Day Hour Min Sec

Privacy policy

Privacy Policy of the online store BalticWorkwear.com

Version dated 13.11.2025

The controller responsible for the processing of personal data is: Baltic Workwear sp. z o.o., ul. Piłsudskiego 40, 67-100 Nowa Sól, Poland, +48 68 30 000 88, odo@balticenterprise.pl.

The Controller is not obliged to appoint a Data Protection Officer.

1. General Provisions

  1. This Policy explains the principles of collecting and using personal data by Baltic Workwear in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR). Full text of the GDPR: https://uodo.gov.pl/pl/.
  2. Providing personal data is voluntary; however, in some cases it is necessary to conclude a sales contract, process an order, register an account or respond to an inquiry. Failure to provide data may prevent the performance of these actions. Data provided for marketing or newsletter purposes are stored until consent is withdrawn, but no longer than 3 years from the user’s last activity.
  3. Consent may be withdrawn at any time by contacting the Controller at odo@balticenterprise.pl.
  4. This Privacy Policy applies to the processing of personal data by Baltic Workwear sp. z o.o. via the online store, social media accounts, e-mail and telephone contact, as well as in physical locations.
  5. The ability to exercise rights such as access to personal data, rectification, erasure, restriction of processing, data portability, and objection to processing depends on the legal basis for specific processing, as well as on the purpose and method of processing, within the limits defined in Articles 15–22 of the GDPR https://uodo.gov.pl/pl/. The data controller is not obliged to grant these rights in every case or to the same extent. A request to exercise a right may be submitted to: bok@balticenterprise.pl.
  6. Responses to customer inquiries are stored for a maximum of 3 years from the date of the final message received regarding the inquiry.
  7. If processing is based on the consent of the data subject (Article 6(1)(a) or Article 9(2)(a) GDPR), you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  8. If processing is based on Article 6(1)(f) GDPR – processing for the purposes of legitimate interests – you have the right to object to such processing.
  9. You have the right to lodge a complaint with the supervisory authority responsible for data protection. Supervisory authority in Poland: ul. Stawki 2, 00-193 Warsaw, phone +48 22 860 70 86, supervisory authorities in other countries.

2. Data Security

  1. The Controller applies technical and organizational measures ensuring an appropriate level of security corresponding to the risks and categories of processed data, particularly protecting personal data from unauthorized access.
  2. Access to personal data is granted only to authorized persons who are regularly trained in data protection.

3. Types of Data, Purposes, and Methods of Processing

1. Hosting and Access Data:

  • The store can be visited without providing personal data. Each time a website is accessed, the server automatically saves so-called server logs, such as the name of the requested file, the client’s IP address, the date and time of access, the amount of transferred data, and the requesting Internet service provider (so-called access logs), and documents the visit. This data is analyzed solely to ensure the proper functioning of the website and to improve the offer. This serves, in accordance with Article 6(1)(f) GDPR, to safeguard the Seller’s legitimate interest in optimal and proper presentation of its website and offer. All access data is deleted within seven days of the end of the user’s visit.
  • An external service provider, acting on behalf of and under instruction from the Controller, performs hosting and website presentation services. All data collected as described in this Privacy Policy during the use of the website or via its forms are stored on the service provider’s servers. Data processing on other servers takes place only within the scope specified in this Privacy Policy. The provider cooperating with the Seller is based in a country belonging to the European Union or the European Economic Area.

2. Collection and Processing of Data for Contract Performance and Account Creation

  • The Seller collects personal data only when voluntarily provided by the Customer placing an order or contacting the Seller (e.g., via the contact form or e-mail). Mandatory fields are marked as such because the data they contain are necessary to perform the contract or handle the Customer’s request. Without providing this data, the order cannot be completed, and contact with the Seller cannot be made. The data collected depend directly on the respective forms.
  • The Seller uses the data provided by the Customer in accordance with Article 6(1)(b) GDPR for contract performance and responding to customer inquiries. In addition, if the Customer provides consent under Article 6(1)(a) GDPR to create a customer account, the Seller will process the personal data necessary for this purpose.
  • After the full performance of the contract or deletion of the Customer’s account, data processing will be limited, and after the retention periods defined by tax and accounting laws expire, the data will be deleted, unless the Customer expressly consents to further use, or the Seller reserves the right to continue using the data as permitted by law, which will be stated in this Privacy Policy.
  • The Customer’s account can be deleted at any time by sending an e-mail to odo@balticenterprise.pl or calling +48 68 30 000 88.

