Privacy statement

This privacy statement (hereinafter referred to in the text as - “the Statement”) provides information about how SIA Ignitis Latvija, Reg. No. 40103642991, registered office: Gustava Zemgala gatve 74A, LV-1039, Riga, Latvia (hereinafter referred to in the text as - “the Company”) processes personal data.

The provisions of the Statement shall apply to natural persons, whose personal data are processed by the Company:

i. customers or customer representatives (hereinafter referred to in the text as - “the Customer Representative”) whose personal data are processed because the Customer (hereinafter referred to in the text as - “the Customer”) uses, has used, has expressed a wish to use or is otherwise related to the services provided by the Company;

ii. persons who wish to receive support of a protected customer under an electricity contract entered by another person and apply to the Company for support as a sub-user.

iii. persons charging electric vehicles at Ignitis charging stations and using the Ignitis ON Electric vehicle charging services’ application (“the Application”).

iv. Ignitis ON (electric vehicle charging service) partners or representatives of partners (hereinafter referred to in the text as - “the Partner”).

v. persons applying to the Company by submitting applications, requests directly or by means of distance communication, including phone, e-mail, etc.;

vi. persons visiting the Company's website, etc.

This Statement contains general provisions. Additional information regarding the processing of personal data by the Company can be provided in company contracts, other documents, the website www.ingnitis.lv, or via remote customer service channels (phone, e-mail, etc.).

The Company will notify of any amendments to this notice by publishing them on the Company's website. In case of significant amendments, the Company will also notify individuals about such amendments in other ways, for example by e-mail or otherwise (e.g., by publishing them in the press).

Definitions

In this Privacy statement, terms and abbreviations have the following meanings:

“Personal data” means any information on an identified or identifiable natural person (e.g., name, surname,contact information, etc.).

“Natural person” (data subject) means the person whose data are processed (e.g., a Customer, a Customer representative or employees of the Company’s suppliers, persons who contact the Company by submitting applications or claims, users of the Company's website, etc.).

“Data processing” means any activity carried out using personal data (e.g., registration, storage, granting of access, transfer, etc.).

“Services” means all goods and services provided by the Company.

Other terms used in this Statement are interpreted as defined in the legislation governing the protection of personal data, General Data Protection Regulation (EU) 2016/679 (“the Regulation”), the Law on the Processing of Personal Data of the Republic of Latvia and other legislation.

Purpose and legal rationale for the processing of personal data

The Company shall process personal data only in certain specific cases, for example based on the legal rationale stipulated in laws and regulations, where the processing of data is necessary for the conclusion and/or performance of a contract concluded with a person, the person has consented to the processing of his data for one or more specific purposes, the Company must process personal data in order to comply with the legal requirements or the personal data must be processed for the legitimate interests of the Company.

The main objectives that the Company wishes to achieve when processing personal data. Data categories processed.

We process different types of personal data that depend heavily on the services you use as a data subject or the activities performed by data subjects themselves. It is necessary to process your personal data for the provision of our services in accordance with the requirements of laws and regulations and for the performance of other functions. For example, your personal data may be processed for the following reasons:

i. Performance of the functions of electricity and gas suppliers specified in legislation

Objective: The Company processes personal data in the performance of its functions and responsibilities in relation to customers and exercising its rights under law as an electricity and gas supplier.

Personal data processed:

identification data: name, surname, personal identity code no.;
contact information: declared address of residence, correspondence address, phone number, e-mail address;
data related to the contract and implementation thereof, as well as the fulfilment of obligations specified in laws and regulations, etc.

ii. Preparation of commercial offers

Objective: The Company processes personal data to provide the Customer with a commercial offer for the services that the Customer wishes to purchase.

Personal data processed:

identification data: name, surname, personal identity code no.;
contact information: declared address of residence, correspondence address, phone number, e-mail address;
information on services of interest;
data from prior communication or requests;
technical information, if necessary (e.g., the site address or specification of the service).

iii. Provision of services and conclusion and fulfilment of contracts

Objective: The Company processes personal data to ensure the proper conclusion and execution of contracts with customers, the provision of services or the delivery of goods to customers on a contractual basis, including in order to provide protected customer support and, on the basis of the requirements of the contract or legislation, to properly provide the Customer with information on matters relating to goods, services and the contract.

