UAB Balticsofa, legal entity code 121504969, registered office address Žarijų str. 4A, LT-02300 Vilnius, Lithuania, data collected and stored in the Register of Legal Entities of the Republic of Lithuania (hereinafter “We” or the “Data Controller”) is the manager of this website https://www.balticsofa.com/lt/ (hereinafter the “Website”). This Privacy Policy (the “Privacy Policy“) sets out and explains how we collect and further process the personal data of the Website visitors. In the Privacy Policy we also provide information about the processing of data by all other data subjects (such as contractors or their representatives/employees) by us in the course of our activities.
The Privacy Policy applies to all persons who visit the Website, and the terms and conditions set out therein apply to each time you access the content and/or service we provide, regardless of the device (computer, mobile phone, tablet, etc.) you use.
We process the data of all data subjects lawfully, transparently and fairly, for pre-determined purposes and only to the extent necessary to achieve them. When processing your personal data, we comply with the provisions of the General Data Protection Regulation No 2016/679 (hereinafter the “GDPR”), the Republic of Lithuania Law on Legal Protection of Personal Data, as well as the requirements for the processing of personal data established in other legal acts and recommendations and/or instructions of supervisory authorities.
Persons under the age of 14 may not provide any personal data through our managed websites and/or social networking accounts. If you are a person under the age of 14, you must obtain the consent of your legal representatives (parents, adoptive parents, guardians, carers) before providing your personal information.
The terms used in the Privacy Policy shall be understood as they are defined in the GDPR and other personal data protection legislation.
Click on the “Learn more” box in each section to find out more about how we process your personal data and the specifics of our business.
How do we collect information about you?
Your personal data, i.e., any information about you that allows us to identify you, is obtained in different ways:
You can also submit your personal data directly to us. This usually happens when:
our video surveillance systems do not use facial recognition / analysis and/or similar technology, image data captured by these systems are not grouped or profiled by a particular person. They are intended solely to ensure the safety of our employees, visitors and property and to prevent public order violations. You will be informed of the ongoing video surveillance by separate information tables provided before entering the monitored area and/or room. In addition, we note that the CCTV surveillance field does not include areas and/or rooms where you can expect full privacy, such as toilets.
We receive information about you as a representative of a legal entity by communicating with this legal entity, for example, in cases where:
Information about you can be collected automatically. This usually happens when:
As far as permitted by applicable laws, we may receive information about you from third parties. This may include information provided by our partners, contractors, service providers, your publicly available profiles or databases. (e.g., if you access the Website through your Facebook or Google account, you grant Facebook or Google permission, share your account information with us – so the source of the data you receive is Facebook or Google, respectively).
We may associate the information we receive about you from you, from public and commercial sources, to other information we receive from you or about you.
We may collect information about you in other cases not covered by the Privacy Policy, however, if this happens, we will keep you informed additionally.
While we attempt to collect as little information about you as possible, we collect the following information necessary for our activities:
The information we collect automatically usually is as follows:
The information we receive from third parties or publicly available sources is usually the following:
You may choose not to provide us with certain information, however, in this case, we may not be able to provide you with our service (e.g. without giving you the necessary information requested to respond to your request, we will not be able to answer you).
Important: We do not request or process your special categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as health data or data about your sex life and sexual orientation. Our staff does not ask for your login details, bank card numbers, passwords in writing, by telephone or in any other way, or any other information the use of which may cause you financial or any other damage.
The above information is processed in order to:
The purposes, basics and personal data we process are presented in the following table:
| Aim | Legal basis (es) | Personal data |
| Conclusion, execution and administration of transactions, contracts and any other agreements
|
Conclusion or performance of the contract with you
Compliance with legal requirements Legitimate interests of our company |
Full name, e-mail address, telephone number, place of work, position title, bank account number, name of the bank used for settlement. As well as other information that may be required to fulfill our obligations |
| Implementation of the rights and interests of us or our departments/affiliated companies | Compliance with legal requirements
Legitimate interests of our company |
For this purpose, all your personal data held by us listed in this Privacy Policy may be processed for this purpose |
| Establishing, maintaining and developing business, professional and/or other legal relationships | Legitimate interests of our company
Compliance with legal requirements |
Full name, telephone number, e-mail postal address or other contact details, place of work, position title |
| Fulfilment of our obligations under applicable law | Compliance with legal requirements | Depends on the requirements of the applicable legislation, the content of request received from the institutions, other objective circumstances |
| Internal administration of our company and processing of accounting | Compliance with legal requirements
Legitimate interests of our company |
For this purpose, all your personal data held by us listed in this Privacy Policy may be processed for this purpose |
| Ensuring the quality and functionality of the online services provided by our company | Legitimate interests of our company | The IP address, version of the operating system, and settings for the device you are using to access the content. The time and duration of your session and any information stored on cookies that we have set on your device, GPS signal of the device or information about the nearest WiFi access points and mobile towers in the vicinity, which may be transmitted to us by you using the content of our website |
| Direct marketing (only if we have received your consent or, respectively, we have not received your consent) | CONSENT
Legitimate interests of our company |
Full name, e-mail, postal address, telephone number, residential address |
In cases where we are unable to rely on one of the legal bases in this table, we will ask for your consent before processing your personal data. (such cases will be clear from the circumstances and context).
