Information on the Processing of Personal Data

The Administration processes personal data in accordance with the following legal acts: 

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1); 
• The Law on the Legal Protection of Personal Data of the Republic of Lithuania; 
• The Law on Documents and Archives of the Republic of Lithuania; 
• The Personal Data Processing Policy of the Lithuanian Transport Safety Administration, approved by Order No. 2BE-134 of 8 May 2019 of the Director of the Lithuanian Transport Safety Administration, titled “On the Approval of the Personal Data Processing Policy of the Lithuanian Transport Safety Administration”; 
• The Procedure for Submitting a Notification of a Personal Data Security Breach, approved by Order No. 2BE-109 of 16 April 2019 of the Director of the Lithuanian Transport Safety Administration, titled “On the Approval of the Procedure for Submitting a Notification of a Personal Data Security Breach”; 
• The General Index of Document Retention Periods, approved by Order No. V-100 of 9 March 2011 of the Chief Archivist of Lithuania, titled “On the Approval of the General Index of Document Retention Periods”. 

The Administration processes the personal data of data subjects (including civil servants, employees under employment contracts, interns, applicants for positions in the Administration, individuals contacting the Administration, clients of the Administration, persons subject to inspection, and other individuals whose personal data is processed by the Administration) in a lawful, fair, and transparent manner, and only when at least one of the following legal grounds applies: 

• The data subject has given consent; 
• Processing is necessary to perform or enter into a contract between the data subject and the Administration; 
• The Administration is required to process personal data under applicable legal acts; 
• Processing is necessary for the performance of public administration functions assigned to the Administration; 
• Processing is necessary for the legitimate interests of the Administration, provided these interests are not overridden by the data subject’s rights and freedoms that require the protection of personal data. 

The Administration processes personal data of data subjects for the following purposes: 

• To examine requests or complaints submitted to the Administration; 
• To organize training sessions for lecturers, civil servants, and employees; 
• To carry out internal administration procedures involving the personal data of the Administration’s civil servants and employees; 
• To carry out internal administration procedures involving the personal data of the Administration’s interns, trainees and volunteers (personnel management, document management and use of resources); 
• To carry out recruitment procedures and offer employment to candidates applying for civil servant or employee positions at the Administration; 
• To conduct public procurement procedures and fulfill subsequent contractual obligations, involving the personal data of suppliers and contractors; 
• To handle correspondence with the Administration, involving personal data stored in email inboxes; 
• To handle whistleblower reports of corruption; 
• To represent the Administration in court and related institutions, involving the personal data of parties in judicial proceedings and pre-trial disputes; 
• To fulfill legal requirements, involving the personal data of the Administration’s clients; 
• To conduct inspections of economic entities, involving the personal data of their employees; 
• To clarify the circumstances of traffic accidents and for statistical purposes, involving the personal data collected during the investigation; 
• To ensure the safety of persons and property, involving the personal data captured by video cameras located on the Administration’s premises; 
• To respond to inquiries submitted to the Administration; 
• To offer employment opportunities, involving the personal data of candidates; 
• To ensure the quality of information provided by phone and to protect the rights and legitimate interests of Administration’s civil servants, employees and callers, involving the personal data recorded during the conversations. 

• Personal data is disclosed to third parties if it is necessary to fulfill a legal obligation applicable to the Administration or when carrying out public functions assigned to the Administration. 
• Personal data may be disclosed only under a disclosure agreement between the Administration and the data recipient (in cases of recurring disclosure) or based on a written request from the data recipient (in cases of one-time disclosure). 
• The agreement must specify the purpose of personal data use, the legal basis for disclosure and receipt, the conditions, the procedure, and the scope of the personal data to be disclosed. A request must specify the purpose of personal data use, the legal basis for disclosure and receipt, and the scope of the personal data requested. 
• When disclosing personal data under an agreement, priority is given to automated data transfer. When disclosing personal data based on a request, priority is given to electronic communication methods. 
• Recipients of personal data managed by the Administration and the categories of personal data disclosed to them include: 
  • The Public Procurement Office is provided with the personal data of responsible persons representing suppliers of goods and/or services and contractors engaged by the Administration; 
  • The Special Investigation Service of the Republic of Lithuania is provided with personal data of whistleblowers reporting corruption, as well as personal data of individuals mentioned in reports of suspected criminal activity; 
  • The E-Service Portal of the Courts of the Republic of Lithuania is provided with and used to receive the personal data of parties to court proceedings. 
  • Data processors who provide services to the Administration and process personal data on its behalf, based on a data processing agreement. Such processors may process data only according to the Administration’s instructions and only to the extent necessary to fulfill contractual obligations. The Administration engages only those processors that ensure appropriate technical and organizational measures are implemented to meet the requirements of the General Data Protection Regulation and to safeguard the rights of data subjects; 
  • Other third parties to whom the Administration is legally required to disclose personal data, in accordance with the General Data Protection Regulation, The Law on the Legal Protection of Personal Data of the Republic of Lithuania and other applicable legal acts regulating personal data processing and protection. 