Personal data processed:

identification data: name, surname, personal identity code no.;
contact information: declared address of residence, correspondence address, phone number, e-mail address;
data related to the contract with the Customer/Partner and its performance: address of the installation/address of the parking lot, information regarding the contract entered into (plan, tariffs, rent), information regarding meter readings, information regarding the consumption of electricity or natural gas, information regarding the invoiced (amount, date, information related to payment of invoices (fact, amount, date of payment of invoice);
data related to the provision of protected customer support, such as the name, surname, personal identity code no. of the protected customer applied for the support, information regarding the reduction of the payment granted, information regarding the number and address of the contract to which reduction of payment has been applied, contact information, category of the protected user and other information provided in the personal application.

iv. Compliance and quality assurance

Objective: In order to ensure compliance with applicable laws and regulations and internal regulatory documents such as conflict of interest prevention, research of cooperation partners, verification of economic and financial sanctions, ensuring compliance of supply chains and fulfilling quality control requirements. Such activities are essential for the Company to comply with legal requirements while effectively managing operational and reputational risks.

Personal data processed:

collaborative research information that includes information in our possession about potential or existing business partners. These data may also be obtained from publicly available sources such as the media, public registers or databases;
verification information from lists of sanctions to verify that the customer, its officials, participants or beneficial owners are not included in the lists of sanctions of the European Union, the United Nations, the United Kingdom, the United States of America, or the Republic of Latvia or equivalent lists. At the same time, evaluation is conducted as to whether the persons concerned are related to activities which could indicate participation in money laundering, financing terrorism or tax evasion. Such processing is essential to prevent or detect money laundering and terrorist financing, as well as to ensure compliance with the Company's internal policies and legal requirements.

v. Monitoring of settlement, creditworthiness assessment and debt management

Objective: In order to ensure effective monitoring of payments, assess the creditworthiness of the customer before or during the term of the contract, as well as to manage debts and take the necessary debt recovery measures. Such processing is essential to enable the Company to assess and manage financial risks, protect its legal interests and ensure the proper fulfilment of service contracts. The scope of the processing of personal data carried out varies depending on whether the customer is a natural or legal person.

Personal data processed:

payment and contract details, including contract number, service type, invoice information, payment dates, amounts and late payment facts, as well as information regarding payment reminders and warnings sent;
credit quality assessment data, which may include information from credit bureaux or public registers, as well as the history of financial liabilities;
information on the debt collection process, including the involvement of debt collection service providers and, where applicable, information about litigation or enforcement cases.

vi. Conclusion and fulfilment of contracts in with Ignitis ON partners and customers

Objective: The Company processes personal data to enter and execute contracts with Ignitis ON partners and customers in.

Personal data processed:

name, surname, personal identity code no., contact information;
contents of the contract, specification of services, conditions, etc.

vii. Provision of electric vehicle charging services and their related Application to Customers

Objective: The Company processes personal data to ensure the provision of appropriate electric vehicle charging services to the Customer and to provide the Customer with the opportunity to obtain information related to the charging of its electric vehicle and to make payment conveniently.

Personal data processed: data related to the provision of electric vehicle charging services and to the use of the application, such as information regarding the charging of the Customer's electric vehicle, information regarding payments, information provided by the person when creating an account in the application and using the application.

viii. Review of requests

Objective: The Company processes personal data by examining and resolving submitted questions and complaints based on contractual, consent or legal requirements.

Personal data processed:

identification and contact information, such as name, e-mail address, phone number, address or customer identification number, to ensure communication and linking of the request to the customer;
contract details where the request relates to an existing or prior contract, including information about services used, invoices, billing status or history of service provision;
the content of the request, including the text of the submission, question or complaint, as well as the answers and communication records performed by the Company, which are necessary to document communication and ensure quality;
attached documents submitted, if provided as part of the request (e.g., copies of invoices, contract statements, screenshots, etc.).

ix. Direct marketing

Objective: The Company can process personal data by providing customers with offers and updates regarding the services provided, as well as information about ongoing events based on the Customer's consent or other legal reasons. The Company can process e-mail communication data to manage customer feeds across Customer Service channels and evaluate the effectiveness of e-mail communications.

