General privacy statement

In this Privacy Statement, we provide you the information on how BALTPOOL UAB (legal entity’s code: 302464881, address: Žalgirio St. 90 (Business Centre CITY, block D, 5th floor), 09303 Vilnius, Republic of Lithuania) (hereinafter – the Company) processes your personal data that you provide to the Company when visiting the Company’s office address, website, contacting it by e-mail or phone.

Data Protection Officer of EPSO-G group of companies which the Company is part of – Romas Zienka; e-mail address: [email protected], telephone number: +370 612 58162.

What kind of your personal data do we process?

There are three main groups of personal data, depending on the method by which the Company may obtain information about you:

  • data that you personally provide to us;
  • data that is collected automatically when you visit the Company’s website, login to and perform operations in the Company’s trading systems, visit the Company’s office, contact us by e-mail;
  • data obtained from other sources, such as your credit institutions, institutions assessing the exchange participants’ solvency / creditworthiness and other sources of data.

By accepting the provisions of this General Privacy Statement, you agree that the Company may, by any of the methods indicated in this statement, process the following data about you:

  • name, surname;
  • workplace, job title;
  • IP address;
  • identification data for the logins to the trading systems (username, password), sequence of actions by the system user;
  • electronic mail address, telephone number, address, other contact information.

The data listed below will be processed by the Company in certain specific cases, by informing you thereof in each specific case, and, where legal acts so provide, by asking your consent:

  • image(s);
  • date of birth, personal number, bank account information;
  • data on criminal records, compliance with tax obligations and other information of similar nature intended to support the supplier’s (its representative’s) eligibility to perform a public contract;
  • information about your education, copies of education documents;
  • declaration of interests;
  • copies of individual activity certificate or other certificates issued to you by a tax administrator, the Social Insurance Fund Board, copies of other documents;
  • descriptions of work experience, acquired qualifications, skills, professional expectations;
  • other data of special categories, when such obligation is established for the Company by the Republic of Lithuania Law on the Protection of Objects of Importance to Ensuring National Security.

For what purposes do we collect personal data?

Information about you shall be collected and processed for the following purposes:

  • to ensure availability, stability and user-friendliness of the provision of services in the trading systems – data is automatically collected and recorded when you visit the Company’s website at and the trading systems through the use of functional and mandatory operation cookies, the period of processing of the data obtained for this purpose by the Company depends on the function they perform:


Name of the cookie Purpose Expiry
PHPSESSID User session support Expires after the browser shutdown
_ga Used by the program Google Analytics to obtain visitors flow data, browsing time, browser Expires after 2 years
_gid Used by the program Google Analytics to obtain visitors flow data, browsing time, browser Expires after the browser shutdown
pll_language Used for remembering the language of the page so that during the next visit the language would be chosen automatically Expires after 1 year
__cfduid Used for storing the settings of DataTables Expires after 24 hours
1P_JAR Used for the purposes of user tracking and advertising customization Expires after 24 hours


  • for the purposes of conclusion and performance of contracts – due to the necessity to properly perform the contract concluded with the data subject or when taking steps prior to concluding a contract at the request of the data subject. Data collected for this purpose shall be stored for 10 (ten) years after the day of termination of the contract;


  • for the purposes of organizing and conducting public procurements – personal data of the persons participating in a procurement shall be processed due to the necessity to perform the future public contract or when taking steps prior to concluding a contract at the request of the data subject. For this purpose, data shall be stored for 10 (ten) years after the end of the procurement procedures;


  • data obtained for the purpose of selection of candidates for a job position at the Company or of candidates for becoming members of the collegial bodies of the Company and administration of the data base as well as candidate screening shall be processed on the basis of your consent, deleted not later than after 2 (two) years following the day of issuance of such consent, and if such consent is not given – shall be deleted immediately, upon expiry of the time limit for contesting the results of the contest/selection in question;


  • data obtained for the purpose of publicizing the activity shall be stored and may be used for 1 (one) year after the day of issuance of your consent, unless you inform us of your withdrawal of the consent prior to said term.


How is your personal data processed?

