Privacy policy

1. Who we are

Trade in Baltic, SIA is the controller of personal data collected through this site.

Legal name: Trade in Baltic, SIA Registered office: Andrejostas iela 17, Rīga, LV-1045, Latvia Reg. no.: 40203581354 VAT no.: LV40203581354 Contact: info@tradeinbaltic.com · +371 27 003 715

2. What data we collect

We collect only what we need to respond to inquiries and operate the site.

Contact-form data: when you submit our inquiry form, we receive the name, email address, company, phone number (if provided), country, product interest, and free-text message that you supply.

Technical and log data: our hosting and edge provider records standard request information — IP address, user agent, referrer, timestamps, and the resources requested — for security, abuse prevention, and operational diagnostics.

No analytics or advertising trackers are loaded on this site today. We do not use Google Analytics, Meta Pixel, or comparable third-party tracking pixels. If that ever changes we will update this policy and, where required, present a consent prompt before any non-essential tracking runs.

Providing data through the inquiry form is voluntary. If you do not provide it, we cannot respond to your inquiry. For active commercial transactions, certain data (counterparty identification, shipping documents, sanctions-screening information) is a contractual and legal requirement; without it we cannot perform the contract.

3. Why we collect it and on what legal basis

Inquiry handling and responding to commercial requests: legitimate interest (Art. 6(1)(f) GDPR) — handling B2B inquiries directed at us is necessary for our business and is what you would expect when you contact a trading company.

Performance of an active contract: where you become a counterparty, processing is necessary for performance of that contract (Art. 6(1)(b) GDPR) — for example, sharing shipping documents with carriers and authorities.

Security and abuse prevention: legitimate interest (Art. 6(1)(f) GDPR) in keeping the site and our infrastructure available and free of abuse.

Legal obligations: where we are required to retain documents (tax, customs, sanctions screening) we process on the basis of Art. 6(1)(c) GDPR.

4. Who we share data with

We use a small number of sub-processors that act on our instructions. We do not sell personal data and we do not share it with advertising networks.

Formspree (Formspree, Inc., United States) — receives and forwards contact-form submissions. Used under their data processing terms and EU Standard Contractual Clauses for transfers outside the EEA.

Google Workspace (Google Ireland Limited) — hosts our business email. Inquiries you send us are stored in our Workspace mailbox under Google's data processing terms.

Cloudflare (Cloudflare, Inc.) — provides DNS, edge delivery, TLS termination, and bot/abuse protection for the site. Cloudflare processes connection metadata on our behalf.

Where we engage external counsel, accountants, freight forwarders, surveyors, customs agents, or banks in connection with an actual transaction, we share only the data needed to perform that transaction.

5. International transfers

Formspree processes data in the United States. We rely on the European Commission's Standard Contractual Clauses (2021/914) as the transfer mechanism for that processor.

Google Workspace processing is governed by Google's Data Processing Addendum, and transfers outside the EEA are covered by the SCCs (2021/914).

Cloudflare operates a global anycast network; non-essential transfers outside the EEA are governed by Cloudflare's Data Processing Addendum, which incorporates the SCCs.

6. Cookies

The only cookie this site sets today is Cloudflare's __cf_bm bot-management cookie. It is strictly necessary to protect the site from automated abuse, is short-lived, and does not require consent under EU rules (ePrivacy Directive, Art. 5(3) exemption for strictly necessary cookies).

We do not set any analytics, advertising, personalisation, or A/B-testing cookies. If we add analytics or anything else non-essential in future, we will present a cookie consent banner before it loads and update this section.

7. How long we keep data

Contact-form submissions and the resulting email thread: retained for up to 24 months from the last contact with the prospect, then deleted or archived to a closed-leads store unless an active commercial relationship exists.

Transactional records (contracts, invoices, shipping documents): retained for the period required by Latvian tax, accounting, and customs legislation — generally 5 years, and longer where payroll or specific categories require it.

Edge log data at Cloudflare: retained under Cloudflare's standard log retention policies, which we do not control.

We review retention periods periodically and shorten them where practicable.

8. Your rights

Under the GDPR you have the right to: request access to your personal data; request rectification of inaccurate data; request erasure (subject to our retention obligations); request restriction of processing; object to processing carried out on the basis of legitimate interest; request data portability for data you provided to us; and, where any processing relies on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email info@tradeinbaltic.com. We will respond within one month, extendable by a further two months for complex requests as permitted by the GDPR.

You also have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) — see dvi.gov.lv — or with the supervisory authority of your EU/EEA member state of residence.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22 GDPR).

9. Security

The site is served over industry-standard TLS. Access to our mailbox and back-office tools is protected by individual accounts, strong passwords, and two-factor authentication.

We do not collect payment card data or banking credentials through the site. Where banking details are exchanged for an actual transaction, they are handled out of band through the relevant contract and corporate banking channels — not through this website.

10. Updates to this policy

We may update this policy as our processing or sub-processors change, or to reflect legal developments. The current version always carries a "last updated" date at the top. Where a change is material, we will indicate that prominently.

11. Contact

For any privacy question — access, deletion, complaints, sub-processor lists — email info@tradeinbaltic.com or write to Trade in Baltic, SIA, Andrejostas iela 17, Rīga, LV-1045, Latvia.