Privātuma politika

Atea values the protection of personal data, and we therefore place great emphasis on protecting your privacy. This Privacy Policy explains and clarifies how we, as data controller, treat our visitor’s and customer’s personal data according to (EU) 2016/679, the General Data Protection Regulation (GDPR). This policy will apply in situations where Atea AS (hereinafter "Atea", "we", "us" and "our") treats personal information collected from the site. By using our site, you agree that your personal information is processed in accordance with this Privacy Policy. 

What is personal data?  

Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

Where do we store your personal data?  

Personal data that we collect from you is stored within the European Economic Area (EEA) but may also be transferred to and processed in a country outside the EU/EEA. Atea uses vendors for mail, cloud services, antimalware, firewalls etc. when personal data may be transferred to and processed in a country outside EU/EEA. Any each such transfer of your personal data is carried out in accordance with applicable laws. For transfers outside the EU/EEA Atea uses Standard Contractual Clauses as an appendix to our data processing agreements according to the Chapter V of the GDPR. 

Recipients of personal data  

We may disclose your personal information to all companies in our group (i.e. subsidiaries, our ultimate holding company, and all its subsidiaries) insofar as it is reasonably necessary for the purposes stated in this privacy policy.  

We do not sell, trade, or otherwise transfer your personal information to third parties. Exceptions are trusted third parties that help us to run the site, conduct our business, deliver the goods you order, or provide service if these parties agree to keep the information confidential and not use it for other purposes that are not agreed upon. 

Why do we collect your personal data?  

We collect your personal data only when having a legal basis for it. For every specific process of personal data, we collect from you, we inform you whether the provision of personal data is statutory or required to enter a contract and whether it is an obligation to provide the personal data and possible consequences if you choose not to. 

Retention policy  

We will only store your personal data for as long as it´s necessary to perform our contractual obligations and if required by statutory storage time. When we store your personal data for purposes other than our contractual commitments, such as consent when you sign up for our events or receive the newsletter via email, we save the data only if necessary and/or statutory for the purpose. When there is no longer a purpose or legal obligation of storing personal data, it is deleted or anonymized.  

Personal data that is only collected for a specific purpose is kept to a minimum to be able to perform the purpose, also known as data minimization. 

Your personal rights  

If you have questions about the privacy policy, how we process personal data, or want to exercise any of your rights, such as requesting registry extracts or corrections, this can be made free of charge once a year, you are welcome to contact us at the contact details below. To submit any request, please contact us at dpo@atea.lt for more information. 

You have the right to submit eventual complaints about the processing of your personal data to the national supervisory authority. 

Transfer to a Third Country  

Information we collect about you can be processed, stored, and transferred between all Atea subsidiaries in the countries we operate in. All Atea subsidiaries have signed an internal Data Processing Agreement having unified data protection across all subsidiaries. However, Atea will not transfer the personal data you provide us to countries outside the European Economic Area (EEA) without explicitly informing you about that transfer. 

Links to third parties  

We may, at our discretion, publish or offer third-party products on our website at our discretion. These third-party websites have their own, independent privacy rules. We, therefore, take no responsibility for the content and activities of these linked sites. However, as we want to protect the privacy of our site, we welcome comments on these websites. 

Last update to the Data privacy policy  

Atea reserves the right to update or change this Policy at any time and you should visit this site regularly to obtain the latest version.  

05-04-2024 

 

How to contact us  

If you have any questions regarding this privacy policy or our processing of personal data or want to contact us regarding your personal data, please contact dpo@atea.lt. 

Categories of Personal data we collect  

Goods and services 

The following personal data of the customer are processed for the purposes of sale of goods, provision of services, conclusion, and performance of the contract, payment, protection of legal interests, and defense: name, surname, email address, tel. No., bank account No., bank name, postal address, delivery address, and, when the buyer is a legal entity, the company name, company code, and company address are additionally processed. Personal data required to contact and communicate in a pre-contractual relationship is processed to take action at the request of the data subject prior to the conclusion of the contract or in the legitimate interest of Atea and is stored for 3 (three) years from the last contact with a potential customer or supplier. Data and documents processed for the purpose of concluding and performing the contract are stored for 10 (ten) years from the end of the contractual relationship unless a longer term is specified in legal acts or Atea internal regulations for archiving purposes, or when complying with legal obligations, such as following the instructions of state institutions or participating in legal disputes, your personal data will have to be processed for longer than the specified term. 

Servicedesk case and incident handling 

When you contact Atea Servicedesk, your personal data will be stored in our ticketing system for the purpose to handle the case. The personal data processed is the data you provide when submitting the case/incident, for example, Name, phone number, email address, organization, job title, and department. 

