AB LTG INFRA

PRIVACY NOTE

 

Last updated: 21 December 2021

AB LTG Infra (hereinafter referred to as "LTG Infra" or "The Company" or simply "we") stores information about you in connection with the Processing of Data in connection with the General Data Protection Regulation of the European Union (referred to as "GDPR"1) and other data protection legislation.

____________________________________________________

1Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).



This Privacy Note provides answers to the most important questions – how we collect, use, and store information about you. Please read this important information carefully and from time to time visit our website at https://ltginfra.lt  and read the latest version of the Privacy Note published there.

 

AB LTG Infra, legal entity code: 305202934, registered office address: Gelezinkelio str. 2, 02100 Vilnius, e-mail address: [email protected], telephone number: (8 5) 2693353.

 

No.

Why do we collect information about you?

What information do we collect about you?

Why do we have the right to collect the information you provide?

How long do we use or store information about you?

3.1

We conclude and execute contracts with you and fulfil the related tax obligations

 

 

 

 

Name, personal identification number and/or date of birth, address of residence, e-mail address, telephone number, signature, payer code, copy of identity document, number of individual activity certificate, billing information, settlement period, debt information, bank account number, contract, additions to the authorisation, amendments and annexes, acts of acceptance, date of conclusion, contract number, place of conclusion and performance of the contract, information on the performance of the contract, termination information, extract of the central data bank of the Real Estate Register and, as regards the performance of the contract, communication with you, other information that may be necessary for the proper performance of the contract. 

 

We conclude and execute the contract with you - Article 6(1)(b) of the GDPR

We must collect information according to the law - Article 6(1)(c) of the GDPR

 

During the term of the contract and 10 years after the expiration of the contract

 

 

3.2

To maintain relationships with the private or legal persons you represent (for example when we sign the contracts for the implementation of projects)

 

 

Name, personal identification number and/or date of birth, address, authorisation, period of the authorisation, signature, relationship with the person represented, position, telephone number, e-mail address, all information you provide to the Company (e.g. information about the person you represent, contracts concluded, etc.) and, as far as the performance of the contract is concerned, communication with you, other information that may be necessary for the proper performance of the contract.

 

We have a legitimate interest (to maintain relations with the persons you represent) - Article 6(1)(f)) of the GDPR

 

 

During the term of the contract and 10 years after the expiration of the contract

 

3.3

For informing/ questioning you about the Company's services relevant to you

 

 

Name, telephone number, address, organisation represented, e-mail address

 

 

You agree that we will use information about you (Article 6(1)(a) of the GDPR, Article 69(1) of the Law on Electronic Communications of the RL) or have purchased goods or services from us (Art. 69(2) of the Law on Electronic Communications of the RL)

 

2 years after the consent or the end of your relationship with us, unless you express your disagreement within this period

 

 

3.4

When you have submitted to us an application, offer or complaint

 

 

Name, e-mail address, state, phone number, subject of the request, request time, request content, query attachments, query response

 

 

 

 

We have your consent - Article 6(1)(a) of the GDPR, we are obligated to collect the information in accordance to the law (Article 6(1)(c), Article 29(1) and Article 293(5) of the Railway Transport Code of the Republic of Lithuania.

We have a legitimate interest (to examine your enquiries, requests or complaints) - Article 6(1)(f)) of the GDPR

 

1 year after last referral

 

3.5

We record telephone conversations to ensure the quality of the services provided, to provide accurate information about the services provided and provide advice, and to investigate inquiries, complaints and requests

 

 

 

Telephone number, telephone records and data provided during conversations

 

 

We have a legitimate interest (to ensure the quality of customer service, to provide accurate information about the services provided and to provide advice, to ensure the appropriate quality of customer service, to examine requests, inquiries or complaints) - Article 6(1)(f)) of the GDPR)

 

 

1 year after conversation with you

 

 

3.6

We record conversations of GSM-R, shunting radio, analogue rail radio, technological telephone, audio station communications, a mobile and fixed connection of public operator's communication systems to implement the requirements related to the security of property and persons, to ensure compliance with legal acts and investigation of railway accidents or incidents.

 

 

 

GSM-R radio communication system: call records, call start date and time, answer date and time, call end date and time, call duration, caller number, caller functional number, contact number, contact functional number.

