UAB “Baltisches Haus“ privacy policy

Last updated: 2022-08-16

1. GENERAL PROVISIONS

  • 1.1. This Privacy Policy of BALTISCHES HAUS, UAB, company number 111543781, registered address Bokšto g. 6, Vilnius (hereinafter referred to as the Company, we) (hereinafter referred to as the Privacy Policy) contains information about how we process your personal data when you use our services and visit our website www.balthaus.eu (hereinafter referred to as the Company’s website).
  • 1.2. We process personal data in accordance with this Privacy Policy and in compliance with applicable law, including the General Data Protection Regulation (2016/679) (hereinafter referred to as the GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania and the Law on Electronic Communications of the Republic of Lithuania.
  • 1.3. In this Privacy Policy, we provide the following information:
    1) What personal data we process, for what purposes, on what legal basis we process it and how long we keep it;
    2) Transfer of personal data to third parties;
    3) Social media and links;
    4) Your rights;
    5) About cookies;
    6) Changes to the Privacy Policy.
  • 1.4. If you have any questions or wish to exercise any of your rights under this Privacy Policy, you can contact us by email duomenuapsauga@balthaus.eu.

2. WHAT PERSONAL DATA WE PROCESS, FOR WHAT PURPOSES, ON WHAT LEGAL BASIS WE PROCESS IT AND HOW LONG WE KEEP IT

  • 2.1. For the purpose of concluding and performing the contract concluded by you (representative) with the Company, the Company processes your personal data as a customer or supplier and your employees (representatives) in accordance with the provisions on the processing of personal data as set out in the “Information Notice to Existing and Prospective Customers” published on the Company’s website.
  • 2.2. When you, as a customer of the Company, log in to the Company’s customer self-service on the Company’s website (“Customer Self-Service”), personal data is additionally processed for the purpose of identifying you:
    1) We process the following data: email address, encrypted password. Also, when you connect to Customer Self-Service, data is automatically collected from the computers or mobile devices you use: The IP address, the browser you use and its version, the website you visited before visiting the Company’s website.
    2) Legal basis for the processing of this data: contract concluded with the Company.
    3) We will store your data for this purpose: for the entire duration of your (representative’s) contract with the Company and for 24 months after the end of the contract.
  • 2.3. For the purpose of direct marketing offers, sending you, as a customer of the Company, newsletters (notifications) about the services offered or asking for your opinion on the quality of the services:
    1) We process the following data: email address.
    2) Legal basis for the processing of this data: your consent; In addition, we will process the personal data of existing customers of the Company who have not consented to the processing of their personal data for direct marketing purposes on the basis of legitimate interest, namely, in order to maintain and improve relations with existing customers.
    3) If you have not objected to the processing of your data for the purpose of direct marketing offers, we will process this data until the date of the full provision of services under the contract or the date of termination of the service contract. And if you are no longer a customer of our Company (where you are no longer in a contractual relationship with the Company in relation to the Company’s services), but you have expressed your consent to receive direct marketing offers, we will retain your data for 3 years from the date of receipt of your consent, or for a shorter period if you revoke your consent – until the consent is revoked. You have the right to cancel the sending of direct marketing communications at any time by clicking on the relevant link in any direct marketing communication you receive, or by contacting us by email duomenuapsauga@balthaus.eu.
  • 2.4. For recruitment purposes:
    1) We process the following data: candidate data, which includes all the information indicated by the person in their curriculum vitae, cover letter and/or letter of reference.
    2) Legal basis for the processing of this data: your consent, which you express to the Company by sending your curriculum vitae, cover letter and/or letter of reference. If you do not submit your curriculum vitae and/or cover letter, we will not be able to assess your suitability for the position.
    3) We delete this data as soon as the contract is signed with the selected candidate. If you wish, we may store this information for the purpose of offering you another job offer, provided that you give your prior consent. In this case, your personal data will be stored for 3 years after the date of such consent.
  • 2.5. We may process your personal data specified in this Privacy Policy when it is necessary to assert, exercise or defend legal claims. For this purpose, we process your personal data on the basis of legitimate interest, namely to protect and safeguard our rights, your rights and the rights of others.
  • 2.6. We may process your personal data as set out in this Privacy Policy where it is necessary for the purposes of obtaining or holding insurance cover, risk management or professional advice. For this purpose, we process your personal data on the basis of legitimate interest, namely in order to adequately protect our activities against risks.
  • 2.7. In addition to the specific purposes set out in this part of the Privacy Policy, we may also process your personal data where it is necessary to comply with legal obligations to which we are subject, or where it is necessary to protect the vital interests of you or other natural persons.
  • 2.8. Your personal data shall be stored for no longer than is necessary to achieve the purposes of processing of personal data set by the Company. After the expiry of the retention period, we will securely and irretrievably destroy or alter your personal data in such a way that it is no longer possible to identify you directly or indirectly.

