PROCESSING PERSONAL DATA OF NATURAL PERSONS

When concluding and executing a contract (-s) and/or a transaction (-s) with you, Balti Veski AS (hereinafter – the Company or we) shall process some of your personal data. This repot (hereinafter – the Report) contains information on how we process your personal data, what we use them for, how long we store them etc. This information is important, thus we expect you to read it carefully.

Your personal data shall be processed pursuant to the General Data Protection Regulation (EU) 2016/679 (hereinafter – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts.

 

DATA CONTROLLER

BALTI VESKI AS, legal entity code 10282360, registered office address: Mõisa tn. 7, Jüri, Eesti, tel.: +372 60 340 30, e-mail: info@veskimati.ee

 

WHAT DATA DO WE PROCESS?

We collect and process the following personal data:

  • Identification data, such as the name, surname, personal identification number, date of birth, address of the place of residence, VAT code (if you are a VAT payer), telephone number, e-mail address, a copy of an activity license or certificate and / or its data, a farmer’s certificate number, a copy of an identity document and / or its details, bank account details;
  • Contract, transaction conclusion and execution data, such as the object of the contract (for example, data of property, goods and/or services) and other contract conditions, invoice data, payment information, information on the performance of contractual obligations, violations of the contract, etc.;
  • Creditworthiness (solvency) data, such as the credit rating determined by credit bureaus (for example, Creditinfo Eesti AS) and other information presented in reports of credit bureaus – financial liabilities, outstanding debts, payment history and business links;
  • Data on third persons related to you, such as legal representatives (for example those acting under a power of attorney), your debtors, a spouse and family members (for example, if the object of the contract is property, which is jointly owned by spouses).

NOTA BENE: we do not collect special categories of personal data that reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in trade unions, health data or data on your sexual life or sexual orientation.

 

WHAT ARE THE PURPOSES AND LEGAL BASES FOR COLLECTING AND USING YOUR PERSONAL DATA?

We collect and process your data to be able to conclude and execute a contract (-s) and/or a transaction (-s) with you, and to implement other related rights, legitimate interests and duties, including:

  • to identify and contact you;
  • to assess your commercial offer and the expediency of concluding a contract or a transaction with you;
  • to conclude and sign a contract, to amend or terminate it;
  • to assess your creditworthiness (solvency), financial risks and to manage debts;
  • to control the execution of your other contractual obligations;
  • to execute our contractual obligations;
  • to take legal remedies, where such a necessity arises;
  • to implement applicable legal requirements, for example, to handle accounting, to declare and pay taxes and to archive documents for the period of time set in legal acts.

The processing of your personal data is based on the following legal grounds:

  • the processing of data is necessary in order to implement the contract, a party whereof you are, or in order to take action at your request before concluding a contract (clause b of Article 6(1) of the GDPR);
  • the processing of data is necessary in order to fulfil the legal obligation imposed on the Company (clause c of Article 6(1) of the GDPR);
  • the processing of data is necessary in pursuit of legitimate interests of the Company or a third party (clause f of Article 6(1) of the GDPR).

 

WHERE DO WE GET YOUR PERSONAL DATA FROM?

We collect and process your personal data, which you present to us, usually at the time of conclusion of a contract or a transaction, or before its conclusion.

We may also get your personal data from other sources when it is necessary for the conclusion and / or execution of a contract or for our legitimate interest:

  • SE Centre of Registers;
  • The Population Register;
  • Credit bureaus (for example, Creditinfo Eesti AS);
  • Joint debtors’ data file processors;
  • Insurance companies, when we are a beneficiary;
  • The central mortgage institution;
  • Our or your suppliers or partners, who help us conclude and/or execute transactions and maintain relations with you.

 

WHO DO WE PROVIDE YOUR PERSONAL DATA TO?

