Privacy Policy

Privacy Policy Information

UADBB “Colemont Draudimo Brokeris”, company code 124495055 (hereinafter referred to as the “Company” or “we”), registered at Konstitucijos pr. 26 LT-08131, Vilnius, Republic of Lithuania, is an insurance brokerage company entered into the list of insurance brokerage companies maintained by the Bank of Lithuania (https://www.lb.lt/lt/finansu-rinku-dalyviai?list=75).

In collecting and using Personal Data (“Personal Data”), we are obliged to use and process your Personal Data in accordance with this Privacy Policy (“Privacy Policy”) and applicable laws, including the Laws of 27 April 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation”), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, and any other legislation regulating the protection and processing of personal data.

Please note that if you provide us with information about any person other than yourself, your employees, partners, insured persons, you must make sure that they are informed about how their data will be used.

This Privacy Policy sets out how we process personal data about you and our other customers: what personal data we collect and process, to whom we transfer it, where we obtain it from, for what purposes we use it, how we keep it secure and your right to privacy.

Definitions

The following definitions should help you understand our Privacy Policy and any terms used:

1. ‘performance of a contract’ – means the processing of your Personal Data for the purpose of performing a contract between you and us (e.g. to provide you with services) or, at your request, to take appropriate measures prior to the conclusion of such contract;
2. ‘legal obligations’ – means the processing of your Personal Data where necessary to comply with a legal or regulatory obligation to which we are subject (e.g. to respond to a court order, to comply with a legal requirement);
3. ‘legitimate interests’ means the legal basis for using your Personal Data, e.g. to provide and improve our services, to improve our business relationship and/or marketing;
4. ‘services’ means our products and services that we provide as an insurance brokerage firm included in the list of insurance brokerage firms maintained by the Bank of Lithuania;
5. ‘we’, ‘us’, ‘our’ or ‘the Company’ means UADBB ‘Colemont Insurance Broker’, company code 124495055, registered at Konstitucijos pr. 26 LT-08131, Vilnius, Republic of Lithuania;
6. ‘You’ means you as a potential, current and/or former client, an employee of our client or other parties such as beneficiaries, authorised representatives, other related parties and/or persons contacting us by email or other means of communication.

Updates to this Privacy Policy

We regularly review this Privacy Policy and reserve the right to change it at any time in accordance with applicable laws and regulations. Any changes and revisions shall be effective immediately upon posting the revised terms on our website: https://colemont.lt/

Principles for processing personal data

The principles we follow when processing your Personal Data:

1. the principle of ‘lawfulness, fairness and transparency’ – Your Personal Data is processed lawfully, fairly and transparently in relation to the data subject;
2. the ‘purpose limitation principle’ – Your Personal Data is collected for specified, explicit and legitimate purposes and is not further processed in a manner incompatible with those purposes;
3. the ‘data minimisation principle’ – Your Personal Data must be adequate, relevant and only necessary for the purposes for which it is processed;
4. the ‘accuracy principle’ – Your Personal Data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that inaccurate Personal Data is erased or rectified without delay, having regard to the purposes for which it is processed;
5. the principle of ‘retention for a limited period of time’ – your Personal Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed;
6. the ‘integrity and confidentiality principle’ – your Personal Data must be processed in such a way as to ensure, through appropriate technical or organisational measures, adequate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Your Personal Data is treated as confidential information and may only be disclosed to third parties in accordance with the rules and procedures set out in this Privacy Policy and applicable law.

Categories of personal data processed

We collect and process different types of personal data depending on the insurance products. Below are the main, but not all, categories of personal data processed by the Company:

1. Personal identity and activity data: name, surname, personal identification number (if the customer is a natural person) or date of birth (age), position;
2. Insurance policy data: type of insurance, series and number of the insurance policy, policyholder’s code, effective date, expiry date of the insurance policy, sum insured, premium amount, date of payment of premiums, amount of premiums received, number of the premium payment document, and other data;
3. Details of other participants in the insurance relationship: beneficiaries, insured persons, injured third parties;
4. Details of the insured object and the data relating to the insured event: depending on the insurance contract, information relating to non-life insurance, such as property insurance, motor insurance, third-party liability insurance, travel insurance, suretyship, cargo insurance, etc., as well as the data that are processed in the event of an insured event;
5. Details of the client’s occupation and hobbies;
6. Data relating to the provision of services: data on the performance or non-performance of contracts, contracts in force or expired, requests made, complaints, insured events, etc;
7. Financial data: name of the payer, purpose of the premium, due date, amount of the premium, date of payment, number of the payment order, whether the premium is paid directly to the insurer, bank account number, the policyholder’s debt, whether the premium is deferred;
8. Contact details: correspondence address, telephone number, e-mail address.

Please be advised that data not listed above, which you have provided to us or which are provided on your behalf or which we have generated in the course of providing services to you, may also be collected and processed.