3. TRANSFER OF PERSONAL DATA TO THIRD PARTIES

  • 3.1. The Company may transfer your personal data to the following categories of recipients:
    1) personal data processors providing various services to the Company: Providers of website maintenance and hosting services, email service providers, newsletter providers, survey providers, social media account administrators, customer service centres, data protection officer service providers, insurers, lawyers, consultants, auditors, bailiffs, other recipients who have undertaken confidentiality obligations;
    2) to the extent necessary for the provision of services or the settlement of services (e.g. to make a payment for a selected service), payment service providers designated by you or who will be involved in making the payment;
    3) law enforcement authorities, courts and other public authorities, but only to the extent necessary for the proper fulfilment of the requirements of the legislation in force.
  • 3.2. We only use data processors that have appropriate technical and organisational measures in place to ensure the protection of personal data, that comply with the GDPR and that ensure the protection and enforcement of your rights as a data subject.
  • 3.3. Should we have to send your personal data to countries outside the European Union, we will arrange for one of the following security measures:
    – the contract to be signed with the data recipient is based on the Standard Contractual Clauses for Data Transfer approved by the European Commission;
    – the recipient is established in a country that is recognised by the European Commission as applying adequate data protection standards;
    – reference is made to the standard data protection clauses developed by the State Data Protection Inspectorate;
    – using other available safeguards and in accordance with derogations where permitted under applicable data protection legislation.
  • 3.4. The data processors engaged by the Company process your personal data only in accordance with the Company’s instructions. The engaged processor shall have the right to employ a sub-processor only with the prior written consent of the Company.

4. SOCIAL MEDIA AND LINKS

  • 4.1. Where the Company’s website contains links to third party websites, the use of these websites is subject to the provisions of their respective privacy policies, and the Company accepts no responsibility for the content and operation of the information contained on these websites.
    4.2. We currently have a Baltisches Haus account on Linkedin, whose privacy policy is available here: linkedin.com/legal/privacy-policy.
    4.3. We encourage you to read third-party privacy notices and contact service providers directly if you have any questions about how they use your personal data.

