UAB “Bitė Lietuva” (company code 110688998; registered office address: Žemaitės g. 15, LT 03118 Vilnius) (hereinafter – BITĖ, We) acts as the controller of your personal data. We highly value and protect the privacy of our customers; therefore, in this Privacy Policy (hereinafter – the Policy) we clearly and transparently provide information on the principles of personal data processing applied on the websites of our brands, as well as on how the protection of your personal data is ensured. This Policy contains information relevant to you regarding the protection of your personal data, your rights, and the ways in which those rights may be exercised.
The purpose of this Policy is to inform you about the personal data processing operations carried out by BITĖ and/or the brands administered by it, as well as the key data protection principles intended to ensure your privacy. Please note that this Policy does not apply when you browse other websites or use third party services while connected via the BITĖ network; therefore, when browsing other websites, we recommend that you familiarise yourself with the privacy policies of those websites.
When processing personal data, We comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, hereinafter – the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, as well as other applicable legal acts and the instructions of supervisory authorities.
Personal data – is any information relating directly or indirectly to you, where your identity is known or can be identified directly or indirectly by using such data (e.g. name, surname, personal identification number, email address, telephone number, etc.).
Personal data processing – means any operation performed on personal data, including collection, recording, storage, editing, alteration, granting access, submitting enquiries, transfer, archiving, and other operations.
When processing your personal data, BITĖ adheres to the following personal data processing principles:
- Your personal data is processed only to the extent necessary to achieve clearly defined and lawful purposes, with due regard for the protection of your privacy;
- Your personal data is processed accurately, fairly, and lawfully, and only for purposes that correspond to those specified prior to the collection of your personal data;
- Your personal data is processed in strict compliance with the clear and transparent requirements for personal data processing set out in legal acts;
- Your personal data is processed in a form that permits identification of your identity for no longer than is necessary for the purposes for which the personal data is processed;
- Appropriate technical and organisational measures are applied to the processing of your personal data to ensure data security, including protection against unauthorised processing and against accidental loss, destruction, or damage.
- Provision of electronic communications services and/or sale of goods
Purpose of processing (description): Provision of electronic communications services and/or sale of goods, i.e. conclusion and performance of fixed term and/or indefinite contracts (including ensuring the quality of service provision and the control and accounting of payments for services provided, as well as the provision of prepaid electronic communications services (LABAS)).
Legal basis for processing: When you order services provided by Us and/or purchase goods sold by Us, a contract for the provision of specific services and/or the purchase of goods is concluded between you and BITĖ. Therefore, your personal data is processed pursuant to Article 6(1)(b) of the Regulation, i.e. the processing of your personal data is necessary for the performance of a contract concluded with you or for taking steps prior to entering into a contract, at your request.
In order to comply with accounting requirements set out in legal acts (e.g. accounting for income and expenses, issuing invoices and processing invoice payment data as required by accounting legislation) and/or to ensure service quality (i.e. ensuring mandatory service quality requirements as provided for in legal acts regulating electronic communications activities), BITĖ is subject to a legal obligation to process documents necessary for accounting purposes (including personal data) and/or traffic and related data. Therefore, your personal data is processed pursuant to Article 6(1)(c) of the Regulation, i.e. in order to comply with legal obligations applicable to BITĖ.
Personal data processed and use of data:
BITĖ collects and processes the following categories of personal data and uses them to achieve the specified purposes:
- Basic (identification) personal data: your name, surname, personal identification number, date of birth, telephone number, email address, other contact details, bank details, identity document data, and/or other data necessary for the conclusion and performance of a contract;
- Contract data: data about equipment, selected services, payment plan(s), decisions regarding direct marketing, etc.;
- Contract performance (usage) data: information on payments, settlements and debts, correspondence with BITĖ (e.g. your complaints, BITĖ’s responses, and/or other communication related to contract performance).
The above mentioned personal data is used to enable BITĖ to conclude and perform electronic communications service provision and/or goods sale contracts with you, i.e. to provide the ordered electronic communications services and/or equipment and to receive payment for them (including settlement control and accounting).
- Traffic and related data (generated automatically when you use electronic communications means), such as the date and time of a telecommunications event, telephone number, destination telephone number of a call (SMS, MMS), call duration, location identifier (cell), and other data indicating the geographical location of the end user’s terminal equipment, international mobile subscriber identity (IMSI), international mobile equipment identity (IMEI), data transmission session access point, IP addresses, data volumes, telecommunications event identifiers, as well as other data processed in electronic communications networks or during the provision of electronic communications services, where such data relates to a specific person and/or allows direct or indirect identification of that person.
Traffic and related data is used to ensure the security of electronic communications networks and services (i.e. to maintain or restore network and service security and to prevent potential security threats from third parties), to ensure the transmission of communications (i.e. the transmission of your communications via electronic communications networks), as well as to record and/or administer the use of electronic communications services and apply other mandatory service quality requirements laid down in legal acts regulating electronic communications.
