1. PERSONAL DATA CONTROLLER

​

UADBB "Legator" (hereinafter referred to as the Company) is the controller of the personal data processed therein, ensuring that personal data in the Company is processed in compliance with applicable personal data protection requirements for data controllers.

Information about the Company: UADBB "Legator", legal entity code 145347184, registered address Žemaitės g. 60, Šiauliai, Lithuania, operational address Panerių g. 38A, Vilnius, Lithuania. Website www.legator.lt, email info@legator.lt, phone +370 5 2159227.

This Privacy Policy is prepared pursuant to the European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).

The Privacy Policy provides information on the purposes, legal grounds, types, sources, storage periods, purposes of disclosure, exercise of data subject rights, and recipients regarding personal data processing in the Company.

​

2. EXERCISE OF DATA SUBJECT RIGHTS

​

As a data subject, you have the right to contact the Company regarding questions related to the processing of your personal data, i.e., you have the following rights:

• the right to obtain information about data processing;

• the right to access data;

• the right to request correction of data;

• the right to request deletion of data ("right to be forgotten");

• the right to restrict data processing;

• the right to data portability (when data is processed by automated means);

• the right to object to personal data processing (when processing is based on your consent and/or legitimate interest);

• the right to request not to be subject to a decision based solely on automated data processing, including profiling.

You have the right to exercise these rights verbally or in writing by submitting a request personally, by mail, or by email to dap@legator.lt. If the request is made verbally or in writing in person, you must confirm your identity by providing an identity document. Without this, your rights as a data subject will not be enforced.

When applying in writing for the exercise of your rights, it is recommended to submit a request in the prescribed form.

The Company, upon receipt of your request, will provide information about the actions taken regarding the request no later than one (1) month from receipt. If there is a delay, you will be informed about the reasons and your right to lodge a complaint with the State Data Protection Inspectorate.

​

3. PURPOSES AND LEGAL GROUNDS FOR PERSONAL DATA PROCESSING IN THE COMPANY

​

The Company, acting as a data controller, processes your personal data for the following purposes:

• To serve you during pre-contractual relations without making commercial offers. Legal basis: necessary to take action at your request prior to contract conclusion (GDPR Article 6(1)(b)):

  • responding to your inquiries before contract conclusion and their administration.

• To conclude and execute the mandate contract for providing insurance intermediary services. Legal basis: necessary to perform a contract (GDPR Article 6(1)(b)):

  • conclusion of the mandate contract for insurance intermediary services;

  • assessment of your insurance needs and providing an offer for concluding an insurance contract;

  • administration of insurance claims under insurance contracts concluded by the data subject;

  • fulfillment of other obligations under the mandate contract for insurance intermediary services.

• To conclude and administer insurance contracts. Legal basis: necessary to perform a contract (GDPR Article 6(1)(b)):

  1. conclusion of insurance contracts;

  2. fulfillment of other obligations assumed by the Company under concluded insurance contracts.

• To conclude and perform other contracts. Legal basis: necessary to perform a contract (GDPR Article 6(1)(b)).

• To monitor and improve the quality of the Company's services. Legal basis: your consent to process personal data (GDPR Article 6(1)(a)):

  • publishing and managing your feedback on the website www.legator.lt.

• Risk assessment regarding international sanctions. Legal basis: necessary for compliance with a legal obligation imposed on the Company by the Lithuanian Bank Board Resolution No. 03-98 of 30 May 2023 on the implementation of international sanctions for financial market participants (GDPR Article 6(1)(c)).

The Company, acting as a data processor, processes your personal data for the following purposes:

• To conclude and execute insurance contracts. Legal basis: necessary to perform a contract (GDPR Article 6(1)(b)):

  • submitting insurance company offers for concluding insurance contracts;

  • concluding insurance contracts between the insurance company and you;

  • performing instructions from the insurance company as data controller.

​

4. PERSONAL DATA PROCESSED IN THE COMPANY AND STORAGE PERIODS

​

The Company, as data controller, processes the following personal data for pre-contractual servicing without commercial offers:

• name, surname;

• email address, phone number.

