This Privacy Policy (hereinafter referred to as the “Policy”) regulates personal data processing by ERGO, as a data controller, both by automated and non-automated means.
This Policy is designated to persons who use or intend to use ERGO services or visit the websites www.ergo.lt, www.online.ergo.lt, www.mano.ergo.lt.
Personal data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
To fulfil our obligations to you, as our client, we need certain personal data about you taking into consideration the type of insurance.
 

ERGO processes the following main categories of personal data (the list is not exhaustive):
 

1. the main information which identifies you as a client (name, surname, personal identification code or date of birth, address, email, phone number);
2. details about insurance objects and signed insurance contracts;
3. details about other participants of insurance relationship (the insured, the beneficiaries, the victims);
4. details about insured events;
5. financial details (account number, paid insurance premiums, etc.);
6. communication and customer service information (log in details and other information about surfing on ERGO’s website and self-service portal; phone call records, correspondence with ERGO, etc.);
7. health data (hereinafter referred to collectively as personal data).
    

ERGO will collect and further process your personal data only in cases and only for purposes which are necessary to achieve the purposes for which it is processed. First, we use our customers’ personal data with the aim to provide insurance services and carry out all related actions, i.e.:
 

1. to identify you;
2. for the purpose of putting forward a proposal to sign an insurance contract with ERGO;
3. for the purpose of preserving evidence about addressing us with regard to signing an insurance contract;
4. for the purposes of conclusion, amendment, administration and implementation of insurance contracts;
5. for the purpose of insurance risk assessment;
6. for the purpose of calculation of an insurance premium;
7. for the purposes of investigation of insured events and identification of circumstances of insured events;
8. for the purposes of determining the amount of insurance benefits and their payment.    

We also collect and further process your personal data for the purpose of direct marketing (with your separate consent); for recording phone calls so as to have evidence of concluding and implementing insurance contracts by phone, to administer insurance claims, for the purpose of evaluating quality of ERGO services; for the purposes of prevention and investigation of financial and insurance crimes, corruption, violations of corporate rules of conduct, any other illegal actions as well as for any other legal purposes.

ERGO informs you about a phone call being recorded at the beginning of a phone call and, if you disagree with the phone call being recorded, you can always address ERGO in any other way (email, ERGO self-service portal mano.ergo.lt or ERGO customer service office).
By providing ERGO with your personal data, you confirm that you commit to observe the provisions of this Privacy Policy (except for the actions of data processing which require your separate consent). The provisions of the Privacy Policy can be familiarised with repeatedly at any time on the website of ERGO.

ERGO processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “Regulation (EU) 2016/679”), the Republic of Lithuania Law on Legal Protection of Personal Data, the Republic of Lithuania Law on Electronic Communications and other regulations which regulate personal data processing and protection and instructions by data protection supervisors.
 

ERGO collects and further processes your personal data only in a legitimate, honest and transparent manner so as to conclude and/ or implement the insurance contract signed with you on the basis of your consent, where ERGO is obliged to process personal data by corresponding legal acts, when processing of data is necessary in order to protect vital interests of the Data Subject and where personal data processing is required for legitimate interest of ERGO (only if it is not overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data).
Usually the legal basis for personal data processing is an insurance contract signed with ERGO (or a request to conclude an insurance contract). Personal data can also be processed on the basis of a consent (for instance, for the purposes of direct marketing). Consent shall be given of free will, it shall be specific and unambiguous as well as appropriately inform about specific purpose(s) of personal data processing.
 

ERGO, inter alia, adheres to the following key principles of personal data processing:
 

1. personal data is processed lawfully, fairly and in a transparent manner;
2. personal data is collected for specified, explicit and legitimate purposes and is not further processed in a manner that is incompatible with those purposes;
3. personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
4. personal data is accurate and, where necessary, kept up to date;
5. personal data is stored no longer than is necessary for the purposes for which the personal data is processed or is required by the Data Subject and/or provided for by legislation;
6. personal data is processed in a secure manner, using appropriate technical and organisational measures which ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage;
7. personal data is processed by those ERGO staff members who have been given such right based on their functions at work or by processors on the basis of signed agreements.
    