We provide your personal data to the following data recipients (their categories) in compliance with legislative requirements:

 

  • the parent company AB Baltic Mill, code 302639722, registration adddress: Stoties g. 65, Vievis, Republic of Lithuania, and its subsidiaries;
  • tax administrators;
  • our professional advisers and auditors;
  • banks, transport organizations or other legal and / or natural persons, if our concluded mutual transactions require bank financing, cargo transportation and / or other type of service;
  • notaries, if the contract concluded with you requires a notarial form;
  • SE Centre of Registers, if the contract, legal facts or other information related thereto are to be registered in public registers;
  • bailiffs, entities providing legal and / or debt recovery services, entities taking over the right to debt; processors of joint debtors’ data files;
  • law enforcement authorities, at their request or on our initiative, if there are suspicions of a committed criminal offense, also to courts and other dispute resolution institutions;
  • other third persons to the extent this is related to the sale of our business, mergers, acquisitions or the reorganization of the entire or a part of business, or in the implementation of similar changes;
  • companies providing data center, hosting, cloud computing, website administration and related services, companies providing advertising, marketing, accounting, archiving, physical and/or electronic security, property management and/or other business services, companies creating, providing, supporting and developing software, companies providing information technology infrastructure services, communications services, advisory companies, also companies carrying out analysis of web browsing or online activities and providing online services.

 

WHERE DO WE PROCESS YOUR PERSONAL DATA?

Normally, we process and store your personal data in the territory of the European Union or the European Economic Area (EU/ EEA), however, we may also transfer your personal data outside the EU/ EEA, when this is necessary in order to implement the purposes wherefor those data were collected and managed.

 

We may transfer personal data outside the EU/ EEA without your consent, if at least one of the following measures has been implemented:

  • The European Commission has acknowledged that the state ensures an adequate level of protection of personal data;
  • The recipient of data in the United States has been certified according to the requirements of the EU-US agreement called the Privacy Shield;
  • There is an agreement concluded in accordance with the standard conditions approved by the European Commission,
  • Codes of conduct are complied with, or other safeguards under the General Data Protection Regulation apply.

We may also transfer your personal data without your consent, if such a transfer is necessary in the performance of the contract, a party whereof you are, or in order to take actions at your request before concluding a contract, or in other cases provided for in the GDPR.

 

HOW LONG WILL YOUR DATA BE STORED?

We shall store your personal data no longer than this is necessary for the purposes wherefor they were collected, or for the period of time established by laws.

 

WHAT ARE YOUR RIGHTS?

You shall have the following rights:

  • to ask us to allow accessing your personal data;
  • to ask to rectify your personal data;
  • to ask to restrict the processing of your personal data;
  • to ask to erase your personal data;
  • to cancel your consent, if data are processed on the basis of your consent;
  • to ask to transfer personal data to another data controller;
  • to disagree with the processing of your personal data when they are processed on the basis of a legitimate interest, except for cases where we have compelling legitimate reasons for such processing, which are superior to your interests, or in order to file, enforce or defend legal requirements;
  • to file a claim with the State Data Protection Inspectorate (for more information, refer to www.aki.ee).

 

HOW CAN YOU IMPLEMENT YOUR RIGHTS?

You may submit an application for the implementation of the above rights, also complaints, notices or requests (hereinafter – Request) by e-mail: info@veskimati.ee

 

 

 

PROCESSING PERSONAL DATA OF EMPLOYEES, REPRESENTATIVES OF LEGAL PERSONS AND OTHER PERSONS

This report explains how UAB Malsena Plius (hereinafter – the Company or we) shall process personal data of employees, representatives of its partners (hereinafter – your, yours) and other persons (hereinafter all together – data subjects), which we receive from you when negotiating contract conclusion, concluding, administering and executing contracts.

Personal data of data subjects shall be processed in accordance with the General Data Protection Regulation (EU)2016/679 (hereinafter – GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts.

 

Please provide the information contained in this report to all data subjects, whom this information concerns.

 

DATA CONTROLLER

BALTI VESKI AS, legal entity code 10282360, registered office address: Mõisa tn. 7, Jüri, Eesti, tel.: +372 60 340 30, e-mail: info@veskimati.ee

 

WHAT DATA DO WE PROCESS?

We collect and process the following personal data of data subjects (employees, representatives of the partner and other persons):

  • Identification data, such as the name, surname, job position, telephone number, e-mail address, personal identification number (only when this datum is necessary when registering transactions in public registers).

