Processing personal data of partners (legal entities)

PROCESSING PERSONAL DATA OF employees, representatives of partners (legal persons) and other persons

This report explains how AB Baltic Mill (hereinafter – the Company or we) shall process personal data of employees, representatives of its partners (hereinafter – your, yours) and other persons (hereinafter all together – data subjects), which we receive from you when negotiating contract conclusion, concluding, administering and executing contracts.

Personal data of data subjects shall be processed in accordance with the General Data Protection Regulation (EU)2016/679 (hereinafter – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts.

Please provide the information contained in this report to all data subjects, whom this information concerns.

DATA CONTROLLER

AB Baltic Mill, legal entity code 302639722, registered office address: Stoties g. 65, Vievis, Lithuania, tel.: +370 686 88 696, e-mail: info@baltic-mill.com.

WHAT DATA DO WE PROCESS?

We collect and process the following personal data of data subjects (employees, representatives of the partner and other persons):

Identification data, such as the name, surname, job position, telephone number, e-mail address, personal identification number (only when this datum is necessary when registering transactions in public registers).

What are the purposes and legal bases for collecting and using personal data?

We collect and process the data to be able to:

conclude and execute a contract (-s) and/or a transaction (-s), to implement other related rights, legitimate interests and duties, including: (a) to control the performance of contractual obligations of the other party to the contract; (b) to carry out our contractual obligations;
fulfil the requirements of applicable legal acts;
maintain relations with another party to the contract, including marketing of services and goods.

The processing of personal data is based on the following legal grounds:

the processing of data is necessary in order to fulfil the legal obligation imposed on the Company (clause c of Article 6(1) of the GDPR);
the processing of data is necessary in pursuit of legitimate interests of the Company or a third party (clause f of Article 6(1) of the GDPR).

WHERE DO WE GET PERSONAL DATA FROM?

We receive the above-listed personal data at the time of concluding and executing a contract from the other party to the contract.

Who do we provide personal data to?

We provide personal data to the following data recipients (their categories) in compliance with legislative requirements:

AB Baltic Mill, code 302639722, registration address: Stoties g. 65, Vievis, Republic of Lithuania, and its subsidiaries;
companies providing data center, hosting, cloud computing, website administration and related services, companies providing advertising, marketing, accounting, archiving, physical and/or electronic security, property management and/or other business services, companies creating, providing, supporting and developing software, companies providing information technology infrastructure services, communications services, advisory companies, also companies carrying out analysis of web browsing or online activities and providing online services;
competent state authorities.

Where do we process personal data?

Normally, we process and store personal data of data subjects in the territory of the European Union or the European Economic Area (EU/ EEA), however, we may also transfer personal data outside the EU/ EEA, when this is necessary in order to implement the purposes wherefor those data were collected and managed.

We may transfer personal data outside the EU/ EEA without the consent of the data subject, if at least one of the following measures has been implemented:

The European Commission has acknowledged that the state ensures an adequate level of protection of personal data;
The recipient of data in the United States has been certified according to the requirements of the EU-US agreement called the Privacy Shield;
There is an agreement concluded in accordance with the standard conditions approved by the European Commission,
Codes of conduct are complied with, or other safeguards under the General Data Protection Regulation apply.

Personal data of a data subject may also be transferred outside the EU/ EEA without his/ her consent on other grounds provided for in the GDPR.

How long do we store personal data?

We shall store personal data of data subjects no longer than this is necessary for the purposes wherefor they were collected, or for the period of time established by laws.

What are the rights of data subjects?

Data subjects shall have the following rights:

to ask us to allow accessing their personal data;
to ask to rectify their personal data;
to ask to restrict the processing of their personal data;
to ask to erase their personal data;
to cancel their consent, if data are processed on the basis of their consent;
to ask to transfer their personal data to another data controller;
to disagree with the processing of their personal data when they are processed on the basis of a legitimate interest, except for cases where we have compelling legitimate reasons for such processing, which are superior to their interests, or in order to file, enforce or defend legal requirements;
to file a claim with the State Data Protection Inspectorate (for more information, refer to www.ada.lt).

How can these rights be implemented?

An application for the implementation of the above rights, also complaints, notices or requests (hereinafter – Request) may be submitted to us by e-mail: info@baltic-mill.com.