Privacy Policy

General information

UAB Balticsofa, legal entity code 121504969, registered office address Žarijų str. 4A, LT-02300 Vilnius, Lithuania, data collected and stored in the Register of Legal Entities of the Republic of Lithuania (hereinafter “We” or the “Data Controller”) is the manager of this website https://www.balticsofa.com/lt/ (hereinafter the “Website”). This Privacy Policy (the “Privacy Policy“) sets out and explains how we collect and further process the personal data of the Website visitors. In the Privacy Policy we also provide information about the processing of data by all other data subjects (such as contractors or their representatives/employees) by us in the course of our activities.

The Privacy Policy applies to all persons who visit the Website, and the terms and conditions set out therein apply to each time you access the content and/or service we provide, regardless of the device (computer, mobile phone, tablet, etc.) you use.

We process the data of all data subjects lawfully, transparently and fairly, for pre-determined purposes and only to the extent necessary to achieve them. When processing your personal data, we comply with the provisions of the General Data Protection Regulation No 2016/679 (hereinafter the “GDPR”), the Republic of Lithuania Law on Legal Protection of Personal Data, as well as the requirements for the processing of personal data established in other legal acts and recommendations and/or instructions of supervisory authorities.

Persons under the age of 14 may not provide any personal data through our managed websites and/or social networking accounts. If you are a person under the age of 14, you must obtain the consent of your legal representatives (parents, adoptive parents, guardians, carers) before providing your personal information.

The terms used in the Privacy Policy shall be understood as they are defined in the GDPR and other personal data protection legislation.

Click on the “Learn more” box in each section to find out more about how we process your personal data and the specifics of our business.

How do we collect information about you?

Your personal data, i.e., any information about you that allows us to identify you, is obtained in different ways:

  • You can provide the information (personal data) yourself;
  • we receive information about you as a representative of a legal entity by communicating with this legal entity;
  • information about you can be collected automatically;
  • in some cases, we receive information about you from third parties and may collect information about you from publicly available sources.

You can also submit your personal data directly to us. This usually happens when:

  • you enter into an agreement with us (purchase-sale, provision of services, etc.);
  • you use social network accounts that we manage;
  • you submit an enquiry, request and/or claim to us by phone, e-mail or ordinary mail;
  • you enter the video surveillance field captured by our CCTV systems.

our video surveillance systems do not use facial recognition / analysis and/or similar technology, image data captured by these systems are not grouped or profiled by a particular person. They are intended solely to ensure the safety of our employees, visitors and property and to prevent public order violations. You will be informed of the ongoing video surveillance by separate information tables provided before entering the monitored area and/or room. In addition, we note that the CCTV surveillance field does not include areas and/or rooms where you can expect full privacy, such as toilets.

We receive information about you as a representative of a legal entity by communicating with this legal entity, for example, in cases where:

  • Your contact details are provided in communication or contracts with our partners (suppliers, customers);
  • when you, as a representative of a legal person, communicate with us on behalf of this legal person.

Information about you can be collected automatically. This usually happens when:

  • you submit a request through our Website or social networking accounts (e.g., Facebook, LinkedIn, Instagram);
  • you make public posts on social networking platforms (e.g., Facebook, LinkedIn, Instagram) that we administer;
  • you use the websites we manage (data collected through cookies and similar technologies). For more information on our cookies, see below).

As far as permitted by applicable laws, we may receive information about you from third parties. This may include information provided by our partners, contractors, service providers, your publicly available profiles or databases. (e.g., if you access the Website through your Facebook or Google account, you grant Facebook or Google permission, share your account information with us – so the source of the data you receive is Facebook or Google, respectively).

We may associate the information we receive about you from you, from public and commercial sources, to other information we receive from you or about you.

We may collect information about you in other cases not covered by the Privacy Policy, however, if this happens, we will keep you informed additionally.

What information (personal data) about you do we process?