In the cases where we process your personal data for purposes other than those specified in these rules, we will inform you in a separate notice.
Without your prior written consent, we may transfer your personal data only in the following cases:
The ability of recipients of your personal data (individual controllers) to use your data is limited and may not use this information for purposes other than the agreement with us or other purposes provided for in the legislation.
You will be asked for a separate consent to receive their direct marketing offers.
We may also provide your data to data processors who provide services (perform work) to us. Data processors have the right to process personal data only on the basis of a written agreement between us and them, according to our instructions and only to the extent necessary for the proper performance of the obligations set out in the agreement. Through our processors, we take all necessary steps to ensure that our data processors have the appropriate organisational and technical security measures in place and maintain the confidentiality of your personal data.
Below is a list of categories of recipients:
banks, software development, implementation and support companies; IT companies; providers of communication services; security service; companies providing postal services and courier services; companies providing legal services; providers of archiving services.
Other parties to whom we may have access to information we hold about you where this is necessary to protect our legitimate interests or in fulfilling the legal requirements necessary for us, state and law enforcement institutions etc.
For more information about specific companies listed in this section to which your personal data may be disclosed, please contact us at the contacts listed in this Privacy Policy.
We cooperate with customers from all over the world, thus, data is transferred to ensure the security of the personal data transmitted for the purposes of concluding, executing and administering transactions, contracts and other agreements.
In exceptional and necessary cases of data provision outside the EEA, we will arrange for one of the following security measures to be applied:
In absence of any of the appropriate safeguards referred to above, we may take advantage of the exceptions provided for in Article 49 of the GDPR (e.g. to transfer your data on the basis of your consent), however, they can only be applied in strictly formulated cases of GDPR.
We have intelligent and relevant physical and technical measures in place to protect the information we collect for the purposes of service provision.
But bear in mind that, although we take appropriate action to protect your information, no website, online transaction, computer system or wireless connection is completely safe.
We determine the terms for storage of personal data of clients in accordance with the requirements of laws, regulatory enactments and instructions of the supervisory and/or other competent authority. In the absence of such requirements or instructions, we shall determine the retention periods in the light of our legitimate interests.
Please note that, given the extent of the personal data we process, we specify certain time limits for the storage of personal data of specific categories of data subjects in the respective privacy policies or information notices of other websites we manage at the time of receipt of the data.
At the end of the data retention period, your data will be erased in such a way that it cannot be reproduced, or personalised in such a way as to prevent you from being identified.
Usually personal data is stored for the following terms:
| Personal data | Storage period |
| Data relating to the conclusion and execution of transactions, contracts and any other arrangements | 10 years after the end/termination of the contract, agreement or arrangement |
| Payment data | 10 years after the date of the payment transaction |
| Data contained in requests, requests and/or claims submitted to us by phone, e-mail or regular mail | Up to 2 years from the date of receipt or execution of the request/claim |
| Your data relates to the potential or existing implementation of our interests in a court or other institution | Until the statutory time limits for lodging a claim/complaint or claim expire and/or a final judgment has entered into force |
| Image data | From 5 to 40 days (depending on the equipment used) |
| Personal data processed with your consent | Up to 2 years from the moment of receipt of the consent if the consent has not been withdrawn |
| IT system records (logs) | _gi retention period of 2 years used to separate consumers; _gid storage term 24 hours, _gat_gtag_us storage term 1 min. used to accelerate the query frequency |
Even if you wish to terminate the contract and refuse from our services, due to requirements that may arise in the future, we will continue to have to keep certain of your personal data until the time limits for storage of certain data expire. Information is also stored so that we can provide you with the required information, if necessary, in order to have a properly recorded history of relationship and answer all questions related to you and our cooperation.
Depending on your situation and the additional conditions set out in the GDPR, you have the following rights:
We always strive to ensure your rights properly and to respond promptly to any possible breach of their implementation, so if you have any questions about your personal data managed by us, please contact us first. We also note that in all cases you have the right to file a complaint with the State Data Protection Inspectorate at any time.
We give you the opportunity to implement these rights in a convenient way. You can do this by writing to us at this e-mail gdpr@balticsofa.com or by using certain links at the bottom of our promotional content material, if we provide such promotional content to you.
