Skip to main content
GDPR

Mandatory cookies

Mandatory cookies enable the main website functions. Without the aforementioned cookies the website cannot function properly. These cookies can be turned off only by changing the browser settings.

Statistics cookies

Analytical cookies allow us to improve the website by collecting and providing information about its usage.

Newsletter

Newsletter description

Privacy policy for UTM system

 

General information

The purpose of the Privacy Policy is to establish the rules for data processing carried out by public limited liability company Oro Navigacija (hereinafter referred to as AB Oro Navigacija) on the website utm.ans.lt (hereinafter referred to as the Website) and the mobile application “U-Space Lithuania” (hereinafter referred to as the App), the types of personal data processed, the purposes and legal basis for the processed data, the entities to which personal data may be disclosed, the storage periods, the technical and organizational measures for the protection of personal data and the procedure for the exercise of the rights of the data subject.

The controller of personal data processed on the Website and in the App is AB Oro Navigacija, which ensures that personal data is processed in accordance with the personal data protection requirements applicable to data controllers.

Information about public limited liability company Oro Navigacija: public limited liability company Oro Navigacija, code of the company 210060460, registered office address Balio Karvelio St. 25, 02184 Vilnius, telephone +370 706 94 502, e-mail bepilociai@ans.lt, website https://www.ans.lt.

Information about the data protection officer of public limited liability company Oro Navigacija is provided on the website of AB Oro Navigacija at www.ans.lt, under the chapter “Personal Data Protection” https://www.ans.lt/lt/bendrove/asmens-duomenu-apsauga.

The privacy policy has been prepared in accordance with the following legal acts:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the Regulation),
  • the Law on the Legal Protection of Personal Data of the Republic of Lithuania,
  • the Law on Electronic Communications of the Republic of Lithuania,
  • Rules on the Protection and Processing of Personal Data of State Enterprise Oro Navigacija, approved by the Order of the Chief Executive Officer of State Enterprise Oro Navigacija of 31 March 2021 No. V-122 “On the Approval of the Rules on the Protection and Processing of Personal Data of State Enterprise Oro Navigacija” (hereinafter referred to as the Rules on Processing of Personal Data),
  • Rules on the Use of Traffic Management System (UTM) for Unmanned Aircraft Operators (UAS) of public limited liability company Oro Navigacija, approved by the Order of the Chief Executive Officer of public limited liability company Oro Navigacija of 21 February 2026 V-41 “On the Approval of the Rules on the Use of the Traffic Management System (UTM) for Unmanned Aircraft Operators (UAS) of public limited liability company Oro Navigacija.

 

Basics of personal data processing

We process your personal data only if we have legal basis for processing:

  • consent, which is expressed by your pro-active actions,
  • on the basis of a contract, in order to conclude and/or execute a contract with you (for example, by processing your personal data necessary to order and provide the Services, etc.),
  • during the performance of contractual obligations (for example, during the performance of duties established under the contract),
  • implementing our legitimate interests (for example, to collect evidence of the proper provision of Services to you, to conduct and develop activities, to protect our rights, to ensure a safe experience and security of the Website and/or App, etc.), or
  • implementing the requirements of legal acts.

If necessary, we may process your personal data on other grounds provided for in legal acts, after properly notifying informing you about that, when necessary according to legal acts.

 

What personal data do we collect and for what purposes? 

The following personal data is processed on the Website and the App:

  • identification data (name, surname, remote pilot ID),
  • contact details (telephone number, e-mail address),
  • qualification certificate numbers,
  • technical data (IP address, connection logs),
  • flight data (locations, times, routes).

Data is collected and processed for the following purposes:

  • user identification and authentication,
  • service provision, administration and ensuring functionality,
  • planning, monitoring, coordination and safe traffic management of unmanned aircraft flights,
  • prevention and investigation of incidents, violations, accidents,
  • system security, maintenance, performance analysis and improvement,
  • communication regarding service provision, operation of the Website and App, or implementation of legal obligations. 

 

To whom is your personal data transferred?

The data of the data subject is not provided to third parties. The data may be transferred to law enforcement agencies, in case of a legitimate basis and purpose for obtaining the data.

Personal data is not transferred to third countries or international organizations, i.e. outside the European Union, except in cases when public limited liability company Oro Navigacija is obliged to do so by legal acts or court decisions.