• Documents containing personal data are retained by the Administration in accordance with the retention periods established by the Law on Documents and Archives of the Republic of Lithuania, the General Index of Document Retention Periods, approved by Order No. V-100 of 9 March 2011 of the Chief Archivist of Lithuania, titled “On the Approval of the General Index of Document Retention Periods” and the Administration’s documentation plan approved by an authorised official. Once a retention period expires, the documents containing personal data are destroyed. 
• Personal data stored in the Administration’s document management system “Avilys”, together with other data in the database, is retained for 5 years. After this period, the data is transferred to the database archive and retained for another 5 years. 
• Personal data entered into the Administration’s State Information System “Vektra”, used for monitoring and informing entities related to road transport, is stored together with other data in the database for the period specified in Section VI of “Vektra” regulations, approved by Order No. 2B-340 of 16 September 2011 of the Head of the State Road Transport Inspectorate under the Ministry of Transport and Communications, titled “On the Approval of the Regulations of the State Information System for Monitoring and Informing Economic Entities Related to Road Transport ‘Vektra.’” 
• Personal data entered into the Administration’s State Information System “Keltra”, used for road transport activities, is stored together with other data in the database for the period specified in Section VI of “Keltra” regulations, approved by Order No. 2B-195 of 17 May 2011 of the Head of the State Road Transport Inspectorate under the Ministry of Transport and Communications, titled “On the Approval of the Regulations of the State Information System for Road Transport Activities ‘Keltra’” and as amended by Order No. Nr. 2B-90 of 27 April 2015 of the Head of the State Road Transport Inspectorate under the Ministry of Transport and Communications, titled “On the Modernization of the State Information System for Road Transport Activities ‘Keltra.’” 
• Personal data entered into the Administration’s Information System “Skaitis”, used for personalization and accounting of identification cards used in digital tachographs, is stored together with other data in the database for the period specified in Section VI of “Skaitis” regulations, approved by Order No. 2B-298 of 31 July 2009 of the Head of the State Road Transport Inspectorate under the Ministry of Transport and Communications, titled “On the Approval of the Regulations of the Information System ‘Skaitis.’” 
• Personal data entered into the Administration’s Railway Transport State Supervision Information System is stored together with other data in the database for the period specified in Section VI of the system’s regulations, approved by Order No. V-57 of 17 February 2011 of the Head of the State Railway Inspectorate under the Ministry of Transport and Communications, titled “On the Approval of the Regulations of the Railway Transport State Supervision Information System.” 
• Personal data entered into the Administration’s National Vessel Traffic Monitoring Information System is stored together with other data in the database for the period specified in Section VI of the system’s regulations, approved by Order No. V-7 of 11 January 2013 of the Director of the Lithuanian Maritime Safety Administration, titled “On the Approval of the Regulations of the National Vessel Traffic Monitoring Information System and the Assignment of the Data Controller’s Authority.” 
• Personal data entered into the Lithuanian Maritime Safety Administration’s Ship Inspection Information System is stored together with other data in the database for the period specified in Section VII of the system’s regulations, approved by Order No. V-145 of 31 August 2009 of the Director of the Lithuanian Maritime Safety Administration, titled “On the Approval of the Regulations of the Ship Inspection Information System of the Lithuanian Maritime Safety Administration.” 
• Personal data of the Administration's civil servants and employees published on the Administration's website (www.ltsa.lrv.lt) is destroyed on the next business day after the termination of employment or service.