Purpose and legal basis for processing

We only collect personal data of our customers for predefined, defined purposes:

Direct marketing

We may also process your personal data for direct marketing purposes, such as providing service offers, asking for your opinion on the quality of our services and conducting market research.

For the purpose of direct marketing, we process the following Personal Data: name, surname, email address, telephone number.

We may use your email address for marketing of our own similar goods or services, unless you object to your email address being used for marketing of similar goods and services. You will be given a clear, free and easily enforceable opportunity to object to or opt-out of the use of your contact details with each newsletter we send.

In other cases, we may use your Personal Data for direct marketing purposes if we have your prior consent to such use.

For direct marketing purposes, we may offer you services provided by our business partners or other third parties, or ask for your opinion on different issues related to our business partners or other third parties with your prior consent.

If you do not agree to receive these marketing communications and/or calls offered by us, our business partners or third parties, this will not affect you as a customer in receiving our services.

You have the right to object to or withdraw your consent to the processing of Personal Data for direct marketing purposes at any time, without giving reasons for your objection:

– by emailing info@colemont.lt;

– by clicking on the “Unsubscribe” link at the end of the newsletter.

Withdrawal of consent does not affect the lawfulness of the processing based on consent carried out before the withdrawal of consent.

Ways of obtaining personal data

We receive your Personal Data when you provide it directly to us, for example, by becoming a customer and/or providing us with information electronically (e.g. by filling in a form on our website), by visiting and using our website or by subscribing to our electronic publications (e.g. newsletters), etc.

We also collect personal data about you from third parties and/or publicly accessible registers or other sources to the extent provided for by applicable law, such as public registers, institutions, bodies, other legal entities, etc.

In certain cases, we may receive your data when you are insured by another person. In this case, you are obliged to inform and obtain the consent of that person and, when we receive such data, we consider that you do so with the knowledge and consent of that person.

Transfer of personal data to third parties

We may disclose and/or transfer your Personal Data only in accordance with legal requirements and confidentiality principles to the following categories of recipients:

1. State and municipal authorities, bodies, organisations and other public administration bodies;
2. pre-trial investigation bodies, courts, bailiffs, notaries;
3. Commercial banks, other financial institutions;
4. Legal, financial, tax, business management, human resources, accounting advisors, etc.;
5. Our partners, insurance companies or other persons who are a necessary part of the supply of our products and services;
6. Other persons with whom we intend to enter into or have entered into contract(s).

We may also disclose your Personal Data if we are under an obligation to disclose or share your Personal Information in order to comply with any legal or regulatory obligations or requests.

International Transfer of Personal Data

Please be advised that your Personal Data may be transferred and processed outside the European Union (“EU”) and the European Economic Area (“EEA”).

The transfer of Personal Data may be deemed necessary in situations such as:

1. in order to enter into a contract between you and us and/or in order to perform the obligations set out in such a contract;
2. to protect our legitimate interests, in cases specified by law, e.g. to bring a claim before a court/other authorities;
3. to comply with legal requirements or to further our public interest.

When transferring your Personal Data internationally, we ensure that appropriate safeguards are implemented in accordance with the legal requirements.

When transferring data to countries outside the EEA for which the European Commission has not adopted a data protection adequacy decision, we will ensure data protection by signing standard contractual clauses approved by the European Commission with the recipient of the data or by obtaining a special authorisation from the Inspectorate. In case the Data Recipient is located in the USA, the fact that the company is a member of the US Privacy Shield will be considered as appropriate safeguards.

We may transfer Personal Data to a third party by taking other measures, provided that these ensure the appropriate safeguards set out in the GDPR.

Automated decision-making

In some cases, we may use automated decision-making, which refers to a decision that is made solely on the basis of automated processing of your Personal Data.

Automated decision-making refers to processing using, for example, software code or an algorithm that does not require human intervention.

For some services and products, we may use automated forms of decision-making to process your Personal Data. When we use automated decision-making, we will provide you with more information about the logic behind the use and the consequences that are important to you and that are expected.

Please be advised that you may request a manual review of the accuracy of an automated decision in the event that you are not satisfied with it and you have the right not to be subject to a decision based solely on such automated processing.

How do we protect your Personal Data?

We take various security measures to guarantee the security of your Personal Data. In our practice, we use technical and organisational data protection measures that are in line with the latest data protection practices to protect against unauthorised access, loss, misuse, accidental or unlawful destruction, alteration, disclosure, or any other unauthorised processing of Personal Data. These measures include firewalls, secure equipment, access control and restriction of rights, monitoring of the systems on which the data is stored, staff training and care in the choice of subcontractors.

We and any third party service providers who may process Personal Data on our behalf are also contractually obliged to comply with the principles and requirements of confidentiality of Personal Data.

Principles and time limits for the retention of Personal Data

We retain Personal Data for as long as it is needed for the purposes for which it was collected or as required by law. This means that we will retain your Personal Data for as long as it is needed for the purposes for which it was collected and processed, but no longer than required by applicable laws and regulations. The period of retention of Personal Data depends on the contracts entered into, legal requirements or the legitimate interest of the Company.