3. Data Transfer and Storage

  • Personal data are stored for the duration of the contract and thereafter for the limitation period of civil claims (5 years), in accordance with tax and accounting regulations. Data processed for marketing purposes are stored until consent is withdrawn.
  • For contract performance, the Seller transfers the Customer’s data to courier companies responsible for delivery, insofar as this is necessary to deliver the ordered goods, in accordance with Article 6(1)(b) GDPR.
  • Depending on the payment service provider selected during the ordering process, the Seller transfers payment data to the respective financial institution and/or payment service provider to process the transaction. Some payment providers collect data independently if the Customer has an account with them. In such cases, the Customer will be redirected to the provider’s website to log in and complete the payment. The privacy policy of the respective payment provider then applies. Payment operators:
    • PayU SA, ul. Grunwaldzka 186, 60-166 Poznań, Poland, NIP: 779-23-08-495, REGON 300523444
    • PayPal Polska sp. z o.o., ul. Emiliana Plater 53, 00-113 Warsaw, REGON: 141108225
    • PayPo sp. z o.o., ul. Domaniewska 39, 02-593 Warsaw, https://paypo.pl/informacja-o-przetwarzaniu-danych-osobowych
    • Stripe Payments sp. z o.o., ul. Ludwika Waryńskiego 3A, Warsaw, NIP: 7011062474, REGON: 520642121
  • To handle and process orders, the Seller also uses the external inventory management system Subiekt Nexo Pr. Data transfer and processing in this regard are based on a data processing agreement.
  • If the Customer provides explicit consent (Article 6(1)(a) GDPR) during or after placing an order, the Seller may transfer the Customer’s e-mail address and telephone number to the selected courier company to allow contact before delivery for scheduling. This consent can be withdrawn at any time by contacting the Seller at odo@balticenterprise.pl or the courier directly. Upon withdrawal of consent, the Seller will delete the data unless the Customer consents to further processing, or the Seller reserves the right to process data in legally permissible cases. Courier companies:
    • GLS Poland Sp. z o.o., ul. Tęczowa 10, 62-052 Głuchowo, Komorniki, Poland
    • InPost sp. z o.o., ul. Wielicka 28, 30-552 Kraków, Poland
    • For international orders: Packeta Poland sp. z o.o., ul. Postępu 14, Warsaw, Poland, and cooperating companies.

4. E-Mail – Newsletter

  • If the Customer subscribes to the newsletter, the Seller will use the data provided for regular newsletter distribution by e-mail, based on the Customer’s consent (Article 6(1)(a) GDPR).
  • The Customer may unsubscribe from the newsletter at any time by sending an e-mail to odo@balticenterprise.pl or marketing@balticenterprise.pl, or by clicking the unsubscribe link included in the newsletter. After unsubscribing, the Seller will delete the Customer’s e-mail address unless the Customer expressly consents to further data use or the Seller reserves the right to process it under applicable law.
  • The newsletter is sent under a data processing agreement by an external service provider based within the European Union or the European Economic Area.
  • In the case of abandoned cart notifications, e-mails are sent under Article 6(1)(a), (b), or (f) GDPR, depending on cookie consent or legitimate interest in assisting the Customer with completing the purchase.

5. Cookies

  • To enhance the website and enable specific features, display relevant products, or for market research purposes, the Seller uses so-called cookies. This serves, in accordance with Article 6(1)(f) GDPR, to protect the Seller’s legitimate interest in optimal presentation of the offer.
  • Cookies are small text files that are automatically stored on the Customer’s device. Some cookies used by the Seller are deleted after the browser session ends (so-called session cookies). Other cookies remain stored on the Customer’s device, allowing the Seller to recognize the browser upon the next visit (so-called persistent cookies). The storage duration can be found in the browser’s cookie settings.
  • The browser can be configured to notify users about the use of cookies and allow them to accept or reject cookies in specific cases or completely. Each browser manages cookie settings differently. The browser’s help menu provides instructions for changing cookie settings.
  • If cookies are not accepted, some website functionalities of the Store may be limited.

