the most visited and whether visitors receive any error messages from the website. These cookies do not collect information that would allow identifying the website visitor. The information collected by these cookies is general and therefore anonymous. It is used only to improve the activity of the website.

Functional: such cookies enable the website to remember your chosen data (such as your name, language or region) and to suggest improved and personalised functions. These cookies cannot monitor your browsing activities on other websites.

Cookies are used on the website only after the user of the Application consents with the use of cookies. The Application user may revoke their consent at any time by changing their browser settings, however, certain functions of the Application may not work.