Privacy policy

As of 25 May 2018, the provisions of the REGULATION OF THE PARLIAMENT
EUROPEAN PARLIAMENT AND COUNCIL (EU) 2016/679 of 27 April 2016 on the protection of natural persons
in relation to the processing of personal data and on the free movement of such data
and repealing Directive 95/46/EC (General Data Protection Regulation, or RODO).
By corresponding via the contact form and by subscribing to
our newsletter on our website as well as by sending us mail
massages addresses to l you can provide us with your
personal information. In this situation, we become the Controller of (your) Personal Data.
Balticus S.A. further (Balticus) has adapted organisational and technical security measures when
processing the personal data entrusted to us by you in the course of our
business activities.
We are committed to a high standard of data protection and full transparency
processing of the personal data entrusted to us, we therefore provide you with a synthetic
information on the personal data being processed and on the rights involved.
For questions about the scope of implementation of RODO in Balticus, please contact us by e-mail at or contact us in writing, by post, at the following address:
Balticus ul. Osiedlowa 12/1, 84-123 Rekowo Górne NIP 587-143-55-54
Your rights in relation to the PERSONAL DATA ADMINISTRATOR hereafter referred to as "Administrator" or "Ado"
are as follows
Right to access your data: article 15 of the RODO. You have the right to access your data
processed by the Administrator (the Administrator will provide you with a copy of your personal data
subject to processing, possibly for a fee regulated by the RODO) and to information
oncerning: the purpose of processing; the categories of personal data concerned; the recipients or categories
the recipients of the data to whom the data have been or will be disclosed, including if they are transferred to
a country outside the EU or an international organisation with safeguards related to
transfer; as far as possible, the intended period of storage of the personal data; and when
is not possible, the criteria for determining that period; the right to request the Administrator
rectification, erasure or restriction of processing of personal data and to lodge
objections against such processing; the right to lodge a complaint with a supervisory authority; where personal
data have not been collected from you - their source; automated decision-making in
including profiling, and about the terms on which they are undertaken, as well as the significance and foreseeable
consequences of such processing for you.
Right of rectification: Article 16 RODO: You have the right to request that the Administrator
immediately rectify personal data concerning you that is inaccurate. Having
regard to the purposes of the processing, you have the right to request the completion of incomplete
personal data, including by providing an additional statement.
The right to erasure, the so-called right to be forgotten: Article 17 RODO. You have the right to request<
delete your personal data immediately if one of
the following circumstances apply: the personal data are no longer necessary for the purposes for which they were collected
or otherwise processed; the data subject has withdrawn consent on which the processing is based, and
there is no other legal basis for the processing; you object to the processing and there are no
overriding legitimate grounds for processing on matters other than
direct marketing; personal data have been unlawfully processed; personal data
must be deleted in order to comply with a legal obligation under European
Union law or the law of a Member State to which the controller is subject; personal data
were collected in connection with the provision of information society services. However, the right described above
is excluded to the extent that the processing is necessary: to exercise
the right to freedom of expression and information; to comply with a legal obligation requiring
processing under European Union law or the law of a Member State to which the
Administrator is subject, or for the performance of a task carried out in the public interest or in the exercise
of official authority vested in the Administrator; for reasons of
public interest in the field of public health; for archival purposes in the public interest; for
research purposes, or historical or statistical purposes, insofar as the right of the data owner described above
is likely to make it impossible or seriously impede the purposes of such
processing; or for the establishment, exercise or defence of claims.
Right to restrict data processing: Article 18 RODO. You have the right to request the Administrator
to restrict processing in the following cases: you question the accuracy of the personal
data - for a period allowing the Administrator to check the accuracy of the data;
processing is unlawful, and you object to the erasure of your personal data by requesting in
replacement to restrict its use; The controller no longer needs the personal data for
the purposes of the processing, but they are needed by you to establish, assert or defend claims
the data owner has raised an objection to the processing - until such time as it is ascertained whether the legally
justified grounds on the part of the Controller override the grounds of the data subject's objection,
with the exception of processing for direct marketing purposes. If
processing has been restricted, such personal data may be processed except for
storage, only with your consent or for the purpose of establishing, investigating or defending claims,
or to protect the rights of another natural or legal person, or on grounds of important public interest
in the European Union or a Member State.
Right to data portability: Article 20 RODO. You have the right to receive in a structured,
pcommonly used machine-readable format your personal data,
which the Administrator has from you, and you also have the right to transfer that personal data to another
administrator without hindrance from the Administrator if: processing is carried out on
the basis of consent or on a contractual basis, and processing is carried out by
automated means. You have the right to request that your personal data be sent by the Controller
directly to another controller, insofar as this is technically possible.
