Privacy Policy

1. General information

This privacy policy contains information on the processing of personal data and other data regarding users of the website (https://www.balticwood.pl, hereinafter referred to as the “website”, “site”), and also data processed as a result of electronic communication with customers and website users.

The Data Controller of your personal data is Baltic Wood S.A. with its registered office in Jasło, 38-200 Jasło, at ul. Fabryczna 6A, entered into the Register of Entrepreneurs of the National Court Register under the KRS number [National Court Register Number]: 0000081947, Tax Identification Number: 6871626585, REGON [National Business Registry Number] 370418951 (hereinafter referred to as the “Data Controller” or “Baltic Wood”).

The Data Controller pays special attention to the protection of personal data and enforcement of the right to privacy of the website users. The user accepts this privacy policy and cookies if he or she wants to use the website. The Data Controller applies technical measures provided for by law for the purpose of protecting the personal data against unauthorised access or use by unauthorised persons.

2. Contact

You may contact the Data Controller in writing: 38-200 Jasło, ul. Fabryczna 6A

You may contact the Personal Data Protection Officer of Baltic Wood by email: inspektor@balticwood.pl.

3. Personal data of website users

In order to manage the website, the Data Controller may process the following data: information regarding the user's device in order to ensure correct operation of the website, for instance, the IP address of the device, information stored in cookies, session data, browser data, website traffic data. This information does not include the identification data about the users.

The processing of personal data is based on the Data Controller's legitimate interest consisting in making the use of services easier and improving the quality and operation of the services provided.

4. Contact form

Baltic Wood may make a contact form available on the website. The contract form allows the users to contract the Company.

The personal data provided via the contact form will be processed in order to ensure that the users may contact the Data Controller and to respond to a request or fulfil other expectations of the users, depending on the inquiry. The following types of personal data are processed: first name and surname, e-mail address, phone number (optional) and the user’s inquiry. The basis for the processing of personal data provided via the contact form is the Data Controller’s legitimate interest consisting in making it possible to contact the users and conducting its own marketing activities (Article 6(1)(f) of the GDPR).

Marketing information may be sent on the basis of the data provided in the contact form only if the user's inquiry indicates an expectation that such information is needed. The basis for the processing of personal data is then the user's explicit consent consisting in submitting a specific inquiry (Article 6(1)(a) of the GDPR).

5. Email correspondence

Personal data contained in the email correspondence is processed by Baltic Wood in order to make email contact possible and to respond to the inquiries, to keep records of the arrangements made, as well as to receive letters, applications and requests. The basis for the processing of personal data is the Data Controller’s legitimate interest consisting in allowing the users to contract the Data Controller by e-mail (Article 6(1)(f) of the GDPR).

If the User is, as a natural person, directly a party to a contract concluded with the Data Controller, the processing of the data contained in the email correspondence may be necessary for the purpose of the performance of the contract to which the User is a party or to take steps before entering into the contract (Article 6(1)(b) of the GDPR);

The personal data may also be processed in order to implement the Data Controller’s legitimate interest consisting in pursuing or defending against claims (Article 6(1)(f) of the GDPR).

The personal data will not be processed without separate consent for direct marketing purposes. In the event that the content of the correspondence indicates the user’s expectation of receiving marketing information, such information may be sent using the data provided in the email correspondence. The basis for the processing of personal data is then the user's explicit consent consisting in making a specific inquiry (Article 6(1)(a) of the GDPR).

6. Newsletter

If the user subscribes to the newsletter, the personal data will be processed for the purpose of marketing our own products and services by providing the newsletter. The basis for the processing of personal data is the user's consent (Article 6(1)(a) of the GDPR). The user may withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.  The provision of the personal data is voluntary but necessary to subscribe to the newsletter. The user may unsubscribe at any time by clicking a link in the newsletter or by contacting the Data Controller. The following categories of personal data will be used to receive the newsletter: email address, company name. The user's personal data will be processed throughout the newsletter subscription period. The user's personal data may be made available to the processors at our request and on our behalf for the purposes of providing services such as IT services (for instance, hosting, provision or maintenance of IT systems, mailing services).

7. Personal data of social media users

Baltic Wood may use the following social networking sites: LinkedIn, Facebook, Instagram, Tweeter, YouTube, which may also be accessed via a link from the website.

The personal data entered by users of social networking sites may be processed by:

·         Facebook, Inc. with its registered office in 1601 Willow Road Menlo Park, California 94025 that may process personal data outside the EEA. An adequate level of protection for the personal data has been proven by the Company by joining the Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active 

·         Twitter, Inc. 1355 Market Street #900 San Francisco, California 94103 that may process personal data outside the EEA. An adequate level of protection for the personal data has been proven by the Company by joining the Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

·         LinkedIn Corporation Robert Noyce Building, Santa Clara, California 95052, US that may process personal data outside the EEA. An adequate level of protection for the personal data has been proven by the Company by joining the Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0

·         Google LLC, Mountain View, California 94043, US, 1600 Amphitheatre Parkway Mountain View that may process personal data outside the EEA. An adequate level of protection for the personal data has been proven by the Company by joining the Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

The social networks operators process the personal data on their own and in accordance with their own privacy policy. The privacy policy of the individual social networking sites can be read at:

·         LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL

·         Facebook: https://pl-pl.facebook.com/privacy/explanation

·         Instagram: https://pl-pl.facebook.com/help/instagram/155833707900388

·         Twitter: https://twitter.com/en/privacy

·         YouTube: https://policies.google.com/privacy?hl=pl

In order to use social networking sites, the Data Controller may process the following users’ personal data: first name and surname or other name of the user, information about fan page liking, activity on the fan page, comments and posts published by the users, photos uploaded by the users.

