1.1 For the purposes of this register, AS Baltika (Data Processor) includes the processing of personal data in the following companies:
AS Baltika; Baltika Tailor OÜ; Baltika Retail OÜ; Baltman OÜ; Baltika Lietuva UAB; Baltika Latvija SIA; Baltinia OY
1.2 Contact details of Data Protections specialist: Märt Tikan, +372 522 1456, firstname.lastname@example.org,
2. Objectives of processing
2.1 The purpose of the processing of personal data is to carry out only obligatory statutory operations and to carry out the business interests of the Data Processor. The business interests of the Data Processor are all production, distribution and sales activities that contribute to the sale of the product to the end user/customer. The Data Processor has the right to make queries in the customer data, to analyze it, sort them, make samples and targeted offers for parts or for all, based on the purposes of the processing.
2.2 The processing principles have been aligned with the European Parliament’s General Data Protection Regulation 2016/679 (GDPR) or EU Regulation 2016/679), the Personal Data Protection Act (PDPA), and the Employment Contracts Act (ECA).
3. Categories of data subjects and types of personal data
3.1 According to the categories of data subjects being handled, personal data are subdivided into personal data and customer data. Customer data – the Baltika Group, is dealing with the collection and processing of the necessary personal data on end users for serving the AndMore client loyalty program and to fulfill orders for the e-shop www.andmorefashion.com. The goal of the loyalty program is to increase customer loyalty to the brands sold by Baltika Group. The following personal data is required to earn and use the program bonuses:
- Customer name, date of birth – name, and date of birth are used to identify clients on LV and LT markets
- Gender – Used to make a personal sales offer
- Market – Used in the choice of communication market
- Language – used to select the language of communication
- Personal identification code – used to identify customers on the EE market
- Customer contact details: Email and Phone number
- In addition, information on customers’ purchasing behavior generated by Baltica Group on the basis of customer purchases and is used for calculating bonuses.is stored in the customer database.
Employees’ data – The Baltika Group handles the personal data of its employees.
- Information to be collected: name, address, date of birth, personal identification code, telephone number, child/children/ child’s personal identification code(s), education (if applicable), foreign language skills (if applicable), position, unit, duration of probationary period, remuneration, E-mail (if applicable )
3.1 Employees of Baltika Group companies process personal data of customers and personnel in the framework of their work tasks in various computer programs according to the access and user rights granted to them. By concluding an employment contract, all of these employees have committed themselves to keeping the personal data of the customers and staff confidential and not transferring it to third parties.
4.1 Group companies – the data recipients are Baltika Tailor OÜ, Baltman OÜ, Baltika Lietuva UAB, Baltika Latvija SIA, Baltinia OY.
4.2 Service Providers, Authorized Processors. Authorized processors for customer data are email service providers, SMS service providers, cash and customer service software developers. The authorized processors for personal data are special software providers, banks, national registers and databases, such as the Health Insurance Fund, the Unemployment Insurance Fund and the Tax and Customs Board.
4.3 The delivery of e-mails and SMS messages to customers are based on the services of specialized service providers. Confidentiality agreements have been concluded with service providers, and the transfer of data to third parties or use for other purposes is prohibited.
4.4 Personal data processed by the Data Processor can only be communicated to the institution or person who has a direct right arising from the law (for example, a court or a pre-trial prosecutor) and a justified need without the consent of the person.
4.5 Personal data processed by clients in the framework of the Data Processor’s service are treated as confidential, and the right to process, issue or transmit data is solely the responsibility of the data owner (customer).
4.6 At the request of the Data Processor’s customer, the Data Processor provides technical support in data processing, but this does not change the ownership and liability relationship of the data.
5. Deadlines for deletion
5.1 The Customers can at any time express a wish to opt out of receiving marketing offers.
5.2 The Customers can at any time change and/or delete data related to him/herself, provided that the Data Processor can verify his/her identity.
5.3 The term for keeping the Customer’s personal data is five years from the last purchase. The term for keeping Employee’s personal data is 10 years from the termination of the employment contract. The term for the keeping of accounting records is 7 years. The term for the keeping the data of candidates is 1 year.
6. Security measures
6.1 The processed data about the customer and his/her order are treated as confidential. The Data Processor does not disclose the information received to third parties.
6.2 Data communication between the customer and banks and the card payment center is encrypted, which ensures the security of personal data and bank details. The Data Processor has no access to the customer’s confidential bank and payment card information. During data transfers to authorized processors, meeting the relevant security and confidentiality requirements is required.
6.3 The Data Processor applies all precautionary measures (including administrative, technical and physical measures) to protect personal data collected. Access to data editing and processing is restricted to authorized persons.
Download the record of processing activities HERE (in English).