close
Draudimas paprasčiau!
Nuo šiol draudimo paslaugos - ir mobiliojoje programėlėje
Parsisiųsti

Privacy policy

We, Lietuvos draudimas AB (hereinafter – ‘Lietuvos draudimas’ or ‘We’), are committed to ensuring the protection of your, our customers’, personal data, and that of other data subjects (hereinafter ‘data subjects’), therefore, when processing personal data, we are guided by the provisions set forth in the legal acts governing the legal protection of personal data, and we take all necessary measures to prevent possible violations of personal data protection.

What are personal data?

Personal data any information relating to a natural person, i.e., the data subject, whose identity is known or can be established directly or indirectly through the use of certain data (for example, name, surname, personal identification number, address, telephone number, etc.). In order to fulfil our obligations, We need certain personal data. Lietuvos draudimas undertakes to collect and process personal data only when and only to the extent that it is necessary for the implementation of a specific, defined and legitimate purpose.

For what purpose are personal data collected (processed)?

Personal data of data subjects are collected in order to properly provide insurance services and perform related actions: risk assessment, premium calculation, obtaining information about the property insured, calculating the amount of damages, etc., i.e., to submit proposals for an insurance contract and to conclude and execute insurance contracts. In addition, personal data may be required for the following purposes:

  • conclusion and performance of other civil contracts (other than insurance);
  • management of the list of insurance brokers and additional insurance activity intermediaries;
  • direct marketing purposes;
  • protection of entity's and our property (video surveillance and guest logging);
  • for the purpose of assessing the quality of the service provided and contract management (recording of telephone conversations);
  • statistical analysis of customer data to identify factors affecting insurance risk and determination of premiums;
  • to register and investigate reports and complaints related to violations of laws, internal accounting control, auditing, anti-bribery, insurance and financial crimes, as well as Lietuvos draudimas and PZU Group rules of conduct or other violations provided for in the Law on the Protection of Whistleblowers;
  • to control the entrance to and exit from the Lietuvos draudimas parking lots;
  • for the purpose of debt collection;
  • for the purpose of customer identification due to the submitted feedback;
  • and for other purposes that are not prejudicial to the legal acts.

Legal basis for the processing of personal data

When processing personal data, Lietuvos draudimas follows the requirements for the processing personal data established in the General Data Protection Regulation (hereinafter - ‘GDPR’), the Law on Legal Protection of Personal Data, the Law on Electronic Communications and other legal acts governing protection of personal data.

Lietuvos draudimas collects and consequently processes personal data only on the legal grounds defined in legal acts, in order to conclude and/or fulfil the contract concluded with you, upon your consent, when Lietuvos draudimas is required to process personal data under certain legal acts and when personal data needs to be processed in the presence of legitimate interest of Lietuvos draudimas (if the interests of the data subject are not more important).

Usually, personal data are processed on the basis of a contract (or a request to conclude a contract) concluded with us. Personal data may also be processed upon receipt of your consent (for example, for the purpose of direct marketing or profiling for the purpose of direct marketing, or processing data of special categories (e.g., health)). Your consent to the processing of personal data may be revoked in a simple manner and free of charge by submitting a written notification in person, by regular mail to J. Basanavičiaus St. 10, Vilnius, by e-mail to [email protected], by calling 1828 or via the self-service system SavasLD.

Collection of personal data

Lietuvos draudimas receives personal data from the data subjects directly, but sometimes also from other institutions, authorities, natural or legal persons: SE Centre of Registers, SE Regitra, Motor Insurers’ Bureau of the Republic of Lithuania, State Health Insurance Fund, State Fire and Rescue Service, Financial Crime Investigation Service, health care institutions, police, mobile operators, Creditinfo Lietuva UAB, Transeksta LTAĮA, SE Agricultural Data Center and other institutions, natural or legal persons who have information necessary for the conclusion and execution of an insurance contract, for the administration of claims, or which is necessary for the implementation of other legitimate purposes. The data subject shall be always informed about the processing of personal data.

We confirm that, except in cases established by legal acts, data about your health shall only be processed with your consent.

Your personal data we collect

A. When asking for your consent to send you general direct marketing offers, notifications about discounts, as well as to ask your opinion about the quality of the services provided, by publishing your feedback about Us on www.ld.lt, We collect the following data: your first name, last name, place of residence (address), telephone number, e-mail address.

B. When communicating with you by phone, We use your phone number and keep a record of the phone conversation.

C. When concluding and executing insurance contracts, We use the following data: your name, surname, personal ID number, date of birth, place of residence (address), telephone number, e-mail address, insurance certificate series and number, validity period, date of conclusion of the contract, information about the insurance premium and its payment terms, the policyholder’s code, when making payments by card – the card payer’s personal data. If it is not the first time you have would like to conclude an insurance contract with us, we will also look at your claims history.
In case of occurrence of an insured event, We also need to know your account number at the credit institution.