- Traffic management data, such as IP address and email address.
When traffic management measures are applied, such personal data is used solely to eliminate threats to network stability and security and is processed no longer than necessary to achieve these purposes.
Sources of data: The above mentioned personal data (except for contract usage data and traffic and related data) is obtained directly from data subjects at the time of contract conclusion. For the provision of prepaid electronic communications services (LABAS), personal data obtained during the verification of your identity is used (see the purpose “Registration of LABAS prepaid service users”). Contract usage data and traffic and/or related data is obtained (automatically generated) during the provision of electronic communications services.
Data disclosure: BITĖ may transfer the personal data processed for these purposes and/or grant access to it to the following categories of data recipients: 1. Other data controllers who may receive such personal data for the purposes of service provision or compliance with obligations established by law (e.g. other telecommunications operators, courier companies, banks and other payment service providers, other companies within the BITĖ group); 2. Data processors who provide services and process your data on behalf of, in the interests of, and on the instructions of BITĖ (e.g. parcel delivery companies and related administrative service providers, customer service staff in retail stores or call centres, IT service providers, auditors, consultants, debt management and/or recovery service providers, etc.). Data is provided to such recipients only under personal data processing agreements that specify processing instructions and require appropriate organisational and technical measures ensuring confidentiality and security; 3. Competent public authorities and/or law enforcement authorities (e.g. courts, police, or other supervisory authorities), where required by applicable law and in accordance with procedures laid down therein, in order to protect the rights of BITĖ, its clients and employees and/or resources, and to assert, exercise, or defend legal claims.
Data retention periods: BITĖ processes the specified personal data (excluding traffic and related data) for 10 years from the end of the last contract with the data subject and final settlement for equipment/services. Traffic and related data is processed for 6 months from the date the event is recorded. Upon expiry of these retention periods, the data is destroyed.
Registration of LABAS prepaid service users Our purpose is to register you as a LABAS service user in order to ensure that users of LABAS prepaid services are properly identified in accordance with the requirements of the Law on Electronic Communications of the Republic of Lithuania and that the provision of LABAS services is lawful.
LABAS prepaid service users may register by choosing one of the following identity verification methods:
- Using SMART ID, MOBILE ID, or online banking. These digital identity verification methods allow users to confirm their identity quickly and securely.
- By physically visiting a BITĖ retail store. If a user wishes to register in person, they may visit any BITĖ store, where store staff will verify the identity by checking an identity document, thereby confirming identity in accordance with legal requirements.
- Identity verification via a partner platform used for identifying LABAS service users. When using such a platform, data from an identity document is scanned and matched against a facial image (biometric data processing) in order to reliably establish identity. This method may only be used with your explicit consent to data processing.
Only persons 14 years of age or older may register for LABAS prepaid services.
Legal basis for processing: Registration data of LABAS prepaid service users is processed in accordance with Article 6(1)(c) of the Regulation, i.e. to comply with a legal obligation imposed on BITĖ under Article 40(11) of the Law on Electronic Communications of the Republic of Lithuania. Under this law, BITĖ, as a provider of electronic communications services, must perform certain rights and obligations related to the identification of prepaid service users. BITĖ is not entitled to provide public mobile communication services if the user’s identity has not been identified.
During LABAS user registration, identity verification may be performed by scanning data from your identity document and matching it with your facial image through a partner platform used for identifying LABAS service users. Biometric data is processed only with your explicit and informed consent, pursuant to Article 9(2)(a) of the Regulation. You have the right to withdraw your consent at any time; however, withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
Personal data processed and use of data:
BITĖ collects and processes the following categories of personal data:
- Identity verification data: name, surname, personal identification number, telephone number, identity document data, and metadata of the identification process (identification number, time of occurrence) – used to verify identity and register you as a LABAS service user;
- Biometric data (where applicable, when identity is verified via a partner platform): facial image (biometric facial recognition), used only with your consent to reliably verify identity during remote identification. Data contained in your identity document is also processed to match it with the facial image and confirm your identity;
- Technical data generated during identity verification: IP address and device information, collected during registration to prevent fraud and ensure service security;
- Metadata generated during the identity verification procedure: identification action number, date, and other related information, used to record the fact of identity verification.
These data are processed in order to register you as a LABAS prepaid service user and to perform identity verification in accordance with applicable legal requirements, enabling the lawful provision of LABAS prepaid services.
Sources of data:
When registering LABAS prepaid service users, personal data is obtained from the following sources:
- Directly from you: most data is provided directly by you during the identity verification process, including your name, surname, personal identification number, telephone number, and identity document data (where applicable). If registration is performed in person, verification takes place at BITĖ stores where provided documents and required data are checked and recorded.
- SMART ID, MOBILE ID, online banking: if you choose one of these methods, we process the name, surname, personal identification number, and identity verification metadata provided during the verification process.
