Privacy Policy
Revision 2024-09-25
- Name of the company: MB Probila (Registration number 304773346).
- Operating Address: PavilnÄs g. 5A, Vilnius, 11320 Vilniaus r. sav., Lithuania.
- Online Dispute Resolution website by the European Commission: ec.europa.eu/odr.
By using https://autobaltics.com website (the "website") and all services related related or operated by MB Probila (āusā, āweā, āourā), you agree to this Privacy Policy. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE AUTOBALTICS SERVICE. We encourage all data subjects to read this Privacy Policy carefully from time to time to obtain up-to-date information, as this Policy may change over time.
The purpose of this Privacy Policy is to explain to data subjects how we process the data of natural persons, transparently communicate the procedures and measures for exercising the rights of data subjects, and describe other issues related to the protection of the data of natural persons. It is also developed to ensure that data subjects can exercise their legal rights in a simple, accessible, and understandable way. As the legal framework for the protection of natural persons' data sets the general objective of ensuring the privacy of individuals, and the only way to ensure the fulfillment of this objective is to make the protection of personal data an integral part of the activities of private and public entities, we ensure that all the personal data that come into our possession are adequately protected and kept secure. Adequate protection means using the necessary technical and organizational means and processing personal data under the regulatory framework.
The Policy has been developed under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as ā the āRegulationā), as well as the Personal Data Processing Law and other laws and regulations governing the processing of personal data. The terms used in this Policy and their meaning are the same as those defined in Article 4 of the Regulation.
1. Who is responsible for processing your personal data?
We process your personal data:
as a data controller concerning our customers, visitors to car showrooms/service stations/offices and other premises, visitors to websites, and marketing activities on social networks.
as a processor concerning the placement of leasing, insurance or any other 3rd party service provider offers on our website. Please be advised that in this case, your personal data is processed in cooperation with the companies that provide the respective services based on a mutual cooperation agreement concluded between us. Please note that in this case, we, as cooperation partners only offer you the possibility to obtain and complete an initial application for a leasing, insurance, or any other 3rd party service provider transaction via our website free of charge, which we pass on to the relevant service provider. We do not provide advice in this regard or enter into contracts on behalf of service providers. Therefore, in this case, the respective providers are the controllers of your personal data, as they determine the purposes and means of processing it. We process your personal data on behalf of and for these controllers.
Please also note that 3rd party service providers may ask you for additional information to assess the feasibility and content of the transaction. For detailed information on the processing of data by these data controllers, including the reasons for the information requested, the lawful basis and the purpose of the processing, please refer to the resources of each service provider.
2. General provisions and categories of personal data.
This Privacy Policy applies to the following groups of data subjects (collectively ā ācustomersā, āyouā, āyourā):
Natural persons ā our customers (including potential, former and existing customers);
Visitors to our showrooms, service locations, offices, and other premises, including those that are subject to CCTV;
Visitors to the websites we maintain;
Natural persons whose personal data is processed on social networks in connection with our marketing activities;
Natural persons whose personal data is processed in the initial application processes for 3rd party service providers.
The Policy applies to data processing regardless of the form and/or medium in which the customer provides personal data (on-site, on our website, on paper, electronically or by phone).