D. When preparing an offer, concluding and executing a motor insurance (casco) contract, We, in addition to the data listed in point C, use the following data: information about the value and condition of the insured vehicle; protective measures; the date of acquisition of the right to drive a vehicle; driving license categories; disciplinary data of the vehicle owner (user); disciplinary data of the vehicle owner (user); age and driving experience of the group of managers, other potential managers of the vehicle; vehicle identification data: licence plate number, identification number; technical data of the vehicle: type, make, model, modification, engine volume, power, number of doors, body type, number of standing/seating places, country of origin, fuel type, weight information, etc.; date of manufacture (first registration) of the vehicle make; the validity period of the technical inspection; designated purpose of use of the vehicle, whether authorisation to use the vehicle has been issued; whether the state authorities have set restrictions on the use of the vehicle; details of the owner of the vehicle (if the policyholder is a vehicle lessee or a lessee under a leasing (operating) agreement), or whether the vehicle owner (user)/vehicle has a license to carry passengers for remuneration.

E. When preparing an offer, concluding and executing a home insurance contract, in addition to the data listed in point C, We use the following data of the object insured: address, unique number of the object, index, information about the purpose of use of the object (apartment, house, etc.), year of construction, completion, year of reconstruction, structure, area, number of storeys, apartment height, roof covering, rental data, partial ownership details, insurance coverage area, disciplinary data of the policyholder, whether the buildings are permanently occupied or not. Information is also collected about the domestic property sought to be insured, the territory of validity of the insurance coverage, the policyholder's disciplinary record, and visual information about the object.

F. When preparing an offer, concluding and executing the compulsory motor TPL insurance contract (hereinafter the ‘MTLP’), we use the following data, in addition to the data listed in point C: the date of acquisition of the right to drive the vehicle; driving license category; disciplinary data of the policyholder; the validity of the insurance cover: in the territory, for the group of managers; the age and driving experience of other potential managers of the vehicle; vehicle identification data: licence plate number, identification number; technical data of the vehicle: type, make, model, modification, engine volume, power, number of doors, body type, etc.; date of acquisition of the vehicle; date of manufacture (first registration) of the vehicle; the validity period of the technical inspection, the purpose of use of the vehicle; details of the owner of the vehicle (if the policyholder is a vehicle lessee or a lessee under a leasing (operating) agreement), whether the policyholder/vehicle has licenses to carry passengers for remuneration.

G. When preparing an offer, concluding and executing a personal insurance contract, in addition to the data listed in point C, We may ask you to provide data about the nature of your work / activities, injuries, level of participation (previously work capacity/disability), professional sports or extreme/life-threatening hobbies, and we may also ask you to fill out a questionnaire about your salary and health data.

H. When concluding and executing the travel insurance contract, We shall, in addition to the data listed in point C, collect data about your travel destination and type of travel (studies, business, tourism, physical work, winter sports, sports, professional sports, etc.), whether the insured persons are in Lithuania at the time of conclusion of the contract, and in individual cases also about the specific occupation/activity during the trip). In some cases, for example, in order to indemnify you for a cancelled trip, we may ask you to provide the price of the tickets you bought and/or the booking documents for the trip. We may also ask you to provide information about your health condition.

I. In order to ensure the fulfilment of the obligation laid down in Article 22 of the Insurance Act (sound and prudent management) and to set insurance premiums proportionate to the risks assumed, we may process the historical pseudonymised data listed in points D to H above. Furthermore, on the basis of legitimate interest, we can sometimes examine new factors in order to assess whether they affect the insurance risk by receiving data from the SE Centre of Registers, SE Regitra, the Motor Insurers’ Bureau of the Republic of Lithuania, Creditinfo Lietuva UAB, Transeksta LTAĮA and other institutions. Such information as, for example, vehicle licence plate number, real estate object number or personal identification number may be used for data connection, taking all necessary security measures and assessing whether the interests of the data subjects are not violated. You shall have the right to disagree with the aforementioned processing of personal data for the connection of new factors by informing Us about this by e-mail at [email protected] or by calling 1828.

J. When concluding and executing a civil (non-insurance) contract, We collect the following data: name, surname, personal ID number, place of residence (address), telephone number, e-mail address, bank account number, self-employment certificate or business certificate number and date of issue, and other data necessary for conclusion and execution of the contract.

K. When signing the intermediation contract and managing the list of insurance brokers and additional insurance activity intermediaries, We use the following data of the intermediary (natural person) and intermediary (legal entity) employees whose duties include insurance brokerage: name, surname, personal ID number, workplace, e-mail address, date of birth, place of residence (address), position, telephone number, bank account details, date of entry into the list of insurance brokers and intermediaries of additional insurance activity and the number of the certificate confirming this, date of issue of the certificate, date of removal from the list, criminal record, and personal qualifications information.