- Partner platform for LABAS user identification: the platform collects identity document data, performs facial recognition and matches it with document data to reliably establish identity, and generates identity verification metadata.
- Technical data from the user’s device: when registering online, certain technical data such as IP address and device information is automatically obtained from your device.
Data disclosure: BITĖ may transfer or grant access to the personal data processed for these purposes to the following categories of recipients: (1) Data processors providing services and processing your data on behalf of, in the interests of, and under the instructions of BITĖ (e.g. partner platforms for identifying LABAS service users, providers of technical services). Data is shared only under personal data processing agreements ensuring confidentiality and appropriate organisational and technical security measures; (2) Competent public authorities and/or law enforcement authorities (e.g. courts, police, supervisory authorities), where required by applicable law and in accordance with the procedures established therein.
Data retention periods: Personal data collected during LABAS user registration is stored for as long as the user remains an active LABAS service user and for 10 years after termination of service use.
If registration is carried out using biometric data and identity document data via the partner platform, the facial image data provided through the platform is processed for no longer than three months from the date of identity verification.
- Processing of Payments, Payment Card Data and Automatic Charges in LABAS Self Service
Purpose of processing (description):Execution of payments for LABAS prepaid services, ensuring the functionality of storing payment cards, performing periodic (regular) top ups of the LABAS account, administering automatic charges for the purchase or renewal of service plans, as well as accounting and control of settlements.
Legal basis for processing: Article 6(1)(a) of the Regulation (consent) – where, in the self service environment, the user gives explicit active consent to store a payment card for future payments and/or to use it for automatic charges or periodic LABAS account top ups;
Article 6(1)(b) of the Regulation (performance of a contract) – where payment card data and related payment data are processed in order to perform the LABAS services agreement (e.g. to purchase or renew a service plan, top up a LABAS account);
Article 6(1)(c) of the Regulation (legal obligation) – where data is processed to comply with statutory requirements on financial accounting and retention of payment documentation.
The user has the right to withdraw consent for storing a payment card and/or automatic charges at any time; however, withdrawal of consent does not affect the lawfulness of payments made prior to the withdrawal.
Personal data processed and use of data:
The following categories of personal data are processed:
- Payment card data – card type, partially masked card number (e.g. the last four digits), card expiration date, the fact of linking the card to the user;
- Payment data – payment amount, currency, payment date and time, payment status, information on settlements for services;
- Automatic charge and periodic top up data – selected LABAS number, amount of top up or charge, frequency, activation and cancellation date;
- Technical data – IP address, device information, technical identifiers necessary to ensure payment security and prevent fraud.
BITĖ does not store full payment card details (e.g. the full card number or CVV code). Such data is processed exclusively within the systems of certified payment service providers.
Sources of data: Personal data is obtained: • Directly from you, when you enter payment card details in the self service environment or activate automatic charges or periodic top ups;• From payment service providers – payment confirmation and execution information;• Automatically generated data – technical data and payment administration data.
Data disclosure: BITĖ may transfer and/or grant access to the personal data processed for these purposes to the following categories of data recipients: (1) Payment service providers and financial institutions that process payments; (2) Data processors that provide services and process your data on behalf of, in the interests of, and under the instructions of BITĖ (e.g. IT and system maintenance service providers); (3) Competent public authorities and/or law enforcement authorities (e.g. courts, police, supervisory authorities), only where required by applicable law and in accordance with the procedures prescribed therein.
Data is transferred only on the basis of concluded personal data processing agreements, which define specific data processing instructions and require appropriate organisational and technical measures to ensure confidentiality and security.
Data retention periods:
- Payment and financial transaction data – stored for 10 years in accordance with accounting legislation;
- Stored payment card data – stored until the user withdraws card storage in the self service environment, but no longer than 10 years;
- Automatic charge and periodic top up data – stored until the functionality is cancelled and additionally for 10 years for the purpose of dispute resolution.
- Administration of the “Mano LABAS” Self Service System
Purpose of processing (description): Administration of the “Mano LABAS” self service system enables the automation of customer service (insofar as it concerns viewing user information and managing services). Therefore, BITĖ seeks to provide users with the ability to manage concluded contracts, i.e. to conveniently access relevant contract information (e.g. volumes of ordered services and usage, invoices and other information), manage ordered goods and/or services (e.g. cancel or order additional goods and/or services), and control the amount of their invoices and/or make payments.
The “Mano LABAS” self service system is available via the website: https://mano.labas.lt/welcome and/or the “Mano LABAS” mobile application.
Legal basis for processing: Please note that only current and/or former BITĖ customers (i.e. those who have entered into a goods and/or services agreement with BITĖ) may register an account and use the “Mano LABAS” self service system. Accordingly, when you use the self service system and manage a contract concluded with BITĖ, your personal data processed in the self service system is processed pursuant to Article 6(1)(b) of the Regulation, i.e. for the conclusion and/or performance of contracts concluded with you.