As a part of our business activity, we mainly process the following categories of customer personal data:
| No. | Category | Examples of data falling into the data category |
|---|---|---|
| 1 | Identification data | Name, surname, date of birth, personal identity number / ID number, driver's licence number |
| 2 | Residence data | Address, place of residence |
| 3 | Contact details | Telephone, e-mail, declared address, residential address |
| 4 | Vehicle details | Cars make, model, state registration and VIN number, mileage, photos, damage information, owner, holder, colour, information on contents of repair works (number, due date), insurance conditions and terms, fuel consumption |
| 5 | Payment-related information | Account number, payment institution / credit institution, origin of money, place of employment, currency of payment |
| 6 | Information from video surveillance | Digital image and related information |
| 7 | Information processed in the event of a visit to the website | IP address, network, and location data, as well as other information that you consent to the processing of as part of your visit to the website, including cookies |
| 8 | Information processed on social networks | A social network profile and the public information contained therein |
| 9 | Information you give us yourselves | If you contact us, for example to ask a question, we keep all the relevant information, including the content of the communication |
| 10 | Information processed within the framework of a purchase or provision of services | Information on services and/or purchases |
| 12 | Information processed within the framework of submission of the application for using of 3rd party service provider's service | name, surname, date of birth, e-mail, telephone, insurance object (vehicle registration certificate number, registration number) |
3. Sources of obtaining personal data
We may obtain your personal data mainly in the following ways:
| No. | Type | Examples |
|---|---|---|
| 1 | You personally provide personal data for processing, including by expressing your consent to the processing of that personal data by your actions and behaviour | For example, by visiting our website, applying for our services, applying for services of 3rd party service providers, asking questions or otherwise contacting us, for example, by writing to the e-mail addresses managed by us or our employees, as well as by using our services in other ways, including by visiting our locations in person or using booking systems. |
| 2 | Data we obtain from publicly available information | For example, from public registers, requesting information from the institutions maintaining these registers - public authorities or by using freely available information from different sources |
| 3 | In certain cases, we may also obtain personal data from other subjects, such as other legal or natural persons, as well as from public authorities, including courts and law enforcement authorities | For example, if the provision of service is related to an insurance claim, or you have engaged a third party, such as a credit institution, to receive our service, we may also obtain personal data in this way from other groups or related parties in order to provide services to you If you freely provide us with personal data, please consider the purpose for which the personal data is provided and the amount of personal data necessary and transferable to achieve that purpose. We ask you to provide personal data only to the extent necessary for the purpose of the letter, request, or question and, in particular, not to provide your personal identification number, health and other special (confidential) data, financial data, or other excessive or irrelevant personal data. |
4. Purposes for processing personal data
As part of our business activities, we mainly process personal data for the following purposes:
| No. | Purpose | Examples |
|---|---|---|
| 1 | For the provision of services and sale of goods/products |
- For the identification of the customer - For the preparation and conclusion of the contract - For the supply of goods and services (performance of contractual obligations) - For the development of new goods and services - For the advertising and distribution of goods and services or for commercial purposes - For customer service - To deal with objections or complaints - For customer retention, loyalty improvement, satisfaction measurements - For the administration of payments - For the maintenance of websites and mobile applications and improvement of activity - For marketing activities, including sending commercial communications |
| 2 | For business planning and analytics | - For commercial activity |
| 3 | For customer safety, protection of company property |
- For information security - For information systems security - For employee safety - For property security |
| 4 | For other specific purposes for which the customer's consent will be obtained most frequently or an offer to opt out of processing |
- For sending commercial communications or placing cookies - In cases of leasing, insurance or any other 3rd party service applications |
In any event, we will only process any personal data in our possession if there is an identifiable explicit purpose for processing that personal data and the processing is based on one (or more) legal grounds.
5. Legal grounds
As part of our activities, we mainly process personal data on the following legal grounds:
| No. | Legal basis | Explanation |
|---|---|---|
| 1 | Conclusion and performance of the contract/agreement | - Data processing for the purpose of pre-contractual activities, the conclusion of a contract between us and you, and the performance of that contract |
| 2 | Compliance with laws and regulations | - Data processing carried out in connection with the performance of legal obligations imposed on us by various laws and regulations |
| 3 | Our legitimate interests |
- To carry out commercial activity - To verify the customer's identity before purchasing certain goods or services - To ensure compliance with the obligations of the contract - To store customer applications and submissions for the purchase of goods and the provision of services - To issue and administer customer loyalty cards (or other loyalty program) - To take actions to attract and/or retain customers - To segment the customer database for more efficient service delivery - To design and develop goods and services - To advertise our goods and services by sending commercial communications - To send other messages on the progress of the contract and events relevant to the performance of the contract, and to conduct customer surveys about the goods and services and experience of their use - To prevent fraudulent activities against the company - To ensure corporate governance, financial and business accounting, and analytics - To ensure effective corporate governance processes - To ensure and improve the quality of services - To administer payments - To ensure video surveillance for business/personal/property security - To inform the public about our activities |
| 4 | Your consent |
- Data processing based on your consent, which is expressed as an active step, including by contacting us and providing your personal data or taking other active steps* * The customer gives consent to the processing of personal data for which consent is the legal basis (e.g., to receive commercial communications, to analyse personal data, to receive loyalty cards) in writing in person, electronically on our website and other resources related to our services, or at any other location where we organise marketing activities and offer a relevant opportunity. The customer has the right to withdraw the consent for data processing at any time in the same way as it was given and by writing to us by e-mail: info@autobaltics.ee. In such a case, no further processing based on the consent previously given for the specific purpose will be carried out. Please note that the withdrawal of consent does not affect the processing of data carried out at the time when the customer's consent was valid. Withdrawal of consent cannot interrupt the processing of data carried out on the basis of other legal grounds. |
| 5 | Protection of vital interests of natural persons | - Processing carried out in an emergency case for the protection of the vital interests of the data subject or of another natural person. |
6. Processing of personal data within the context of direct marketing
In individual cases, we may also process your personal data for the purposes of direct marketing. in this case we can e-mail you the following:
Information about news, offers, etc.;
Invitations to participate in events organised by us and our cooperation partners, including sending summaries and conclusions related to these events;
Invitations to take part in surveys, interviews, etc.;
Invitations to fill in feedback forms, etc.