L. In order to ensure the requirements for the implementation of international sanctions, we process the following data of partners, clients and insurance intermediaries: name, surname, date of birth, information about the fact that a specific person is included in the list of persons subject to international sanctions.

M. By asking for your consent to analyse (profile) the information related to you, so that we can present the most relevant offers adapted to your needs, in addition to the data specified in point A, we also process the following data: information about your use of our services, your family, information about property or others information that you provide to Us during meetings with Us or communicating via electronic channels.

N. In order to ensure your safety when you visit the premises owned or leased by the Company, as well as the safety of the property owned by the Company, we may conduct video surveillance, during which we process video data captured by video surveillance cameras.

Do we use automated decision-making, including profiling?

Insurance risk assessment based on the information provided by you can be performed automatically. After performing an automatic insurance risk assessment, according to this assessment, the contract may be concluded on different terms than you initially indicated in your application, or conclusion of the contract with you may be refused. You have the right not to consent to the automatic assessment of the insurance risk, and you will be informed about this right when filling out the application for the conclusion of an insurance contract and/or receiving an offer for the conclusion of an insurance contract.

After you have granted your consent, we can analyse (profile) your data in order to present the most relevant offers that are best adapted to your needs. You have the right to withdraw the consent at any time by informing us by e-mail at [email protected] or calling 1828, as well as via the self-service platform savas.ld. 
 

Who do we provide your data to?

Lietuvos draudimas undertakes to observe the obligation of confidentiality and not to disclose any information related to personal data. This obligation stems from the provisions of the Civil Code and the GDPR. Information may be disclosed to other parties if it is necessary for the conclusion or performance of the contract, or for other legitimate reasons. Information may also be provided to other parties at your request or in consideration of your contractual obligations to other parties, such as leasing companies, banks, other financial institutions, etc.

In the event that, following the payment of the insurance benefit, Lietuvos draudimas has acquired the right of claim to the paid amounts from the person responsible for the damage caused, your personal data may be provided to this person (for example, the insurance company of the person at fault, another natural or legal person, who has the obligation to compensate for the damage caused).

We may provide your data to data processors (subcontractors) who provide services (perform work) to Us and process your data on behalf of Lietuvos draudimas being the data controller. Data processors shall have the right to process personal data only in accordance with Our instructions and only to the extent necessary for the proper performance of their contractual obligations. With the help of data processors, We take all necessary measures to ensure that Our data processors have implemented appropriate organisational and technical measures to ensure the security of personal data and adhere to the principle of confidentiality.

We hereby provide a preliminary (non-exhaustive) list of entities to which personal data may be provided:

  • insurance intermediaries (insurance agents and intermediaries of additional insurance activities, brokers) – processing data to be able to conclude and administer contracts with customers;
  • insurance claim administration partners – processing data to be able to register claims, assess them and ensure expert assessment;
  • information technology companies – processing data to ensure the development, improvement and support of information systems;
  • reinsurance companies – processing data to reinsure Lithuanian insurance risks insured by Lietuvos draudimas;
  • debt collection companies – processing data to manage indebtedness of defaulting debtors;
  • lawyers and law firms, experts, etc. – processing data in cases where We seek to make a legal claim or to defend ourselves against a claim;
  • banks, leasing companies and other financial institutions – to make sure that the assets pledged to them are covered by insurance contracts;
  • state institutions – processing data when We provide the data in fulfilment of the obligations (requests) of the court or state institutions, as well as the requirements set forth in the legal acts.

Transfer of data to third countries

In certain cases, in order to fulfil the terms of the insurance contract, we have to transfer your personal data to third countries, for example, if the insured event took place outside the European Economic Area (EEA) country. Information (including personal data) that is sent outside the EEA to countries shall be “protected” by contractual terms or other mechanisms approved by the European Union. 

How long do we store your data?

Your personal data collected by us shall be retained on paper media and in our information systems. We shall retain your personal data no longer than is required by the purposes of processing of these data or provided for by legal acts, if a longer data retention period is established in them. According to Our practice, personal data are stored as long as reasonable claims can arise from the contractual relationship. Personal data that are no longer needed shall be destroyed or depersonalised in such a way that it is not possible to identify a person.

We do not store information that is no longer relevant or necessary, and We ensure that information about data subjects is constantly updated and correct.

Information shall also be stored so that, if necessary, we can provide you with the necessary data in order for you to have a proper history of our relationship with you and to be able to answer all questions related to your and our cooperation.

Terms of retention of personal data of policyholders, insured persons and beneficiaries.

How do we store your data?

