1. INTRODUCTION

Baltic Safety Products AktiBaltic Safety Products Aktiebolag (publ), corporate identity number 556200-0777, (hereinafter “Baltic”, “we” or “us”) safeguards the individual’s personal integrity and ensures that personal data is processed in a secure, correct and legal manner. Baltic has adopted this policy for the purpose of informing you about how we process your personal data. If you are in any way to provide personal information to us at Baltic, we encourage you to read the policy first. 

This policy is aimed at (i) existing, past and potential customers, (ii) visitors to our website and social channels, (iii) people who contact us via email and (iv) people who have registered to test our products. 

  1. CONTACT DETAILS AND PERSONAL DATA RESPONSIBILITY

Baltic is responsible for the personal data processing described in this policy. If you have questions about the processing of your personal data, you are welcome to contact us at the address Baltic Safety Products AB (publ), Industrivägen 7, 545 02 Älgarås, info@baltic.se or call us at 0506-369 90.. 

  1. HOW YOUR PERSONAL DATA IS PROCESSED 
    1. 1. Purchase, order and delivery 

Which people do we process personal data about?

Our customers (consumer purchases) and physics persons at corporate customers. 

What personal data do we process??

First and last name, social security number, address and contact information, customer number, username, contract information, payment information, purchase history, customer service / complaint matters, information in communication between us. 

If you represent a company, we process information about your employer, your first and last name, professional role and place of residence, as well as information in communication between us. 

How your information was collected

From yourself in connection with the order and during the contractual relationship, or from the company you represent. 

Why and on what legal basis do we process your personal data? 

In connection with the purchase and ordering of Baltic products, we process personal data for the following purposes:  

  • To handle the order and enter into a purchase agreement with you or the company you represent. This includes i.a. to confirm your identity and, where applicable, your right to represent the company.  
  • To offer you different payment options and manage payments. This includes sharing your information with a cooperating bank or payment service provider. 
  • To administer and fulfill the contractual relationship. This includes i.a. to send order confirmation, deliver the products and communicate with you. We will e.g. remind you to service the product for the warranty to apply.
  • Handle customer service matters, returns, complaints and warranty matters. This includes i.a. to answer communication from you and make assessments and investigations regarding defects in the product.  

The legal basis for the processing is to fulfill the agreement entered into in connection with the order. If you represent a corporate customer, the legal basis is instead Baltic’s legitimate interest in being able to enter into and fulfill agreements with its corporate customers.

In some cases, your personal data may need to be processed in order for us to assert, investigate, respond to or defend ourselves against a legal claim, for example sending a payment reminder or taking other collection measures in the event that a customer does not pay. The legal basis is Baltic’s legitimate interest in handling and defending legal claims, as well as safeguarding our rights under law or agreement.

How long do we store your personal information?

Until we have fulfilled the agreement with the customer incl. during the time there is an agreed warranty for the product. If we deem that the information is necessary to defend legal claims, show that we have complied with a legal obligation, or protect our legal rights, the storage period will be extended to the time required for this.

    1. Marketing and customer follow-up 

Which people do we process personal data about?

Existing, past and potential customers as well as subscribers to newsletters and information mailings.

What personal data do we process about you?

First and last name, address, email address, customer number, purchase and usage history.

If you represent a company, we process information about your employer, professional role and place of residence, as well as, where applicable, other information that you have provided us with. 

How your information has been collected

From you or the company you represent.

Why and on what legal basis do we process your personal data? 

  • To market our products, send offers and inform about our business. This includes communicating by sending via text message, email and letter. The legal basis is our legitimate interest in maintaining customer relationships, creating new ones, or regaining previous customers. 
  • To gain better insight into how our products and services are used and to improve our offers, we analyze / follow up our sales and our marketing measures. This includes processing personal data about our existing and previous customers. Follow-up may include customer surveys. The legal basis is our legitimate interest in developing and improving our business and our products.
  • In connection with the registration of subscriptions to our newsletters and information mailings, information is processed so that we can administer the subscription and send out the information. The legal basis is to fulfill the agreement entered in connection with registration as a subscriber.