Your consents to direct marketing and/or withdrawals of such consents are also collected and processed in the self service system.
Personal data processed and use of data:
BITĖ collects and processes the following categories of personal data and uses them to achieve the specified purposes:
- Basic (identification) personal data: your name, surname, login email address, password (encrypted), indication whether a personal identification number has been verified in the account and, if so, the last 4 digits thereof, as well as links and rights related to managed telephone numbers.
- Contract and contract usage data displayed in self service: invoice information (including invoice amount and other invoice details and the functionality to pay invoices); information on selected plans and services used (including active telephone numbers); information on devices; service usage statements; direct marketing preferences; information on submitted new orders and/or changes to services and/or goods, etc.
Such data is used to provide automated customer service, allowing you, after logging into your account, to quickly and conveniently access information relevant to contract performance (e.g. current invoices, invoice payments, service usage statements, detailed breakdowns, etc.) and to use other self service features (e.g. update or correct personal data, order new services, manage usage limits, block lost SIM cards, pay invoices, etc.).
Sources of data: The above mentioned personal data (except for service usage data) is obtained directly from data subjects (customers – natural persons) at the time of contract conclusion and/or registration in the self service system.
Other service usage data (e.g. invoice and consumption data) is obtained (automatically generated) during the provision of electronic communications services, and the data displayed in the self service system is sourced from BITĖ’s internal systems and/or databases.
In addition, when you register, authenticate or connect using electronic identification means (e.g. online banking, mobile signature), information enabling proper identification is obtained from the relevant service provider.
Data disclosure:
BITĖ may transfer and/or grant access to the personal data processed for these purposes to data processors that provide services and process your data on behalf of, in the interests of, and under the instructions of BITĖ (e.g. IT service providers). Data is shared solely on the basis of personal data processing agreements that define processing instructions and require appropriate confidentiality and security measures.
Data retention periods: Data displayed in the self service system is processed in accordance with general procedures and stored according to its primary processing purposes.
Self service account data (including the account itself) is processed for the entire duration of the contract with BITĖ, but not longer than you continue to use the self service system.
Notwithstanding the general storage of personal data processed for the above purposes, contract usage data (e.g. invoices, usage statements, etc.) is displayed in the self service account for no longer than 6 months from the date of service provision and/or final settlement for equipment or services.
- Direct Marketing
Purpose of processing: Carrying out direct marketing, including consent based marketing, general marketing based on legitimate interest, and individual (one time) provision of information about goods and/or services of BITĖ and/or its represented partners (e.g. Go3).
Legal basis for processing: By indicating consent to receive direct marketing (e.g. on the Website, in self service, by subscribing to a newsletter, in a contract, or otherwise) and/or by submitting a request for an individual (one time) offer related to BITĖ goods/services, you express your consent to such personal data processing. In such cases, processing is carried out pursuant to Article 6(1)(a) of the Regulation, i.e. on the basis of your consent.
When you use BITĖ services (e.g. order goods and/or services and provide your contact details for that purpose), BITĖ has the right to use such data for general direct marketing, i.e. to directly offer similar goods or services, in accordance with Article 81(2) of the Law on Electronic Communications of the Republic of Lithuania. In such cases, personal data is processed pursuant to Article 6(1)(f) of the Regulation, i.e. for the purposes of BITĖ’s legitimate interests.
Personal data processed and use of data:
BITĖ processes the following categories of personal data:
- Identification data: name and surname, email address, telephone number(s).
These contact details are used to directly provide you (via telephone call, SMS, or email) with relevant BITĖ information, promotional offers for services and/or goods, newsletters, and to request your feedback regarding BITĖ services.
- Individualised customer information: information about goods and/or services of interest to the customer, data on usage of goods and/or services, website browsing data, or other data enabling the customisation of direct marketing.
Such data is used to ensure that BITĖ’s marketing offers correspond as closely as possible to the customer’s preferences, expectations, and interests.
Sources of data: Contact data is obtained directly from data subjects when consent for direct marketing or an individual offer is given and/or when BITĖ services are used (provided you do not object to receiving general marketing communications).
Other data used for marketing personalisation is obtained (i.e. automatically generated) when you show interest in BITĖ goods and/or services, browse the Website, or use other BITĖ services.
You may withdraw your consent and/or refuse direct marketing at any time by clicking the unsubscribe link in an email or by contacting us using the privacy contacts indicated in this Privacy Policy. Upon receiving such information, your personal data will no longer be processed for direct marketing purposes (except for recording the fact of giving and/or withdrawing consent).
Data disclosure:
BITĖ may transfer and/or grant access to personal data processed for these purposes to the following categories of recipients:
- Other data controllers who may receive such data for service provision or compliance with legal obligations (e.g. other companies of the BITĖ group);
- Data processors who provide services and process your data on behalf of, in the interests of, and under the instructions of BITĖ (e.g. retail store or call centre customer service staff, IT service providers, specialised marketing service providers, consultants, etc.).