 

WHAT ARE THE PURPOSES AND LEGAL BASES FOR COLLECTING AND USING PERSONAL DATA?

We collect and process the data to be able to:

  • conclude and execute a contract (-s) and/or a transaction (-s), to implement other related rights, legitimate interests and duties, including: (a) to control the performance of contractual obligations of the other party to the contract; (b) to carry out our contractual obligations;
  • fulfil the requirements of applicable legal acts;
  • maintain relations with another party to the contract, including marketing of services and goods.

The processing of personal data is based on the following legal grounds:

  • the processing of data is necessary in order to fulfil the legal obligation imposed on the Company (clause c of Article 6(1) of the GDPR);
  • the processing of data is necessary in pursuit of legitimate interests of the Company or a third party (clause f of Article 6(1) of the GDPR).

 

WHERE DO WE GET PERSONAL DATA FROM?

We receive the above-listed personal data at the time of concluding and executing a contract from the other party to the contract.

 

WHO DO WE PROVIDE PERSONAL DATA TO?

We provide personal data to the following data recipients (their categories) in compliance with legislative requirements:

 

  • the parent company AB Baltic Mill, code 302639722, registration address: Stoties g. 65, Vievis, Republic of Lithuania, and its subsidiaries;
  • companies providing data center, hosting, cloud computing, website administration and related services, companies providing advertising, marketing, accounting, archiving, physical and/or electronic security, property management and/or other business services, companies creating, providing, supporting and developing software, companies providing information technology infrastructure services, communications services, advisory companies, also companies carrying out analysis of web browsing or online activities and providing online services;
  • competent state authorities.

 

WHERE DO WE PROCESS PERSONAL DATA?

Normally, we process and store personal data of data subjects in the territory of the European Union or the European Economic Area (EU/ EEA), however, we may also transfer personal data outside the EU/ EEA, when this is necessary in order to implement the purposes wherefor those data were collected and managed.

We may transfer personal data outside the EU/ EEA without the consent of the data subject, if at least one of the following measures has been implemented:

  • The European Commission has acknowledged that the state ensures an adequate level of protection of personal data;
  • The recipient of data in the United States has been certified according to the requirements of the EU-US agreement called the Privacy Shield;
  • There is an agreement concluded in accordance with the standard conditions approved by the European Commission,
  • Codes of conduct are complied with, or other safeguards under the General Data Protection Regulation apply.

Personal data of a data subject may also be transferred outside the EU/ EEA without his/ her consent on other grounds provided for in the GDPR.

 

HOW LONG DO WE STORE PERSONAL DATA?

We shall store personal data of data subjects no longer than this is necessary for the purposes wherefor they were collected, or for the period of time established by laws.

 

WHAT ARE THE RIGHTS OF DATA SUBJECTS?

Data subjects shall have the following rights:

  • to ask us to allow accessing their personal data;
  • to ask to rectify their personal data;
  • to ask to restrict the processing of their personal data;
  • to ask to erase their personal data;
  • to cancel their consent, if data are processed on the basis of their consent;
  • to ask to transfer their personal data to another data controller;
  • to disagree with the processing of their personal data when they are processed on the basis of a legitimate interest, except for cases where we have compelling legitimate reasons for such processing, which are superior to their interests, or in order to file, enforce or defend legal requirements;
  • to file a claim with the State Data Protection Inspectorate (for more information, refer to www.aki.ee).

 

HOW CAN THESE RIGHTS BE IMPLEMENTED?

An application for the implementation of the above rights, also complaints, notices or requests (hereinafter – Request) may be submitted to us by e-mail: info@veskimati.ee

 

 

 

USE OF COOKIES

What are cookies?

A cookie is a small text file, which a website writes in the browser of your computer or a mobile device when you visit a website. The cookie allows the website to “remember” your actions and selections (such as your registration name, language, font size and other display options) for some time, so that you do not have to re-enter them each time you visit the website or browse its various pages.

What do we use cookies for?