Shunting radio communication: call records, call date, time and duration.

Analogue rail radio communication:  call records, call date, time and duration.

Technological telephone communication: call records, call date and time, duration, contact number, caller number.

Audio station communication: call record, call date, time and duration.

Mobile and fixed connection of public operator's communication: call record, caller number, contact number, call date, time and duration.

We have a legitimate interest (to investigate rail accidents or incidents - Article 6(1)(f) of the GDPR


We have a legal obligation to manage call records in accordance to Order No 3-531(1.5 E) of 23 December 2015 of the Minister of Transport of the RL, to approve the Provisions on the reporting of rail accidents and incidents, the investigation of rail accidents and incidents and their response;

to Order No 297 of 20 September 1996 of the Minister of Transport of the RL, to approve the Provisions for the technical operation of railways;

to Order No 1-54 of 20 February 2015 of the Minister of Energy of the RL, to approve the Provisions  for Dispatched electricity system operation -

Article 6(1)(c) of the GDPR

 

GSM-R radio communication system:  records stored by their type, records of rail   emergency calls are stored for 6 months and others – for 2 months.

Shunting radio communication: records are stored for 2 months.

Analogue rail radio communication: records are stored for 2 months.

Technological telephone communication: records are stored for 6 months.

Audio station communication: records are stored for 2 months.

Mobile and fixed connection of public operator's communication: records are stored for 6 months.

 

 

 

 

3.7

We ensure the security of your health, life and trust and the property owned by the Company - in cases when you are filmed on the Company's premises, their accesses, railway crossings, stations, and their access areas

 

Video 

 

 

We have a legitimate interest (security of property and persons) - Article 6(1)(f) of the GDPR

 

 

5 to 30 days (device dependent)

(at railway crossings - up to 3 months)

 

 

3.8

We may participate in legal proceedings relating to you

 

 

All information mentioned in this Privacy Note, documents and annexes sent to you, documents and annexes thereto, procedural documents, court orders, rulings, decisions.

 

 

We have a legitimate interest (to defend the Rights of the Company in legal proceedings) - Article 6(1)(f) of the GDPR

 

10 years after the expiration of the contract with you or 10 years after the legal proceedings have ended

 

 

 

 

Information on criminal offences and convictions.

 

 

Data is needed to assert, enforce or defend legal claims - Article 9(2)(f) of the GDPR

 

3.9

To investigate rail accidents or incidents

 

 

Witness in a rail transport accident, accident or incident: name, name of the person affected by a rail traffic accident, accident or incident, by order, sex, age, sobriety, personal actions, the name of the perpetrator of a railway accident, accident or incident and any other information we must handle under Order No 3-531(1.5 E) of 23 December 2015 of the Minister of Transport of the RL, Annex 2 of The Provisions on the reporting of rail accidents and incidents, the investigation of rail transport accidents and incidents and their response.

 

 

We must collect information following the law (Article 6(1)(c) of the GDPR, Order No 3-531(1.5 E) of 23 December 2015 of the Minister of Transport of the RL, to approve the Provisions on the reporting of rail accidents and incidents, the investigation of rail accidents and incidents and their response)

 

10 years after a rail traffic accident or incident

 

 

3.10

We perform the functions of the Public railway infrastructure manager

 

 

Information about the assets you own in the information system of the State Enterprise Centre of Registers.

 

 

We have a legitimate interest following the assigned functions by Article 23 of the Railway Transport Code of the Republic of Lithuania - Article 6(1)(f) of the GDPR

 

During the term of the contract

 

3.11

To ensure the efficient and secure operation of our website

 

 

Time and duration of connection to our website, IP address, name of the used browser and other statistical data.

We have a legitimate interest (to ensure that the Company's website operates qualitatively and that the persons visiting it find relevant information) -Article 6(1)(f) of the GDPR

 

60 days

 

 

3.12

Through the hotline channels, you provide us with information on possible fraud, corruption, other crimes, violations of law, violations of employment duties

 

 

If the person provides the information by telephone not anonymously - the data shall indicate the name, etc. of the person, the content of the message, the telephone number from which the call was made, the start, end, duration and other personal data if provided by the person.

