Privacy policy

Introduction

Atea ASA and its subsidiaries (hereinafter “Atea”) are market leaders in IT infrastructure and related services for businesses and public sector organizations in the Nordic and Baltic regions. Atea is committed to protecting personal data and respecting individuals’ fundamental rights and freedoms. We highly value data protection and prioritize the privacy of data subjects.

UAB Biznio mašinų kompanija (hereinafter “BMK”) is part of the Atea Group, and therefore follows Atea’s data privacy policy in its operations.

Purpose

This Privacy Policy outlines the purposes, methods, and principles Atea applies when collecting, processing, securing, and storing personal data, as well as the rights of data subjects under the EU General Data Protection Regulation (GDPR) No. 2016/679.

Scope

This Policy applies to all Atea operations, including employees, customers, and suppliers. It is supplemented by Atea’s Data Protection Policy, which defines the standards for personal data protection and processing.

Definitions

Personal Data – any information related to an identified or identifiable natural person (data subject).

Identifiable person – anyone who can be identified directly or indirectly through identifiers such as name, ID number, location data, online identifiers, or factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

General Purposes for Data Processing

• Service Provision: Deliver and manage products or services requested by the data subject.
• Communication: Contact data subjects regarding billing, payments, or service updates.
• Personalization: Tailor content and recommendations based on user behavior and preferences.
• Legal Compliance: Fulfill legal obligations (e.g., tax reporting, government requests).
• Security: Ensure the security of services, including fraud detection and prevention.
• Marketing: Send promotional materials when consent has been granted.
• Analytics: Analyze and improve services by understanding user behavior and preferences.

Categories, Purpose, and Retention of Data

Goods and Services

Personal data (name, surname, email address, phone number, bank account number, billing/delivery address) is processed for sales, service provision, contract execution, payments, legal interests, and defense. For legal entities, company name, code, and address are also processed.

• Retention: Up to 10 years after contract termination unless longer periods are required by law.

IT Management and Support

When using our IT support services, user interactions are logged for quality control.

• Data processed: Name, email address, phone number, company name/address.
• Retention: Up to 10 years after service completion.

Customer Satisfaction Surveys

Post-service follow-up emails may be sent to improve quality.

• Retention: 2 years.

Call Recordings

All incoming calls to the Help Desk are recorded for quality control and complaint resolution.

• Retention: 30 calendar days.
• Notice: A warning is provided before recording. Users may opt for email communication instead.

IT Equipment Maintenance

Data is processed for warranty and post-warranty services.

• Retention: Service reports are kept for 3 months; invoices and documentation – 10 years.
• Transfer: With consent, data may be shared with equipment manufacturers (e.g., Xerox, Epson, HP).

Recruitment

Personal data (CV, name, contact details) is processed to evaluate candidates for employment.

• Retention: Until the end of the recruitment process. With consent, data may be used for other Atea vacancies for up to 1 year.

Client Communication

Data provided via website forms (name, email address, company name) is used to respond to inquiries.

• Retention: 3 months after responding or until consent is withdrawn.

Contracts with Data Subjects

Data is processed based on the contract, including sales, purchases, event participation, etc.

• Retention: 10 years after contract completion unless legal or internal rules require otherwise.

Direct Marketing

Used to send news, offers, and newsletters with:

• Legitimate interest (existing clients); or
• Consent (non-clients).
• Retention: Until consent is withdrawn or no more than 2 years from consent date.

Client Feedback Surveys

Used to evaluate services/products using only email addresses.

• Retention: Up to 1 year.

Annual Surveys (e.g., NPS)

Data used: email address. Responses are anonymous unless the email address is explicitly provided.

• Retention: Until the recipient unsubscribes. Email lists are refreshed yearly.

Events

Event registration forms collect: name, email address, phone number, company name.

• Purpose: Organizing and managing the event, pre/post-communication, feedback collection.
• Retention: 3 months after the event.
• Photography: May occur for publicity purposes. If you object, notify event staff before the event begins.

Debt Collection

If a payment is overdue, personal data may be shared with a debt collection agency.

Online Purchases (ismanimokykla.lt and robotcity.lt)

Data processed: name, email address, phone number, IP address, delivery address, company name.

• Retention: 2 years after last login.
• ERP Transfer: Data is transferred to Atea’s business and finance systems for contract fulfillment and compliance.
• Retention: 10 years after contract completion.

Data Security

Atea is committed to protecting personal data and respecting individual rights.
For more information, refer to the Atea Data Protection Policy.

Data Subject Rights (under GDPR)

• Right of Access: Request access to your personal data.
• Right to Data Portability: Receive a copy of your data in a portable format.
• Right to Rectification: Request the correction of inaccurate/incomplete data.
• Right to Erasure: Request the deletion of your data (subject to GDPR exceptions).
• Right to Restriction: Limit processing under specific circumstances (e.g., dispute over data accuracy or legitimate interest).

To exercise these rights, contact the Data Protection Officer (DPO) for your region (see contact section).
Atea may charge an administrative fee for manifestly unfounded, repetitive, or excessive requests.
Responses will be provided within one month.

You may also file a complaint with your national data protection authority.

National Data Protection Authorities

• Norway: Datatilsynet
• Denmark: Datatilsynet
• Sweden: Integritetsskyddsmyndigheten
• Finland: Tietosuojavaltuutetun toimisto
• Lithuania: Valstybinė duomenų apsaugos inspekcija
• Latvia: Datu valsts inspekcija
• Estonia: Andmekaitse Inspektsioon

Cookies and Tracking Technologies

When visiting any Atea website, cookies and other tracking technologies from the following categories may be used:

• Mandatory Cookies – essential for site functionality.
• Analytics Cookies – help understand usage to improve performance.
• Marketing Cookies – allow personalized ads based on browsing behavior.

You can manage cookie preferences on our websites under “Your Privacy Settings”.

Third-Party Access and Transfers

Only trusted third parties under contract with Atea may access personal data.
Personal data may be transferred within the Atea Group or outside the EEA with standard contractual clauses per GDPR.

Atea does not transfer personal data outside the EEA without prior notification.

Policy Updates

Atea reserves the right to update this Policy at any time.
The latest version is published on:
bmk.lt, ismanimokykla.lt, robotcity.lt
Last updated: April 2025

Contact

For data protection inquiries, contact the relevant DPO:

• Atea ASA: dpo@atea.com
• Norway: dpo@atea.no
• Denmark: dpo@atea.dk
• Sweden: dpo@atea.se
• Finland: dpo@atea.fi
• Baltics (Lithuania, Latvia, Estonia): dpo@atea.lt
• Atea Global Services: ags.dpo@atea.com