English

Privacy policy

Data Processing Regulations

SIA Dzīpari S NOTIFICATION ON PERSONAL DATA PROCESSING TO CUSTOMERS, EMPLOYEES, COOPERATION PARTNERS AND OTHER RELATED PERSONS

  1. Information about the controller

Our name is SIA Dzīpari S, registration number: LV44103033843, legal address: Pils iela 21b, Alūksne, LV-4301. You can contact us by phone: +371 29 223 459 or writing to inga@dzipars.lv.

  1. Contact information for communication regarding matters of personal data protection

If you have any questions regarding this notification or processing of your personal data, you can contact us via communication channels mentioned above (clause 1) or by contacting our personal data protection officer by writing to this e-mail address: inga@dzipars.lv.

  1. General description of personal data processing performed by us

This notification describes how we perform personal data processing of our clients, representatives/contact persons of clients, participants of raffles and lotteries, cooperation partners, website visitors and other persons whose data we may obtain within the framework of our commercial activity. We assume that before using our website or becoming our client, you have read this notification and have accepted its terms and conditions.

This is an up-to-date version of the notification. We reserve the right to make amendments and to update this notification as needed. The purpose of this notification is to provide you with general information about the activities of personal data processing we perform and their purposes. However, take into account that also in other documents (such as service contracts, cooperation contracts, terms and conditions of lotteries) additional information regarding your personal data processing may be provided.

We inform you that regulations of the personal data processing covered by this notification refer only to processing of personal data of natural persons. In addition to these terms and conditions, you can also read the following additional personal data processing notifications:

Terms and conditions for use of cookies (available at www.linenroomlatvia.com)

We are aware that personal data is your value, and we will process it in compliance with the confidentiality requirements, and we will take care of the security of your personal data at our disposal. In compliance with regulatory requirements, we carry out appropriate technical and organizational measures to protect Personal Data from unauthorized access, unlawful processing or disclosure, accidental loss, alteration or destruction.

  1. For what purposes do we process your personal data and what is the legal basis for processing personal data?

Personal data may only be processed for a legitimate and predetermined purpose. Personal data may not be used for other purposes without a written consent of the data subject (natural person) unless there are other grounds for legal processing of the data. We will process your personal data only in accordance with previously defined legitimate purposes, including:

  1. a) Provision of services, as well as fulfilment of contract obligations (including those of the cooperation contract)

Within the framework of this purpose, we would need to identify you and to ensure payment process, to contact you on the matters related to provision of the service and/or performance of the contract (including sending of invoices), in certain cases also to ensure recovery of unpaid payments.

For this purpose and the above mentioned underlying purposes, we may need at least the following personal data: name, surname, personal identity number, address (site address, mailing address, invoice delivery address) bank account number, phone number, address (mailing address, invoice delivery address) e-mail address of our employee, client, contact person of a client and/or of a cooperation partner.

Principal legal grounds to be used to achieve these purposes are:

  • conclusion and performance of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation (GDPR);
  • compliance with a legal obligation (Article 6 (1)(c) of the GDPR);
  • legitimate interests of the controller (Article 6(1)(f) of the GDRP), for example, identification of you as our employee or client, contact person of a client and/or of a cooperation partner client, provision of communication with you.
  1. b) Compliance with the requirements of the regulatory enactments regarding service provision or compliance with requirements of other regulatory enactments

For this purpose, we would need to comply with the requirements of the law On Accounting, Archives Law, Labour Law and those of other regulatory enactments. For this purpose, we need to process the following personal data: name, surname, personal identity number, address, site address of our employee, client, contact person of a client and/or a cooperation partner.

Principal legal grounds to be used to achieve these purposes are:

- compliance with a legal obligation (Article 6 (1)(c) of the GDPR).

  1. c) Provision of marketing activities

Within the framework of this purpose, we may send you commercial notifications, ensure your participation in lotteries and/or raffles organized by us, as well as publish materials from public events organized by us. At least the following personal data may be necessary for this purpose: name, surname, telephone number, and e-mail address of a client or contact person of the client and/or of a cooperation partner.

