This Privacy Notice answers the most important questions about how we collect, use and protect information about you. Please read this important information carefully and visit our website from time to time visit our website at https://ltginfra.lt to read the latest version of the Privacy Notice published there.

AB LTG Infra, legal entity code: 305202934, registered office address: Geležinkelio g. 2, 02100 Vilnius, e-mail: info@ltginfra.lt, phone number: +370 5 269 3353.

However, when you visit our accounts on social networking platforms, in certain cases we process your personal data jointly with the social network operators and act as joint controllers under Article 26 of the General Data Protection Regulation (GDPR).

We currently manage the following accounts:

• Meta (Facebook): https://www.facebook.com/profile.php?id=61575860161685
• Meta (Instagram): https://www.instagram.com/ltg_infra/
• Meta (Facebook): https://www.facebook.com/RailBalticaLietuvoje
• LinkedIn: https://www.linkedin.com/company/rail-baltica-in-lithuania/
• YouTube: https://www.youtube.com/@railbaltica7979

Our ability to influence the processing of data by social media platform managers, such as account management or posting of information, is very limited. Where objectively possible, we endeavour to ensure that the platform operator ensures that personal data is processed in accordance with the GDPR. However, in most cases, we have no control over the actions of the platform operator and we do not know exactly what personal data about you they process and how they do that.

The platform manager manages the entire IT infrastructure, determines the technical and organisational measures for data protection and how and for what purposes it will process the personal data of its customers, i.e. the users of the platform who have created accounts. We can only partially influence your personal data on the platform that has been captured and made visible to us as a result of your visit to our account. We cannot influence your personal data contained in your account.

For more information on the processing of data by social network managers, please refer to their own published privacy policies:

• Meta (Facebook and Instagram): https://www.facebook.com/privacy/explanation
• YouTube: https://policies.google.com/privacy?hl=lt&gl=en
• LinkedIn: https://www.linkedin.com/legal/privacy-policy

Please refer to section 3 above – you must provide the information about you that is necessary to:
4.1.   enter into contracts with you and fulfil our contractual obligations;
4.2.  enter into contracts with the persons you represent and fulfil our contractual obligations;
4.3.  properly comply with legal obligations or public functions imposed on us where we process your personal data on the basis of a legal obligation or public interest.

If you do not provide the information, we will not be able to enter into contracts and contractual obligations with you and/or the persons you represent, or to carry out the legal obligations or public functions or other purposes assigned to us.

Most of the information is provided by you, but we may receive some information from:

5.1.   Parent public limited company Lietuvos geležinkeliai;
5.2.  Legal entities you represent or are employed with;
5.3.  State Enterprise Centre of Registers and other state institutions.

Your personal data may also be systematically generated when you use our services, visit our website or enter our premises where video surveillance is carried out.

We transfer or share information about you with partners, service providers, and the entities listed below only to the extent necessary and permitted by applicable law and for the reasons listed in section 3:
6.1.   To the Company's partners providing newsletter management services and survey management services;
6.2.  To the Company's parent company AB Lietuvos geležinkeliai and its subsidiaries (the data may be transferred for all the purposes specified in section 3 above);
6.3.  To banks carrying out settlement transactions;
6.4.  To the Lithuanian Transport Safety Administration;
6.5.  To courts, regulators, law enforcement and other public authorities;
6.6.  To lawyers, notaries, bailiffs, auditors, consultants, information technology maintenance service providers, electronic communications service providers, insurance companies, companies providing archiving and other services to the Company.

Please note that the Company shall only select as data processors those persons who have provided the Company with a satisfactory guarantee that they have appropriate technical and organisational measures in place to ensure the secure processing of personal data and an adequate level of data protection in accordance with the applicable European Union legislation.

In most cases, personal data are processed and transferred within the territory of the European Union and the European Economic Area, but where necessary for the provision of certain services, they may be transferred and processed outside these territories, subject to an adequate level of protection of personal data. We disclose information about you if permitted by law and for the reasons set out in section 6 of this Privacy Notice:

7.1.   On the basis of an adequacy decision of the European Commission, which means that the European Commission has recognised the country in which the third party is established and/or carries out its activities as having an adequate level of protection of personal data;
7.2.  We have a contract with a third party based on the Standard Contractual Clauses approved by the European Commission;
7.3.  We have obtained permission from the State Data Protection Inspectorate;
7.4.  Having made use, where possible, of other available safeguards and derogations for the protection of personal data.

² The European Economic Area is made up of all the member states of the European Union plus Iceland, Liechtenstein and Norway.