5. YOUR RIGHTS

  • 5.1. In this Privacy Policy, we take a look at your rights under the data protection legislation. Some rights cover many aspects, so this Privacy Policy only covers the main ones. We recommend that you read the relevant legislation and supervisory guidelines to make sure you are fully informed about these rights.
  • 5.2. You have the following data subject rights:
    1) Know about the processing of your personal data. We also exercise this right by providing you with information in this Privacy Policy. You have the right to obtain confirmation from us as to whether we are processing personal data relating to you and, in the case of processing, to have access to the personal data we are processing as well as to certain supplementary information. We will provide you with a copy of your personal data on request, unless this would infringe the rights and freedoms of others. We will provide the first copy free of charge, but we may charge a reasonable fee for additional copies to cover administrative costs.
    2) Request correction of inaccurate or incomplete personal data concerning you.
    3) Request the erasure of your personal data if:
    − personal data are no longer needed to achieve the purposes for which they were collected or otherwise processed;
    − you withdraw your prior consent and there is no other lawful basis for the processing of your personal data;
    − the data is processed for the purposes of direct marketing;
    − personal data were processed illegally;
    − in other cases set out in the GDPR.
    However, please note that in some cases you may not be able to exercise this right due to exceptions. Such exceptions include cases where the data are necessary for: exercising freedom of expression and information; making, enforcing or defending legal claims.
    4) You can request restriction of the processing of your personal data where:
    − you contest the accuracy of the data for a period of time during which we can verify the accuracy of the personal data;
    − we no longer need personal data, but we do need it for you to assert, enforce or defend legal claims;
    − your personal data is no longer necessary for the Company, but it is necessary for you to exercise your right to lodge a complaint or to assert your rights;
    − you have objected to the processing on grounds of public interest or legitimate interest, pending an assessment of the validity of your objection.
    In the event of a restriction on the processing of your data, we will continue to protect your data but will not further process it, except for: (i) with your consent; (ii) to bring, exercise or defend legal claims; (iii) to protect the rights of others; (iv) for important public interest purposes.
    5) Request the transfer of your personal data. Where the legal basis for the processing of personal data is your consent or the performance of a contract or pre-contractual actions carried out at your request, you have the right to receive your personal data in a structured, commonly used and machine-readable format. You will not be able to exercise this right in cases where it may adversely affect the rights and freedoms of others.
    6) To object to the processing of your personal data on the basis of your particular situation in cases where we process your personal data for public interest purposes or on the basis of our legitimate interest or that of third parties. If you object to such processing of your personal data, we will no longer process your relevant personal data unless we can demonstrate that such processing is carried out for compelling legitimate reasons which override your interests, rights and freedoms. We may also continue to process such data for the purpose of asserting, enforcing or defending legal claims.
    7) The right to object to the processing of your personal data for direct marketing purposes. If you object to such processing of your personal data, we will no longer process your relevant personal data for this purpose.
    8) In cases where the legal basis for processing is your consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of the processing of your data prior to withdrawal.
    9) In the event that you believe that we are violating data protection legislation by processing your personal data, you have the right to lodge a complaint with the State Data Protection Inspectorate, ada.lt.
  • 5.3. You can exercise the data subject’s rights set out in this Privacy Policy by submitting a request and specifying the specific right you are seeking to exercise. In order to exercise your rights, we will need to verify your identity. Therefore, when applying for the exercise of rights (except for your right to know about the processing of your personal data already implemented in this Privacy Policy), you can submit a request to:
    1) By e-mail to duomenuapsauga@balthaus.eu with a request signed with a qualified e-signature;
    2) By submitting a written request directly to the address of the Company’s registered office (Bokšto g. 6, Vilnius) and presenting a document confirming your identity;
    3) Otherwise, if we can verify your identity.
  • 5.4. We will provide you with a response on the actions taken to implement the request or the reasons for non-implementation of the request no later than 1 month after receipt of the request. Depending on the complexity and number of requests, the period for the exercise of rights may be extended by a further 2 months.
  • 5.5. If you submit your request by email, the response will be provided to you in the same way, if possible, unless you request otherwise.

6. ABOUT COOKIES

  • 6.1. The following cookies are used to make it easier and more efficient for you to browse the Company’s website and to ensure the provision of high-quality services that meet your needs (cookies are files that store information on your computer’s hard drive or search engine):
Name Controller Aim Duration
Mandatory cookies (3). These cookies are essential for the basic functions of the Website and cannot be disabled.
cookieconsent_status balthaus.eu Determines whether the visitor has ticked the cookie consent box. 1 year
CONSENT google.com To store the visitor’s status regarding the selection of cookies. 2 years
_GRECAPTCHA www.google.com Distinguishing people from automated systems. 179 days
Analytical cookies (3). These cookies help us to understand how you use the Website. The data collected by these cookies does not directly identify you.
_ga balthaus.eu The Google Analytics persistent cookie is used to distinguish between visitors to the website when collecting information about website traffic. 2 years
_gid balthaus.eu The Google Analytics persistent cookie is used to distinguish between visitors to the website when collecting information about website traffic. 1 day
_gat balthaus.eu Google Analytics session cookies are used by Google Analytics to increase the speed of queries. 1 minute

7. CHANGES TO THE PRIVACY POLICY

  • 7.1. The Company has the right to change this Privacy Policy at any time. If you wish to keep up to date with changes to the Privacy Policy, please check the Company’s website periodically. In the event of substantial changes to the Privacy Policy, we will inform the Company’s clients about them on the Company’s website, Customer Self-Service or by e-mail.
This Website uses mandatory cookies to ensure the basic functions of the Website. Other cookies are not automatically set unless you agree with them.
Please visit our Privacy Policy for more information.

These cookies are essential for the basic functions of the Website and cannot be disabled.

These cookies help us to understand how you use the Website. The data collected by these cookies does not directly identify you.