At the same time, please note that we will only process your personal data for direct marketing in the following cases:
Where You have given unambiguous, explicit, and prior consent (i.e., You have opted in to receive direct marketing messages and thus provided your personal data (any of follwing: email, name, surname) ā the so-called āopt-inā principle), or
If you are already our customer who has not explicitly objected to the processing of your previously provided personal data (email, name, surname) for the purpose of receiving direct marketing messages about similar services offered by us (i.e., in this case, we will use your email address previously obtained from you in the course of our business activities ā the so-called āsoft opt-inā principle).
Please also note that you may opt-out of receiving direct marketing messages at any time. This can be done in the following ways:
By selecting the option in the relevant direct marketing message;
By writing to: info@autobaltics.ee or to the operational addresses indicated above.
7. Security and protection of the processing of personal data
We process customer data using state-of-the-art technology, considering the privacy risks involved and the organizational, financial, and technical resources available.
As the data controller, we provide:
Confidentiality of personal data, ensuring that personal data are processed (including accessed) only by persons who need to do so to carry out their professional duties.
Appropriate technical and organizational measures to protect personal data. Such measures shall include, as far as possible, considering the level of equipment, costs of implementation, and the nature, extent, context, and purposes of the processing, as well as the risks of various degrees concerning the rights and freedoms of natural persons. For example, pseudonymization of personal data, data minimization, physical and logical data protection measures in the working environment, as well as creation of backups, etc.;
Only tested, licensed, and updated software. We regularly review, update, and improve our technical and organizational measures;
Data security, including by using the following technical solutions: data encryption (SSL), firewalls, intrusion protection, and detection software;
8. Automated decision-making
We may use automated decisions concerning the customer. However, any automated decision-making that has legal consequences for the customer (e.g. approval or rejection of the customer's application) may only be carried out during the conclusion or performance of a contract between us and the customer or based on the customer's explicit consent.
9. Categories of recipients and transfers of personal data
We do not disclose any information to third parties obtained in the course of the provision of the services and the contract, including information about goods and services received, except:
Subject to the Customer's express and unambiguous consent;
To the persons provided for in external laws and regulations upon their justified request, in the manner and to the extent provided for therein;
In the cases provided for in external laws and regulations for protecting Our legitimate interests, for example, by taking legal action against a person who has infringed our legitimate interests before the court or other public authorities.
We do not transfer personal data to other parties without a legal basis for such transfer. There is no pre-defined purpose for the processing of personal data. Where those third parties, taking into account the nature, extent, context, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, are unable to provide, in a transparent manner, adequate technical and organizational measures to ensure and be able to demonstrate that the processing of personal data is carried out following the laws and regulations, and/or are unable to provide reasonable assurances that the security of processing of personal data and respect for the rights of data subjects will be ensured.
For different purposes, personal data may be transferred:
To our employees or specially authorized persons;
To local government institutions, courts, law enforcement institutions, upon a reasoned request of these persons, in the manner and to the extent established by law;
To personal data processors by concluding appropriate data processing agreements;
To business partners (e.g., sworn advocates, auditors, accountants, credit institutions, insurers) involved in organizing and ensuring our activities;
To other partner companies involved in the Group or the provision of various services and products (including both vertical and horizontal partners such as importers, factories, dealers, certified service partners, as well as other contractual partners) in the value chain of the auto manufacturers and, for example, for the following purposes:
To provide the best possible after-sales service concerning the provided services and offered products;
To provide other services related to your car, its accessories, and your user experience;
To enable You to use various products we offer, including the opportunity for you to obtain full user experience and service they provide;
To maintain customer relationships;
To comply with our legal obligations as a controller under Commission Implementing Regulation (EU) No. 2021/392, the mileage and registration data (known as on-board fuel consumption monitoring data) of vehicles registered from 1 January 2021 and equipped with built-in fuel and/or energy consumption review devices are read when the vehicle is delivered to one of our service points, and sent with the vehicle VIN number to the manufacturer which will further ensure its transfer to the European Commission.