See also section 3.4 below on marketing that takes place via our website and social channels. 

How long do we store your personal information?

You always have the right to object to our direct marketing, in every mailing you receive you can unsubscribe from this type of mailing. 

Personal information about subscribers to newsletters and information mailings is processed until we are informed that you no longer want this from us. Customers’ personal data is processed for marketing purposes for a maximum of one (1) year after its last purchase. If you represent a corporate customer, the information is instead processed for a maximum of two (2) years after the customer relationship ended. Customer follow-up takes place only once (1) after your purchase and is anonymized. 

    1. Manage inquiries (e-mails) and fulfill obligations under law

Which people do we process personal data about?

Customers, physicalpersons at corporate customers, suppliers, authorities and other stakeholders. 

Physical persons who contact Baltic, for example via email. 

What personal data do we process about you?

First and last name, social security number, address and contact information, customer number, payment information, purchase history, customer service / complaint matters, information in communication between us.

If you represent a company or an authority, we process information about your employer, your first and last name, professional role and place of residence, as well as information in communication between us. 

How your information has been collected

From you or the company / authority you represent.

Why and on what legal basis do we process your personal data? 

Answer inquiries

If you contact us by letter or e-mail, we must process your personal data to handle and respond to inquiries related to our business. The legal basis is our legitimate interest in answering incoming questions and conducting business. 

Fulfill law 

In some cases, Baltic may need to process personal data in order to fulfill obligations under law. For example, personal data is processed in order to be able to fulfill obligations linked to the security of our products and / or our product liability, incl. be able to communicate with customers about detected defects in the product or for product recall. Another example is dealing with issues related to the exercise of registered rights in accordance with applicable data protection legislation. We also process personal data that is stated on such data that we need to save for accounting purposes. 

The legal basis for the processing is to fulfill a legal obligation that rests on Baltic or Baltic’s legitimate interest in complying with and demonstrating that we comply with the laws and regulations to which we are subject. 

How long do we store your personal information?

For accounting purposes, the information is stored for eight (8) years. Other information is stored in accordance with the requirements set by relevant legislation. Communication in connection with inquiries is normally deleted six (6) months after the question has been answered. If we deem that the information is necessary to defend legal claims, show that we have complied with a legal obligation, or protect our legal rights, the storage period will be extended to the time required for this.

    1. The website, social channels and use of cookiess 

Which people do we process personal data about?

Visitors to our website, our social channels and other platforms. 

People who have contact with us via social channels (eg Facebook and Instagram)..

What personal data do we process about you?

Through cookies, we collect technical information about your browser and your device, so-called online identifiers, which include IP address, device identifier, cookie identifier and ad identifier. Through this information we get information about how our visitors use the website incl. which pages and products they clicked on; information on previous clicks, shopping carts, and purchases; how they found our site; settings in the device in use (eg language setting); choices made by the visitor to our website; and the visitor’s geographical location (via the IP address).  

On our social channels, we process information that you provide to us, e.g. name, email address, picture, movie clip, username on social media and information in your comments and posts.

How your information has been collected

We collect certain information directly from you. We collect certain information by placing cookies in your device (but only if you have consented to cookies). 

Why and on what legal basis do we process your personal data? 

Marketing and communication: To communicate information, advertisements and offers to you as a visitor of one of our social channels, incl. the website. This means that personal data collected through cookies is used for you to receive information, advertisements, and offers that we believe you are interested in, which we have determined based on how you have used our social channels. This processing presupposes that you have given your consent to marketing cookies and takes place with the support of the consent you have given. 

Better and personal experience of our channels: : We use personal data collected through cookies to simplify and make the use of our channels smoother, e.g. by remembering your previous choices such as payment methods and a picked-up shopping cart. In this way, we intend to give visitors a more personal experience when using our channels. This presupposes that you have given your consent to cookies. The processing then takes place with the support of our legitimate interest in providing user-friendly channels and platforms. 