Data retention periods: Data related to direct marketing purposes (e.g. given and/or withdrawn marketing consents) is processed for 5 years from the date of obtaining consent, but no longer than the consent remains valid (i.e. until withdrawal). After consent expires, evidence of consent may be stored for as long as necessary to protect BITĖ’s legitimate interests, but no longer than 3 years from the end of the consent period.
Where personal data is processed pursuant to BITĖ’s legitimate interests (i.e. general direct marketing), data is processed until you object to or withdraw from receiving such marketing, but no longer than the duration of the contractual relationship.
Where an individual request for a BITĖ offer is submitted, such a request is processed until the specific purpose is achieved, but no longer than 12 months.
- Communication with You by Telephone
Purpose of processing: (1) recording telephone conversations for the purposes of ensuring the quality of services provided and information delivered, as well as for the retention of evidence confirming the circumstances of conclusion and performance of commercial transactions and other related circumstances; (2) administration of customer enquiries and initial customer service using a virtual consultant, in order to ensure faster and more efficient customer service.
Legal basis for processing: When you call telephone numbers provided by BITĖ, listen to the information about call recording and continue the conversation, you thereby express your consent to the recording of the call. Accordingly, when recording incoming calls for these purposes, BITĖ relies on Article 6(1)(a) of the Regulation, i.e. your consent.
When representatives of BITĖ call you and communicate with you on relevant matters (e.g. regarding ordering goods and/or services when concluding contracts, or communicating on circumstances related to contract performance or other related matters), BITĖ has a legitimate interest in recording such conversations in order to ensure the quality of provided services and information and to collect evidence of concluded commercial transactions, their performance, or other related circumstances (in accordance with Article 61(2) of the Law on Electronic Communications of the Republic of Lithuania).
In such cases, the specified personal data is processed pursuant to Article 6(1)(f) of the Regulation, i.e. for the purposes of BITĖ’s legitimate interests. In all cases, you will be informed that conversations with BITĖ representatives are being recorded.
Use of a virtual assistant
Before a call is connected to a BITĖ consultant, it may be handled by a virtual agent (an automated system based on artificial intelligence (AI)). The virtual agent introduces itself as a virtual consultant Aistė and, depending on the possibility to properly identify you based on the caller’s telephone number and/or the last four digits of your personal identification number provided by you, provides information or answers questions related to:
- your accounts as a customer;
- technical issues;
- general information publicly available on the website www.bite.lt.
If the virtual agent is unable to resolve your issue or provide the required information, the call is transferred to a BITĖ consultant.
The virtual agent analyses the information provided by the customer and, based on predefined algorithms and learning models, provides an answer or decides to transfer the call to a BITĖ consultant. The virtual agent does not make decisions that produce legal effects for the customer or otherwise significantly affect the customer without the involvement of a BITĖ consultant.
For these purposes, personal data is processed pursuant to Article 6(1)(f) of the Regulation, i.e. for the legitimate interests of BITĖ in ensuring efficient customer service, optimal administration of enquiries, and improvement of service quality.
Personal data processed and use of data:
BITĖ collects and processes the following categories of personal data and uses them to achieve the specified purposes:
- Identification data: telephone number, name and surname, the last four digits of the personal identification number and/or other additional data, such as the number of an identity document, data related to the use of BITĖ services, etc. (where client identification is required).
Such personal data is used to identify the customer and to fulfil the customer’s request (e.g. answer questions, order goods and/or services, etc.).
- Conversation data (including technical data): call recording, call date, time, duration, and other technical data.
Call recordings (including the content of the conversation) are used to collect evidence of contracts concluded by telephone, their performance, given consents to direct marketing, or other details related to service provision, and/or to replay and assess such conversations in order to ensure the quality of customer service provided by BITĖ employees or to decide on improvements to the quality of telephone service.
Identification data may also be used for automated customer recognition and routing to the virtual agent or a BITĖ consultant, depending on identification capabilities. Information processed by the virtual agent during the conversation is used to determine the nature of the customer’s enquiry, to provide information, and to decide on transferring the call to a BITĖ consultant. Technical data of recordings is used to properly administer existing call recordings and to log (account for) the processing of such recordings.
Call recordings may also be used to generate call transcriptions and summaries using artificial intelligence technologies, as described in more detail in the Privacy Policy section “Generation of Transcriptions and Summaries of Incoming and Outgoing Telephone Call Recordings of Bitė Customers.”
Sources of data: The above mentioned personal data is obtained directly from data subjects (natural persons and/or authorised representatives of legal persons) during telephone communication with BITĖ representatives.