While we attempt to collect as little information about you as possible, we collect the following information necessary for our activities:

  • Your contact details;
  • Your image data (when you enter the video surveillance field);
    • information necessary for the conclusion, execution and administration of transactions, contracts and any other arrangements;
    • information you provide by calling, writing to us or making inquiries;
    • public information contained in your social network profile accounts if you provide us with requests/comments/ratings when connecting through them;
    • information contained in your payment orders to us;
    • information necessary to protect the interests of our company in court or other authority;
    • information about the device you are using;
    • information required for direct marketing (if we have the right to provide it to you in a particular case).
  • The information we collect directly from you is usually as follows:
    • full name, e-mail address, telephone number, place of work, position title, image, bank account number, name of the bank used for settlement.

The information we collect automatically usually is as follows:

    • information about your use of this Website and/or our other our websites (device information: IP address, version of the operating system and parameters of the device that you use to access content; login information: The time and duration of your session and any information stored in cookies on your device (the cookie policy is provided below); location information: your device’s GPS signal, or information about the nearest Wi-Fi hotspots and mobile communication towers that may be passed on to us by using our site content).

The information we receive from third parties or publicly available sources is usually the following:

    • full name, email address, telephone number, workplace, position title.

You may choose not to provide us with certain information, however, in this case, we may not be able to provide you with our service (e.g. without giving you the necessary information requested to respond to your request, we will not be able to answer you).

Important: We do not request or process your special categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as health data or data about your sex life and sexual orientation. Our staff does not ask for your login details, bank card numbers, passwords in writing, by telephone or in any other way, or any other information the use of which may cause you financial or any other damage.

For what purposes and on what grounds do we process your data?

The above information is processed in order to:

  • conclusion, execution and administration of transactions, contracts and any other arrangements;
  • exercise of the rights and interests of us or our departments/affiliated companies;
  • establishing, maintaining and developing business, professional and/or other legitimate relationships;
    • fulfilment of our obligations under applicable law;
    • internal administration of our company and processing of accounting;
    • to ensure the quality determination and functionality of the online services provided by our company;
    • conducting direct marketing.
  • We inform you that we attempt to keep in touch with our customers and provide them with information about the services we offer. For this purpose, we carry out direct marketing by phone and e-mail notifications and news. We have the right to send promotional information about our services to our customers by the e-mail address which we have received by providing them with services, and our customers have the right now or at any time later to refuse to receive such direct marketing content sent by us by notifying us of your determination in any convenient manner: by e-mail gdpr@balticsofa.com, by letter to Žarijų g. 4A, Vilnius LT-02300 or by using the opt-out link in the email itself with promotional information. Such cancellation will not have any effect on the processing of your personal data carried out by us prior to it.In all other cases, we will process your personal data for direct marketing purposes only after obtaining your explicit consent for the processing of data for such purpose. You may revoke this consent at any time by notifying us in the above mentioned ways.Your personal data is processed on the basis of one or more grounds of lawful processing:
    • compliance with legal requirements;
    • conclusion and execution of transactions, contracts or other agreements of a similar nature with you;
    • our legitimate interests (unless your private interests have priority);
    • in certain cases, your consent.

The purposes, basics and personal data we process are presented in the following table:

Aim

Legal basis (es)

Personal data

Conclusion, execution and administration of transactions, contracts and any other agreements

 

Conclusion or performance of the contract with you

Compliance with legal requirements

Legitimate interests of our company

Full name, e-mail address, telephone number, place of work, position title, bank account number, name of the bank used for settlement. As well as other information that may be required to fulfill our obligations

Implementation of the rights and interests of us or our departments/affiliated companies

Compliance with legal requirements

Legitimate interests of our company

For this purpose, all your personal data held by us listed in this Privacy Policy may be processed for this purpose

 

Establishing, maintaining and developing business, professional and/or other legal relationships

Legitimate interests of our company

Compliance with legal requirements

Full name, telephone number, e-mail postal address or other contact details, place of work, position title

Fulfilment of our obligations under applicable law

Compliance with legal requirements

Depends on the requirements of the applicable legislation, the content of request received from the institutions, other objective circumstances

Internal administration of our company and processing of accounting

Compliance with legal requirements

Legitimate interests of our company

For this purpose, all your personal data held by us listed in this Privacy Policy may be processed for this purpose

