Privatumo politika
- What does this Privacy Policy mean and to whom does it apply?
This privacy policy (hereinafter referred to as the “Privacy Policy”) defines the basic terms and conditions for the processing of personal data and the rules that apply to the personal data of the visitors, candidates and partners / service providers of the Ecoservice Group of Companies (hereinafter referred to as the “Company” or the “Controller”) of the website www.ecoservice.lt (hereinafter referred to as the “Website”).
The owner and manager of the website is UAB “Ecoservice”, legal entity code 123044722, registered office address Gariūnų g. 71, Vilnius, Republic of Lithuania, contacts for personal data issues: e-mail: susitvarkysim@ecoservice.lt, tel. +370 800 53533
When processing personal data, we responsibly comply with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania and other directly applicable legal acts regulating the protection of personal data as well as the instructions of competent authorities.
This Privacy Policy does not apply to links provided by the Website to third-party websites, and we recommend that you check the personal data processing rules of such websites separately.
- How the Company receives your personal data
We process your personal data when you:
- by contacting the Company at the email address provided by the Company or through other channels;
- you agree to the installation of cookies on your device;
- provide services to the Company;
- call the Company;
- you use the Company’s services;
- you are entering the field of the Company’s video surveillance;
- you are applying for a vacancy in the Company;
- you otherwise provide your personal data.
It is the responsibility of the data subject to ensure that the personal data provided by him/her are accurate, correct and complete. If the personal data provided by the Data Subject changes, the Data Subject must immediately inform the Company thereof. The Company will not be liable for any damage caused to the person and/or third parties due to the fact that the data subject has provided incorrect, inaccurate and/or incomplete personal data or has not requested the data to be supplemented and/or amended in the event of a change in the data.
- Personal data collected, purposes and grounds for processing
The Company processes your personal data for the following purposes and in accordance with the legal grounds relating to them:
3.1. Establishing and executing contracts with partners/suppliers, managing partners/suppliers
| Purpose | Establishing and executing contracts with partners/suppliers, managing partners/suppliers. |
| Data subjects | ¨ Company partners/suppliers;
¨ Representatives of the company’s partners/suppliers. |
| Personal data | ¨ General personal data (name, surname, date of birth, personal identification number, position held, entity represented);
¨ contact details (email, phone number, other contact details) ¨ communication with the Company and its content. |
| Legal basis | The conclusion or performance of a contract with you if the Company’s partner/supplier is a natural person (Article 6(1)(b) GDPR).
In the event that you do not provide the relevant personal data, we may not be able to enter into and/or perform a contract with you or with a partner or supplier that you represent. |
| Storage | Your personal data will be stored for 10 years after the end of the contract. In the absence of a contract, the data relating to the communication will be kept for 3 years after the relevant data submission.
In individual cases, in accordance with the requirements of the applicable legislation, your personal data may be stored for a longer period. |
3.2. Direct communication
| Purpose | Managing your enquiries to the Company by email or telephone and other direct communication. |
| Data subjects | Persons making enquiries to the Company by email or telephone or otherwise communicating directly with the Company. |
| Personal data | ¨ General personal data (name, surname, position held, entity represented);
¨ contact details (email, phone number, other contact details) ¨ communication with the Company and its content. |
| Legal basis | Our legitimate interest in processing your request and providing you with accurate and complete information about our activities or other matters of interest to you (Article 6(1)(f) of the GDPR). |
| Storage | The data is stored for 3 years after your request. In individual cases, in accordance with the requirements of the applicable legislation, your personal data may be stored for a longer period. |
3.3. Selection for vacancies in the Company
| Purpose | Selection of candidates for positions offered by the Company. |
| Data subjects | Candidates |
| Personal data | ¨ General personal data (name, surname, date of birth);
¨ contact details (email, phone number, other contact details) ¨ Other information in your CV . |
| Legal basis | Consent – Article 6(1)(a) GDPR |
| Storage | The data shall be destroyed within 90 days after the end of the selection, unless the candidate has given a separate consent to participate in further selections of the Company. |
3.4. Social networks
| Purpose | Company social media accounts and communication with social media users. |
| Data subjects | ¨ Users of social networks (Facebook, LinkedIn) communicating with the Company’s accounts, submitting enquiry forms. |
| Personal data | ¨ social network profile name or name;
¨ Profile photo; ¨ public comments and other interactions with the Company’s social media accounts; ¨ the content of the correspondence, if any. |
| Legal basis | Our legitimate interest in communicating with social media users on our accounts/groups and providing information to our customers in a way that is convenient for them (Article 6(1)(f) of GDPR). |
| Storage | Given that the Company does not administer the above social networks, but only its own account on them, and acts as a joint data controller with the companies that administer the above social networks, we invite you to read the information about the storage of your personal data in the privacy documents of these social networks. |
3.5. Administration of payments
| Purpose | Ensuring the correct administration of accounts. |
| Data subjects | ¨ The company’s customers |
| Personal data | ¨ name, surname;
¨ address, email, phone number; ¨ payment details. |
| Legal basis | Legal obligation (Article 6(1)(c) GDPR) |
| Storage | 10 years. |
3.6. Debt management
| Purpose | Debt administration |
| Data subjects | ¨ The company’s customers |
| Personal data | ¨ name, surname;
¨ the amount of the debt; ¨ personal identification number or date of birth; ¨ registration and facility addresses; ¨ phone number, email; ¨ contact details for the legal entity (name, surname, title, contact details). |
| Legal basis | Performance of a contract with you (Article 6(1)(b) GDPR), legal obligation (Article 6(1)(c) GDPR). |