 

If a person provides information by e-mail or via the website www.litrail.lt - e-mail address and additional information if the person provides information not anonymously - name, telephone number, the content of the message.

 

 

We have a legitimate interest (to prevent fraud, corruption, other criminal offences, violations of law, duties and other violations - to prevent the committed acts, to take measures to prevent future acts, etc.) - Article 6(1)(f) of the GDPR

 

 

 

1 year from the date of receipt of the information

 

 

3.13

You are submitting a request to enforce the data subject's rights under the GDPR and we are enforcing the request

 

 

Depending on what personal data you provide: name, phone number, address, date of birth, email address, time-card number, legal partner code, copy of identity document, request for the exercise of data subject's rights, date of request, place of request, specified method of replying to the request, the content of the request and other information provided in the data subject's request, reply to the data subject, other information related to the exercise of the data subject's rights.

 

We have a legal obligation to enforce the rights of data subjects - Chapter III of the GDPR

 

 

 

Applications are kept for 5 years from the date of the reply

 

 

 

 

 

Please review the answer to point 3 above – you must provide the information about you that is necessary in order to:

4.1 we would enter into agreements with you and fulfil our contractual obligations (for objective 3.1);

4.2. we would conclude contracts with the persons represented by you and fulfil our contractual obligations (for objective 3.2).

Failure to provide you with the information specified in paragraphs 3.1 and 3.2 will not be able to conclude contracts and fulfil contractual obligations with you and/or persons represented by you.

 

Most of the information you provide yourself, but we may receive some of the information from:

5.1. Joint-stock company Lietuvos geležinkeliai (for all purposes specified in paragraphs 3.1, 3.2);

5.2. Legal persons that you represent or employ (for the purpose specified in paragraph 3.2);

5.3. Joint-stock company Lietuvos paštas (for all purposes specified in paragraph 3.1);

5.4. State Enterprise Centre of Registers (for all purposes specified in paragraphs 3.1, 3.2, 3.10).

We will only share or transfer information about you with our partners, service providers, and the following entities to the extent necessary and permitted by applicable law, including for the reasons listed in Section 3:

6.1. AB LTG Infra to the parent company of AB Lietuvos Geležinkeliai and its subsidiaries (data may be transferred for all purposes specified in paragraph 3);

6.2. Banks carrying out settlement operations (data to be transferred for the purposes specified in paragraphs 3.1 and 3.2);

6.3. Lithuanian transport safety administration (data to be transferred for the purposes specified in paragraph 3.9);

6.4. Courts, supervisory, law enforcement and other public authorities (data may be transmitted for all purposes specified in paragraph 3);

6.5. Lawyers, notaries, bailiffs, auditors, consultants, information technology surveillance service providers, providers of electronic communications services, insurance companies, archiving services and other services to companies providing the Company (data may be transferred for all purposes specified in paragraph 3).

We note that Company selects as data processors only those persons who have provided the Company with a sufficient guarantee that they apply appropriate technical and organizational measures to ensure the safe processing of personal data and the appropriate level of data protection in accordance with applicable European Union legislation.

In most cases, personal data are processed and transferred within the territory of the European Union and the European Economic Area2, but where necessary for the provision of certain services, data may be transferred and processed outside those territories, subject to an adequate level of protection of personal data. For the reasons set out in section 6 of this Privacy Note, we disclose information about you as permitted by law and for the reasons set out in section 6 of this Privacy Note:

7.1. On the basis of the adequacy decision of the European Commission, the European Commission has recognised the country in which a third party is established and/or operates as ensuring an adequate level of protection of personal data;

7.2. We have signed a contract with a third party based on the Standard Contractual Clauses approved by the European Commission;

7.3. We have obtained the permission of the State Data Protection Inspectorate;

7.4. Other possible measures and derogation for the protection of personal data, where possible.

________________________________________________________

2 The European Economic Area comprises all the Member States of the European Union plus Iceland, Liechtenstein and Norway.

