Belgroup Baltia EE · Tallinn
Belgroup Baltia Tallinn · EE Vol. I — 2025
§ Legal — Privacy

Privacy Policy
GDPR-compliant

Last updated · 2026-05-29

1. Who we are (data controller)

BELGROUP BALTIA OÜ (the “Company”, “we”, “our”) is the data controller for the personal data processed in connection with this website and our business relationships.

Registered office: Tornimäe 3 // 5 // 7, 10145 Tallinn, Estonia. Commercial Register code: 12393950. VAT: EE101606882.

For any privacy-related question or to exercise your rights under the GDPR, contact us at pl@belgroup.ee with the subject line “Data protection”.

2. Categories of personal data we process

We deliberately keep personal-data collection to the minimum required for a B2B trading relationship. We process:

  • Identification & contact data of business contacts: name, role, employer, business email, business phone.
  • Commercial correspondence: messages you send via the contact form or by email, including specifications, target volumes and delivery points.
  • Technical data: IP address, browser type, device type, referrer, and pages viewed — collected automatically via server logs and (subject to your consent) analytics cookies.
  • Counterparty due-diligence data when required by AML / sanctions rules: company registration data, ultimate beneficial owner data, board composition and sanctions-screening results.

3. Purposes and legal bases

We process personal data only on a defined legal basis under Article 6(1) of the GDPR:

  • Responding to your inquiry and operating the commercial relationship — Art. 6(1)(b) GDPR (performance of a contract or pre-contractual steps).
  • Counterparty due diligence and sanctions screening — Art. 6(1)(c) GDPR (compliance with a legal obligation: Estonian Money Laundering and Terrorist Financing Prevention Act and EU sanctions regulations).
  • Site analytics, fraud prevention and IT security — Art. 6(1)(f) GDPR (legitimate interests of running and protecting our website and operations).
  • Non-essential cookies and marketing emails — Art. 6(1)(a) GDPR (your consent, which you may withdraw at any time).

4. Recipients and processors

We disclose personal data only to a limited set of recipients, all bound by confidentiality and (where applicable) GDPR-compliant data-processing agreements:

  • Estonian credit institutions Coop Pank and LHV Pank — for euro-denominated settlement of trade transactions.
  • Logistics, customs and warehousing partners — to organise shipment and customs clearance.
  • Auditors, tax advisers and external legal counsel — under their professional secrecy obligations.
  • Cloud and IT-infrastructure providers acting as processors (hosting, email, analytics) under data-processing agreements pursuant to Art. 28 GDPR.
  • Competent authorities — only where a binding legal request or court order applies.

5. International transfers

Personal data is processed within the European Economic Area by default. Where a processor or recipient is located outside the EEA, transfers take place under an adequacy decision of the European Commission or under the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914), with supplementary measures applied where required following the Schrems II ruling.

6. Retention

We retain personal data only as long as required for the purpose for which it was collected:

  • Inquiry and pre-contractual correspondence: up to 24 months after the last interaction, unless a contract is concluded.
  • Commercial relationship records: for the duration of the relationship plus 7 years (Estonian Accounting Act, § 12).
  • AML / sanctions due-diligence records: 5 years after the business relationship ends (Money Laundering and Terrorist Financing Prevention Act, § 47).
  • Website analytics: up to 14 months (analytics cookie lifetime).

7. Your rights as a data subject

Under Articles 15 to 22 GDPR you have the right to:

  • Access — obtain confirmation of whether we process your data and a copy of it (Art. 15).
  • Rectification — request correction of inaccurate or incomplete data (Art. 16).
  • Erasure — request deletion of your data where the legal basis no longer applies (Art. 17).
  • Restriction — request that processing be limited in defined cases (Art. 18).
  • Data portability — receive your data in a machine-readable format and have it transmitted to another controller (Art. 20).
  • Object — object to processing based on legitimate interests, including direct marketing (Art. 21).
  • Withdraw consent — withdraw any consent you have given, at any time and with effect for the future (Art. 7(3)).
  • Lodge a complaint — with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, info@aki.ee, +372 627 4135 (Art. 77).

8. Cookies and similar technologies

We use cookies and similar technologies on this website. Categories, providers and retention periods are described in our Cookie Policy. You can review and change your consent at any time via the cookie banner accessible from the footer.

9. Security

We apply appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (Art. 32 GDPR), including TLS encryption in transit, access controls, audit logging, and staff confidentiality obligations.

10. Updates to this policy

We may update this policy to reflect changes in law or in our processing operations. The current version, with the “Last updated” date, is always available at this URL. Material changes are notified to active business contacts by email.