ERGO clients or potential customers are responsible for the provision of accurate, correct and exhaustive personal data to ERGO. Should any of the provided personal data change, clients must immediately notify ERGO thereof. ERGO will not be held liable for any damage caused to a person and/or third parties in cases where clients or potential clients provided inaccurate, incorrect and/or incomplete personal data or did not apply with regard to data supplement and/or rectification when data changes.

ERGO usually receives personal data from its clients after a request of an established form is submitted or after a notification about an event which might be recognised as an insured event is lodged.
 

In other cases, e.g., with the aim to assess insurance risk, to investigate, to identify the circumstances of events which might be recognised insured events and to determine the amount of insurance benefit, we provide and collect your personal data from other sources, i.e. from state registers (State Enterprise Centre of Registers, Residents’ Register Service, State Enterprise Regitra, Motor Insurers’ Bureau of the Republic of Lithuania), physicians, hospitals and other health care and nursing as well as medical expertise institutions and services in the territory of the Republic of Lithuania and other countries, which according to legal acts have to recognise disability and physical performance, also from forensic experts, specialists, expert physicians, law enforcement authorities, state social insurance and mandatory health insurance authorities, fire services, emergency services, multi-apartment buildings’ administrators, multi-apartment buildings’ associations, independent experts, other natural and legal persons.
 

We apply extremely strict requirements for the access to health data. ERGO collects and provides its clients’ health data to other persons only where a written consent by the client is available.

ERGO assumes the obligation of confidentiality with respect to its clients and potential clients. Personal data may be disclosed to third parties, if this is required for the conclusion or implementation of an insurance contract or for any other lawful reasons. Information may also be provided to other parties at your request or taking into consideration your contractual obligations to other parties, e.g., banks or other financial institutions.
 

We may disclose your personal data to processors which render their services to us (carry out works) and process your personal data on behalf of ERGO, as a data controller, having signed data processing agreements with them before the provision of services.
 

Data processors have the right to process personal data solely following our directions and to the extent to which it is necessary to fulfil the contractual obligations in an appropriate manner. ERGO uses only those processors which provide sufficient guarantees that the implementation of appropriate technical and organisational measures will be carried out in a manner which meets the requirements of Regulation (EU) 2016/679 and ensures the protection of Data Subject’s rights. The following are the categories of data processors (the list is non-exhaustive):
 

1. insurance intermediaries – those, which process personal data so as to sign insurance contracts with clients and administer them;
2. insurance claims’ administration partners – those, which process personal data so as to record damage, evaluate it, ensure expert assessment and organise medical, financial, legal and any other aid abroad;
3. information technology companies – those, which process personal data so as to ensure the development, improvement/ update and support of information systems;
4. re-insurance companies – those, which process personal data so as to re-insure insurance risks covered by ERGO;
5. enterprises – those, which process personal data so as to render ERGO customer services and other value added (administration) services;
6. enterprises – those, which process personal data so as to provide ERGO with document scanning, archival documents’ (archives’) management and storage services.
    

ERGO may also provide client details in response to court, law enforcement or state institutions’ requests to the extent to which it is necessary to properly comply with the applicable legislation, directions by state authorities, also disclose personal data to companies which engage in debt recovery with regard to recovery of unpaid insurance premiums from the policyholder, also to other data recipients with the Data Subject’s consent or at the Data Subject’s request.
 

In some cases (only having legal basis) ERGO may provide or receive your personal data (including health-related data) to/ from another ERGO group company and/ or its branches. These cases could be for example, for the provision of insurance services, customer service with the purpose of direct marketing, complaints management, implementation of ERGO group supervision, ERGO group standards implementation.
 

Your personal data generally are processed within the territory of the European Union and European Economic Area. However, in some cases ERGO may transfer your personal data outside of the European Union and European Economic Area (e.g. when insured event happens in other country and ERGO is obliged to collect evidences). In cases, when personal data transfer outside European Union and European Economic Area is necessary, it is performed in accordance with requirements of the Regulation (EU) 2016/679.

Personal data held by ERGO is processed no longer than needed for the purposes for which personal data is processed or is required by the Data Subjects and/or provided for in legislation.
 