10. Data transfer to third countries
We do not transfer personal data to third countries (outside the European Union and the European Economic Area). At the same time, Netlify, Cloudflare, Formspree, Fastmail, Audienceful, that provides services to us, may transfer personal data to countries outside the European Economic Area in which their sub-processors operates. The data transfer conducted by mentioned providers and according to their privacy policies and procedures, using standard contractual clauses established by the competent EU organization and additional technical and organizational measures.
11. Duration of storage
We store and process customer personal data as long as at least one of the following criteria applies:
Only for as long as the contract with the customer is valid or the service is provided to the customer;
Data is necessary for the purpose for which it was collected;
Pending full consideration and/or execution of the customer's application;
Until we or the customer can exercise their legitimate interests (e.g., file an objection or take legal action) in accordance with the procedure established by external laws and regulations;
As long as we are legally bound to store the data;
As long as the customer's consent to the processing of personal data is valid unless there is another lawful basis for the processing.
Below are some possible deadlines for the most common categories of data:
| No. | Position | Deadline |
|---|---|---|
| 1 | Purchase information | We store information about your purchases of used cars or after a visit to our service point for 5 years, unless other laws apply |
| 2 | Contact details and contact information from marketing events | 6 months |
| 3 | Our communication | 2 years or as long as the customer relationship exists |
| 4 | Information we obtain when you use vehicle systems | 3 months |
| 5 | Participation in customer satisfaction surveys | See the information for each specific survey before you complete it |
| 6 | Information from marketing surveys where you choose not to remain anonymous | See the information on each specific survey before you complete it |
| 7 | Consumption data | Stored until dispatched to the manufacturer |
| 8 | Payment details | Stored until sent to the credit institution |
After these circumstances cease to exist, the customer's personal data is deleted.
12. Customer's rights
You have the right to receive information in relation to the processing of your data.
You also have the right, in accordance with the laws and regulations, to request access to your personal data, to request us to supplement, rectify or delete it, or to restrict processing, or to object to processing (including processing of personal data based on our legitimate interests), as well as the right to data portability.
These rights shall be exercisable to the extent that the processing of data does not result from our obligations imposed by the applicable laws and regulations and which are carried out in the public interest.
You can make a request to exercise Your rights as follows:
By sending them in writing to the registered address of the controller indicated above;
By e-mail, signed with a secure electronic signature and sent to the e-mail address ā info@autobaltics.com.
Upon receipt of a request from a customer to exercise its rights, we will first verify the identity of the customer, including, if necessary, exercise our right to request the customer to provide additional information in this regard, assess the request and comply with it in accordance with laws and regulations. We will send a reply to the contact address provided by the customer by registered letter or by email with a secure electronic signature (if the application has been submitted with a secure electronic signature), where possible, considering the method of receipt of the reply indicated by the customer.
The customer has the right to receive a copy of his personal data processed free of charge. The receipt and/or use of such information may be restricted to prevent adverse effects on the rights and freedoms of others (including our employees).
We ensure compliance with data processing and data protection requirements in accordance with laws and regulations and, in the event of an objection by the customer, take reasonable steps to resolve the objection. However, if this fails, the customer has the right to apply to the supervisory authority ā the Data State Inspectorate that monitors the compliance of personal data processing activities within the regulatory framework in Lithuania.
You can exercise all of the above rights by sending a request and contacting us by email info@autobaltics.com or by writing to us to the registered office of the relevant controller indicated above. We encourage you to contact us before making a formal complaint in order to find the quickest and most effective solution to the problem.
We are committed to ensuring the accuracy of personal data and rely on our customers, suppliers, and other third parties which transfer personal data to ensure the completeness and accuracy of the personal data transferred.
13. Final provisions
We have the unilateral right to make amendments and/or additions to this Privacy Policy. The current version of the Privacy Policy is always posted on the website.