Ensuring the quality and functionality of the online services provided by our company

Legitimate interests of our company

The IP address, version of the operating system, and settings for the device you are using to access the content. The time and duration of your session and any information stored on cookies that we have set on your device, GPS signal of the device or information about the nearest WiFi access points and mobile towers in the vicinity, which may be transmitted to us by you using the content of our website

Direct marketing (only if we have received your consent or, respectively, we have not received your consent)

CONSENT

Legitimate interests of our company

Full name, e-mail, postal address, telephone number, residential address

 

In cases where we are unable to rely on one of the legal bases in this table, we will ask for your consent before processing your personal data. (such cases will be clear from the circumstances and context).

In the cases where we process your personal data for purposes other than those specified in these rules, we will inform you in a separate notice.

To whom do we transfer your personal data?

Without your prior written consent, we may transfer your personal data only in the following cases:

  • responsibly selected by our business partners or companies that provide services at our request;
  • our departments/affiliated companies;
  • law enforcement and public authorities;
  • other entities, when required by law, or necessary to protect our legitimate interests.

The ability of recipients of your personal data (individual controllers) to use your data is limited and may not use this information for purposes other than the agreement with us or other purposes provided for in the legislation.

You will be asked for a separate consent to receive their direct marketing offers.

We may also provide your data to data processors who provide services (perform work) to us. Data processors have the right to process personal data only on the basis of a written agreement between us and them, according to our instructions and only to the extent necessary for the proper performance of the obligations set out in the agreement. Through our processors, we take all necessary steps to ensure that our data processors have the appropriate organisational and technical security measures in place and maintain the confidentiality of your personal data.

Below is a list of categories of recipients:

banks, software development, implementation and support companies; IT companies; providers of communication services; security service; companies providing postal services and courier services; companies providing legal services; providers of archiving services.

Other parties to whom we may have access to information we hold about you where this is necessary to protect our legitimate interests or in fulfilling the legal requirements necessary for us, state and law enforcement institutions etc.

For more information about specific companies listed in this section to which your personal data may be disclosed, please contact us at the contacts listed in this Privacy Policy.

Is your personal data transferred to third countries (i.e. countries outside the European Economic Area (EEA)?

We cooperate with customers from all over the world, thus, data is transferred to ensure the security of the personal data transmitted for the purposes of concluding, executing and administering transactions, contracts and other agreements.

In exceptional and necessary cases of data provision outside the EEA, we will arrange for one of the following security measures to be applied:

  • the agreement signed with the data recipient based on the Standard Terms and Conditions of Contracts approved by the European Commission;
  • the rules binding on companies shall apply;
  • the data recipient would be based in a country to be recognised by the European Commission as applying adequate data protection standards;
  • codes of conduct, certification mechanisms;
  • permission has been obtained from the State Data Protection Inspectorate.

In absence of any of the appropriate safeguards referred to above, we may take advantage of the exceptions provided for in Article 49 of the GDPR (e.g. to transfer your data on the basis of your consent), however, they can only be applied in strictly formulated cases of GDPR.

What do we do to protect your personal data?

We have intelligent and relevant physical and technical measures in place to protect the information we collect for the purposes of service provision.

But bear in mind that, although we take appropriate action to protect your information, no website, online transaction, computer system or wireless connection is completely safe.

How long do we keep your personal data?

We determine the terms for storage of personal data of clients in accordance with the requirements of laws, regulatory enactments and instructions of the supervisory and/or other competent authority. In the absence of such requirements or instructions, we shall determine the retention periods in the light of our legitimate interests.

Please note that, given the extent of the personal data we process, we specify certain time limits for the storage of personal data of specific categories of data subjects in the respective privacy policies or information notices of other websites we manage at the time of receipt of the data.

At the end of the data retention period, your data will be erased in such a way that it cannot be reproduced, or personalised in such a way as to prevent you from being identified.

