1. General information
The Data Controller of your personal data is Baltic Wood S.A. with its registered office in Jasło, 38-200 Jasło, at ul. Fabryczna 6A, entered into the Register of Entrepreneurs of the National Court Register under the KRS number [National Court Register Number]: 0000081947, Tax Identification Number: 6871626585, REGON [National Business Registry Number] 370418951 (hereinafter referred to as the “Data Controller” or “Baltic Wood”).
You may contact the Data Controller in writing: 38-200 Jasło, ul. Fabryczna 6A
You may contact the Personal Data Protection Officer of Baltic Wood by email: firstname.lastname@example.org.
3. Personal data of website users
In order to manage the website, the Data Controller may process the following data: information regarding the user's device in order to ensure correct operation of the website, for instance, the IP address of the device, information stored in cookies, session data, browser data, website traffic data. This information does not include the identification data about the users.
The processing of personal data is based on the Data Controller's legitimate interest consisting in making the use of services easier and improving the quality and operation of the services provided.
4. Contact form
Baltic Wood may make a contact form available on the website. The contract form allows the users to contract the Company.
The personal data provided via the contact form will be processed in order to ensure that the users may contact the Data Controller and to respond to a request or fulfil other expectations of the users, depending on the inquiry. The following types of personal data are processed: first name and surname, e-mail address, phone number (optional) and the user’s inquiry. The basis for the processing of personal data provided via the contact form is the Data Controller’s legitimate interest consisting in making it possible to contact the users and conducting its own marketing activities (Article 6(1)(f) of the GDPR).
Marketing information may be sent on the basis of the data provided in the contact form only if the user's inquiry indicates an expectation that such information is needed. The basis for the processing of personal data is then the user's explicit consent consisting in submitting a specific inquiry (Article 6(1)(a) of the GDPR).
5. Email correspondence
Personal data contained in the email correspondence is processed by Baltic Wood in order to make email contact possible and to respond to the inquiries, to keep records of the arrangements made, as well as to receive letters, applications and requests. The basis for the processing of personal data is the Data Controller’s legitimate interest consisting in allowing the users to contract the Data Controller by e-mail (Article 6(1)(f) of the GDPR).
If the User is, as a natural person, directly a party to a contract concluded with the Data Controller, the processing of the data contained in the email correspondence may be necessary for the purpose of the performance of the contract to which the User is a party or to take steps before entering into the contract (Article 6(1)(b) of the GDPR);
The personal data may also be processed in order to implement the Data Controller’s legitimate interest consisting in pursuing or defending against claims (Article 6(1)(f) of the GDPR).
The personal data will not be processed without separate consent for direct marketing purposes. In the event that the content of the correspondence indicates the user’s expectation of receiving marketing information, such information may be sent using the data provided in the email correspondence. The basis for the processing of personal data is then the user's explicit consent consisting in making a specific inquiry (Article 6(1)(a) of the GDPR).
If the user subscribes to the newsletter, the personal data will be processed for the purpose of marketing our own products and services by providing the newsletter. The basis for the processing of personal data is the user's consent (Article 6(1)(a) of the GDPR). The user may withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The provision of the personal data is voluntary but necessary to subscribe to the newsletter. The user may unsubscribe at any time by clicking a link in the newsletter or by contacting the Data Controller. The following categories of personal data will be used to receive the newsletter: email address, company name. The user's personal data will be processed throughout the newsletter subscription period. The user's personal data may be made available to the processors at our request and on our behalf for the purposes of providing services such as IT services (for instance, hosting, provision or maintenance of IT systems, mailing services).
7. Personal data of social media users
Baltic Wood may use the following social networking sites: LinkedIn, Facebook, Instagram, Tweeter, YouTube, which may also be accessed via a link from the website.