Principal legal grounds to be used to achieve these purposes are:

- consent of a data subject (Article 6(1)(a) of the GDPR);

- conclusion and performance of a contract with the data subject (Article 6(1)(b) of the GDPR);

- legitimate interests of the Controller (Article 6(1)(f) of the GDPR), for example, for provision of communication.

  1. d) Provision of security, prevention of threat to economic interests and safeguarding other significant legitimate interests of our company and third parties

For this purpose we would need to use personal data processors for provision of different functions, if necessary, to disclose information to courts and other public authorities, to exchange information within a group of companies, to exercise the rights granted by regulatory enactments to ensure our legitimate interests.

For this purpose we may need to process at least the following personal data: name, surname, personal identity number, site address, number of the declared residents in the address, appearance (image) of a person, location and time, and other data that may be necessary regarding our employee, client, contact person of a client and/or of a cooperation partner.

Principal legal grounds to be used to achieve these purposes are:

- legitimate interests of the Controller (Article 6(1)(f) of the GDPR), for example, for the purpose of detection of criminal offences, and for ensuring debt recovery.

  1. e) For ensuring proper provision of services

For this purpose we would need to maintain and improve the technical systems and IT infrastructure, employ technical and organizational solutions that could also use your personal data (for example, through the use of cookies) with the aim to ensure proper provision of services.

Principal legal grounds to be used to achieve these purposes are:

- legitimate interests of the Controller (Article 6(1)(f) of the GDPR).

  1. Who could have access to your personal data?

We take appropriate measures to process your personal data in accordance with the applicable laws and to ensure that third persons that do not have any legal grounds for processing your personal data could not have access to your personal data.

The following persons, where appropriate, could have access to your personal data:

1) our employees or directly authorised persons, who need it to perform their work duties;

2) personal data processors according to the services provided by them and only to the extent necessary, such as auditors, finance management and legal advisors, a developer/technical maintainer of the data base, other persons related to provision of the controller services;

3) state and local authorities in cases prescribed by law, such as law enforcement authorities, local governments, tax administrations, sworn bailiffs;

4) third parties, upon carefully evaluating whether such data transfer has appropriate legal basis, for example, debt recovery service providers, courts, extrajudicial dispute settlement authorities, administrators of bankruptcy or insolvency proceedings, third parties maintaining registers (such as the population register, register of debtors etc.).

  1. What cooperation partners for personal data processing or personal data processors do we choose?

We may in accordance with the requirements of the applicable laws transfer your personal data to processors (natural or legal persons, public authorities, agencies or other bodies that processes personal data on behalf of the controller) for processing of personal data in accordance with our stated purposes.

We take corresponding measures to ensure your personal data processing, protection and transfer to data processors in accordance with the applicable laws. We carefully select the personal data processors, and when transferring data, we evaluate the need for it and volume of data to be transferred. Data are transferred to processors in compliance with the requirements of personal data confidentiality and those of safe processing.

Currently we can cooperate with the following categories of personal data processors:

1) outsourced accountants, auditors, finance management and legal advisors;

2) the owner/developer/technical maintainer of the IT infrastructure and of the data base;

3) other persons related to provision of our services.

Personal data processors may change time after time, and we will make corresponding changes also in this document.

  1. Are your personal data transferred outside of the countries of the European Union (EU) or European Economic Area (EEA)?

We do not transfer your data to countries outside of the European Union or European Economic Area.

  1. For how long we will store your personal data?

Your personal data will be stored as long as the storage of them will be necessary in accordance with the corresponding purposes for personal data processing, as well as in accordance with the requirements of the applicable laws. When evaluating the duration of storage of personal data, we take into account the requirements of regulatory enactments in force, aspects of fulfilment of contract obligations, your instructions (for example, in case of consent), as well as our legitimate interests.

In case your personal data are no longer necessary for the set purposes, we will erase or destroy them. Below you can find the most common time periods for storing personal data:

- personal data required for fulfilment of contract obligations we will store them until the contract is performed completely and until other terms of storage are performed completely (see below);

- personal data that need to be stored to comply with the requirements of laws we will store them for the period stipulated by the relevant regulatory enactments, for example, the Law On Accounting stipulates that source documents must be stored until the day when they are necessary to establish the beginning of each commercial transaction and to track the course of it, but not less than for at least 5 years;

- data to prove the fulfilment of our obligations we will store them for the general prescriptive period in accordance with the prescriptive periods stated in regulatory enactments 10 years in the Civil Law, 3 years in the Commercial Law, and according to other terms, considering also the periods set by the Civil Procedure Law for bringing a claim.