Data disclosure: BITĖ may transfer or grant access to the personal data processed for these purposes to the following categories of recipients:
Data processors that provide services and process your data on behalf of, in the interests of, and on the instructions of BITĖ (e.g. call centre customer service providers, IT service providers, consultants, providers of AI based technologies, providers of the virtual agent Aistė solution, providers of AI based speech recognition, transcription, and call analytics technologies). Such data is transferred only pursuant to concluded personal data processing agreements that specify processing instructions and require appropriate organisational and technical confidentiality and security measures;
Competent public authorities and/or law enforcement authorities (e.g. courts, police, or other supervisory authorities), where required by applicable law and in accordance with procedures laid down therein, in order to protect the rights of BITĖ, its customers, employees, and/or resources, and to assert, exercise, or defend legal claims.
Data Retention Periods: Call recordings in which responses were provided to data subject enquiries, information was delivered, or commercial transactions were concluded (e.g. agreements on essential terms of a contract were reached) may be stored for 2 (two) months from the date of the call, in order for BITĖ to assess service quality and/or to have evidence of a concluded or performed commercial transaction.
Where your consent to receive direct marketing and/or other information was recorded during a call, such conversations will be attributed to you as a customer and stored as evidence for 5 (five) years from the date consent was obtained.
When using the virtual agent solution, personal data is processed and stored in accordance with the retention periods set out in this section. Data processors providing the virtual agent technological solution process data solely on the instructions of BITĖ and store it no longer than necessary to achieve service provision purposes or for the periods required by law.
- Generation of Transcriptions and Summaries of Incoming and Outgoing Telephone Call Recordings of Bitė Customers
Purpose of processing (description): To ensure and improve the quality of services provided by BITĖ, as well as to effectively improve and optimise internal processes.
Legal basis for processing: Personal data is processed pursuant to Article 6(1)(f) of the Regulation, i.e. for the legitimate interests of BITĖ in ensuring service quality, resolving disputes, and improving internal processes. Analysis of call content and transcriptions is carried out to enhance service quality and efficiency, which constitutes a legitimate interest of BITĖ.
Personal data processed and use of data: When performing the above mentioned data processing operations, the following personal data is processed: name, surname, personal identification number, telephone number, email address, identity document data, other data provided during the call, call recording, transcription generated from the call, summary generated from the transcription, and technical data (call date and time).
Use of personal data:
- Generation of transcriptions: voice recordings are used to create text transcriptions using artificial intelligence (AI);
- Generation of summaries: call summaries are created from transcripts by concisely summarising the content of conversations;
- Analysis: transcriptions are analysed to improve service quality, identify common customer questions or issues, and enhance the effectiveness of customer service;
- Optimisation of internal processes: obtained information is used to address customer service related matters and to improve and optimise internal customer service processes.
Sources of data
Personal data is obtained:
- from the data subject (a current or potential Bitė customer): name, surname, personal identification number, date of birth, address, telephone number, email address, identity document data, and other data provided during the telephone conversation;
- through the use of the AI tool “isLucid”: call transcription, call summary, and related technical data (date and time of the call).
Data disclosure
Bitė may transfer or grant access to the personal data processed for these purposes to the following categories of recipients: 1. data processors providing services and processing data on behalf of, in the interests of, and on the instructions of Bitė (e.g. customer service staff in retail stores or call centres, IT service providers, auditors, consultants, legal service providers, etc.); 2. competent public authorities and/or law enforcement authorities, where required by applicable law and in accordance with prescribed procedures, in order to protect Bitė’s rights, customers, employees, and/or resources and to assert, exercise, or defend legal claims.
Data retention periods
Call recordings in which responses were provided to data subject enquiries, information was delivered, or commercial transactions were concluded (e.g. agreements on essential contract terms were reached) are stored for 2 (two) months from the date of the call, in order for the Company to assess service quality and/or to have evidence of a concluded or performed commercial transaction.
Call transcriptions are stored for 2 (two) months from the date of the call.
- Video Surveillance of Territory and/or Premises
Purpose of processing (description): Ensuring the safety of persons and premises, protection of property, and prevention and detection of criminal activities through video surveillance.
Legal basis for processing: When you visit BITĖ’s territory and/or premises (e.g. BITĖ retail stores), we are obliged to ensure the safety of our employees, customers and visitors, as well as the protection of BITĖ’s property, including the prevention of criminal acts, conflicts or other incidents. Therefore, BITĖ has a legitimate interest in carrying out video surveillance on its territory and/or premises.
The specified personal data is processed pursuant to Article 6(1)(f) of the Regulation, i.e. for the purposes of BITĖ’s legitimate interests in ensuring the safety of employees, customers and visitors, protection of property, and the prevention and investigation of criminal activities.
Personal data processed and use of data::
BITĖ collects and processes the following categories of personal data and uses them to achieve the specified purposes:
Video data (including audio and other technical data): video recordings with sound (including personal data recorded therein) and technical recording data (e.g. surveillance location, date, time, duration, etc.).