| Storage | 10 years. |
3.7 Claims / claims management.
| Purpose | Claims / claims management |
| Data subjects | ¨ Persons involved in the insured event |
| Personal data | ¨ name, surname;
¨ current account; ¨ phone, email; ¨ information on damaged property; ¨ other information needed to administer the insured event. |
| Legal basis | A legal obligation (Article 6(1)(c) GDPR). |
| Storage | 10 years. |
3.8. Self-service administration of customer accounts
| Purpose | Self-service administration of customer accounts |
| Data subjects | ¨ The company’s customers |
| Personal data | ¨ name, surname;
¨ phone number; ¨ payment history of submitted invoices. |
| Legal basis | Performance of a contract with you (Article 6(1)(b) GDPR). |
| Storage | 5 years after the last login to the Self-Service. |
3.9 Handling customer / third party requests, violations, complaints.
| Purpose | Dealing with customer/third party requests, breaches, complaints. |
| Data subjects | ¨ The company’s customers;
¨ third parties; |
| Personal data | ¨ social network profile name or name;
¨ Profile photo; ¨ public comments and other interactions with the Company’s social media accounts; ¨ the content of the correspondence, if any. |
| Legal basis | Legal obligation (Article 6(1)(c) GDPR), our legitimate interest to process the requests we receive (Article 6(1)(f) GDPR). |
| Storage | 5 years from the date of receipt of the application. |
3.10. Recording telephone conversations.
| Purpose | Ensuring the quality and control of the services provided. |
| Data subjects | ¨ people contacting the Company by general telephone. |
| Personal data | ¨ the data and information provided during the call. |
| Legal basis | Your consent (Article 6(1)(a) GDPR). |
| Storage | 1 year |
3.11. Direct marketing.
| Purpose | Sending marketing communications, such as promotional messages and information about discounts, evaluating your market, customers, services (including collecting your opinion about services and organising customer surveys), sending newsletters. |
| Data subjects | ¨ The company’s customers;
¨ Other third parties. |
| Personal data | ¨ Name;
¨ phone number, email address. |
| Legal basis | Our legitimate interest in offering our services to existing customers and/or seeking their opinion (Article 6(1)(f) GDPR).
Your consent (Article 6(1)(a) GDPR). |
| Storage | 12 months from the last purchase of the Company’s service, where the notifications are sent on the basis of the Company’s legitimate interest.
Until the withdrawal of consent, when communications are sent on the basis of your consent. |
3.12. Video surveillance of the Company’s premises and territory.
| Purpose | Video surveillance to protect company assets and prevent crime |
| Data subjects | ¨ persons entering the Company’s video surveillance area. |
| Personal data | ¨ Image, behaviour |
| Legal basis | Our legitimate interest (Article 6(1)(f) GDPR). |
| Storage | Up to 60 days |
3.13. Video surveillance using video cameras on the Company’s refuse trucks.
| Purpose | To record the provision of a good quality of service, the actual situation around the waste collection sites in relation to the provision of services and/or activities, to ensure the protection of property (in relation to possible damage, indemnity). |
| Data subjects | ¨ persons entering the Company’s video surveillance area. |
| Personal data | ¨ Image, behaviour. |
| Legal basis | Our legitimate interest (Article 6(1)(f) GDPR). |
| Storage | 3 months. |
3.14. Website features and cookies
When you visit the Company’s Website, we process your IP address, network and location data when you provide it. This data is collected through the use of cookies and other similar technologies. For more information about the cookies used on the Website, please see our Cookie Policy at https://ecoservice.lt/ecoservice-slapuku-politika/.
3.15. Legal requirements and dispute resolution
All of the above personal data may be processed by the Company for the purpose of asserting, exercising or defending legal claims. For this purpose, we will process the personal data on the basis of our legitimate interest to assert, exercise or defend legal claims (Article 6(1)(f) GDPR). We will process it for this purpose until the end of the relevant legal proceedings (e.g. settlement of a claim, entry into force of a court or arbitration award) and for a further 1 year.
- Who is your data disclosed to?
