1. General rules.
1.2. Personal data means any information relating to an identified or identifiable natural person, i.e. the data subject. Processing is any activity related to personal data, such as acquisition, recording, modification, use, viewing, deleting or destroying.
1.3. Data manager shall comply with the principles of data processing laid down in the legislation and shall be able to confirm that personal data are processed in accordance with the legislation in force.
2. Collection, processing and storage of personal data.
2.1. Persons identifiable information is obtained, processed and stored by the Data Manager, mainly via the Internet shop site and e-mail.
2.4. The controller shall not be liable for damages caused to the data subject or to third parties if they were caused by false submitted personal data.
3. Processing customer personal data
3.1. Data manager may process the following personal data:
3.1.1. First name, surname
3.1.2 Date of birth
3.1.3 Contact details (e-mail address and/or telephone number)
3.1.4. Transaction details (purchased goods, delivery address, price, payment information, etc.).
3.1.5. Any other information submitted to us during the purchase of services and goods provided by the website or by contacting us.
3.2. In addition to the above, data manager shall have the right to verify the accuracy of the data submitted by means of publicly available registers.
3.3. The legal basis for the processing of personal data is Article 6(1)(a), (b), (c) and (f) of the General Data Protection Regulation:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract the contracting party of which is the data subject, or for the taking of measures at the request of the data subject prior to the conclusion of the contract;
(c) processing is necessary in order to fulfil the legal obligation applicable to data manager;
(f) processing is necessary to respect the legitimate interests of data manager or a third party, except where the interests or fundamental rights of the data subject and the fundamental freedoms requiring the protection of personal data are more important than those interests, in particular where the data subject is a child.
3.4. The controller shall keep and process the personal data of the data subject until at least one of the following criteria exists:
3.4.1. Personal data are required for the purposes for which they were received;
3.4.2 While, in accordance with the procedures specified in external regulatory enactments, data manager and/or the data subject may exercise their legitimate interests, such as objecting or bringing an action before a court;
3.4.3 As long as there is a legal obligation to store data, such as under the Accounting Act;
3.4.4 Pending the validity of the Data Subject's consent to the relevant processing of personal data, where no other legitimate basis exists for the processing of personal data.
At the end of the circumstances referred to in this paragraph, the data subject's personal data shall also cease to be stored and all relevant personal data shall be permanently deleted from computer systems and electronic and/or paper documents which have contained the relevant personal data or are anonymized.
3.5. In order to fulfil your commitments to you, data manager shall have the right to transfer your personal data to the liaison partners, the data controllers who carry out the necessary data processing on our behalf, such as accountants, couriers, etc. Data manager shall be data controller of personal data. Payment processing is provided by the Paysera payment platform, so our company transfers the necessary personal data to the platform owner, Paysera Latvia, Ltd.
On request, we can transfer your personal data to the national and law enforcement authorities in order to defend our legal interests when drawing up, submitting and defending legal requirements if necessary.
3.6. When processing and storing personal data, data manager shall take organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other illegal processing.
4. Rights of the data subject
4.1. In accordance with the General Data Protection Regulation and the legislation of the Republic of Latvia, you have the right:
4.1.1. Access your personal data, receive information on their processing, and request a copy of your personal data in electronic format and the right to transfer such data to another data manager (data portability);
4.1.2. Require incorrect, inaccurate or incomplete personal data to be corrected;
4.1.3. Delete your personal data (“to be forgotten”), except where the law requires data to be stored;
4.1.4. Withdraw their prior consent for the processing of personal data;
4.1.5. Limit your data processing – the right to request that we temporarily stop processing all your personal data;
4.1.6 Turn to the Data State Inspectorate
You can submit a request for the exercise of your rights by filling out the form in person on Kazarmu street 7, Riga, or by sending the request electronically, writing to the customer support service firstname.lastname@example.org
5. Final provisions