The GDPR and other laws give you rights, provides for the cases in which you can exercise them, the procedures you must follow, and the exceptions in which cases you cannot exercise the rights granted. Where permitted by law, you may:

8.1.  have access to your personal data, i.e. receive a notice confirming whether the Company processes your personal data and, if it does, request access to the data processed and the information relating to it;
8.2.  ask us to correct inaccurate or incorrect information used or to complete information that is incomplete;
8.3.  ask us to delete information we hold about you if we are using it unlawfully;
8.4.  request us to restrict the processing of the information we hold about you where you contest the accuracy of the data or object to the processing of the data, object to the erasure of unlawfully processed data about you, or where you need the data in order to make, exercise or defend legal claims;
8.5.  object to the use of your data where we process your data in the legitimate interests of the Company and/or third parties;
8.6.  request us to transfer/receive data that you have provided to us under a contract or consent to the processing and that we process by automated means in a commonly used electronic format;
8.7.  object to a fully automated decision, including profiling, where such decision-making may have legal consequences or similar significant effects on you;
8.8.  withdraw the consents given to us for the use of information about you where we use the data on the basis of your consent;
8.9.  lodge a complaint with a supervisory authority, in particular in the Member State where you are domiciled or where the alleged infringement of the GDPR took place, and seek judicial remedies. In the Republic of Lithuania, the supervisory authority is the State Data Protection Inspectorate (A. Juozapavičiaus g. 6, 09310 Vilnius; phone (+370 5) 271 2804, 279 1445; e-mail: ada@ada.lt), but we recommend that you contact us first and we will try to work with you to resolve all your requests.

To exercise the rights set out in section 8 of this Privacy Notice, you must:

9.1.  personally deliver the request to exercise the data subject's rights (hereinafter referred to as the Request)³ to the Company's headquarters or to the Data Protection Officer at the addresses specified in section 14 of this Privacy Notice (the Request must be accompanied by a personal identification document);
9.2. send the Request to the Company or the Data Protection Officer to the postal addresses specified in section 14 of this Privacy Notice (a copy of the person's identity document certified by a notary public or other procedure established by law must be attached to the Request);
9.3. submit the Request to the Company or the Data Protection Officer at the e-mail addresses specified in section 14 of this Privacy Notice (the request submitted by e-mail must be signed with a secure qualified electronic signature).

³ The recommended form for requesting the exercise of the data subject's rights is presented here.

Yes, we use cookies as set out in the table below. Cookies are small text files that are stored in the browser of your device (e.g. computer, mobile phone or tablet) when you browse websites. Other technologies, including data we store in your browser or device, identifiers associated with your device and other software, may be used for similar purposes. Cookies are used extensively to make websites work or work better and more efficiently.

When you visit the website (www.ltginfra.lt), you can choose whether you want to use cookies. You can manage cookies on the website itself and/or delete them according to your browser preferences. You can refuse the use of optional cookies on the website, which are not mandatory but may not allow the website to function fully.

You can choose which cookies you want to accept or reject in your browser settings. You can delete any cookies that are already on your computer, and most browsers can be set not to save cookies. The location of these settings depends on the browser you are using.

If you do not agree to the placement of cookies on your computer or other device, you can withdraw your consent at any time by changing your settings on the website and deleting the cookies stored in your browser. If you choose to delete cookies, please remember that any options you have set will also be removed. In addition, blocking cookies altogether may prevent many websites (including www.ltginfra.lt) from working properly. For these reasons, we do not recommend disabling essential cookies.

If you do not want your personal data to be processed by cookies, you can change the settings of your web browser so that cookies are not accepted or delete the cookies you have saved.

You can change the cookie settings in your browser at any time. All browsers have the option to delete cookies. More detailed instructions depend on the browser you are using and can be found in the options menu of the browser you are using:

Cookie settings in Internet Explorer

Cookie settings in Firefox

Cookie settings in Chrome

Cookie settings in Safari web and iOS

For more information visit https://www.allaboutcookies.org/

We reiterate that the removal or blocking of cookies may affect the operation of the website and some of its functionalities, as well as adversely affect your use of the services available on the portal.

To learn more about cookies and how to manage or remove them, simply visit https://www.allaboutcookies.org/ and your browser's help page.

If you have any questions, comments or complaints about how we collect, use and store information about you, or if you wish to exercise your rights as a data subject, you can contact:

14.1.  The Company at: Geležinkelio g. 2, 02100 Vilnius, phone +370 5 269 3353, e-mail: info@ltginfra.lt;
14.2. The Data Protection Officer at: Pelesos g. 10 Vilnius, e-mail: dap@ltg.lt