The information which cookies collect allows us to provide you with the opportunity to browse more conveniently and to learn more about the behavior of website users, to analyze the trends and to improve the website.

We use the following cookies on the Company’s website:

Local cookies

ProviderNamePurpose of useTypeExpires after
Google Analytics_gaThe cookie is used to determine the popularity of the website or its parts, to measure traffic and behavior of visitors, and to better understand the website usage trends.Analytics2 years, or a session, 1 day
Google Analytics_gidThe cookie is used to determine the popularity of the website or its parts, to measure traffic and behavior of visitors, and to better understand the website usage trends.Analytics24 hours
Google Analytics_gatUsed to throttle request rate.Analytics1 minute

 

Third party cookies:

ProviderNamePurpose of useTypeExpires after
Google1P_JAR/DV/NIDThe NID cookie contains a unique ID Google uses to remember your preferences and other information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on.Analytics6 monts, or a session, 1 day

 

How cookie settings are to be changed?

Choosing the cookies to be accepted or discarding certain cookies is possible at any time by changing browser settings. If you do not want cookies saved on your computer or another device, you can choose to receive a notification in your browser settings before saving any cookie. You can also set the browser to reject all or some cookies at once. You can also remove cookies that have already been saved on your computer or another device. Please note that in this case, you will need to separately select the settings for each browser and device you use.

Each browser has a different method for applying settings. If necessary, use the Browser Help feature to properly select your settings.

For more information refer to: www.allaboutcookies.org.

Our contact details
BALTI VESKI AS, legal entity code 10282360, registered office address: Mõisa tn. 7, Jüri, Eesti, tel.: +372 60 340 30, e-mail: info@veskimati.ee

PRIVACY POLICY OF PERSONAL DATA OF CANDIDATES TO POSITIONS OF EMPLOYEES

 

This Privacy policy of personal data of candidates to positions of employees (hereinafter – the Policy) contains detailed information about the processing of personal data of candidates carried out by Balti Veski AS, code 10282360, registration address: Mõisa tn, 7, Jüri 75301, Estonia (hereinafter – the Company or we), about the data of candidates collected and processed by us, the purpose for which we use those data, the period of their storage, etc. Since this information is important, we expect you to read it carefully.

Please note that the Policy may be amended, supplemented and updated. The most recent and relevant version of the Policy can always be accessed on the internet website [www.veskimati.ee].

 

1. What data of yours do we process and why?

Personal data – means any information relating to an identifiable or identified or natural person.

1.1. Performance of selection of candidates to the vacancy (-ies) and assessment of your candidature

For the purpose of performing selections to vacancies with the Company and assessing your candidature we process your data specified below.

Data categoriesGeneral information about the candidate: the candidate’s forename, surname, date of birth, residence area or residence address, e-mail address and/or phone number, information about work experience of the candidate (workplace, employment period, position, responsibilities and/or achievements), information about education of the candidate (educational institution, period of studies, acquired education and/or qualification), information about training (completed training courses, obtained certificates), information about language skills, IT, driving skills, other competences; other details provided by you in the CV, motivation letter or in other documents of the candidate.

Recommendations, employer’s feedback: the person who recommends the candidate or provides the feedback, such person’s contact details, the content of the recommendation or feedback.

Candidate’s assessment details: the summary of the interview with the candidate, insights and opinions of the person(s) carrying out the selection, the candidate’s testing results.

Special categories of personal data*:  – the data about health, unexpired conviction for malicious offences.

Data processing legal basis Your consent
Data processing purposesSearch for and selection of employees;

Administration of the database of candidates: on consent of the data subject we shall process personal data for the purpose of offering to data subjects a job in the future, informing them about career options, selecting and assessing the fitness of candidates for the proposed work;

Data processing period During selection to the vacancy (-ies) chosen by you, but not longer than for 6 (six) months. If you wish and agree, we will retain your data for one year after the end of the selection for the purpose of proposing you to participate in the selection to another vacancy with our Company.

