UADBB “Colemont draudimo brokeris”, company code 124495055 (hereinafter - the Company or We), registered at Konstitucijos Ave. 26 LT-08105, Vilnius, the Republic of Lithuania, is an insurance brokerage company included in the list of insurance brokerage companies maintained by the Bank of Lithuania (https://www.lb.lt/lt/finansu-rinku-dalyviai?list=75).
When collecting and using Personal Data (the “Personal Data”), we are obligated to use and process your Personal Data in accordance with this Privacy Policy (the “Privacy Policy”) and applicable laws, including the 2016 Privacy Policy. April 27 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) the Law on the Protection of Personal Data, the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania and other legal acts regulating the protection and processing of personal data.
Please note that if you provide us with information about anyone other than yourself, your employees, partners, insured persons, you must make sure that they are informed of how their data will be used.
This Privacy Policy defines how we handle the personal data of you and our other customers: what personal data we collect and process, to whom we receive it, from where we receive it, for what purposes we use it, how we ensure its security, and your right to privacy.
We review this Privacy Policy regularly and reserve the right to change it at any time in accordance with applicable laws and regulations. Any changes and adjustments take effect immediately from the date we publish the changed conditions on our website: colemont.lt
Principles we follow when processing your Personal Data:
1. 'Principle of lawfulness, fairness and transparency' means that your Personal Data is processed lawfully, fairly and transparently in relation to the data subject;
2. 'Purpose limitation principle' means that your Personal Data is collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
3. 'Data volume minimization principle' means that your Personal Data must be adequate, relevant and not excessive in relation to the purposes for which it is processed;
4. 'Principle of Accuracy' - your Personal Data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that your inaccurate Personal Data is erased or rectified without delay for the purposes for which it is processed;
5. 'Retention limitation principle' - Your Personal Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed;
6. 'Integrity and confidentiality principle' means that your Personal Data must be processed in such a way as to ensure adequate security of Personal Data through appropriate technical or organizational measures, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Your Personal Data is considered confidential information and may only be disclosed to third parties in accordance with the rules and procedures set forth in this Privacy Policy and applicable law.
Depending on the insurance products, we collect and process various types of personal data. The following are the main, but not all, categories of personal data processed by the Company:
1. Personal identification data and activity data: name, surname, personal identification code (if the customer is a natural person) or date of birth (age), position of the client or client's representative.
2. Data of the insurance policy: type of insurance, series and number of the insurance policy, code of the policyholder, date of entry into force, date of expiry of the insurance policy, sum insured, amount of premium, date of payment of premiums, amount of premiums received.
3. Data on other participants in the insurance relationship: beneficiaries, insured persons, injured third parties.
4. Data of the insured object and data related to the insured event: depending on the insurance contract, the information relates to non-life insurance, such as property insurance, motor insurance, civil liability insurance, travel insurance, suretyship, cargo insurance, etc., as well as data that are in processing in case of an insured event.
5. Data on the client's profession, hobbies.
6. Data related to the provision of services: data on the performance or non-performance of contracts, valid or expired contracts, submitted requests, complaints, insured events, etc.
7. Financial data: payer's name, surname, purpose of the payment, payment term, payment amount, payment date, payment order number, whether the payment is paid directly to the insurer, bank account number, policyholder's debt, or payment of the payment is deferred.
8. Contact details: correspondence address, telephone number, e-mail mail address.
Please also note that data not listed above, which you have provided to us or which are provided on your behalf, or which we have generated in the course of providing you with services, may also be collected and processed.
We collect customers' personal data only for pre-defined and clear purposes:
| Purpose of data processing | Legal basis for data processing | Categories of personal data |
| Concluding contracts with potential customers and performing other actions before concluding a contract (to get to know, identify and confirm the customer). | The aim is to take action re. the request of a potential customer before concluding a contract. Ensuring the legitimate interests of the company. Fulfillment of legal obligations provided to the Company. |
Personal identity and activity data. Data of the Insured Object. Financial data. Contact information. Other information provided. |
| Fulfilling a contract. | The purpose is to perform a contract to which the customer is a party. Ensuring the legitimate interests of the company. Fulfillment of legal obligations provided to the Company. |
Personal identity and activity data. Insurance policy details. Data of the Insured Object and data related to the Insured Event. Financial data. Contact information. Other personal data provided by the customer or on behalf of the customer or generated by the Company in the course of providing services to the customer. |
| Compliance with legal requirements. | Fulfillment of legal obligations provided to the Company. |
Personal identity and activity data. Insurance policy details. Data of the Insured Object and data related to the Insured Event. Financial data. Contact information. Other personal data provided by the customer or on behalf of the customer or generated by the Company in the course of providing services to the customer. |
|
Provide a feedback on your request submitted on our website or through other means of communication. |
Your consent. Ensuring the legitimate interests of the company. |
Personal identification data. Contact information. Other personal data provided by the customer or on behalf of the customer or generated by the Company in the course of providing services to the customer. |
We may also process your personal data for direct marketing purposes - to provide service offers, to ask your opinion on the quality of services and to conduct market research.