The GDPR and other laws give you rights and provide for cases where you can exercise them, the procedures you need to comply with, as well as exceptions in which you may not exercise the rights granted. Once permitted by law, you can:

8.1. to access your personal data, i.e. receive a notification confirming whether LTG Infra processes your personal data and, if processed, request access to the data processed and the information relating therein;

8.2. submit to us a request to correct or supplement inaccurate, incorrect information used when it is incomplete;

8.3. submit to us a request to delete information about you that we have if we use it illegally;

8.4. to submit to us a request to restrict the processing of existing information about you when you dispute the accuracy of the data or object to the processing of data, do not agree to the deletion of your unlawfully processed data, or the data you need in order to assert, enforce or defend legal requirements;

8.5. to object to the use of the data when we process your data for the legitimate interests of LTG Infra and/or third parties;

8.6. submit to us a request to transfer /receive data that you have provided us under contract or consent to the processing and which we process by automated means in a shared electronic form;

8.7. to object to a fully automated decision, including profiling, if such decision-making may have legal effects or similarly significant effects on you;

8.8. to withdraw the consents given to us regarding the use of information about you when we use the data on the basis of your consent;

8.9. lodge a complaint with the supervisory authority, in particular in the Member State where you are domiciled or the place where the alleged violation of the GDPR was committed and apply for judicial remedies. The supervisory authority in the Republic of Lithuania is the State Data Protection Inspectorate (A. Juozapavičiaus St. 6, 09310 Vilnius; tel. (8 5) 271 2804, 279 1445; e-mail: [email protected]).

In order to exercise your rights under clause 8 of this Privacy Note, you must:

9.1.   personally present the request for the exercise of the rights of the data subject (hereinafter referred to as the Application3) to the office of the Company or to the Data Protection Officer at the addresses specified in item 13 of this Privacy Note (the application must be accompanied by an identity document);

9.2. to send the request to the Company or Data Protection Officer at the postal addresses specified in item 13 of this Privacy Note (a copy of the identity document, certified by a notary or other procedure established by legal acts must be attached to the Application);

9.3. submit a request to the Company or Data Protection Officer with the e-mail addresses specified in item 13 of this Privacy Note (the request submitted by e-mail must be signed with a secure qualified electronic signature).

__________________________________________

3The recommended Application form for the exercise of the data subject's rights is available here.


 

 

The Company may profile you for statistical purposes, as well as to prevent sending of unwanted marketing offers, we assign your categories according to the date of conclusion of the contract, the term of the contract, the status of the contract, and your age.

Yes, we use cookies as shown in the table below. Cookies are small text files stored in your device's browser (e.g. computer, mobile phone, tablet) when you browse websites. Other technologies, including data that we store in your browser or device, identifiers related to your device and other software, may be used for similar purposes. Cookies are widely used to make websites work or work better and more efficiently.

Name

Period

Purpose

GUEST_LANGUAGE_ID

1 year

Store information about the language of the visitor for the page

JSESSIONID

Until the end of the session

Store session data necessary to ensure functionality of the site and maintain the visitor session

__utma

2 years

Store information about the number of visits to the page

__utmb

1 day

Store information about the page opening time

__utmc

Until the end of the session

Until you delete it 

Store information about the time the page closes

__utmt

1 year

Store information about the time on which the page consent was downloaded

__utmz

6 months

Store information, whether the visitor visited the page using the search function, or learned about the page from other sources

COMPANY_ID

Until the end of the session

Provide and store a visitor's user ID so that one visitor can be properly separated from another

ID, USER_UUID

Until the end of the session

Until you delete it

Store visitor ID information to support automatic sign-in functionality

__cfduid

1 month

Store visitor identification information on the cyber security platform cloudflare.com.

cookieconsent_status

1 year

Store information about whether a cookie message has been displayed


 

You can configure your browser to opt-out of some or all of the cookies or to request your permission before they are accepted. Please note that deleting cookies or disabling the use of cookies in the future may prevent certain Web Parts or Features of our Web Pages from being accessed. For information about how you can change your browser settings, go to www.allaboutcookies.org/manage-cookies.

For more information about third-party cookies and management capabilities, please refer to these third-party cookie notifications.

If you have questions, comments or complaints about how we collect, use and store information about you, or whether you want to exercise your rights as a data subject, you can contact:

13.1. Company at: Gelezinkelio str. 2, 02100 Vilnius, tel. (8 5) 269 3353, e-mail [email protected];

13.2. Data Protection Officer at: Prusu str. 1 Vilnius, e-mail [email protected].