Ensuring the security of your personal data is very important to Us. When processing your personal data, we implement appropriate organisational and technical security measures that help protect personal data from accidental or illegal destruction, alteration, disclosure, as well as from any other illegal processing. Our security activities include personnel, information, IT infrastructure, including periodic “intrusion” testing of internal networks and databases, as well as security of office buildings and technical equipment.

In order to protect your data, We also:

  • ensure that access to data is granted only to those of Our employees who require it for the provision of services, who are familiar with security requirements, duties and liability;
  • we apply more than a hundred different organisational and technical security measures in our activities, following the requirements of recognised international security standards;
  • We use technological measures to protect electronic data – intrusion detection and prevention systems, DOS attack protection systems, firewalls, data encryption, real-time security event analytics and other advanced security technologies;
  • we monitor the electronic information protection situation: if necessary, on-call cyber security specialists are ready to respond 24 hours a day;
  • we periodically test the security of information systems: independent cyber security audit experts perform practical penetration testing;
  • We continuously make backup copies of data and keep them away from the main information in order to protect your data from loss (for example, in the event of a power failure or computer system failure). We also ensure that the security level of the backup copies is not lower than that of the main data. We regularly test recovery from backup copies to make sure we are ready for unforeseen situations;
  • We use duplicate information, computer and telephone systems in order to be able to provide you with services promptly (at any time of the day);
  • We store documents that are necessary for provision of services to you in specially designated locations (access is granted only to authorised personnel). We protect the premises using technical, electronic and physical security measures, restricting access and ensuring registration. We transfer the information prepared for long-term storage of documents to an archive that meets high security requirements. When delivering documents, we only use the services of reliable carriers;
  • We perform regular training and educate our employees on the topics of personal data protection and information security, so that we can promptly recognise data threats and protect ourselves from them. Our websites also use cookies (similar tracking technologies) from our partners, which we allow them to use only for the above purposes. To remove these cookies from your computer, you need to change your computer browser settings.

Information about cookies used on our websites is available here.


Social networks

All information that We receive when you use social networks (including messages, use of the “Like” and “Follow” boxes, etc.) is controlled by the manager of the relevant social network. Please note that social networks and the services available through them have their own privacy policies, for compliance with which the aforementioned social networks are responsible. Please review these privacy policies before submitting personal data on social networks.

We currently have the following accounts:
(a) LinkedIn, with its privacy policy available at https://www.linkedin.com/legal/privacy-policy;
(b) YouTube, with its privacy policy available at
https://policies.google.com/privacy?hl=en#application;
(c) Instagram, with its privacy policy available at
https://help.instagram.com/196883487377501;
(d) Facebook, with its privacy policy available at https://www.facebook.com/privacy/explanation.

We use the Facebook pixel plugin on the website, which allows us to provide users with more specific content and provide only relevant information. If you do not wish for this plugin to track your activity, you can change this option in your Facebook account settings.


What are your rights?

Jūs turite teisę:

  • You have the right:
  • to receive information about your personal data processed by Us: where and how personal data is collected and on what basis We process it;
  • to access your personal data processed by Us;
  • to contact Us with a request to rectify your personal data, if the data are incorrect, incomplete or inaccurate;
  • to demand the erasure of your personal data processed by Us (the right to be forgotten);
  • to demand that the processing of your personal data be restricted;
  • to object to the processing of your personal data;
  • to request that your personal data be transferred to another data controller (the right to data portability).

How can you exercise your rights?

In order to exercise the above rights, you may apply verbally or in writing by submitting the application in person, by regular mail to J. Basanavičiaus St. 10, Vilnius or by electronic means – e-mail to [email protected].

If you apply orally, you must confirm your identity by submitting an identity document. Failure to do so will preclude you form exercising your rights.

If you apply in writing for the exercise of your rights by submitting a request by electronic means, the request must be signed with a qualified electronic signature or it must be generated by electronic means that ensure the integrity and immutability of the text. You can also submit a request regarding implementation of your rights through the Lietuvos draudimas self-service system SavasLD. If we see that it is not possible to properly verify your identity from the data provided, we will ask you to provide the data that are necessary for your proper identification.

Upon receipt of your request, we will reply to you no later than within one month following your request and the dates of receipt of all documents required to submit a response. You can also receive information about your personal data processed by Us by logging in to Our self-service website savasld.lt. If necessary, depending on the scope of your application, we have the right to extend the examination of a request for two months. In this case, you will be additionally informed about.

Submission of complaints

If you do not agree with Our response to Your request, You can complain about Our actions (inaction) to the State Data Protection Inspectorate (L. Sapiegos St. 17, Vilnius, e-mail [email protected], website www.vdai.lrv.lt), as well as to the District Court of the Vilnius City (Laisvės Ave. 79A, Vilnius, e-mail [email protected], website www.vilniausmiesto.teismas.lt).