For performing the mandate contract of insurance intermediary services, depending on the insurance contract type and scope of your mandate:

• identification and contact data (name, surname, personal code, position, representative’s details, residential address, phone number, email, etc.);

• data necessary for assessing insurance needs (e.g., active leisure/sport activities, travel information, income data, etc.);

• insurance contract and policy data (contract and policy details, insurance type, policy series and number, validity dates, sums insured, premiums, payment details, insurer name, etc.);

• payment and billing data (payer’s name, purpose, due date, amount, payment date, bank details, debts, etc.);

• reports prepared by the Company for insurers (policy numbers, dates, payment statuses, payment methods, etc.);

• insured object data (depending on insurance type: property lists, addresses, registration numbers, vehicle details, photos, damage info, real estate extracts, appraisals, security info, etc.);

• insured property owner’s identification and contact data;

• insured event data (circumstances, official certificates, declarations);

• insured and beneficiary identification and contact details (name, personal code, birth date, address, bank account for payment, documents, etc.).

For concluding and administering insurance contracts:

• identification and contact data;

• insured object data;

• payment and billing data;

• insured property owner’s data;

• insurance contract/policy data.

For other contracts concluded and performed:

• with individuals: name, surname, birth date, address, email, phone number, financial data related to payments (account number, amount);

• with legal entities: names and contact data of persons authorized to represent and manage the legal entity.

For quality monitoring and improvement of services:

• name, surname;

• position;

• image;

• consent confirmation data (name, surname, confirmation/revocation and date).

For risk assessment of international sanctions:

• individuals: name, surname, birth date, nationality, residence, profession, source of funds, connections to high-risk countries, and other necessary data;

• legal entities: names, positions, contact data of representatives and persons involved in management and control, and other necessary data.

As data processor for insurance contracts, processes (depending on insurance type and insurer’s instructions):

• identification and contact data;

• data for insurance offer and contract conclusion (vehicle details, insured objects, health data, travel info, profession, etc.);

• insured object data;

• payment, billing, and debt data;

• insured property owner’s data;

• insurance contract and policy data.

The Company processes personal data voluntarily provided by data subjects via mail, email, phone, online inquiry form on www.legator.lt, or in person at the Company’s premises or service location.

Storage periods when acting as data controller:

• personal data for pre-contractual service is kept for 3 years from receipt;

• personal data for insurance intermediary services contract execution and related contracts is kept during contract validity and 10 years after contract expiry;

• accounting documents confirming economic transactions are kept 10 years;

• personal data for service quality monitoring is kept 5 years from posting feedback on www.legator.lt unless consent is revoked earlier (you can revoke consent via dap@legator.lt);

• personal data for risk assessment regarding international sanctions is kept during assessment and 8 years after business relationship ends or one-time operation is completed; term can be extended by competent authority.

After expiration of storage terms, documents with personal data are destroyed according to Lithuanian document and archive laws. Documents are transferred to state archives for permanent storage per law.

As data processor, personal data is stored according to data controller instructions.

​

5. PERSONAL DATA DISCLOSURE

​

Information received from you as data subject is administered and used only for the purposes stated in the Privacy Policy.

Information from you cannot be disclosed without legal basis to third parties, except those involved or contributing to service provision. Your personal data may be transferred to data processors or joint data controllers with whom the Company has signed data processing or other contracts addressing personal data processing and security. Legal liability for breaches or damages lies with the responsible processor or controller. Otherwise, data may only be disclosed if required by law, including public administration and law enforcement authorities.

To provide services, data may be disclosed to:

• insurance companies the Company cooperates with (AAS “BTA Baltic Insurance Company”, AB “Baltic Underwriting Agency”, ADB “Compensa Vienna Insurance Group”, ADB “Compensa Life Vienna Insurance Group”, ERGO Insurance SE via Lithuanian branch, ERGO Life Insurance SE, Balcia Insurance SE Lithuanian branch, etc.);

• MB “Gemma Alba” providing accounting services;

• Financial Crime Investigation Service and/or Lithuanian Bank if international sanctions apply.

​

6. FINAL PROVISIONS

​

If you have questions about personal data protection, please contact by phone +370 5 215 9227 or email dap@legator.lt.

The Company reserves the right to amend this Privacy Policy; website visitors are kindly requested to check for updates regularly.

Policy updates or amendments become effective upon posting on the website.

Privacy Policy updated 2025-07-25.