 

* We collect and process personal data of special categories only when and only to such an extent when and long as this is necessary for carrying out the selection to a particular job position and only to the extent permitted by applicable legal acts. We will collect and process your health data under applicable legal acts during the selection process in order to asses your capacity for work, suitability of the job for your health condition and/or your ability to work under conditions of occupational risks. In all cases, we will collect data of special categories only in the final stages of selection.

In order to assess to the best possible extent the data subjects’ competences and their fitness for the particular job position, we use the methodologies for assessment of staff competences. The methodologies consist of questionnaires, tests, various practical tasks, interviews which are summarised to obtain detailed information and the result about competences of the candidates and employees. The candidate has the right to acquaint with the obtained result, provide his opinion and request the Company to revise that part of methodologies which was based on automated processing of data.

The part of the methodology used by the Company for assessment of staff competences based on automated summarising of obtained data and provision of the particular result is continuously tested to ensure the correctness, effectiveness and objectivity of the result obtained. On request of the candidate, the Company shall explain to him the logics on which the result of summarising obtained in an automated manner is based.

We shall consider that we have received your consent to process the data provided in your CV, the candidate’s questionnaire and/or other candidacy documents (CV, motivation letter, etc.) for the purpose specified in the section of the Policy when you submit to us your CV, the candidate’s questionnaire and/or other documents. We shall consider that we have received the consent to a longer data retention period or to the collection of data from the employer specified by you when you express such consent in writing by signing the consent form.

 

2. From what sources do we collect your personal data?

Usually, we receive your data directly from you – when you respond to our job advertisement and/or submit your CV, the candidate’s questionnaire and/or other candidacy documents (CV, motivation letter, etc.) to us.

Where we receive the information about your candidature and/or your CV, and/or other candidacy documents from the Labour Exchange of the Republic of Estonia, employment agencies, job-search internet portals, career social networks (e.g., Linkedin) and/or other entities providing job search, recruitment and/or intermediation services, we shall presume that you have been fully informed about processing of your data and have given your consent to process your data to the respective entity providing such services which, inter alia, includes the right to provide your data to potential employers (including the Company), authorising such potential employers to process your data for the purposes of selection(s) to the job position(s) and assessment of your candidature.

We can also receive certain information about you from third parties, e.g., persons recommending you, current or former employers. However, we will collect such information only if you give to us your consent to obtain from the employer and/or another person identified by you a recommendation or a feedback concerning you.

 

3. Extended data storage period

Where after completion of recruitment to the respective vacancy we do not select your candidature and do not conclude an employment contract with you, we shall destroy in a secure manner all your personal data collected for selection purposes, unless we receive your consent to the retention of your data for one year after the end of recruitment for the purpose of offering you to participate in the selection to another vacancy.

Your personal data may be stored longer than specifically indicated in this Policy only where:

– there are reasonable suspicious regarding unlawful activity in respect of which the investigation is being carried out;

– your data are necessary for the proper settlement of a dispute or complaint;

– other grounds provided for under legal acts exist.

In any case, we may retain the consent given by you and the proof of such consent for a longer period where this is necessary for us for the purpose of defence against requirements, claims or actions brought against.

 

4. In what cases and to what third parties do we disclose your data?

We may transfer your data to third parties assisting us in carrying out selection of candidates or providing to us the services related to selection, assessment of candidates and internal administration. Such persons may be providers of staff recruitment and/or assessment services, suppliers of software of databases, providers of database administration services, providers of services of data centres, hosting and cloud services, etc. In each case, we shall transfer to the data processor only such amount of data which is necessary for the fulfilment of the particular assignment or for the provision of the particular service. Data processors involved by us may process your personal data only according to our instructions and may not use them for other purposes or transfer to other persons without our consent. Moreover, they must ensure the security of your data in accordance with applicable legal acts and written agreements concluded with us.

If you participate in the selection to a manager’s position, we may refer your candidature and your data to our controlling companies which participate in the processes of assessment of candidatures to managerial positions and/or adoption of career decisions according to the procedures applicable in our group of companies.

We may also submit your personal data to associated companies (AB Baltic mill, code 302639722, registration address: Stoties g. 65, Vievis, LT-21366 Elektrėnai, Republic of Lithuania). If, in our opinion, your candidature may be suitable for a certain vacancy in the aforementioned companies, we shall offer you to participate in the selection to that vacancy.