The above mentioned personal data (excluding technical recording data) is used to prevent criminal activities on BITĖ’s territory and/or premises and, where criminal acts, conflicts or other incidents that may have posed or did pose a threat to the safety of persons and/or property are recorded, to determine all circumstances of the incident and transfer evidence to competent law enforcement authorities.
Technical recording data is used to properly administer existing recordings and to log (account for) the processing of recordings.
Sources of data: The above mentioned personal data is obtained directly from data subjects when they visit BITĖ’s monitored territory and/or premises. Video recordings with sound are captured automatically by video cameras. Data subjects are informed about video surveillance by information signs before entering the monitored territory and/or premises.
Data disclosure: BITĖ may transfer or grant access to the personal data processed for these purposes to the following categories of recipients: 1. Data processors that provide services and process your data on behalf of, in the interests of, and under the instructions of BITĖ (e.g. security service providers, IT service providers, consultants or other legal service providers); 2. Competent public authorities and/or law enforcement authorities (e.g. courts, police, or other supervisory authorities), only where required by applicable law and in accordance with the procedures prescribed therein, in order to protect BITĖ’s rights, customers, employees and/or resources, and to assert, exercise or defend legal claims.
Data retention periods: Video recordings and related personal data captured on BITĖ’s territory and/or premises are processed for 14 (fourteen) days from the date of recording.
If circumstances of criminal offences and/or other incidents are recorded, such video recordings may be processed for the entire duration of the investigation of the incident, including investigations conducted by law enforcement authorities, judicial proceedings, etc.
- Communication with You on Social Media
Purpose of processing (description): Enhancing BITĖ’s representation and brand awareness in the public space and communicating with data subjects on social media.
In order to properly represent BITĖ and increase awareness of the brands managed by BITĖ in the public space, we administer brand accounts on the following social media platforms: Facebook, Instagram, LinkedIn, and YouTube.
Legal basis for processing: When you visit BITĖ administered social media accounts (pages) and communicate with us (i.e. provide your personal data on social media accounts administered by us), you express your consent to such personal data processing. Accordingly, your personal data is processed pursuant to Article 6(1)(a) of the Regulation, i.e. based on your consent.
Personal data processed and use of data:
BITĖ processes the following categories of personal data and uses them to achieve the stated purposes:
- Account data: name, surname (account name), photographs (e.g. profile photos and/or photos in which a BITĖ managed brand is tagged);
- Communication data: information about interactions on BITĖ managed brand accounts (e.g. likes, follows, comments, shares, visits, etc.), information about received messages (content of the message, time of receipt, attachments, conversation history, etc.); information about participation in events and/or games organised by BITĖ (e.g. participation, non participation, interest, fulfilment of game rules, etc.); information about ratings of BITĖ (e.g. rating scores, reviews, etc.).
Such personal data is used for the representation of BITĖ managed brands in the public space, administration of social media accounts, organisation of events/games, and other communication between BITĖ managed brands and data subjects.
Sources of data: Personal data on social media accounts administered by BITĖ is obtained from social media platform operators (i.e. from data subjects’ profiles on social media). You provide your personal data to BITĖ when visiting, performing actions, or otherwise communicating on BITĖ administered social media accounts.
Data disclosure: BITĖ may transfer or grant access to personal data processed for these purposes to the following categories of recipients: 1. Other data controllers who may receive such data for service provision or compliance with legal obligations (e.g. social media platform operators); 2. Data processors who provide services and process your data on behalf of, in the interests of, and under the instructions of BITĖ (e.g. IT service providers, marketing or related service consultants).
We draw your attention to the fact that personal data provided on social media is processed jointly with social media platform operators (i.e. Facebook, Instagram, YouTube and LinkedIn). Therefore, your communication with BITĖ is also available to the operators of those platforms. For more detailed information about personal data processing on a specific platform, we recommend reviewing the respective platform’s privacy policies: 1. Facebook Privacy Policy; 2. Instagram Privacy Policy; 3. LinkedIn Privacy Policy; 4. YouTube Privacy Policy.
Data retention periods: Personal data processed on BITĖ administered social media accounts (social media platforms) is not additionally collected or processed in BITĖ’s internal systems (unless BITĖ has another legal basis for such processing). Therefore, such data is processed in accordance with the retention periods determined by the social media platform operator, but no longer than your consent for such processing remains valid (i.e. until you remove the relevant communication data yourself). We reserve the right to remove unlawful content if it becomes necessary (e.g. where rights infringing or unlawful posts, hate inciting comments, indecent reviews of clearly sexual content, or attachments such as photos or videos that infringe copyright, personal rights, other legal acts, or standards of morality and ethics are published).
You are responsible for the accuracy, correctness and completeness of the personal data you provide. Therefore, if your personal data necessary for achieving the above mentioned purposes changes, you are obliged to immediately inform BITĖ of such changes. If you fail to inform BITĖ about changed or inaccurate data, BITĖ will consider the data you have provided to be correct and valid, except in cases where BITĖ has reasonable grounds to believe that the data is inaccurate.