Your personal data may only be accessible to a limited number of our employees and our Company providers of consulting/auditing/legal and other services, and only to the extent necessary for the proper processing of your personal data, all of whom will be subject to strict requirements for the protection of confidential information.
We may also transfer or provide access to your data:
- entities entitled to receive information in accordance with legal requirements (e.g. courts, state and municipal authorities, etc.), only to the extent necessary for the proper enforcement of the applicable legal requirements.
The Company does not transfer your personal data to third countries (outside the EU/EEA) unless it is deemed necessary. The Company may transfer your personal data outside the EU/EEA if your explicit consent is obtained or if it is necessary and appropriate safeguards will be in place in accordance with GDPR.
- Security of your personal data
Your personal data is processed in accordance with the GDPR, the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal requirements. When processing your personal data, we implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing.
Although the Company strives to protect the personal data it processes, please understand that the Company cannot guarantee or warrant the complete security of any information you transmit to us, as modern technology cannot provide a secure method of transmission or storage in all cases. The Company reserves the right to adapt new security technologies where necessary and to temporarily restrict the provision of services in the event of suspected security breaches.
- Your rights
We guarantee the exercise of these rights upon your request:
- Right of access to your personal data – you have the right to ask the Company to confirm whether or not personal data relating to you is being processed and, if such personal data is being processed, you have the right to access and obtain information about the personal data.
- Right to rectification – You have the right to request that the Company rectify inaccurate or incomplete personal data concerning you.
- The right to erasure (“right to be forgotten”) – this right is not absolute and can only be exercised in cases where: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed. The right is exercisable where you withdraw your consent and there is no other legal basis for processing your personal data and there are no overriding legitimate reasons for processing your personal data.
- Right to request restriction of processing – You may request restriction of the processing of your personal data only on the following grounds: you contest the accuracy of the data for a period of time during which we can verify the accuracy of your personal data. The processing of your personal data is unlawful and you do not consent to the erasure of your data and instead request that we restrict its use. We do not need your data for the purposes of processing it, but we do need it for you to assert, exercise or defend legal claims. Where the processing of your personal data is restricted, we may only process such personal data, other than for storage, with your consent or for the establishment, exercise or defence of legal claims and/or to protect your rights or the rights of another person or for reasons of public interest.
- The right to data portability – this right can only be exercised where the processing is carried out by automated means and where it is technically feasible to do so.
- Right to object to processing – You have the right to object at any time to the processing of your personal data on the grounds of legitimate interest of the Company. In this case, the Company will not process your personal data unless it can demonstrate legitimate grounds for processing your personal data which override your interests, rights and freedoms or are necessary for the establishment, exercise or defence of legal claims.
- Right to withdraw consent – if your personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent carried out before the withdrawal of consent.
You can exercise your rights in one of the following ways:
- by sending us a free-form application toduomenuapsauga@ecoservice.lt . The application must be signed with an electronic signature.
- by sending the application by registered post to Gariūnų g. 71, Vilnius. The application must be signed. A copy of your identity document certified by a notary public must be attached to the application.
The request must be legible, signed and contain the name, surname, place of residence or e-mail address of the data subject to whom the reply is requested. It shall also indicate which of the data subject’s rights the data subject wishes to exercise and to what extent.
We will respond to your request no later than 30 (thirty) calendar days from the date of receipt of your request. In exceptional cases requiring additional time, we shall be entitled, upon notice to you, to extend the time limit for the provision of the requested data or for the processing of any other requirements set out in your request by up to 60 (sixty) calendar days from the date of your request.
Upon receipt of your request, we will respond to you no later than 30 calendar days after we receive your request and all the documents necessary to respond.
You can complain about our actions and decisions to the competent supervisory authority, the State Data Protection Inspectorate (www.vdai.lt). However, we recommend that you contact us before making a formal complaint so that we can find a suitable solution to the problem.
If you have any requests or questions about the processing of your data, please contact us at duomenuapsauga@ecoservice.lt.
- Information about the website and its owners
The Website, the material, code, design, domain name of the Website, all copyrights, trademarks, service marks, databases, names and other intellectual property or other intellectual property rights relating to the Website, social networking accounts, distributed through digital marketing channels and/or materials contained therein are wholly owned by the Company, with the exception of intellectual property (trademarks, logos, etc.) relating to the Company’s partners or suppliers, and are protected by national and international intellectual property protection laws and regulations.
You may not, without the express permission of the Company, copy, fix, reproduce, perform, display, publish, transmit, sell, process, process, display, license, modify, republish, edit, broadcast, retransmit or otherwise publish, publicly display or perform, adapt, distribute or exploit in any form or by any means whatsoever, any material contained on the Website or the source code, or any part thereof, or any derivative works based on any of it, without the Company’s express permission.
- Changes to the Privacy Policy
The Company has the right to change this Privacy Policy at its sole discretion. A notice to that effect will be posted on the Website.
This Privacy Policy was last updated on 30 May 2025.