Due to the nature of social networking sites, information about followers of the fan page, likes and comments, posts, photos and other information posted by the users may be public for other users and third parties, which is beyond the Data Controller's control.

The basis for the processing of personal data via social networking sites is the Data Controller’s legitimate interest consisting in making it possible to contact the Users and in conducting information activities related to the services provided (Article 6(1)(f) of the GDPR).

The personal data is processed throughout the period of communication with the users.

8. External references

The website and other types of communication may contain links to external websites. The personal data provided via such websites, sites and links are not subject to this privacy policy and Baltic Wood shall not be held liable for the processing of personal data via such websites. The websites that can be accessed via links at our website have their own privacy policies specifying the manner of processing personal data of the users.

9. Cookies

The Data Controller may use the so-called cookies. Cookies are small data files (mainly text files) that can be stored on the user's end device while visiting the website. Cookies contain information necessary for the correct use of the website and the name of the website from which they come, the storage time and a unique number. Cookies are not harmful to the user’s device and do not change its settings or the settings of the software installed on the device. The contents of the files can only be read by the website that created them.

Cookies are used, in particular, for the following purposes:

·         optimisation of the use of the website; for instance, they allow to recognise the user's device and to adapt the content of the website to the user's individual preferences;

·         conducting a data analysis in order to improve the structure and content of the websites;

·         maintenance of the user's session after the website is closed;

·         operation of the third-party components, such as Adobe Flash or Facebook Connect, etc.

During the first visit at the website, the user is informed of the use of cookies. By using this website, the User accepts the use of cookies. If the User does not accept the use of cookies, then it is necessary to change the browser settings (which may affect the ability to fully use the website) or discontinue use of the website. The condition for the operation of cookies is, in any case, their acceptance by the browser and not deleting them from the disk. The User may delete or block cookies at any time by changing the browser settings. Changes are only effective, if the user uses the browser in which they were made.

More information about cookies can be found on the website run by IAB Poland: wszystkoociasteczkach.pl

10. Marketing activities

As part of its activity, the Data Controller may post marketing information about its products or services on its website. The Data Controller displays marketing content in accordance with its legitimate interest, which is the publication of content related to the services provided and promotional campaigns in which the Data Controller takes part. The Data Controller does not use the users' data for direct marketing of its services without the user's explicit consent.

In the event that the content of the inquiry sent by the user implies the expectation of receiving marketing information, such information may be sent using the data provided in the contact form or otherwise provided by the user. In such a case, the basis for the processing of personal data is the user's explicit consent consisting in making a specific inquiry (Article 6(1)(a) of the GDPR).

11. General information on the processing of personal data

1. Voluntariness

The provision of personal data is voluntary, but may be necessary to use certain functionalities of the website or contact form, social networking sites, etc.

2. Data recipients

Personal data may be made available to processors at the request and on behalf of the Data Controller for the purpose of providing services necessary for the performance of the contract by the Data Controller, such as IT services (for instance, hosting, provision or maintenance of IT systems), accounting services, legal services, postal services, etc. Such entities process personal data under contract concluded with the Data Controller at the Data Controller's direction.

3. Rights of data subjects

The data subject has the right to:

-         access to the personal data and the right to request their rectification (when personal data is inconsistent with the actual state of affairs);

-         erasure, restriction of processing (in cases provided for by applicable law);

-         object to the processing of personal data (to the extent that the basis for data processing is the Data Controller’s legitimate interest);

-         withdraw consent (to the extent that the processing is based on consent. The withdrawal of the consent does not affect the lawfulness of data processing before its withdrawal.

-         portability of personal data, i.e., to receive personal data from the Data Controller in a structured, commonly used and machine-readable format. The right to data portability does not apply to data that constitutes a business secret. In addition, this right must not adversely affect the rights and freedoms of others, including trade secrets or intellectual property, and will be exercised to the extent technically feasible. The first copy of the data is free of charge.

-         receive a copy of the protection measures referred to in point 5.

In order to exercise the above-mentioned rights, the user shall contact the Data Controller (ways of contact are indicated in point 2.)

4. The right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office (00-193 Warsaw, ul. Stawki 2, e-mail: kancelaria@uodo.gov.pl)

5. Automated decision-making

The data subject shall have the right not to be subject to a decision based on automated processing, including profiling.