Analyze, develop and improve our business: : We use personal data collected through cookies to create statistics (i.e. aggregated data) about how our social channels are used. The statistics are used for analytical purposes, in particular: to gain knowledge about how people use our website so that we can make it more intuitive; develop and improve our products and our range; to detect and remedy malfunctions and the like; to decide which offers / campaigns we should focus on and to target ads / offers so that we reach the right target group; and to measure how many ads have been shown and how many have clicked on them. This processing presupposes that you have given your consent to cookies. The processing then takes place with the support of our legitimate interest in following up, improving and developing our business, as well as dealing with operational disruptions and preventing illegal use.

Posts and inquiries in our social channels: Baltic are responsible for posts we publish ourselves and for posts other users publish on our pages in social channels. Your public activity in our social channels (such as sharing or commenting on a post) can be seen by anyone who has access to the page in question and can be shared further by them. Other members and visitors of our pages can find and see your publicly posted content, incl. your name and picture. 

Baltic processes personal data in social channels to inform about our activities incl. market our products, and to communicate with customers / stakeholders. The legal basis is Baltic’s legitimate interest in informing about our business and answering incoming questions, as well as maintaining customer relationships, creating new ones, or regaining previous customers.

We reserve the right to delete posts and comments that in our opinion are offensive, offensive, aimed at marketing other activities, involve copyright infringement, criminal activity or cause Baltic to process personal data in violation of the Data Protection Ordinance.

Sharing photos you send to us in social channels: If you share a post in a social channel (incl. Photos and film clips) and tag Baltic in the post, we may share your post further on our page in the same social channel. Baltic is then responsible for the post that we publish ourselves. The legal basis is Baltic’s legitimate interest in informing about and marketing our business. We are of the opinion that you who tag us in a post also have an interest in / want us to share the post further. 

Baltic often receives pictures and / or film clips where you as a customer use our products. We may publish such pictures or film clips in our social channels, but only after we have received your consent. The legal basis is consent.

How long do we store your personal information?

You always have the right to object to our direct marketing, in every mailing you receive you have the opportunity to unsubscribe from this type of mailing. 

How long a cookie is stored in your device is stated in our cookie policy [LINK]. You can always turn off / block cookies, instructions for this can be found in the cookie policy. 

Public posts and activities in our social channels are saved as long as we judge that it is relevant content for the channel in question. We will always delete your personal information on our social media if you request it. 

If we process the personal data with the support of consent, you always have the right to revoke this.  

    1. Testing of our products

Physical persons who signed up to test our products.

Physical persons who signed up to test our products.

What personal data do we process about you?

First and last name, contact information and your answer / feedback on the product being tested. 

How your information has been collected

From yourself.

Why and on what legal basis do we process your personal data?

  • To be able to provide test persons with the product to be tested. 
  • To communicate with the test person and obtain answers / feedback regarding the product.
  • For the development of our products with the help of the test persons’ answers / feedback. This includes analyzing the answers and creating statistics based on them.
     

The treatment takes place with the support of your consent. 

How long do we store your personal information?

For three (3) years from the time you gave your consent. 

  1. RECEIVER AND STORAGE OF PERSONAL DATA

Baltic protects and stores your personal information in a safe and secure manner in our business system and maintains appropriate technical and organizational measures to prevent inappropriate or involuntary disclosure, use, access, loss, alteration or damage of your personal information.