Personal data processed:

identification and contact information such as name, e-mail address, phone number;
marketing communications data, such as the fact of the sending of a marketing message, opening it, clicks on links;
data on the use of the services, including information about the services chosen by the customer, the frequency, duration of their use or interest in specific products, if such information is necessary for the making of offers;
interest and preference data, if provided (e.g., selected topics, service categories, preferred communication channels, participation in campaigns or events).

x. Video surveillance

Objective: In order to ensure the security of its employees, customers and other persons entering the field of vision of video surveillance equipment, as well as of its property and equipment, the Company shall implement video surveillance based on legitimate interests. Video surveillance may be carried out at Ignitis electric vehicle charging stations. A warning will be provided regarding the performance of video surveillance at the specific electric vehicle charging stations via the video surveillance sign.

Personal data processed: video surveillance records.

xi. Recording of phone conversations

Objective: The Company can process personal data by recording phone conversations with customers to provide evidence of the conclusion of a contract, its amendment or enforcement, as well as ensuring the quality of customer service and protecting the rights of the parties. You will definitely be informed about the recording of a conversation via a voice message.

Personal data processed: voice recording (audio recording), date, time and duration of the call, incoming or outgoing phone number, as well as information provided during the call, such as first name, surname, personal identity code no., contract number, address, contact information or other information provided voluntarily by the customer during the call.

xii. Selection of candidates

Objective: When a person applies for a job with the Company, the Company receives, processes and stores a range of personal data in order to fulfil the hiring requirements as well as those stipulated in laws and regulations.

Processed personal data: job candidates' data, such as data from candidates' CVs, application letters, e-mails provided by the candidate.

xiii. Processing cookies

Objective: To improve the functionality of the website, keep it functioning, and tailor your user experience to your individual usage habits. Cookies are also used to obtain statistics about users' interaction with the site, and to display personalised content, marketing materials, and offers based on the user's activity on the website.

Personal data processed: information collected through cookies such as the IP address, device type, browser settings, visit date and time, site usage habits, and actions. Detailed information about the cookies used and options how to opt out of them can be found in our cookie policy.

xiv. Fulfilment of legal obligations, enforcement of rights and other legitimate objectives

Objective: The Company processes personal data in order to provide information to state institutions (e.g., to the State Revenue Service, law enforcement institutions, supervisory authorities) in the cases provided for in the law, as well as to exercise its legitimate interests in legal proceedings, the review of complaints or in other legal processes.

The Company may also process personal data for other purposes if it has obtained the consent of the person, is obliged to process personal data in compliance with legislative requirements or is entitled to process data on the basis of the Company’s legitimate interests.

Personal data processed: Depending on the specific data processing objective.

In all the aforementioned cases, the Company shall process personal data only to the extent necessary to achieve the relevant clearly defined legitimate objectives in accordance with the requirements for the protection of personal data.

Receiving personal data

The Company processes personal data that individuals provide themselves or that it receives from other sources, such as public or private registers and data information systems, to the extent necessary on the basis of a contract, consent, law or the Company’s legitimate interests. In certain cases, we may receive data from partners or state institutions, etc.

Data can also be obtained via video surveillance cameras at Ignitis electric vehicle charging stations. The acquisition of data shall also take place by means of recordings of phone conversations in cases where the conversations are recorded.

Data are also collected by cookies and similar techniques using methods consistent with those permitted by legislation. The use of cookies is explained in the Company's cookie policy.

Data may be collected and updated on the basis of the information exchange rules applicable in the electricity and gas markets.

Provision of personal data

The Company is entitled to transfer processed personal data to the recipients of the following categories in accordance with the requirements of the law:

- Staff and agents. Personal data may be made available to employees or authorised persons of the Company who process such data on behalf of the Company only to the extent and for the purposes of processing resulting from their duties and competences.