Your rights will be exercised after your identity is confirmed live (by means of an identity document: identity card or passport) or by electronic means of communication (e.g.: electronic signature).
| Your right | Certain restrictions |
| Right to know
|
You have the right to receive information about processing of your personal data in a concise, simple and understandable language before the beginning of your personal data processing. |
| Right to access
|
This right means that you can ask us to provide you with:
– Confirmation of whether we process your personal data; – A list of your personal data processed; – List of targets and legal basis for the processing of your data; – Confirmation of whether we are sending data to third parties, and if yes, what security measures were taken; – The source of your personal data; – Information as to whether profiling is applied; – Indication of the data retention period. We will provide the above information on the condition that it does not violate the rights and freedoms of others. |
| Right to correct
|
Applicable if the information we hold in relation to your personal data is incomplete or inaccurate. |
| Right to be forgotten
|
Applies if:
– The information we have is no longer necessary to achieve the objectives indicated; – We process the data on the basis of your consent and you withdraw your consent; – We process the data on the basis of legitimate interests and, after your request, it is determined that your private interests have priority; – Information is received illegally. |
| Right to restrict
|
This right can be implemented for a period of time until we analyze the situation, namely:
– If you dispute the accuracy of the information; – If you oppose the processing of personal data when this is done on the basis of legitimate interests; – We use the information illegally, but you have objections of it being deleted; – The information is no longer needed for us, but you are requesting that it be stored due to a litigation. |
| Right to data transferability | This right may be enforced if you submit your data and we process it automatically, based on your consent or an agreement concluded with you. |
| Right to disagree | This right may be enforced when such processing is performed for public interest or processing of data is necessary for the legitimate interests of the data controller or a third party. When processing your personal data on this basis, we have the burden of proving that the data are processed for compelling legitimate reasons which are beyond your interests.
You may also at any time object to the processing of your personal data for direct marketing purposes, including profiling in so far as it relates to such direct marketing. |
| Right to disagree | This right may be enforced when such processing is performed for public interest or processing of data is necessary for the legitimate interests of the data controller or a third party. When processing your personal data on this basis, we have the burden of proving that the data are processed for compelling legitimate reasons which are beyond your interests.
You may also at any time object to the processing of your personal data for direct marketing purposes, including profiling in so far as it relates to such direct marketing. |
| Right to withdraw your consent | To withdraw your consent to process personal data at any time if the data is processed on the basis of consent. |
| The right to submit a complaint to the State Data Protection Inspectorate | The data subject shall have the right to contact the authority responsible for the supervision and control of the legislation on the protection of personal data – State Data Protection Inspectorate (A. Juozapavičiaus str. 6, 09310 Vilnius, e-mail ada@ada.lt, tel. (8 5) 271 2804).
For more information: www.ada.lt |
We may not give you the conditions for the implementation of the above-mentioned rights, where in the cases provided for by law it is necessary to ensure the prevention, investigation and detection of crimes, violations of professional or ethical conduct, as well as the protection of the rights and freedoms of the data subject or other persons.
In the privacy policy, we use the term “cookies” to describe cookies and other similar technologies, such as pixel tags, web beacons, clear GIFs.
Cookies are small items of information stored in your web browser. They help us:
By analysing this data, we can improve our website and make it more user-friendly for you.
Cookies used on our Website:
| Category | Name | Period | Aim |
| Functional cookies | cookie_notice_accepted | 1 month. | Acceptance of the cookie policy |
| Statistics cookies | _gid | 24 hours | Google Analytics cookie for distinguishing users |
| _ga | 2 years | Google Analytics cookie for distinguishing users | |
| _gat | 1 minute | Used to limit the number of queries |
When you use the browser to access our content, you can configure your browser to accept all cookies, to reject all cookies or notify when a cookie
is downloaded. Each browser is different, therefore, if you are not sure how to change the cookie preferences, look in the help menu. Operating system of your device may have additional cookie controls. If you do not want the information to be collected through cookies, use a simple procedure available in most browsers that allows you to refuse cookies. To learn more about managing cookies, visit: http://www.allaboutcookies.org/manage-cookies/.
Please note that some services may be designed to function only with cookies, and if you disable them or some of them, you will no longer be able to use them.
We also note that in addition to the cookies we use, the Website allows certain third parties (e.g. social network managers) to identify and access cookies on the device you use. Third parties who have installed such cookies apply their own privacy policies and we cannot be liable for them (our Website does not have access to the information transmitted to them), and we strongly recommend that you additionally consult the above policies on the websites of those third parties. Our social network accounts are subject to the privacy policies of their managers.
The Website may contain links to external websites, such as the websites of our promoted goods and/or services. By following such links, please note that these sites and the services available through them must have their own separate privacy policy (ies) for which we cannot take responsibility, and we recommend that you review them in detail before any of your personal data is provided.
If you notice a discrepancy between this Privacy Policy, a security loophole on our Website or other issues related to the processing of your personal data, contact us in one of the following ways convenient to you:
UAB Balticsofa
Number of legal entity: 121504969
Headquarter address: Žarijų g. 4A, LT-02300 Vilnius
E-mail: gdpr@balticsofa.com
The Privacy Policy shall be reviewed and updated in accordance with our needs, but at least once every two years, or in the event of a change in the legislation governing the processing of personal data. After updating the Privacy Policy, we will notify you of, in our opinion, substantial changes, by posting a notice on the Website or in any other similar way. If you use the content and/or services provided by us after the publication of such notice, we will consider that you agree to the new requirements set out in the updated Privacy Policy.
By continuing to browse the Website, you confirm that you have read and understand this Privacy Policy.
Last review of the Privacy Policy – 3 January 2022.