Your personal data will in some cases be disclosed to and processed by other recipients. It’s about:

  • Provider of various types of IT services; for example server and data storage, document managers, e-mail and communication modules and other IT systems. These are used to be able to conduct our business and to achieve the purposes of the treatment. We use e.g. a system for administering and sending out newsletters provided by a supplier in the United States.. 
  • Social channels and users of social channels, as stated in section 3.4 (Website, social channels and use of cookies) above. Some social channels are owned by American companies.
  • • Analysis and marketing partners. If you have consented to cookies, we will share the information collected with cookies placed by Google to Google. Google processes this information on our behalf to provide its analytics services to us (Google Analytics), see our purposes for processing in section 3.4 above. To learn more about how Google Analytics works, read Google’s privacy policy https://policies.google.com/privacy?gl=SE&hl=sv#enforcement, and Google’s information on how to protect your data https://support.google.com/analytics/answer/6004245?hl=sv&ref_topic=2919631. Google is established in Ireland but is ultimately owned by a US company. 
  • Payment service provider and bank to be able to offer you different payment methods and to handle payments. The payment service provider that you choose to pay through (which is clearly stated in Check-out) is responsible for personal data for its processing of personal data and we encourage you to read this party’s privacy policy before completing the purchase. 
  • Transport companies and postal agents to be able to deliver goods to you.
  • Inventory and order packing to be able to administer orders and deliver goods to you.
  • In some cases; insurance companies, accountants, lawyers, authorities and debt collection companies.

We only share your information with parties we trust and if we have, where necessary, entered into data transfer agreements or assistance agreements. In some cases, personal data is disclosed to a party outside the EU or the EEA. We only share your information with such a party if we have taken the necessary security measures (eg included in EU standard contractual clauses). We currently have suppliers based in the United States, whereby your personal data is processed in a third country.   Contact us for more detailed information about recipients in third countries and a copy of the measures we have taken with such recipients to protect the data.

  1. WHAT DO YOU HAVE REGISTERED FOR RIGHTS? 

Below is an overall description of the rights you have under the Data Protection Regulation. You exercise your rights by contacting Baltic, it costs you nothing to do this. 

Upon receipt of your request, Baltic will make an assessment of it to determine if the request is justified. Not all rights listed below are absolute and exceptions may be made. 

Right of access 

You have the right to request access to the personal data that we process, as well as receive information about e.g. the purposes of the processing and who received the personal data. Baltic will, as the person responsible for personal data, provide you with a free copy of the personal data that is processed. 

Right to rectification

You have the right to have your personal data corrected or, under certain conditions, restricted without undue delay if they are incorrect or incomplete. 

Right to delete

In some cases, you have the right to have your information deleted; i.a. if they are no longer necessary for the purpose, if you make a legitimate objection to the processing of your personal data or if the processing of them is based on consent and this has been revoked. However, there may be legal requirements, contractual relationships or compelling legitimate interests that prevent us from deleting your personal data. 

Right to limitation of treatment  

In certain cases, you have the right to request a restriction on the processing of your personal data, e.g. if the accuracy or legality of the personal data is under investigation, if the processing is no longer necessary for the purposes of the processing but you oppose deleting them and instead request a limitation of the processing, or if Baltic no longer needs the personal data but you need them to determine, exercise or defend legal claims.

Right to object

You have the right to object at any time to the processing of your personal data if the legal basis for the processing consists of a balance of interests. You also have the right to object to the processing of your personal data at any time if these are processed for direct marketing. 

Right to data portabilityt 

You have the right to obtain the personal data that you have provided to Baltic as the personal data controller and have the right to transfer this data to another personal data controller (data portability). However, this applies provided that it is technically possible, and that processing has been necessary for the fulfillment of the agreement. 

Right to withdraw your consent 

If our processing of your personal data is based on your consent, you always have the right to revoke your consent at any time. A revocation of your consent does not affect the legality of the treatment that took place based on the consent before this was revoked.

Right to file a complaint 

If you are dissatisfied with how we have processed your personal data, please contact us, see our contact information in section 2. You also have the right to submit a complaint about our personal data processing to: Integrity Protection Authority, Box 8114, 104 20 Stockholm. 

Baltic does not process personal data that involves automatic decision-making, including profiling. 

  1. CHANGE OF POLICY

Baltic reserves the right to change and update this policy. In the event of material changes to the policy, or if existing information is to be processed in a manner other than that specified, you will be informed in an appropriate manner.