Baltic Sustainability Awards
Privacy Policy
Baltic Sustainability Awards is fully GDPR compliant and will treat your personal data with the utmost care and respect. It's important for us that you understand what data we collect about you, how we use it, and what your rights related to your data are.
1. General issues.
1.1. This Privacy Policy lay down a procedure by which LTD Impact Foundry provides personal data processing, security and protection of the Baltic Sustainability Awards (hereinafter - the Event) website`s (www.balticsustainabilityawards.eu) visitors and service users, and the Event`s attendees, partners and applicants (hereinafter collectively referred to as Users)
1.2. This Privacy Policy may be updated if required in order to reflect the changes in data processing practices or otherwise. These Policies may be modified by Baltic Sustainability Awards from time to time, such modifications to be effective upon posting by SIA Impact Foundry on the balticsustainabilityawards.eu. It is the User's responsibility to periodically check-up these Policies for changes. Continued participation in the Event and/or continued use of the website by User following the posting of changes will imply that User accepts and agrees to the changes. The current version of this Privacy Policy can always be found on balticsustainabilityawards.eu. Additionally, you may be reading these Policies on a service provided by a third party, in this case the version of Policies may be outdated, to make sure, the latest version can always be found on balticsustainabilityawards.eu.
1.3.Terms used in the Privacy Policy:
1.3.1. The Event - the Baltic Sustainability Awards 2024;
1.3.2. Controller - LTD Impact Foundry;
1.3.3. Processor - LTD Impact Foundry (online event platform provider and Awards registration process provider), WIX (company survey platform provider), Discord SL (company communication platform provider);
1.3.4. Personal data - any data stated in the section 2 as usage, service, enquiry, transaction, notification, correspondence data;
1.3.5. Users - the Event attendees, partners (including investors, speakers, jury members, volunteers and other people who are involved in the Event creation and have shared their data to the Controller related to the Event), the Event applicants, the Event`s website visitors and service users;
1.3.6. Processing - any operation or set of operations performed with personal data or sets of personal data, which is carried out with or without automated means, such as collecting, registering, organizing, structuring, storing, adapting or modifying, recovering, viewing, using, disclosing, transmitting, distributing or otherwise making them available, matching or combining, limiting, erasing or destroying;
1.3.7. A third party - a natural or legal person, public entity, agency or entity other than the data subject.
2. Personal data processing and purpose of personal data collection.
2.1 In this Section 2 we have set out:
● the general categories of personal data that we may process;
● in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
● the purposes for which we may process personal data; and
● the legal bases of the processing.
2.2. We may process personal data about your use of our website and services (“usage data”). The usage data may include geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
2.3. We may process your personal data that are provided in the course of the use of our services (“service data”). The service data may include title, first name, last name, email address, job title, organization, organization type, postal address, city, country, phone number, VAT number. The source of the service data is the User.
The service data may be processed for the purposes of:
2.3.1. to ensure participation in the applicant’s evaluation process for the Event;
2.3.2. To ensure provision of organizational and operational information exchange of the Event;
2.3.3. to ensure the publicity, promotion of the Event and public information;
2.3.4. processing your booking, providing our services, operating our website, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract;
2.3.5. adding specific data, namely your title, first name, last name, job title, organization and country, to the list of participants of the Event. The list may be distributed to the Event participants in printed and/or electronic form as part of participant information and/or participant handouts. The legal basis for this processing is consent.
2.4. We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data”). The enquiry data may be processed for the purposes of responding to your enquiry. The legal basis for this processing is our legitimate interests, namely business and communications with users.
2.5. We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (“transaction data”). The transaction data may include your contact details, your bank details, your VAT number and the transaction details. The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
2.6. We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data”). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
2.7. We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with Users.
2.8. We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this process is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
2.9. We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
2.10. In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.11. Please do not supply any other person’s personal data to us, unless we prompt you to do so.
2.12. The purpose of collecting and further processing all of this personal data is to be able to offer the Services to the Users, to organize and plan the Event as well as for Users`s verification and evaluation purposes. We process personal data for the evaluation and selection of potential applicants and organizations for the Events. We also process personal data for the purpose of maintaining our customer relationships with all Users. We also process personal data in order to inform Users of changes relating to the Services and the Events.
3. Personal data registration at the Event.
3.1. Initial collection of Users' personal data is carried out by the Processor through registration for the Event, accompanied by these Privacy Policy rules and a statement of consent for the processing of data.
3.2. Upon registration for the Event the User familiarizes themselves with these Privacy Policy rules and upon their approval confirms consent to personal data being processed in accordance with the Privacy Policy rules.
4. Audio and audio-visual recording of the Event.
4.1. The User acknowledging to have read the Privacy Policy rules, confirms that he or she has been informed of the Event being photographed and filmed.
