Privacy Policy (Updated for 2025 Compliance) 

Baltic Workforce (hereinafter referred to as “the Company” or “the Data Controller”) is committed to protecting your privacy and ensuring that your personal data is handled in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), the EU Artificial Intelligence Act (AI Act), and relevant national laws in the countries where we operate (Lithuania, Poland, Romania, and Denmark).
 

1. Data Controller Information 

The entity responsible for processing your personal data is Baltic Workforce, with offices in Lithuania, Poland, Romania, and Denmark. Each local branch operates under the same privacy and data protection standards.
For any data protection-related matters, you may contact us at job@balticworkforce.com  or by calling +45 78 77 36 84.
 

2. Supervisory Authorities 

Depending on your country of residence or the branch managing your data, you may contact one of the following supervisory authorities:
– Lithuania: State Data Protection Inspectorate (vdai.lrv.lt)
– Poland: President of the Personal Data Protection Office (uodo.gov.pl)
– Romania: National Authority for the Supervision of Personal Data Processing (ANSPDCP – dataprotection.ro)
– Denmark: Danish Data Protection Agency (datatilsynet.dk)
 

3. Categories of Data Processed 

We process only the personal data necessary for recruitment and employment purposes, which may include:
• Full name, address, nationality, and contact information (email, phone)
• Professional details included in your CV or provided voluntarily (education, qualifications, experience)
• Any additional documents you submit voluntarily
We do not intentionally collect sensitive data (such as health, political, or union information). If such data is provided voluntarily, it will be deleted unless required by labor legislation.
 

4. Purpose and Legal Basis for Processing 

Your personal data is processed for:
• Recruitment and job placement purposes
• Communication regarding employment opportunities
• Contractual or pre-contractual relations
• Compliance with legal obligations (e.g., labor and tax law)
• Quality control, customer support, and service improvement

Legal bases for processing include:
• Article 6(1)(a): Consent
• Article 6(1)(b): Contract or pre-contractual necessity
• Article 6(1)(c): Legal obligation
• Article 6(1)(f): Legitimate interest (business operation and communication)
 

5. Data Recipients and International Transfers 

Your personal data may be shared with trusted partners, including potential employers or clients, solely for recruitment or contractual purposes.
When data is transferred outside the European Economic Area (EEA), such as to the United States for Chatbase or OpenAI services, it is protected using:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Transfer Impact Assessments (DTIAs) to evaluate potential risks related to non-EU data transfers
 

6. Data Retention 

We retain personal data only as long as necessary for its intended purpose:
• Recruitment data: up to 2 years after the last interaction
• Contractual data: as required by labor, accounting, or tax legislation
• AI chat logs: retained temporarily for quality assurance and deleted or anonymized within 30 days (OpenAI) or upon verified deletion (Chatbase)
Retention periods may be extended if legal obligations apply.
 

7. Employee and Partner Access Controls 

Access to personal data is restricted to authorized HR personnel based on role-based access control principles. Data access is granted only to those whose duties require it and follows strict confidentiality and data minimization standards. All employees undergo regular data protection training.
 

8. AI Chat Functionality  

Our website provides an optional AI-powered chat service supported by Chatbase Inc. and OpenAI OpCo LLC, who act as data processors on our behalf.

The chat window is loaded only when a user voluntarily clicks the chat icon. Before sending a message, users are shown a visible notice stating that:
• they are interacting with an AI-based system,
• responses are automatically generated and may be inaccurate or incomplete, and
• no personal or sensitive information should be shared in the chat.

The following data may be processed for the purpose of operating the chat: message text, timestamps, IP address, and browser information. These data are not linked to identifiable profiles, not used for marketing or analytics, and not subject to automated decision-making.

Processing is based on the Company’s legitimate interest (Article 6(1)(f) GDPR) in providing an efficient communication channel. Users who do not wish to use the chat can freely contact us by email or phone instead.
Data may be transferred to the United States, protected by Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (DTIA).
Retention: OpenAI retains chat logs for up to 30 days for abuse monitoring and reliability; Chatbase retains them for the duration of our customer relationship and deletes them upon verified request.
 

9. Cookies and Tracking Technologies 

Our website uses cookies to optimize performance and personalize your experience.
Types of cookies include:
• Essential cookies (session, authentication): Required for website functionality.
• Analytical cookies (e.g., Google Analytics, Segment): Collect aggregated, anonymous statistics to improve our website. Retention: up to 6 months.
• Marketing cookies (e.g., Google Ads, Meta Pixel): Used with consent for advertising and performance tracking. Retention: up to 6 months.
You can manage or withdraw your cookie consent anytime through the cookie banner or browser settings. Links to third-party providers’ privacy policies are available on our Cookie Notice page.
 

10. Data Subject Rights 

Under GDPR, you have the following rights:
• Access to your personal data
• Correction of inaccurate data
• Deletion (“right to be forgotten”)
• Restriction or objection to processing
• Data portability
• Withdrawal of consent at any time
Requests may be submitted to job@balticworkforce.com. You may also contact the relevant national supervisory authority listed above.
 

11. Security Measures 

We implement appropriate technical and organizational measures to ensure a level of security suitable to the risk, including encryption, pseudonymization, firewalls, secure data storage, and role-based access. Regular audits are performed to verify compliance and data integrity.
 

12. Updates to This Policy 

This Privacy Policy may be updated periodically to reflect changes in law or our business practices. The latest version will always be available on our website. Major updates will be communicated to users where required.
 

Effective Date: January 15, 2025 

© Baltic Workforce. All rights reserved.