Usually personal data is stored for the following terms:

Personal data

Storage period

Data relating to the conclusion and execution of transactions, contracts and any other arrangements

10 years after the end/termination of the contract, agreement or arrangement

Payment data

10 years after the date of the payment transaction

Data contained in requests, requests and/or claims submitted to us by phone, e-mail or regular mail

Up to 2 years from the date of receipt or execution of the request/claim

Your data relates to the potential or existing implementation of our interests in a court or other institution

Until the statutory time limits for lodging a claim/complaint or claim expire and/or a final judgment has entered into force

 Image data

From 5 to 40 days (depending on the equipment used)

Personal data processed with your consent

Up to 2 years from the moment of receipt of the consent if the consent has not been withdrawn

IT system records (logs)

_gi retention period of 2 years used to separate consumers;
_gid storage term 24 hours, _gat_gtag_us storage term 1 min. used to accelerate the query frequency

 

Even if you wish to terminate the contract and refuse from our services, due to requirements that may arise in the future, we will continue to have to keep certain of your personal data until the time limits for storage of certain data expire. Information is also stored so that we can provide you with the required information, if necessary, in order to have a properly recorded history of relationship and answer all questions related to you and our cooperation.

What rights do you have?

Depending on your situation and the additional conditions set out in the GDPR, you have the following rights:

  • to know (be informed) about the processing of your personal data (right to know);
  • get access to your data processed by us and to know how they are processed (right of access);
  • request to correct or supplement the incomplete personal data (right to rectify), taking into account the purposes for the processing of personal data;
  • Require the deletion of personal data relating to you (right to be forgotten);
  • require as to restrict the processing of personal data relating to you (right to restrict);
  • require the transfer of data submitted to us (right to data portability);
  • disagree to the processing of your personal data at any time when such processing is in the public interest for the legitimate interests of us or a third party and where personal data are processed for direct marketing purposes, including profiling (right of objection);
  • to withdraw your consent to process personal data if the data is processed on the basis of consent.

We always strive to ensure your rights properly and to respond promptly to any possible breach of their implementation, so if you have any questions about your personal data managed by us, please contact us first. We also note that in all cases you have the right to file a complaint with the State Data Protection Inspectorate at any time.

We give you the opportunity to implement these rights in a convenient way. You can do this by writing to us at this e-mail gdpr@balticsofa.com or by using certain links at the bottom of our promotional content material, if we provide such promotional content to you.

Your rights will be exercised after your identity is confirmed live (by means of an identity document: identity card or passport) or by electronic means of communication (e.g.: electronic signature).

Your right

Certain restrictions

Right to know

 

You have the right to receive information about processing of your personal data in a concise, simple and understandable language before the beginning of your personal data processing.

Right to access

 

This right means that you can ask us to provide you with:

–       Confirmation of whether we process your personal data;

–       A list of your personal data processed;

–       List of targets and legal basis for the processing of your data;

–       Confirmation of whether we are sending data to third parties, and if yes, what security measures were taken;

–       The source of your personal data;

–       Information as to whether profiling is applied;

–       Indication of the data retention period.

We will provide the above information on the condition that it does not violate the rights and freedoms of others.

Right to correct

 

Applicable if the information we hold in relation to your personal data is incomplete or inaccurate.

Right to be forgotten

 

Applies if:

–       The information we have is no longer necessary to achieve the objectives indicated;

–       We process the data on the basis of your consent and you withdraw your consent;

–       We process the data on the basis of legitimate interests and, after your request, it is determined that your private interests have priority;

–       Information is received illegally.

Right to restrict

 

This right can be implemented for a period of time until we analyze the situation, namely:

–       If you dispute the accuracy of the information;

–       If you oppose the processing of personal data when this is done on the basis of legitimate interests;

–       We use the information illegally, but you have objections of it being deleted;

–       The information is no longer needed for us, but you are requesting that it be stored due to a litigation.

Right to data transferability

This right may be enforced if you submit your data and we process it automatically, based on your consent or an agreement concluded with you.

Right to disagree

This right may be enforced when such processing is performed for public interest or processing of data is necessary for the legitimate interests of the data controller or a third party. When processing your personal data on this basis, we have the burden of proving that the data are processed for compelling legitimate reasons which are beyond your interests.

You may also at any time object to the processing of your personal data for direct marketing purposes, including profiling in so far as it relates to such direct marketing.