4.2. The Controller may use the materials produced as a result of a photo recording, in whole or in part, for publicity purposes and to inform about the course of the Event. The User is hereby informed that the Controller will use this right freely at its discretion, including the right to transfer them to third parties. The User has the right to request information from the Controller about third parties who have been given the right to use video and photo-recording material.
4.3. The User may object to the actions specified above in this section and request the Controller to discontinue them provided that the person in question is directly identifiable in the particular video or photograph and it is technically possible for the Controller to erase and/or discontinue the use of the particular photograph
5. Terms of collection, storage and deletion of personal data.
5.1. This Section 5 sets out our data retention policies and procedures, which are designed to help ensure that the Controller comply with its legal obligations in relation to the retention and deletion of personal data.
5.2. Personal data that are processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3 The Controller will retain User`s personal data as follows:
5.3.1. Title, full name, job title, organization, organization type, full address, email address, country, phone number, VAT number will be retained for a minimum period of five (5) years following the date in which you provide the data to the Controller, and until such time as you ask the Controller to remove it.
5.4. Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which the Controller is subject, or in order to protect your vital interests or the vital interests of another natural person
6. User's acknowledgement for the processing of personal data.
6.1. The User acknowledging to have read the Privacy Policy rules consents to his or her Personal data being processed in accordance with the terms of these Privacy Policy rules;
6.2. Transfer of the Users' personal data is a must for the Controller to pursue the legitimate interests of the Controller and ensure Users` participation in the Event;
6.3. If the User withdraws its consent to the processing of personal data, the Controller and Processor will erase all personal data submitted, except where erasure is impossible for technical reasons or where it causes disproportionate effort (for example, in case of already printed materials).
7. User's rights.
7.1. User may:
7.1.1. At any time request the Controller information about the person specified in Article 13 of the General Data Protection Regulation;
7.1.2. Access the relevant data and receive the information specified in Article 15 of the General Data Protection Regulation by contacting the Controller;
7.1.3. Request the Controller to rectify, delete or limit personal data processing or to object to such processing in accordance with Articles 17 and 21 of the General Data Protection Regulation.
8. The Processor duties in the processing of personal data.
8.1. While processing personal data, the Processor ensures:
8.1.1. Access to information in accordance with Article 13 of the General Data Protection Regulation;
8.1.2. Implementation of technical and organizational measures for the security and protection of Personal data;
8.1.3. Upon request from the User, correction or erasure of his or her personal data;
8.2. The Processor undertakes to inform the User without delay about personal data security breach in case the personal data breach could create a high risk for the rights and freedoms of natural persons.
9. Communication and procedures for the exercise of the rights of the User.
9.1. The User may exercise its rights, including the right to object or to ask questions to the Controller in writing via the email: team@balticsustainabilityawards.eu;
9.2. If the personal data provided by the person changes, the person is entitled to request to rectify (align) his/her personal data by contacting the Controller by email: team@balticsustainabilityawards.eu
10. Processor who processes personal data on behalf of the SIA Impact Foundry.
10.1. The Processor carries out the processing of the User's personal data in accordance with these regulations (personal data collected in a survey during the registration process is processed in accordance with Typeform Privacy Policy).
10.2. In the course of the administrative organization of the Event the Processor may, if necessary, engage other processors (identification card makers, photographers, etc.) by concluding contracts with them that will include a condition for compliance with these rules.
10.3. If the Processor involves other processors for processing of the personal data in the administrative organization of the event, the Processor may transfer the following personal data to them: title, full name. The Processor gives the Controller access to personal data transferred to another processor.
10.4. If another processor is engaged, then the Processor ensures that this processor complies with these rules
11. Processing security requirements
11.1. Taking into account the state of the art, the implementation costs and the nature, extent, context and purposes of the processing, as well as the various risks and risks of probability and severity with respect to the User's rights and freedoms, the Controller and the Processor shall implement appropriate technical and organizational measures to ensure an adequate level of security.
11.2. The mandatory technical protection of personal data shall be implemented by the Controller and the Processor with physical and logical safeguarding means ensuring:
11.2.1. Protection against the threat of personal data generated by physical effects;
11.2.2. Protection through software tools, passwords, encryption, cryptography and other logical safeguarding means.
11.3. When processing personal data, the Controller and the Processor shall ensure:
11.3.1. Access of authorized persons to the technical resources used for the processing and protection of personal data (including access to personal data);
11.3.2.That data carriers containing personal data are processed by authorized persons;
11.3.3. That the resources used in the processing of personal data are transferred to authorized persons.
12. About cookies.
12.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
12.2. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
12.3. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
13. LTD Impact Foundry details.
13.1. This website is owned by LTD Impact Foundry.
13.2. Company details:
LTD “Impact Foundry”
Registered address: Lāčplēša street 35 - 7, Rīga, LV-101
VAT registration number: 40203584755
Place and date of the Privacy Policy update:
Riga, August 1, 2024