Personal data collected by us for the purpose of conclusion, amendment, administration and implementation of insurance contracts, evaluation of insurance risk, investigation of insured events, identification of circumstances of insured events, determination of the amount of insurance premiums and payment is stored in the format of hardcopy documents and in our information systems. Personal data is usually processed for the aforementioned purposes 10 (ten) years after the expiry of contractual relationship. As practice shows, normally personal data is stored as long as any reasoned claims might arise out of contractual relationship. Personal data which is no longer needed is destroyed (erased).
 

Although you can terminate an insurance contract and refuse from our services, we will have to continue storing your personal data for the reason that in the future some claims might arise, thus we will store your personal data until data storage period expires.

Information is stored also for the reason that, where necessary, we could provide you with the required information so as to have proper client and ERGO relationship history and to be able to answer any of your questions in relation to your and our cooperation.
 

Your personal data from recording of phone calls is stored for 10 (ten) years for the purpose of being able to provide evidence of conclusion and implementation of insurance contract by phone and to conduct insurance claims’ administration.

We find the assurance of your personal data security very important. To process your personal data ERGO has implemented and will further implement appropriate organisational and technical measures which guarantee proper personal data security, including protection against unauthorised or unlawful personal data processing, against accidental loss, destruction of personal data or damage to it. Security assurance activities carried out by ERGO includes, among other things, the protection of staff, information, IT infrastructure, internal and public networks, office buildings and technical equipment.

You are entitled to the following rights of the Data Subject:

• Right to information and access to personal data
   

You can address us with a request to:

1. confirm that we process your personal data;
2. provide you with a copy of such data;
3. provide information about your processed personal data, for instance, what personal data about you we collect, for what purpose we collect such details and disclose them, whether we transfer this data outside the European Union, what security measures we apply and any other information about your personal data.

• Right to rectification
   

Should you, following the familiarisation with your personal data, identify that your personal data is incorrect, incomplete or inaccurate, and address us, we will check your personal data and, at your request, will rectify inaccurate data and/or supplement incomplete personal data.

• Right to erasure (“right to be forgotten”)
   

You may address us with a request to erase your personal data in the following cases:

1. when such details are no longer needed for the implementation of purposes for which they were collected or processed in any other way;
2. when you withdraw your consent (where the processing of your personal data was based on your consent);
3. when you exercise the right to object to processing of your personal data by us;
4. when you believe that your personal data is processed unlawfully, etc.

We do not have to execute your request to erase your personal data, if the processing of your personal data is necessary so as to fulfil legal obligations imposed in the EU or the Republic of Lithuania legislation, also with the aim to file, satisfy or defend legal claims.

• Right to restriction of processing
   

You may address us with a request to restrict the processing of your personal data, except for storage, where any one of the following cases applies:

1. you contest the accuracy of data for the period during which we can verify the accuracy of your personal data;
2. the processing of your personal data is unlawful, however, you disagree that your personal data was erased and request for restriction of its use instead;
3. your personal data is no longer needed to implement the purposes of personal data processing for which the data was collected, however, it is needed by the Data Subject to file a claim, to satisfy it or to defend its legal claims;
4. you have objected to data processing until it is checked, whether our legitimate reasons override your reasons.

With regard to restriction of data processing and during the period of such restriction, we might not have the possibility/capacity to provide you with our services.

• Right to data portability
   

You can address us with a request to receive personal data related to you which you have supplied
to us in a systematised, normally used and machine readable format, you can also lodge a request
asking us to transfer your personal data to another data controller where it is technically feasible
and when:

1. the processing of your personal data is based on your consent or in implementation of an
   insurance contract concluded with you; and
2. your personal data is processed by use of automated means.

• Right to object
   

You can address us with a request regarding the reasons related to your specific case at any time
and withdraw your consent to process personal data related to you free of charge, when such data
processing is conducted on the basis of your consent or might be required for the implementation of
our vested interests.

Withdrawal of consent has no effect on the lawfulness of processing of your personal data, which is
based on consent, and which was carried out before the withdrawal.

Nevertheless, taking into account the purposes of provision of our services and the balance of lawful
interest of both parties (both yours – as a Data Subject’s, and ours – as a data controller’s), your
objection might mean that after you cancel the processing of your data reasoned by your lawful
interest, we will no longer be able to allow you to use our services.

• Right to individual decision-making, including profiling
   

We may apply profiling with respect to your personal data by having an automated decision made
according to information provided by you so as to assess personal aspects with regard to you in
relation to your health condition, hobbies, behaviour, your location or movement with the aim to
assess insurance risk.