 

Right to disagree

This right may be enforced when such processing is performed for public interest or processing of data is necessary for the legitimate interests of the data controller or a third party. When processing your personal data on this basis, we have the burden of proving that the data are processed for compelling legitimate reasons which are beyond your interests.

You may also at any time object to the processing of your personal data for direct marketing purposes, including profiling in so far as it relates to such direct marketing.

Right to withdraw your consent

To withdraw your consent to process personal data at any time if the data is processed on the basis of consent.

The right to submit a complaint to the State Data Protection Inspectorate

The data subject shall have the right to contact the authority responsible for the supervision and control of the legislation on the protection of personal data – State Data Protection Inspectorate (A. Juozapavičiaus str. 6, 09310 Vilnius, e-mail ada@ada.lt, tel. (8 5) 271 2804).

For more information: www.ada.lt

We may not give you the conditions for the implementation of the above-mentioned rights, where in the cases provided for by law it is necessary to ensure the prevention, investigation and detection of crimes, violations of professional or ethical conduct, as well as the protection of the rights and freedoms of the data subject or other persons.

Cookies, signals and similar technologies

In the privacy policy, we use the term “cookies” to describe cookies and other similar technologies, such as pixel tags, web beacons, clear GIFs.

Cookies are small items of information stored in your web browser. They help us:

  • identify you as a previous visitor to a particular website;
  • save the history of your visit to the website and adapt the content accordingly;
  • to ensure the smooth operation of the Website;
  • monitor the duration and frequency of visits and collect statistical information on the number of visitors to the Website.

By analysing this data, we can improve our website and make it more user-friendly for you.

Cookies used on our Website:

Category

Name

Period

Aim

Functional cookies

cookie_notice_accepted

1 month.

Acceptance of the cookie policy

Statistics cookies

_gid

24 hours

Google Analytics cookie for distinguishing users

_ga

2 years

Google Analytics cookie for distinguishing users

 

_gat

1 minute

Used to limit the number of queries

 

When you use the browser to access our content, you can configure your browser to accept all cookies, to reject all cookies or notify when a cookie

is downloaded. Each browser is different, therefore, if you are not sure how to change the cookie preferences, look in the help menu. Operating system of your device may have additional cookie controls. If you do not want the information to be collected through cookies, use a simple procedure available in most browsers that allows you to refuse cookies. To learn more about managing cookies, visit: http://www.allaboutcookies.org/manage-cookies/.

Please note that some services may be designed to function only with cookies, and if you disable them or some of them, you will no longer be able to use them.

We also note that in addition to the cookies we use, the Website allows certain third parties (e.g. social network managers) to identify and access cookies on the device you use. Third parties who have installed such cookies apply their own privacy policies and we cannot be liable for them (our Website does not have access to the information transmitted to them), and we strongly recommend that you additionally consult the above policies on the websites of those third parties. Our social network accounts are subject to the privacy policies of their managers.

External websites

The Website may contain links to external websites, such as the websites of our promoted goods and/or services. By following such links, please note that these sites and the services available through them must have their own separate privacy policy (ies) for which we cannot take responsibility, and we recommend that you review them in detail before any of your personal data is provided.

Contact us

If you notice a discrepancy between this Privacy Policy, a security loophole on our Website or other issues related to the processing of your personal data, contact us in one of the following ways convenient to you:

UAB Balticsofa

Number of legal entity: 121504969

Headquarter address: Žarijų g. 4A, LT-02300 Vilnius

E-mail: gdpr@balticsofa.com

Final provisions

The Privacy Policy shall be reviewed and updated in accordance with our needs, but at least once every two years, or in the event of a change in the legislation governing the processing of personal data. After updating the Privacy Policy, we will notify you of, in our opinion, substantial changes, by posting a notice on the Website or in any other similar way. If you use the content and/or services provided by us after the publication of such notice, we will consider that you agree to the new requirements set out in the updated Privacy Policy.

By continuing to browse the Website, you confirm that you have read and understand this Privacy Policy.

Last review of the Privacy Policy – 3 January 2022.