  1. What are your rights as a data subject regarding your personal data processing?

Updating your personal data

In case there are any changes in the personal data you have provided to us, such as change of the personal identity number, communication address, phone number or e-mail address, contact us and submit to us the updated data, so we could achieve the relevant purposes of the personal data processing.

Your right to access your personal data and correct them

In accordance with the General Data Protection Regulation, you have the right to request us to have access to your personal data at our disposal, to request correction, erasure, restriction of processing, to object to processing of your personal data, as well as you have the right to data portability in cases and in accordance with the procedure prescribed by the General Data Protection Regulation. The company respects your right to have access to your personal data and to control them; therefore, in case we receive your request, we will reply to it within the period set in regulatory enactments (usually not later than within one month if there are no special requests that require longer period to prepare a reply) and, if it is possible, we will correct accordingly or erase your personal data. You may obtain information about your personal data at our disposal or exercise any other rights you have as a data subject in any of the following ways:

1) submitting the relevant submission in person and identifying yourself at our office at: Pils iela 21b, Alūksne, LV-4301, every working day from 10 am to 4 pm;

2) submitting the relevant submission by sending it to us by mail to the address: SIA Dzīpari S, Pils iela 21b, Alūksne, LV-4301;

3) submitting the relevant submission by sending it to our e-mail address: inga@dzipars.lv; we recommend to sign it with a secure electronic signature.

When we receive your submission, we will evaluate its content and the possibility to identify you, and depending on the situation we reserve the right to request you to additionally identify yourself to ensure safety of your data and disclosure to the relevant person.

Withdrawal of a consent

If processing of your personal data is based on your consent, you have the right to withdraw it at any time, and further on we will not process your personal data that we processed on the basis of your consent for the relevant purpose. However, we would like to inform you that withdrawal of the consent does not affect processing of personal data that is necessary to comply with regulatory enactments or which is based on a contract, our legitimate interests or other grounds prescribed by regulatory enactments for lawful data processing. You may also object to processing of your personal data if processing of personal data is based on legitimate interests or is used for marketing purposes (such as sending of commercial messages or participation in raffles).

  1. Where can you submit a complaint regarding the matters related to processing of personal data?

If you have any questions or objections regarding us processing your personal data, please contact us first. If you think that we have failed to mutually settle the issue and you think that we are violating your right to the personal data protection, you have the right to submit a complaint to the State Data Inspectorate. You may find samples of submissions to the State Data Inspectorate and other related information on the website of the State Data Inspectorate (http://www.dvi.gov.lv/lv/datu-aizsardziba/privatpersonam/iesniegumu-paraugi/).

  1. Why do you have to submit your personal data to us?

Primarily we collect your information to fulfil the contract obligations, to fulfil legal obligations binding on us and to pursue our legitimate interests.

In such cases we need certain information to achieve certain purposes; therefore, failure to provide such information may jeopardize establishing business relations or performing a contract. If data will not be absolutely required, but submission of them could help improve the service, or offer you beneficial contract terms and/or offers, when collecting data we will indicate that the provision of data is voluntary.

In addition, we would like to inform you about the principal requirements of regulatory enactments regarding processing of personal data:

The law On Accounting requires that the following personal data are indicated in a business transaction document (contract) whose party is a natural person: name, surname, personal identity number (if assigned), address indicated by the person or, if not indicated, address of the declared place of residence.

  1. How do we acquire your personal data?

We may acquire your personal data in any of the following ways:

1) during the process of conclusion of a contract, acquiring data from you;

2) if a contract is concluded with a third party, and it has indicated you as a contact person;

3) from you if you submit to us any submissions, send us e-mails or call us;

4) on the website www.linenroomlatvia.com, using cookies.

  1. Are your personal data used for automated decision making?

We will not use your data for automated decision making.