Profiling of your personal data is conducted where this is necessary to conclude or implement an
insurance contract.

Automated decision-making, including profiling, helps ensure that our decisions are adopted fast,
are honest, effective and fair based on information available to us.

ERGO assures that methods of evaluation it uses are periodically examined so as to ensure their
fairness, accuracy, relevance, effectiveness and impartiality.

Following the assessment of insurance risk in an automated manner, an insurance contract concluded
on the basis of this type of assessment may be signed under the terms and conditions you indicated
in your request or it may be decided to refuse to sign an insurance contract with you.

After an automated decision is made, you have the right to demand that ERGO use human
intervention, to express your attitude, to receive an explanation of a decision adopted after such
assessment and the right to challenge such decision.

• Right to lodge a complaint with regard to personal data processing
   

If you believe that we process your personal data in violation of Regulation (EU) 2016/679 and/or
other legal acts which regulate personal data processing and protection, we always ask everyone to
apply to us first, namely, to contact our Data Protection Officer, email: asmensduomenys@ergo.lt.

If you are not satisfied with the way we offer to resolve the problem, or, you hold the view that we
failed to take necessary actions according to your request, you will be entitled to lodge a complaint
to the State Data Protection Inspectorate or to address the court and file a claim.

Your personal data may be processed for the purpose of direct marketing, after you express your consent or objection to the processing of personal data for direct marketing purposes.
You have the right to object to the processing of your personal data for the purposes of direct marketing at any time.
 

ERGO will no longer process personal data of the Data Subject for the purposes of direct marketing (immediately destructs), when the Data Subject challenged data processing for such purpose.
Your refusal to receive offers and news will not prevent you from using our services; however, it might mean that we will be unable to make any offers beneficial and relevant to you. You can notify us of your objection or your approval by email info@ergo.lt or phone 1887.
 

ERGO processes your personal data for the purposes of direct marketing for 5 (five) years after the moment of giving consent, unless you withdraw your consent.

We want to provide you with customised information and functions on our websites. This requires cookies - small text documents with unique identification numbers that are transmitted from the website to your computer (device). Our websites may also use other technologies in order to provide and/or improve services and properly display advertising according to the user's interests. Cookies and other technologies are described below in this Privacy Policy using the general term - technologies. By browsing the websites, you agree to the use of necessary technologies. You can also agree to the use of other technologies by your choice.
We use essential, preference, statistical and marketing technologies on our websites.
 

The necessary technologies are required to activate the basic functions of the website. The website could not function properly without the use of the necessary technologies.
Preference technologies are used by the website to remember information that depends on the operation and appearance of the website, for example the language you have chosen or the region in which you are located.
Statistical technologies allow us to analyse the use of the website in order to measure and improve the performance of the use of the website.
Marketing technologies are used to deliver advertisements and/or advertisements that are relevant to users' interests.
You can choose which technologies will be used. If you do not agree with the use of certain technologies, you can disable all the technologies to be used or enable (or) disable them one by one (except for the necessary ones).
 

Information about the technologies used on the websites www.ergo.lt, www.online.ergo.lt and www.mano.ergo.lt, including technologies used by third parties (e.g. Facebook, Facebook Pixel, Google Ads, Google Analytics, etc.), can be found on our website by clicking icon.

We administer ERGO accounts on social networks Linkedin, Facebook, Instagram and Youtube. The information we receive from you when you use these social networks (including messages, use of the "Like" and "Follow" boxes, etc.) is controlled by the manager of the relevant social network. Social networks and the services available through them have their own privacy policies, for which the said social networks are responsible. Please review these privacy policies before submitting personal data on social networks: LinkedIn's privacy policy; YouTube's privacy policy; Facebook's privacy policy and Instagram's privacy policy.

ERGO may amend this Privacy Policy at any time at its own discretion. It should be noted that the implementation of such amendments might take up to 30 working days. If you want to follow changes in the Privacy Policy, you may check this heading of the website periodically.
 

Should you have any questions or think that this Privacy Policy fails to answer the questions you are concerned about in relation to the processing of personal data, please do not hesitate to contact us by email asmensduomenys@ergo.lt or in our office at the address Geležinio Vilko g. 6A, Vilnius.