- Customer Agents. The Company may provide information to the Customer’s agents (e.g., a family member or legal representative) if the relevant authorisation is received.

- Energy system operators. The Company may transfer personal data (identification data,contact information related to the provision of services and other necessary data) for the purposes of guaranteeing the supply of electricity and gas, accounting for transported gas, loss detection and compensation, ensuring reliability and technical security of energy systems, emergency management and other legitimate purposes in accordance with the requirements of the applicable laws and regulations.

- Protected customer data information system manager. The Company may transfer data to a protected customer data information system managed by the State Construction Control Bureau, which ensures the granting and revocation of protected user status.

- Service providers. The Company is entitled to transfer processed personal data to third parties acting on behalf of the Company, which provide the Company with customer service, software support, accounting, legal and other services to ensure the proper provision, management and development of the Company's services. In such cases, the Company shall take all reasonable steps to ensure that contracted service providers (including data controllers) process the personal data provided only for the purposes for which the data were provided, providing adequate technical and organisational safeguards in accordance with the Company's instructions and the requirements of the applicable legislation.

- Law enforcement and other responsible or supervisory authorities. The Company may provide processed personal data to state institutions or law enforcement agencies, as well as to supervisory authorities, if this is compulsory in accordance with current laws and regulations or in order to ensure the Company’s rights or the security of its customers, employees and property.

- Banks. Personal data may be transferred to financial institutions (banks, payment institutions) in order to secure payments.

- Debt collection companies. As regards debt obligations, personal data may be transferred to debt recovery companies in order to ensure the recovery of the debt in the course of legal proceedings.

- Credit information bureaux. The Company may provide certain personal data to credit bureaux in accordance with the procedures specified in laws and regulations, for example, in order to assess solvency or to inform regarding the existence of debts.

- Group companies. Personal data may be transferred to companies that are part of the same group as the Company where this is necessary for administrative or customer service purposes, such as the provision of shared services or the provision of a consistent customer experience.

- Other third parties. The Company may provide personal data to other recipients on the basis of legal grounds stipulated by law.

Data storage

The Company shall process personal data in accordance with the following rules:

they are kept for as long as necessary in order to fulfil the duties stipulated in laws and regulations;
if personal data are processed based on your consent and stored as long as this consent is valid and has not been revoked;
Personal data shall be retained for as long as necessary in order to achieve the stated purpose of processing and in accordance with legitimate interests (e.g., examination of claims, protection of rights, resolution of issues, observance of the limitation period for bringing a claim, etc.)

Data relating to contracts concluded with customers and partners (legal entities) shall be stored for the duration of the contract and for 5 years after the end of the contract. Data relating to contracts concluded with Customers and Partners (natural persons) shall be stored for the duration of the contract and for 10 years after the expiry of the contract.

Video surveillance data is stored for 30 days. If illegal offences have been ascertained and video recordings are necessary for the discovery thereof, data shall be stored for as long as it is necessary for the investigation of the criminal offence in accordance with the applicable laws and regulations.

Records of phone conversations shall be stored for the entire duration of the electricity service provision contract and for 3 years after termination of the contract.

Data relating to direct marketing shall be stored for 5 years from the granting of consent or until withdrawal of consent.

Applicable security measures

The Company shall ensure the confidentiality of personal data in accordance with legal requirements and shall apply appropriate technical and organisational measures aimed at protecting personal data against unlawful access, disclosure, accidental loss, alteration, destruction or other unlawful processing.

Transfer of personal data outside the EU/EEA

The Company shall endeavour to process personal data within the European Union (EU) and the European Economic area (EEA) in so far as this is possible. However, in certain cases, such as the collection of website visit statistics and marketing purposes, the Company may use third-party cookies (such as from Google or Matt). Information generated by such cookies may be transmitted and stored on servers outside the EU/EEA, including in countries for which the European Commission has not decided on a adequate level of personal data protection. In such cases, depending on the circumstances, the Company may apply one or more of the protection mechanisms provided for in the Regulation, such as: – standard data protection clauses approved by the European Commission.