The personal data entered by users of social networking sites may be processed by:
· Facebook, Inc. with its registered office in 1601 Willow Road Menlo Park, California 94025 that may process personal data outside the EEA. An adequate level of protection for the personal data has been proven by the Company by joining the Privacy Shield:
· Twitter, Inc. 1355 Market Street #900 San Francisco, California 94103 that may process personal data outside the EEA. An adequate level of protection for the personal data has been proven by the Company by joining the Privacy Shield:
· LinkedIn Corporation Robert Noyce Building, Santa Clara, California 95052, US that may process personal data outside the EEA. An adequate level of protection for the personal data has been proven by the Company by joining the Privacy Shield:
· Google LLC, Mountain View, California 94043, US, 1600 Amphitheatre Parkway Mountain View that may process personal data outside the EEA. An adequate level of protection for the personal data has been proven by the Company by joining the Privacy Shield:
· LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL
· Facebook: https://pl-pl.facebook.com/privacy/explanation
· Instagram: https://pl-pl.facebook.com/help/instagram/155833707900388
· Twitter: https://twitter.com/en/privacy
· YouTube: https://policies.google.com/privacy?hl=pl
In order to use social networking sites, the Data Controller may process the following users’ personal data: first name and surname or other name of the user, information about fan page liking, activity on the fan page, comments and posts published by the users, photos uploaded by the users.
Due to the nature of social networking sites, information about followers of the fan page, likes and comments, posts, photos and other information posted by the users may be public for other users and third parties, which is beyond the Data Controller's control.
The basis for the processing of personal data via social networking sites is the Data Controller’s legitimate interest consisting in making it possible to contact the Users and in conducting information activities related to the services provided (Article 6(1)(f) of the GDPR).
The personal data is processed throughout the period of communication with the users.
8. External references
The Data Controller may use the so-called cookies. Cookies are small data files (mainly text files) that can be stored on the user's end device while visiting the website. Cookies contain information necessary for the correct use of the website and the name of the website from which they come, the storage time and a unique number. Cookies are not harmful to the user’s device and do not change its settings or the settings of the software installed on the device. The contents of the files can only be read by the website that created them.
Cookies are used, in particular, for the following purposes:
· optimisation of the use of the website; for instance, they allow to recognise the user's device and to adapt the content of the website to the user's individual preferences;
· conducting a data analysis in order to improve the structure and content of the websites;
· maintenance of the user's session after the website is closed;
· operation of the third-party components, such as Adobe Flash or Facebook Connect, etc.
More information about cookies can be found on the website run by IAB Poland: wszystkoociasteczkach.pl
10. Marketing activities
As part of its activity, the Data Controller may post marketing information about its products or services on its website. The Data Controller displays marketing content in accordance with its legitimate interest, which is the publication of content related to the services provided and promotional campaigns in which the Data Controller takes part. The Data Controller does not use the users' data for direct marketing of its services without the user's explicit consent.
In the event that the content of the inquiry sent by the user implies the expectation of receiving marketing information, such information may be sent using the data provided in the contact form or otherwise provided by the user. In such a case, the basis for the processing of personal data is the user's explicit consent consisting in making a specific inquiry (Article 6(1)(a) of the GDPR).
11. General information on the processing of personal data
The provision of personal data is voluntary, but may be necessary to use certain functionalities of the website or contact form, social networking sites, etc.
2. Data recipients
Personal data may be made available to processors at the request and on behalf of the Data Controller for the purpose of providing services necessary for the performance of the contract by the Data Controller, such as IT services (for instance, hosting, provision or maintenance of IT systems), accounting services, legal services, postal services, etc. Such entities process personal data under contract concluded with the Data Controller at the Data Controller's direction.
3. Rights of data subjects
The data subject has the right to:
- access to the personal data and the right to request their rectification (when personal data is inconsistent with the actual state of affairs);
- erasure, restriction of processing (in cases provided for by applicable law);
- object to the processing of personal data (to the extent that the basis for data processing is the Data Controller’s legitimate interest);
- withdraw consent (to the extent that the processing is based on consent. The withdrawal of the consent does not affect the lawfulness of data processing before its withdrawal.
- portability of personal data, i.e., to receive personal data from the Data Controller in a structured, commonly used and machine-readable format. The right to data portability does not apply to data that constitutes a business secret. In addition, this right must not adversely affect the rights and freedoms of others, including trade secrets or intellectual property, and will be exercised to the extent technically feasible. The first copy of the data is free of charge.
- receive a copy of the protection measures referred to in point 5.
In order to exercise the above-mentioned rights, the user shall contact the Data Controller (ways of contact are indicated in point 2.)
4. The right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office (00-193 Warsaw, ul. Stawki 2, e-mail: email@example.com)
5. Automated decision-making
The data subject shall have the right not to be subject to a decision based on automated processing, including profiling.