 

How long do we store personal data?

Personal data is stored for the entire period of service provision – as long as the user actively uses the services, i.e. as long as the user account is active.

After deletion of the user account, the data is stored for an additional 5 years in accordance with the legislation regulating air navigation activities, in order to ensure airspace safety traceability, incident investigation, and compliance with potential legal obligations. After that, the personal data is destroyed by erasing it without the possibility of recovery.

 

What security measures do we apply?

Organizational and technical personal data security measures are applied to protect personal data against accidental or unlawful destruction, alteration, disclosure, as well as against any other illegal processing.

Public limited liability company Oro Navigacija implements technical and organizational measures to ensure that only the personal data that is necessary for each specific purpose of data processing is processed in a standardized manner. The obligation specified under this Paragraph applies to the amount of personal data collected, the scope of their processing, the storage period and accessibility.

Public limited liability company Oro Navigacija takes necessary precautions to preserve the integrity of the personal data of data subjects and prevent this data from being damaged or lost, including taking care of the necessary data recovery.

In order to protect automatically processed personal data, the following technical data security measures must be used:

  • an audit of open ports and software on servers and network devices is performed once a year,
  • a periodic audit of the content management system (CMS) and plugins of the Website is performed, CMS and plugin versions are updated, and unused plugins are removed,
  • web application firewall (WAF) installed,
  • unique passwords are used to access personal data, which are changed regularly and stored to ensure their confidentiality,
  • access to personal data and the right to perform data processing actions is granted only to the employees who need access to personal data in accordance with their positions and work functions;
  • ensuring protection of computer equipment against malicious software (installation, updating of antivirus programs, etc.),
  • computer equipment and data transmission network are maintained according to the recommendations of the manufacturer, maintenance and troubleshooting are performed by qualified specialists, and the technical condition of the data transmission network and the most important computer equipment is constantly monitored.

The following obligations related to personal data security are imposed on the employees of public limited liability company Oro Navigacija:

  • the employees must follow the principle of confidentiality and keep secret any information related to personal data that they have become aware of in the course of their duties,
  • the employees who process personal data in the course of their direct duties sign a confidentiality undertaking before starting to perform their functions,
  • the employee must notify the help desk of public limited liability company Oro Navigacija immediately of a personal data protection breach or any suspicious situation that may pose a threat to the security of the processed personal data.

 

How are the rights of a data subject implemented?

A data subject is entitled to contact public limited liability company Oro Navigacija regarding the matters related to the processing of personal data, i.e. has the following rights:

  • the right to receive information about data processing,
  • the right to access data,
  • the right to request correction of data,
  • the right to request the deletion of data (“right to be forgotten”),
  • the right to restrict data processing.

When a data subject disagrees with the decision of public limited liability company Oro Navigacija made on a submitted request related to the implementation of the rights of the data subject, the data subject has the right to file a complaint to State Data Protection Inspectorate or Vilnius Regional Administrative Court.

The rights of the data subject are implemented in accordance with the procedure established by the Rules for Processing Personal Data, which are available on the website of public limited liability company Oro Navigacija at www.ans.lt, under the chapter “Personal Data Protection” https://www.ans.lt/lt/bendrove/asmens-duomenu-apsauga.

 

Processing of statistical information and use of cookies

In order to ensure proper use of the Website, the App and the Services, we use technologies necessary to provide the Services - to process the technical parameters of user devices, location, technical actions performed on the Website and/or the App, etc. No data that could directly or distinguish you identify from a group of individuals will be collected and processed using this technology, and it is not possible to identify you based on the technical data recorded. The technologies are necessary for the proper provision of the Services and will therefore be applied while using the Website and/or the App. Technological solutions for this purpose are provided by trusted suppliers (for example, Google Inc.) that we invoke.

Cookies are storage media that store information on your device. When using the Website, session cookies may be stored on your device to identify the session and technical user parameters.

More information about the cookies can be found at: https://ec.europa.eu/info/cookies_lt. You control cookies; thus, you can refuse them or destroy them (delete, uninstall) at any time by adjusting the permissions applied to the Website and/or the App on your terminal device, clearing the cache or reinstalling the terminal device.

When using the App, the App files and files necessary for operation of the App are saved on your device.

Updated at: 2026-03-26 13:31:05