6. Advertising through E-Marketing Tools

  • Before loading the first script, the Customer will be asked to provide mandatory consents required to use the website, as well as optional consents, including marketing consents. The Customer may change these consents at any time by clicking on the cookie banner icon and adjusting their preferences.
  • The Store uses Google Maps to visually display geographic information. Google Maps is a tool offered by Google Ireland Limited, a company incorporated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.com). This serves, in accordance with Article 6(1)(f) of the GDPR, to safeguard the Seller’s legitimate interest in facilitating the location of sales points and ensuring optimal presentation of the Seller’s offer on the market.
  • When using Google Maps, Google records and processes data regarding the use of maps and their individual functions, such as the user’s IP address or location data. The Seller has no influence over this data processing by Google.
  • To deactivate Google Maps and the related data processing by Google, JavaScript must be disabled in the browser settings. In such a case, the use of Google Maps will not be possible or will be severely limited.
  • Further information on Google’s data processing can be found in Google’s Privacy Policy. Terms of use for Google Maps are described here. Data processing takes place based on joint controllership arrangements in accordance with Article 26 GDPR. The relevant agreement between joint controllers is available here.
  • To protect against spam and prevent abuse or improper use of our web forms, some forms on the Store’s website integrate the Google reCAPTCHA tool offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (www.google.com). By verifying the data entered into the form, this tool helps prevent the use of automated software (so-called bots) that could disrupt the proper functioning of the Store’s website. This serves, in accordance with Article 6(1)(f) GDPR, to protect the Seller’s legitimate interest in safeguarding the Store’s website against potential abuse and ensuring its uninterrupted operation.
  • Google reCAPTCHA uses JavaScript-based solutions such as cookies to analyze how Customers use the Store’s website. This data, together with the Customer’s IP address, is automatically transmitted to and stored on Google’s servers located in the USA. Personal data entered by the Customer in the form fields are neither read nor stored.
  • The Customer can prevent Google from collecting data related to the use of the Store’s website (including IP address) through JavaScript or cookies by adjusting their browser’s cookie settings or disabling JavaScript. Please note that doing so may limit the functionality of some parts of the Store’s website.
  • Further information on Google’s data processing is available in Google’s Privacy Policy.
  • Data transfers to the USA are carried out under the European Commission’s Implementing Decision of 10 July 2023, confirming an adequate level of protection for participants in the EU–US Data Privacy Framework.
  • Personal data may be processed automatically, including through profiling; however, this will not produce any legal effects or similarly significant impact on the user’s situation.
  • Profiling involves the analysis or prediction of a user’s preferences (e.g., browsing history, purchases, newsletter interactions, product category selections) to tailor website content, product recommendations, promotional offers, and advertisements to the individual user’s needs and interests.
  • Such marketing activities are carried out based on the Controller’s legitimate interest (Article 6(1)(f) GDPR) or—where appropriate consent for marketing cookies has been given—based on that consent (Article 6(1)(a) GDPR).
  • The user has the right to object at any time to profiling for marketing purposes or to withdraw consent by contacting the Controller or adjusting cookie settings in their browser.

7. Social Media

  • The Store’s website uses social media plugins. The legal basis for data processing for analytical and marketing purposes is the user’s consent (Article 6(1)(a) GDPR). When a Customer views a page containing such a plugin, their browser establishes a direct connection with the servers of Facebook, Google, Twitter, or Instagram. Through this integration, the social media service providers receive information that the Customer’s browser has accessed the Store’s website, regardless of whether the Customer has a profile with that provider or is currently logged in. Such information (including the Customer’s IP address) is transmitted directly by the browser to the provider’s server (most of which are located in the USA) and stored there. If the Customer is logged in to one of these services, the provider can directly associate the visit to the Store’s website with the Customer’s profile. When using a plugin—for example, clicking the “Like” or “Share” button—the relevant information is also transmitted directly to the provider’s server and stored there. This information may also be published on the Customer’s social media profile and visible to their contacts or friends. This serves, in accordance with Article 6(1)(f) GDPR, to protect the Seller’s legitimate interest in the optimal presentation of the Store’s website and offer on the market.
  • The purpose and scope of data collection and the further processing and use of data by social media providers, as well as the Customer’s rights and privacy protection settings, are described in the privacy policies of each provider.
  • If the Customer does not wish social networks to link the data collected during visits to the Store’s website directly to their social media profile, they must log out of the relevant social networks before visiting the website. The Customer can also block social media plugins entirely by using appropriate browser extensions or adjusting consent settings (“consent mode”).
  • The Seller’s activity on social media platforms aims to maintain active communication with existing and potential Customers. Through social media, the Seller also provides information about products and current promotions.
  • When visiting the Seller’s social media profile or page, the platform may, through cookies, automatically collect and process the Customer’s personal data for market research and advertising purposes, creating pseudonymized user profiles. These profiles are used, for example, to display advertisements matching the Customer’s interests. This serves, in accordance with Article 6(1)(f) GDPR, to protect the Seller’s legitimate interest in maintaining effective communication with Customers and presenting its offer on the market. If the social media platform requests the Customer’s consent (e.g., via a checkbox), data processing is based on Article 6(1)(a) GDPR.
  • Detailed information about data processing by individual social media platforms, as well as contact options, privacy settings, or submitting rights requests (including the right to object), can be found in the privacy policies of the respective platforms:
    • Facebook: https://www.facebook.com/about/privacy/ Data processing is carried out in accordance with Article 26 GDPR based on joint controllership agreements available here. Further details about data processing when visiting a Facebook fan page (including Page Insights data) are available here.
    • Google/YouTube: https://policies.google.com/privacy
    • Twitter: https://twitter.com/privacy
    • Instagram: https://help.instagram.com/519522125107875
    • LinkedIn: https://www.linkedin.com/legal/privacy-policy
    • Opt-out options: Facebook: https://www.facebook.com/settings?tab=ads Google/YouTube: https://adssettings.google.com/authenticated Twitter: https://twitter.com/personalization Instagram: https://help.instagram.com/519522125107875 LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/en