The following personal data of you is processed for the purpose of direct marketing: name, surname, e-mail address, telephone numbers.
We may use your e-mail to market our own similar goods or services, unless you object to your e-mail would be used to market similar goods and services. You will be given a clear, free of charge and easy-to-implement option to object to or decline the use of your contact details with every newsletter you send.
In other cases, we may use your Personal Data for direct marketing purposes if we have your prior consent to such use.
For direct marketing purposes, we may offer you services provided by our business partners or other third parties or ask you to provide your views on various issues related to our business partners or other third parties with your prior consent.
If you do not agree to receive these marketing communications and / or calls offered by us, our business partners or third parties, it will not affect you as a customer in receiving our services.
You have the right to object or at any time withdraw your consent to the processing of Personal Data for direct marketing purposes without giving reasons:
- by writing an e-mail: info@colemont.lt
- by clicking on the "Unsubscribe from the newsletter" link at the end of the newsletter.
Withdrawal of consent shall not affect the lawfulness of the processing of data carried out prior to the withdrawal of consent.
We receive your Personal Data when you provide it directly to us, for example by becoming our customer and / or providing us with information electronically (e.g. by completing a form on our website), visiting and using our website or subscribing to our electronic publications (e.g. newsletters), etc.
We also collect personal data about you from third parties and / or publicly available registers or other sources to the extent permitted by applicable law, such as from state registers, institutions, bodies, other legal entities, etc.
In certain cases, we may receive your data when you insure another person. In this case, you are obliged to inform and obtain the consent of such person, and upon receipt of such data we consider that you do so with the knowledge and consent of this person.
We may disclose and / or transfer "Personal Data" only in accordance with legal requirements and the principles of confidentiality for the following categories of recipients:
1. State and municipal institutions, establishments, organizations and other entities of public administration.
2. Pre-trial investigation institutions, courts, bailiffs, notaries.
3. Commercial banks, other financial institutions.
4. Legal, financial, tax, business management, personnel administration, accounting advisers, etc.
5. Our partners, insurance companies or other persons who are necessary parts of the supply of our products and services.
6. For other persons, we intend to conclude, or have concluded a contract or contracts.
We may also disclose your personal information if you are required to disclose or share your personal information when the events were lawful or by legal obligations or requests.
We inform you that your Personal Data may be transferred and processed outside the European Union (hereinafter referred to as the EU) and the European Economic Area (hereinafter referred to as the EEA).
The transfer of personal data may be considered necessary in situations such as:
1. to enter into an agreement between you and us and / or to perform the obligations set out in such agreement.
2. to protect our legitimate interests in cases specified by law, such as to bring an action in court / other bodies.
3. so as to meet legal requirements or in the public interest.
When transferring your Personal Data internationally, we ensure the implementation of appropriate security measures in accordance with legal requirements.
When transferring data to countries outside the EEA, for which the European Commission has not made a decision on the adequacy of data protection, we will ensure data protection by signing standard contract terms approved by the European Commission or obtaining a special permit from the Inspectorate. In the event that the Recipient is in the United States, the fact that that company is a member of the U.S. Privacy Shield will be considered an appropriate safeguard.
We may transfer Personal Data to a third party by taking other measures if this ensures the appropriate safeguards set out in the GDPR.
In some cases, we may use automated decision making, which means a decision made based solely on the automated processing of your Personal Data.
Automated decision making refers to processing using, for example, software code or an algorithm that does not require human intervention.
For some services and products, we may use automated decision forms to process your Personal Data. When we use automated decision making, we will provide you with more information about the logic of use, the important and foreseeable consequences for you.
Please note that you may request a manual review of the accuracy of the automated solution if you are dissatisfied with it and have the right not to be subject to a decision based solely on such automated processing.
We take various security measures to guarantee the security of your Personal Data. In our practice, we use technical and organizational data protection measures in accordance with the latest data protection practices to protect against unauthorized access, loss, misuse, accidental or unlawful destruction, alteration, disclosure or any other unlawful processing of Personal Data. These measures include a firewall, secure equipment, access control and restriction of rights, monitoring of data storage systems, staff training and diligence in the selection of subcontractors.
We and any third - party service providers who may process the Personal data on our behalf are also contractually obligated to comply with the principles and requirements for the confidentiality of Personal Data.
We retain personal data for as long as it is needed for the purposes for which it was collected or to the extent required by law. This means that we will protect your Personal Data for as long as it is needed for the purposes for which your data was collected and processed, but for no longer than required by applicable laws and regulations. The period of storage of personal data depends on the concluded agreements, legal requirements or the legitimate interests of the Company.