The data may also be provided to competent public authorities and law enforcement bodies, e.g., the police, law enforcement bodies or supervisory authorities; however, only on their request and only where this is required by applicable legal acts or in the cases and according to the procedure established by legal acts in order to ensure our rights, the security of our buyers, employees and resources and for the establishment, exercise or defence of legal claims.

 

5. In what territories and jurisdictions do we process your personal data?

We process your personal data only in the territory of the European Union. At present, we do not intend to transfer and do not transfer your personal data to processors and recipients in third countries.

 

6. What rights do you have under the data protection legal acts and how can you exercise such rights?

The right to access your personal data processed by us: You have the right to obtain from us the confirmation whether we process your personal data, as well as the right to access your personal data processed by us and the information about data processing purposes, categories of processed data, categories of data recipients, data processing period, sources from which data are obtained.

Right to rectification of personal data: In the event of change in the data provided to us in your application documents or if you consider that the information about you processed by us is inaccurate or incorrect, you have the right to request to change, update or rectify such information.

Right to withdraw consent: You have the right to withdraw your consent at any time and request to terminate further processing of personal data which is carried out on the basis of consent.

Right to lodge a complaint: If you consider that in processing your data we infringe requirements of data protection legal acts, in the first instance we always ask you to apply directly to us. If you are not satisfied with the solution of the problem proposed by us or, in your opinion, we fail to take the necessary actions according to your request, you shall have the right to lodge the complaint with the supervisory authority, which is the Estonian Data Protection Inspectorate (Tatari 39, Tallinn 10134, tel 627 4135, e-mail info@aki.ee )

Right to erasure (‘right to be forgotten’): Under certain circumstances specified in data processing legal acts (when personal data are processed unlawfully, the grounds for data processing no longer exist, etc.), you have the right to request from us the erasure of your personal data.

Right to restriction of data processing: Under certain circumstances specified in data processing legal acts (when personal data are processed unlawfully, when you challenge the accuracy of data, when you object to data processing on the basis of our legitimate interest, etc.), you also have the right to have the processing of your data restricted.

Right to data portability:  You have the right to transmit to another data controller the data processed by us by automated means (applicable only to your data processed in the database of candidates). We shall provide to you the data which you request to transfer in the format usually used in our systems and readable by computer, and on your request and when there are technical possibilities – we shall transmit the data directly to another data controller specified by you.

 

7. Procedure of examination of requests

In order to protect data of all our candidates from unlawful disclosure, having received your request to provide the data or to implement other rights of yours we shall have to establish your identity. For this purpose we can ask you to submit your personal identity document.

Having received your request regarding the implementation of any right of yours and ascertained your identity, we undertake to immediately, however, in any case no later than within one month of receiving your request, to provide to you the information about actions taken by us according to the request submitted by you. Considering the complexity and number of requests, we may extend the period of one month for two more months, notifying you about that by the end of the month and stating the reasons for such extension.

If your request is submitted by electronic means, our response to you shall also be provided by electronic means, except where this is impossible (e.g., because of too large amount of information) or if you prefer receiving the response in other way.

We shall refuse to satisfy your request by providing the reasoned answer when the circumstances specified in legal acts are identified, by notifying you about that in writing.

 

8. In what ways and by what contacts can you reach us?

You can contact us on all data processing matters in the following ways:

By e-mail: info@veskimati.ee

By phone number: +372 60 34030

Our, as the data controller’s requisites:

Balti Veski AS

Legal entity code: 10282360

Registration address: Mõisa tn 7, Jüri 75301, Eesti

 

9. How secure your data are?

We use different technologies and procedures ensuring security in order to protect your personal information from unauthorised access, use or disclosure. We carefully select our suppliers and request them to use the appropriate means that can protect your confidentiality and guarantee security of your personal information. However, security of transmission of information via the internet or by mobile communication cannot be ensured; any transmission of information to us in the above specified ways shall be carried out at your own risk.