8. Integration with Trusted Shops Trustbadge

To display the Trusted Shops Quality Seal, customer reviews, and the Trusted Shops products available to buyers after placing an order, the Store’s website integrates the Trustbadge provided by Trusted Shops. This serves, in accordance with Article 6(1)(f) GDPR, to protect the Seller’s legitimate interest in optimal marketing by enabling secure shopping experiences. The Trustbadge and associated services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. When the Trustbadge is loaded, the server automatically saves access logs (log files) such as the user’s IP address, date and time of access, amount of transmitted data, and the requesting Internet service provider. Access and server logs are stored for security analysis and automatically deleted no later than 90 days after creation. Other personal data are transmitted to Trusted Shops only if, after placing an order, the Customer voluntarily decides to use Trusted Shops products or has previously registered for them. In such cases, a contractual agreement between the Customer and Trusted Shops applies. For this purpose, personal data from the order are automatically transmitted. Whether the Customer is already registered is verified automatically using a neutral parameter – the e-mail address encrypted via a one-way cryptographic hash. The e-mail address is encrypted before transmission so that it cannot be decrypted by Trusted Shops. After verification, the parameter is automatically deleted. This process is necessary to fulfill the legitimate interests of both the Seller and Trusted Shops (Article 6(1)(f) GDPR) in providing Buyer Protection associated with each order and enabling customer review services. Further information is available in the Trusted Shops Privacy Policy.

9. Seller’s Contact Details and Customer Rights

Data subjects have the following rights:

  • under Article 15 GDPR – the right to obtain information about data processing within the scope of this article;
  • under Article 16 GDPR – the right to rectify inaccurate or incomplete personal data;
  • under Article 17 GDPR – the right to erasure (“right to be forgotten”) of personal data stored by the Seller, unless further processing is necessary to: – exercise the right to freedom of expression and information; – comply with a legal obligation; – serve reasons of public interest; or – establish, exercise, or defend legal claims;
  • under Article 18 GDPR – the right to restrict data processing where: – the accuracy of the data is contested by the Customer; – processing is unlawful, and the Customer opposes erasure; – the Seller no longer needs the data, but the Customer requires them for legal claims; or – the Customer has objected under Article 21 GDPR;
  • under Article 20 GDPR – the right to receive personal data provided to the Seller in a structured, commonly used, and machine-readable format and to transmit them to another controller;
  • under Article 77 GDPR – the right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office – “UODO”).


If the Seller processes personal data to protect its legitimate interests as described in this Privacy Policy, the Customer may object to such processing with effect for the future. In the case of processing for direct marketing purposes, the Customer may object at any time. If processing occurs for other purposes, the right to object applies only for reasons related to the Customer’s particular situation. Once an objection has been raised, the Seller will cease processing personal data unless there are compelling legitimate grounds overriding the Customer’s interests, rights, and freedoms, or the processing is necessary for legal claims. When processing is carried out for direct marketing purposes, the Seller will not continue to process the Customer’s data for this purpose after an objection has been made.


For any questions regarding the collection, processing, or use of your personal data, rectification, blocking, or deletion of data, as well as to withdraw consent or object to processing as described in this Privacy Policy, please contact the data controller: Baltic Workwear sp. z o.o., ul. Piłsudskiego 40, 67-100 Nowa Sól, Poland; e-mail: odo@balticenterprise.pl; phone: +48 68 30 000 88. All information related to personal data protection for users of the online store can also be found under the Terms and Conditions section.