The right to object to the processing: You have the right at any time
to object, on grounds relating to your particular situation, to the processing
of personal data concerning you based on your consent, or on ADO's legitimate
interests (see information above), including profiling. If you raise such
objection, the ADO must no longer process your personal data, unless ADO demonstrates the existence of
valid legitimate grounds for the processing, overriding your interests,
rights and freedoms, or where it demonstrates grounds for the establishment, investigation or defence of claims.
You may exercise these rights in any way you wish, including by email to
The most important provisions of the Balticus S.A. safety policy
As part of its activities, Balticus implements its obligations under the RODO depending on the scope
of data processing as a Personal Data Controller or Data Processor under
contract. In order to adapt internal procedures related to the processing
of personal data to RODO, a number of activities have been implemented including:
1) a Data Protection Officer (DPO) has been appointed,
2) a review of the personal data resource has been undertaken to carry out new
documents and identify technical measures to meet the requirements of the RODO and DPO,
3) trained staff on the new RODO regulations and ensured
allow only authorised persons to process the data and
ensure that persons authorised to process personal data undertake
to maintain indefinite secrecy as well as keep records of persons
authorised to process the data entrusted to the Processor,
4) impact assessments of planned data processing operations have been carried out before
starting the processing (risk analysis - Article 35 RODO),
5) a register of personal data protection processing activities has been established,
6) a system has been established for reporting personal data breaches to the
7) ensure that the Controller is promptly informed if the data subject
has addressed correspondence to the Processor containing a request in
exercise of the rights referred to in Chapter III of the RODO, as well as make available
the content of that correspondence,
8) ensure that all information necessary to
the Administrator or an auditor authorised by the Administrator to carry out
audits, including inspections and contributing to them,
9) 9) all technical and organisational measures required under Article 32
RODO are implemented, to ensure a level of security of processing appropriate to the risk
of prejudice to the rights or freedoms of data subjects, in particular:
• pseudonymisation or encryption of personal data,
• the ability to ensure confidentiality, integrity and availability of systems and services at all times
data processing,
• the ability to quickly restore and access personal data in the event of an incident
physical or technical,
• regularly testing, measuring and evaluating the effectiveness of technical and
organisational measures to ensure security of processing;
The Data Protection Security Policy contains a detailed description of the responsibilities and
procedures for the proper management of information security in
Baltcius. Security should be understood as a state of affairs that prevents the use, transfer, modification and/or destruction of personal data of which
Balticus is the Controller, which is incompatible
with the RODO. Key findings in this regard include:
• securing the premises against access by third parties (security office, identification
of visitors, access codes, IT security),
• appointment of a DPO (responsible for supervising the circulation and use of
documentation and data and the technical and organisational conditions in which they are
• systematically organise training for employees on data processing and
protection methods,
• periodic risk assessment of data processing areas,
• control of compliance with processing security and data protection rules,
• different levels of data access authorisation for each member of the Balticus team,
• each member of the Balticus team is required to sign an internal declaration
• of confidentiality, in respect of all data collected and processed in the course
of Balticus' business activities.
The Management Instruction for the Information System for Data Processing
is, in a way, a specification of the Security
Data Protection Policy maintained by Balticus. IThe intensive development of computer systems, applications and the digitalisation of
information means that the data we collect is stored on
storage devices (server), which allows access to all authorised
members of the Balticus Team. In order to increase reliability and minimise the risk
of data loss and/or unauthorised access Balticus has implemented appropriate
IT security measures in this area. he risk of loss of information (including acquired
documents/databases etc.) has been mitigated by:
• passwords for access (to operating systems on company employees' computers, to the server
on which data is stored, to company server e-mail, to files / /
documents containing sensitive data). Passwords shall be a minimum of 8 characters,
include lower and upper case letters and numbers and/or special characters, the same characters shall not
• occur more than twice next to each other, users are required to change their password every
90 days, computers are equipped with screen savers that turn on 15 minutes after a break
on their monitors – the display will resume only after
entering the correct password,
• binding prohibition on making copies of the entire Data Set. Entire Data Sets may only be
copied by the System Administrator or automatically by the
Information System, subject to Data protection procedures,
•the ability to individually copy information to magnetic, optical and other media
only after encryption of access to the data stored on them. Media are stored
in locked cabinets. Once these copies are no longer useful, the Data shall be permanently
deleted or the storage media physically destroyed,
• data backup and archiving system secures the manufactured products of the
• RAID disk arrays and UPS,
• programmes to control processes and access to files produced during the
• limiting the use of perishable media,
• firewall and anti-virus protection (control of all incoming and outgoing
• -data - including e-mail, network traffic and all
network interactions).
The above tools mean that at every stage of our activities there is a risk of losing
zaccumulated information and/or access to it by
unauthorised persons will be restricted as much as possible.

Shop is in view mode
View full version of the site
Sklep internetowy Shoper Premium