We note that by providing your personal data, you assume full responsibility for the lawfulness of providing such data and are liable for any losses incurred by BITĖ and/or third parties that may arise from unlawful processing of such personal data.
We understand that by providing us with your personal data, you expect that it will be processed only in lawful, transparent and fair ways and protected by appropriate technical and organisational security measures.
When determining personal data processing measures, we take into account the risks arising from the processing of personal data and implement appropriate technical and organisational data protection measures accordingly. These measures include ensuring the physical protection of personal data, restricting access rights to personal data, encrypting personal data where necessary, ensuring the security of computer networks and personal devices, creating backup copies of data, and applying other safeguards that protect your processed personal data against accidental or unlawful destruction, damage, alteration, loss, disclosure, or any other unlawful processing.
Access to personal data is granted only to authorised employees of BITĖ and BITĖ’s partners who require such access to perform their assigned work functions and who are obliged to comply with confidentiality requirements and other technical and organisational requirements for personal data processing provided for in legal acts and/or BITĖ’s internal rules.
Personal data may also be transferred to companies within the BITĖ group acting as independent data controllers or data processors (depending on the specific purpose of processing), to engaged data processors who process data on behalf of and under the instructions of BITĖ, as well as to other independent data controllers where provided for by law or necessary for service provision, implementation of legitimate interests or the assertion, exercise or defence of legal claims.
We further note that in certain cases data processors engaged by BITĖ (e.g. IT services, marketing (content) services, etc.) may be established not only in the European Union or the European Economic Area but also outside of it. Accordingly, your personal data may be processed in a third country. Nevertheless, your data will be transferred only in accordance with the procedures laid down by law and subject to appropriate safeguards (e.g. execution of personal data processing/transfer agreements), ensuring that you can exercise your data subject rights and have access to effective remedies.
You have the following data subject rights:
- to request access to your personal data processed by BITĖ and obtain a copy thereof;
- to request the rectification of incorrect, incomplete or inaccurate personal data and/or restriction of the processing of such data (except for storage);
- to request the erasure of unlawfully or unfairly processed or excessive personal data and/or restriction of the processing of such data (except for storage);
- to object to the processing of your personal data by BITĖ where such processing is carried out or intended to be carried out on the basis of BITĖ’s or a third party’s legitimate interests, including profiling;
- to withdraw your consent at any time where processing of your personal data is based on consent; withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal;
- to request to receive your personal data in a structured, commonly used and machine readable format and/or to have it transmitted to another controller where technically feasible (the right to data portability);
- to lodge a complaint with the State Data Protection Inspectorate (ada@ada.lt) regarding BITĖ’s actions and/or inaction in processing your personal data.
BITĖ does not apply decision making based solely on automated processing, including profiling, that would produce legal effects concerning you or similarly significantly affect you. However, based on your browsing and/or product or service ordering history, you may be assigned to a certain category on the basis of which we may provide you with more relevant information (e.g. newsletters, individual offers, special discounts, etc.).
To exercise your data subject rights, please contact BITĖ’s Data Protection Officer by email: duomenu.apsauga@bite.lt. You may also exercise your rights by other means (e.g. by submitting a written request directly to BITĖ employees, sending a request by registered mail, or via a representative to BITĖ’s registered office address). A sample request form can be downloaded here.
To exercise your data subject rights, you must verify your identity in one of the following ways: 1. when submitting a request to a BITĖ employee, by presenting a valid identity document; 2.when submitting a request electronically (by email to duomenu.apsauga@bite.lt), by authenticating the request using electronic means that allow proper identification (e.g. mobile signature, qualified electronic signature, etc.).
Upon receipt of your request, we will provide a response without undue delay and no later than within 1 (one) month from the date of receipt. This period may be extended by a further 2 (two) months where necessary, taking into account the complexity and number of requests; you will be informed of such an extension within one month. The requested information will be provided free of charge. However, where requests are manifestly unfounded or excessive, in particular due to their repetitive nature, we reserve the right to charge a reasonable fee (i.e. to request reimbursement of administrative costs) or to refuse to act on the request.
If you have any questions regarding the information provided in this Policy and/or wish to express dissatisfaction or submit complaints regarding BITĖ’s privacy practices, please contact BITĖ by any convenient means: 1. in writing – by email: duomenu.apsauga@bite.lt, bendraukime@bite.lt, and/or by post to Žemaitės g. 15, LT 03504 Vilnius; 2. by telephone: +370 699 23 230 (call charges apply according to your tariff plan), and/or by visiting any BITĖ retail store.
If BITĖ updates this Policy, we will inform you of material changes by publishing a notice on the website www.bite.lt and/or by providing this information to you directly. Nevertheless, to ensure that you are aware of the current version of the Policy and applicable data protection provisions, we recommend that you periodically review the latest version of the Policy published on the website.
Updated: 2026-04-16