If no retention period is set by the legislation of the Republic of Lithuania, we will determine the retention period taking into account the legitimate purpose of the retention, the legal basis and the principles of lawful processing of Personal Data.

The following are the main retention periods applicable to Personal Data at the Company:

1) we will retain Personal Data processed on the basis of consent for as long as your consent is valid, unless there are no other objective circumstances to retain the Personal Data for longer

2) Your Personal Data processed for the purpose of concluding a contract with you and for other pre-contractual activities (to know and identify you) shall be kept for 1 year from the date of receipt of the offer, unless we have a legitimate interest in keeping such data longer;

3) Your Personal Data processed in connection with the performance of a contract is retained for 10 years after the end of the contract;

4) Your Personal Data provided by you through our website is retained for as long as necessary to fulfill your request and to maintain further cooperation, but no longer than 6 months from the date of the last communication, unless there is a legal requirement to retain it for longer.

Other data not listed here are stored in accordance with the legislation of the Republic of Lithuania.

Please also note that in certain cases your Personal Data may be retained for longer:

1) if necessary to enable the Company to defend itself against claims, demands or actions and to exercise its rights;

2) where there are reasonable suspicions of unlawful conduct which are the subject of an investigation;

3) The personal data is necessary for the proper resolution of a dispute or complaint;

4) the Data Subject requests access to his or her Personal Data;

5) on other grounds provided for by law.

What rights do you have in relation to Personal Data?

As a data subject, you have the following rights:

1. The right to be informed about whether the Company processes your personal data and, if so, to have access to your personal data.

You have the right to receive information about what Personal Data we process, where it is collected from, for what purposes it is processed, how long it is stored, to whom it is provided, etc. It should be noted that your right of access may be limited by law, the protection of the privacy of others, and for reasons related to our business and practices.

2. Right to have inaccurate Personal Data relating to you rectified

If it becomes apparent that we are processing inaccurate or incomplete Personal Data about you, you have the right to request that the Personal Data be rectified or completed.

3. Right to erasure (“right to be forgotten”)

You have the right to request the erasure of some or all of the Personal Data we process about you if we no longer have a legal basis for processing it or if there are other grounds provided for by law.

4. Right to request the restriction of processing of Personal Data

You also have the right to request the restriction of the processing of your Personal Data for a certain period of time. This may be, for example, where you believe that such processing is unlawful and/or the data about you is inaccurate and we need to verify this.

5. The right to object to the processing of Personal Data where it is based on our legitimate interests

Where we process your data on the basis of our legitimate interests, you have the right to object to our processing of your Personal Data unless our processing interests override yours.

6. Right to portability of Personal Data

In certain cases, you have the right to request the portability of the Personal Data relating to you that you have provided to us in a commonly used and computer-readable format, and you have the right to request that it be transferred to another data controller.

7. Right to withdraw consent

You have the right to withdraw your consent to the processing of Personal Data where the Personal Data was processed on the basis of consent. Withdrawal of consent does not affect the lawfulness of the processing based on consent carried out prior to the withdrawal of consent.

8. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your Personal Data by us infringes your rights and legitimate interests under applicable law, you may lodge a complaint with the supervisory authority, the State Data Protection Inspectorate.  You can find the State Data Protection Inspectorate’s complaints procedure here: https://vdai.lrv.lt/lt/atmintines/atmintine-asmenims-ketinantiems-kreiptis-i-valstybine-duomenu-apsaugos-inspekcija-del-skundo-pateikimo/kaip-kreiptis-i-inspekcija.

Enforcement of your rights

The above rights will only be exercised upon our receipt of your written request for the exercise of the above rights and upon confirmation of your identity. Such written request shall be submitted to us in person at our registered office address, by regular mail or by e-mail: info@colemont.lt.

Your request will be processed within 30 (thirty) calendar days from the date of receipt. In special cases, depending on the complexity of the requests and the amount of Personal Data, the 30 (thirty) calendar day time limit may be extended upon prior notice to you. The response to your request shall be provided in the same form in which the request was made, unless you wish to receive the information electronically.

Cookie Policy

Our website uses cookies, which are small files that are transferred to a cookie file on your computer or other device via your web browser. They allow the website’s or service provider’s systems to recognise the customer’s browser and to capture and remember certain information.

For more information on how to manage your cookie and browser settings, or how to delete cookies on your hard drive, please refer to the cookie policy on our website: Cookies.

Contact us/DAP

If you have any questions about how your Personal Data is processed, or if you wish to exercise your rights, you can contact us by email at info@colemont.lt or by writing to UADBB “Colemont draudimo brokeris”, company code 124495055, Konstitucijos pr. 26 LT-08131, Vilnius, Republic of Lithuania.

You may also contact our Data Protection Officer by sending an email to: info@colemont.lt.