The personal data is processed by Atea as the data Controller since we need to register contact information for a case or incident to solve the case and be able to contact you regarding the case. Personal data is also stored for a historical purpose to be able to return to a case afterward, both for learning purposes and for history. Based on this, the personal data is stored for 5 years after a case is closed. 

After resolving the case you receive an Atea User Satisfactory Survey email which is related to the case number. Atea User Satisfaction Survey will be stored for 2 years to be able to return to survey evaluation afterward and to compare the results of customer support. 

The legal basis for the processing of personal data is a legitimate interest. Atea's interest lies in the fact that we need contact information for the individual who has submitted a case so that we can carry out our tasks and handle the case. Included in the assessment of legitimate interests is the type of personal data that only includes contact information. 

Hardware warranty or post-warranty service 

When you contact us for hardware warranty or post-warranty service, the following personal data is processed to provide the service: name, surname, email address, tel. No., equipment identification number, company (if applied by a legal entity). The basis of data processing is the legitimate interest to perform the contract for warranty or post-warranty service works, to properly administer the provision of services; contract with the data subject; legal obligation (accounting, archiving); consent (marketing). The repair work report containing personal data is stored in the Atea business and financial accounting system for 3 (three) months after the provided warranty or post-warranty service, and an electronic / paper copy of this report and the invoice (if payment has been made for the provided service) stored for 10 (ten) years from the end of the contractual relationship, unless a longer term is specified in legal acts or internal Atea regulations for archival purposes, or when your personal data will need to be processed in accordance with legal obligations, such as following instructions from public authorities longer than the specified deadline. Please be informed that the personal data provided by you may be transferred to the equipment manufacturer (EPSON EUROPE B.V., Lexmark International Technology Sarl, Lenovo Technology B.V., or Dell Distribution) with your consent. 

Recruitment 

Atea processes the personal data of the candidates (name, surname, e-mail address, tel. No., data provided in the CV) in order to assess the person's suitability for the position or to perform the job functions, as well as for the purpose of concluding the employment contract. The basis for data processing is to take action at the request of the data subject before concluding the contract. Personal data is stored until the end of the selection. 

When sending data to us, please observe your personal information protection requirements and do not send us excessive information, such as personal identification number, address, health information, or other special (sensitive) data, bank account number, financial information, or car state. No., real estate data, information about family members, photos that clearly show other people, and so on. 

Communication with the customer 

When you make a request to us on the Atea website, we process the following personal data in order to provide an answer: name (optional), surname (optional), email, address, mob. No. (optional), company name (if applied by a company representative). The basis for data processing is the consent you give when submitting the request. We store the information until the person withdraws the consent, but not longer than 3 (three) months after the submission of the response to the request. 

By contacting our general e-mail we only process your e-mail, e-mail address, and your name, the name of the company you represent, if they are e-mail mail components. 

Surveys of existing customers 

We conduct surveys of existing customers to assess the quality of the products we sell, the services we provide, and the customer service. The only e-mail address is used for this purpose. The basis of data processing is the legitimate interest in obtaining customer feedback and ensuring and improving the quality of products, services, and customer service sold by Atea. Information is stored for no longer than 1 (one) year. 

Please note that you can express your refusal to participate in the surveys by clicking on the link in the e-mail at the bottom of the letter you are invited to participate in the survey. 

Agreements with data subjects 

When we enter into a contract with a data subject (e. g. contracts for services provided or procured by us, including but not limited to ordering warranty / post-warranty services, ordering goods, notifying the event, copyright agreements, agreements with individual data subjects, etc.), we process personal data to the extent provided for in the respective agreement and for the purposes provided for in a such agreement. The basis for data processing is a contract with the data subject (including taking action at the request of the data subject before concluding the contract). Data shall be processed and stored for 7 (seven) years after the termination of the contract, unless legal acts or internal Atea regulations provide for a longer retention period for archival purposes, or when complying with legal obligations, such as following instructions from public authorities or participating in legal disputes. the data will need to be processed longer than the specified deadline. 

Debt recovery 

In the event of late payment of a debt, the personal data of the customer (the person in charge of the company or the data subject) may be transferred to the debt collection company.

 

Atea eShop account and online purchase data

The Atea eShop is an eCommerce platform designed for companies (legal entities). When a company creates an account to purchase hardware, software and services, the personal data of the company representative is processed according to this Policy. This includes data provided through eShop placed orders including punchout.

For eShop users, the following personal data is processed in eShop:

  • First name, last name, email address, phone number, company, source IP address, last login, employee number. Optional default cost center.