Your personal data will be processed by complying with the requirements established by the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Republic of Lithuania Law on Legal Protection of Personal Data and other legal acts. Your personal data shall be processed in a responsible and secure manner. The Company shall, both at the time of the determination of the means for processing of personal data and at the time of the processing of data itself, implement appropriate technical and organisational measures for data protection provided for in legal acts, designed to protect the personal data that is being processed against accidental or unlawful destruction, damage, alteration, loss, disclosure, as well as against any other unlawful processing. The appropriate measures shall be determined considering the dangers arising due to the processing of personal data.

Transfer and disclosure of data to third persons

The personal data you provide on the Energy Resources Exchange, in the heat auction information system, in the electronic timber trading system is not publicly available, we process and store it in accordance with the legal acts and the highest standards applicable to our activities. In the exceptional cases and for the exceptional purposes listed below, we might have to transfer your personal data to third persons:

  • to the personal data processors that provide services (perform works) to us, i.e. information technology service providers, auditors, lawyers, consultants that process your data on behalf of the Company as a data controller.
  • Data processors have the right to process personal data only in accordance with our instructions, only in such scope and only to the extent that is necessary. When engaging data processors, we take all necessary measures to ensure that our data processors have also implemented appropriate organisational and technical measures ensuring personal data security and maintain personal data secrecy.
  • Your data may be transferred to state establishments and institutions, other persons performing the functions delegated to them by laws in the cases and to the extent provided for by legal acts.


What are your rights?

You have the right:

  • to submit us a written request to provide you the information as to whether data concerning you is being processed, and, if such data is being processed, you have the right to access your personal data and the following information:
    • the purposes of the data processing;
    • the categories of personal data concerned;
    • the recipients of data or categories of the recipients of data to which your personal data have been or will be disclosed;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • to obtain the rectification of inaccurate personal data concerning you or the completion of incomplete personal data concerning you;
  • to obtain the restriction of processing of your data or overall erasure of your personal data – these rights may be exercised where the conditions provided for in Articles 17-18 of the General Data Protection Regulation are present;
  • to withdraw the consent to process your personal data, where the personal data is being processed exclusively based on your consent;
  • to request that we transmit your personal data that is being processed to another data controller, where this is technically feasible;
  • to lodge a complaint with us or the State Data Protection Inspectorate, if you consider that your, as the personal data subject’s, rights are and (or) may be infringed.


How can you exercise your rights?

To exercise your rights, please submit the requests, complaints or claims to us in writing:

  • by e-mail at [email protected];
  • by sending it by post at the address Žalgirio St. 90 (Business Centre CITY, block D, 5th floor), 09303 Vilnius;
  • by visiting the Company at the address Žalgirio St. 90, 09303 Vilnius;
  • by contacting the Data Protection Officer of EPSO-G group directly (the contact details are provided above).

If, upon receiving a request, complaint or claim, we have doubts concerning the identity of the person who is applying, we have the right to request the identity document of the person who is applying and (or) to confirm his personal identity in accordance with the procedure provided for by legal acts and (or) by means of electronic communication which enable the person to be properly identified.

If we are unable to provide you the required information and (or) you have claims regarding the way your personal data is being processed, you have the right to address the State Data Protection Inspectorate by lodging a complaint.


How will we inform you about changes to the Privacy Statement?

We may update or amend this Privacy Statement at any time. Such updated or amended Privacy Statement will come into effect from the day of its publication on our website.

Having updated the Privacy Statement we will inform you about the changes which we consider substantial by publishing thereof on the website. For the date of the latest update of the Privacy Statement, please see the date “Date of update” indicated below.

How can we be contacted?

If you have any questions relating to the terms of this Privacy Statement and (or) your rights, please kindly contact us by the telephone indicated below or by sending an inquiry by e-mail or registered letter at:


Žalgirio St. 90, 09303 Vilnius

(Business Centre CITY, block D, 5th floor)

Legal entity’s code: 302464881

Tel.: +370 5 239 3157

E-mail: [email protected]

Data on the company is collected at the Register of Legal Entities of the Republic of Lithuania


This Privacy Statement has been reviewed on March 25, 2020.