If the legal acts of the Republic of Lithuania do not establish any period of storage of Personal Data, we will determine this period, taking into account the legitimate purpose of data storage, the legal basis and the principles of lawful processing of Personal Data.
The following are the main terms of personal data storage applied by the Company:
1) We store Personal Data processed, on the basis of consent for as long as your consent is valid, unless there are any other objective circumstances to keep this Personal Data longer.
2) Your Personal Data, which is processed for the purpose of concluding contracts with you and performing other actions prior to the conclusion of the contract (to get to know and identify you), is stored for 1 year from the date of receipt of the offer, unless we have a legitimate interest in keeping such data longer.
3) Your Personal Data, which is processed during the performance of the contract, is stored for 10 years after the end of the contract.
4) Your Personal Data provided by you through our website is stored for as long as necessary to fulfill your request and support further cooperation, but not longer than 6 months from the last day of communication, unless there are legal requirements to keep it longer.
Other data not specified here are stored in accordance with the legal acts of the Republic of Lithuania.
We also inform you that in certain cases your Personal Data may be stored longer:
1) if it is necessary for the Company to be able to defend itself against claims, claims or claims and exercise its rights.
2) there are reasonable suspicions regarding an illegal act that is the subject of an investigation.
3) Personal data is necessary for proper resolution of a dispute or complaint.
4) a request of the Data Subject to access his / her Personal Data is received.
5) in case of other grounds provided for in legal acts.
As a data subject, you have the following rights:
1. The right to receive information on whether the Company processes your personal data and, if so, to access your personal data.
You have the right to receive information about what Personal Data we process, from where it is collected, for what purposes it is processed, how long it is stored, to whom it is provided, and so on. It should be noted that your right of access may be limited by law, the protection of the privacy of others, and reasons related to our business and practices.
2. The right to request the correction of inaccurate Personal Data relating to you.
If it turns out that we process inaccurate, incomplete Personal Data about you, you have the right to request the correction of the Personal Data.
3. Right to request erasure of data ("right to be forgotten")
You have the right to request the deletion of some or all of your Personal Data processed if we no longer have a legal basis to process it or if there are other grounds provided for by law.
4. The right to demand restrictions on the processing of personal data.
You also have the right to request a time limit on the processing of your Personal Data. This could be, for example, a situation where you think such processing is illegal and / or your data is inaccurate and we need to check it.
5. The right to object to the processing of Personal Data when it is based on our legitimate interests.
When we process your data in the light of our legitimate interests, you have the right to object to us processing your Personal Data, unless our data processing interests take precedence over yours.
6. Right to Portability of Personal Data.
In certain cases, you have the right to request the transfer of personal data relating to you that you have provided to us in a commonly used and computer-readable format, and you have the right to request that it be transferred to another controller.
7. Right to withdraw consent.
You have the right to withdraw your consent to the processing of personal data if the Personal Data has been processed on the basis of consent. Withdrawal of consent shall not affect the lawfulness of the processing of data carried out prior to the withdrawal of consent.
8. Right to complain to the supervisory authority.
If you believe that the processing of our Personal Data is being processed in violation of your rights and legitimate interests as set out in applicable law, you may lodge a complaint with the supervisory authority, the State Data Protection Inspectorate. The procedure for handling complaints of the State Data Protection Inspectorate can be found here:
https://vdai.lrv.lt/lt/atmintines/atmintine-asmenims-ketinantiems-kreiptis-i-valstybine-duomenu-apsaugos-inspekcija-del-skundo-pateikimo/kaip-kreiptis-i-inspekcija.
The above rights will be exercised only upon our written request to exercise the above rights and only upon confirmation of your identity. Such a written request is submitted to us in person at our registered office address, by ordinary mail or e-mail: info@colemont.lt
Your requests will be processed within 30 (thirty) calendar days from the date of receipt of the request. In special cases, depending on the complexity of the requests and the amount of Personal Data, the term of 30 (thirty) calendar days may be extended by notifying you in advance. The response to your request shall be in the same form as the request unless you wish to receive the information electronically.
Cookies used on our website are small files that are transferred to a cookie file on your computer or other device via a web browser. They allow the systems of a website or service provider to recognize the client’s browser, capture and remember certain information.
For more information about how to manage your cookie and browser settings, or how to delete cookies on your hard drive, read our cookie policy: Slapukai.
If you have questions about how your Personal Data is processed or want to exercise your rights, you can contact us by e-mail: info@colemont.lt or at the address UADBB “Colemont draudimo brokeris”, company code 124495055, Konstitucijos ave. 26 LT-08105, Vilnius, the Republic of Lithuania.
You can also contact our Data Protection Officer (DPO) by sending an e-mail. Email to: info@colemont.lt