From FreeChoice users the following personal data is processed in eShop:

  • First name, last name, email address, private email address, phone number, company, source IP address, last login, employee number, default cost center.

The data is processed for the purpose of fulfilling contractual obligations, such as delivering goods, resolving warranty issues.

Personal data of eShop user accounts is anonymized 2 years after the last login as last activity.

Personal data of eShop user accounts is anonymized 5 years after last login as last activity if they have active Free Choice contract, otherwise anonymized 2 years after the last login as last activity.

Data from the Atea eShop is also transferred to the Atea business and financial accounting systems (ERP) for the purpose of invoicing, communicating with customers, fulfilling warranty obligations, and protecting legal interests. The data is processed and stored according to the country’s where Atea operates legal requirements and internal regulatory acts regarding archiving.

 

My Atea

Access to My Atea portal is exclusively for authenticated eShop or ServiceNow users, granted through eShop or ServiceNow onboarding process. No personal data is replicated from the other systems to My Atea portal, and since My Atea does not store any personal data, data erasure routines do not apply to it.

 

If My Atea user enters personal data to User feedback & ideas, name and email address is processed in vendor’s feedback system. Personal data entered to User feedback & ideas chat is erased after 1 year.

Authorization to Atea systems  

We have control authorization mechanisms for you to safely authenticate to our systems. The authorization is handled by a trusted identity provider. There are two ways to authenticate to be able to get access to relevant systems in Atea. 

Atea authorization  

User ID (email address) and password for authentication are used. Personal data in scope: email address, IP address. When you authenticate, your email address and password will be verified by our identity provider through secure API. An IP address is logged during the authentication process for your safety if someone attempts to tamper with your account. 

Customer Active Directory authentication  

Single Sign On for authentication is used. Personal data in scope: name, surname, email address, IP address. When you authenticate, your first name, last name, and email address will be verified by the customer Active Directory and will pass to the identity vendor. An IP address is logged during the authentication process for your safety if someone attempts to tamper with your account. 

Direct marketing  

We use your personal data to send company news, updates, information about other similar products and services, Atea’s events and newsletters, etc. Personal data you provide to us by filling in the forms on our webpage is used only with your consent. We process the following categories of personal data: name, surname, company name, email address, and phone number. We store your data for direct marketing until you withdraw your consent. 

Atea events  

You can register for our events on the Atea website by filling out the appropriate registration form. When registering for our events, you provide us with the following contact information: name, surname, job title, company name, e-mail, and tel. No. 

Personal data is processed for the following purposes: 

  • Event organization; 
  • Administration of registration of participants for the event; 
  • Necessary communication before the event; 
  • Post-event communication is required, including, but not limited to, forwarding slides of messages and answering questions received during the event; 
  • Event evaluation; 
  • Protecting the interests of the organizers in the event of a complaint or claim. 

The basis for personal data processing is the consent you give by filling in the registration form. We keep this information for no longer than 3 (three) months after the end of the event. 

Please note that photos can be taken during the event. Photography is carried out on the basis of a legitimate interest, consent, in order to publicize Atea's activities and to increase the awareness of Atea's name in the public space. If you object to the use of your image for the stated purposes, please inform the event assistants at the latest before the start of the event. 

Cookies  

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you but can give you a more personalized web experience. 

Cookies are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). They ensure a consistent and efficient experience for you as a visitor and perform essential functions such as allowing you to register and remain logged in. Cookies may be set by the site that you are visiting (known as “first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the website (“third party cookies”). Atea uses cookies to personalize content and ads, provide social media features, and analyze our traffic. Atea also shares information about your use of our site with our social media, advertising and analytics partners. Below is a detailed list of the cookies we use on our websites. Our websites are scanned with a cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies into the following categories:  

  • Mandatory Cookies  
  • Analytics Cookies  
  • Marketing Cookies  

You can opt out of each cookie category (except mandatory cookies) by clicking on the “cookie settings”. 

Mandatory  

These cookies are necessary for the website to function and cannot be switched off in our systems. This enables the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services Atea has added to our pages. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. Blocking these cookies may affect the performance of the site. These cookies do not directly store personal information but are based on uniquely identifying your internet browser and device. 

Analytics Cookies  

These cookies allow Atea to monitor traffic and sources to be able to measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, Atea will be less able to optimize and analyze the site’s performance. 

Marketing Cookies  

These cookies may be set through our site by our advertising partners and social media services. Anonymized data can be shared with third parties to build a profile of your preferences. They do not directly store personal information but are based on uniquely identifying your internet browser and device, which can be used to build up a profile. If you do not allow these cookies, you will experience less targeted advertising and will not be able to use or see these sharing tools.