Personal rights

A person who applies to the Company to exercise his rights and whose identity is verified by the Company shall be entitled to:

a. access their personal data processed by the Company;

b. correct their incorrect, incomplete, inaccurate personal data;

c. require the destruction of personal data or the suspension of the processing of personal data if this is done in breach of the requirements of the applicable laws and regulations;

d. receive personal data provided by a person in a structured, widely used and machine-readable format;

e. require the deletion of personal data processed by the Company where personal data are processed in breach of the requirements of the applicable law or the personal data are no longer necessary for the purposes for which the data have been collected or otherwise processed;

f. restrict the processing of their personal data in accordance with applicable law, for example for the period during which the Company will assess whether the person has the right to request the deletion of his or her personal data;

g. disagree with the processing of personal data and/or revoke the consent given to the processing of personal data. Withdrawal of consent shall not affect the lawfulness of the processing of personal data until consent is revoked;

h. not to be subject only to automated decision-making, including profiling, where it has legal effects or similar significant effects on a person, as well as the right to require the involvement of a person in the decision-making process, to express his or her views or to oppose such a decision, in accordance with Article 22 of the Regulation;

i. A person is entitled to submit a claim to a court or a complaint to a supervisory authority - the Latvian Data State Inspectorate, if he or she deems that the processing of his or her personal data is in contradiction with the applicable laws.

Automated decision-making

We can use automated decision making and profiling, such as:

preparing personalised offers and statements based on your service usage habits;
under the aegis of payment monitoring, creditworthiness assessment and debt management;
ensuring and improving the quality of services, for example by optimising the consumption of electricity or other resources.

Such processes help us provide you with more relevant and convenient services. You are entitled to oppose automated decision-making and require a person to participate in the assessment of the decision.

Exercising of the rights of natural persons

Persons may submit an application for this notification or processing of personal data in the Company in writing by e-mail to: [email protected], +371 2 000 50 95 or in writing to the following address: Gustava Zemgala gatve 74A, LV-1039, Riga, Latvia.

In order to exercise his or her rights, a person shall submit a written request to the Company in person, by post, through a representative or by electronic means. The request must be legible, signed by the person, contain the name of the person, address of residence and contact information for communication, information on the reasons, rights and extent to which the person wishes to exercise, and information on the manner in which the person wishes to receive a reply.

When submitting a request, the person shall certify his or her identity:

- if the request is made directly, the person must present a personal identification document;

- if the request is submitted by post, a notarised copy of the personal identification document shall be appended to the request;

- if the request is submitted through a representative, the representative shall provide his or her name and surname, as well as contact information for the communication by which the representative of the natural person wishes to receive a reply, and the name, surname and personal identity code no. of the represented person, and present a notarially approved copy of the personal identification document and a certified copy of the representation document in accordance with specified procedures;

- if the request is submitted by electronic means, the request shall be signed with a qualified electronic signature or drawn up by electronic means enabling the integrity and unalterability of the text to be ensured.

No later than one month from the date of receipt of the request, the Company shall provide the person with a reply indicating the actions taken after receipt of the request in accordance with Articles 15 to 22 of the Regulation. This period may be extended, if necessary, by a further two months, taking into account the complexity of the request and the number of requests under consideration. Within one month of receipt of the request, the Company shall inform the person of the extension of the time limit for examining the request, together with the reasons for the extension.

The Company has the right to refuse to provide the person with the information requested by it:

if it is not clearly worded;
if we cannot identify you;
if we have already replied to such a request;
if the amount of information requested is disproportionate;
if the request is unjustified (not applicable to our company, no explanation has been given as to why the request should be fulfilled);
if laws and regulations stipulate that we are not entitled to provide you with such information or we are obliged to store certain of your data.

In accordance with the data subject’s right to become acquainted with his personal data, the Company:

is entitled to ask the person to clarify the request when a large amount of data is processed,
it may provide information only to the extent that this does not infringe the rights of others, if the data are also related to third parties.

If you have any concerns about how we use your personal data, you may submit a complaint to us. If you believe that we have processed your data inappropriately, you have the right to lodge a complaint with the supervisory authority. In Latvia, this is the Data State Inspectorate. The contact information of all EU supervisory institutions is available here.