LLC “MĀJAI UN PIRTIJ”
GDPR PRIVACY POLICY

PERSONAL DATA CONTROLLER 
LLC “Mājai un pirtij” (hereinafter – “the Controller”)
Registration number: 40203268141
Legal address: 47-16 Krūzes Str., Riga, LV-1002, Latvia
Phone: +371 26870269
E-mail: [email protected] 

OUR PROCESSING OF PERSONAL DATA
This notice describes how we process the personal data of our customers, customer representatives / contacts, business partners, visitors of our website and others (hereinafter – “the data subject”), whose data may become available to us in the course of our business.
We assume that before using our website or becoming our customer, you have read this notice and accepted its terms. This is the current version of the notice. We reserve the right to make changes and updates to this notice as necessary.
The purpose of this notice is to give You a general overview of our personal data processing activities and purposes, however, please note that other documents (eg contracts, orders, terms of use of the website www.majaiunpirtij.lv, etc.) may also provide additional information about the processing of Your personal data. 
Please note that the personal data processing rules contained in this notice apply only to the processing of personal data of individuals.

PURPOSES OF PERSONAL DATA PROCESSING
Processing of personal data means any activity carried out with personal data, including the collection, registration, input, storage, organization, modification, use, transfer, transmission and disclosure, blocking or deletion of data.
The Controller processes personal data for the purpose of providing quality services, including order acceptance, invoicing, order fulfillment, service development and improvement, as well as for the performance of other related functions. The Controller may use personal data to ensure the protection of the security, life, health and other rights of The Controller and/or the data subject, to answer Your requests and questions. The data may be used for business planning, performance, analytics, payment administration, debt collection, risk management, and to ensure compliance with regulatory obligations, for example such as data security or market transparency. For other specific purposes when the data may be used, the information is provided to the data subject at the time the data are provided.

The legal basis for the processing personal data is:
- signing and fulfillment of the contract (name, surname, address of residence, delivery address, telephone number, e-mail address, etc.);
- provision of information (name, surname, postal address, telephone number, e-mail address, etc.);
- compliance with regulatory enactments;
- the data subject consent;
- execution or defense of the legitimate interests of the data Controller.

The legitimate interests of the data Controller are:
- to conduct business and provide services;
- to verify the Customer's identity before signing the contract or during customer service - by telephone, electronically, in person;
- to ensure the fulfillment of contractual obligations;
- prevent unreasonable financial risks for business (incl., perform credit risk assessment before selling services and during contract execution);
- save the Client's (the data subject) applications and submissions, other applications and submissions, notes about them, including those made in verbal, by calling, writing to an e-mail address, writing to a postal address, on the website;
- to analyze the operation of the data Controller's website and social networks, to develop and implement their improvements;
- to take actions for customer retention;
- to segment the database of customers for more efficient provision of services;
- work out and develop services;
- advertise services by sending commercial notifications;
- send other reports about the progress of the contract and events relevant to the performance of the contract, as well as conduct customer surveys on the services and the experience gained during them;
- inform about changes in the procedure of providing the service and the price list;
- inform Clients about news in the company and industry;
- provide corporate governance, financial and business accounting and analytics;
- ensure efficient business management processes;
- ensure the efficiency of providing services;
- ensure and improve the quality of services;
- administration of payments;
- administration of overdue payments;
- apply to public administration and operational institutions and to the court to protect legal interests of Controller;
- inform the public about Controller’s activities.

PROCESSING OF PERSONAL DATA

The Controller obtains only the data of the Customer and to the extent necessary for the purposes specified in advance (provision of the service, fulfillment of the contract, protection of the Customer, etc.).

The Controller obtains the customer's personal data directly from the customer when they, as a data subject:
- use the services provided by the Controller;
- sign up to receive news or other services from the Controller;
- ask for more information about the service used by the Customer or contacts the Controller regarding to a complaint or request for information;
- participate in competitions, lotteries or surveys;
- visits or browses the Controller's website;
- visits and participates in the Controller's social networking pages.

Categories of personal data collected and processed by the Controller:

Acquired and processed data subject data Purpose of data processing
Legal basis for data processing Deadline for data processing
Name, surname, telephone number, e-mail address, address of residence and/or delivery, as well as billing information (bank account number, invoice number, payment amount, debt amount).
Conclusion of the Agreement, acceptance of the order, identification of the buyer and the recipient of the goods, ensuring the delivery of the goods, other obligations of concluded Agreement, as well as invoicing, control of payment. 
The order made by the data subject and the concluded Agreement, as well as for the protection of the legitimate interests of the Controller and the performance of legal obligations.
Five years after placing the order, concluding the contract, issuing the invoice. The Controller may also keep this information for a longer period of time, as long as the claims of obligations that may arise from the contractual obligations expire, as well as if it is necessary to protect the legitimate interests of the Controller in claims against it.
E-mail address
Receipt of offers and information about current news.
Consent of the data subject to receive offers and information from the Controller, as well as for the protection of the legitimate interests of the Controller.
As long as the consent given by the data subject to receive offers and news is valid. The consent and proof of the consent given by the data subject may also be kept by the Controller for a longer period if this is necessary for the Controller to defend himself against the claims.
Name, surname, telephone number, e-mail address, address of residence and/or delivery, content of the data subject's request, complaint or feedback.
Requests, complaints and feedback from data subjects. 
Fulfillment of the Controller's legal obligations, as well as the Controller's legitimate interests to evaluate the data subjects' feedback and protect their interests.
One year. The Controller may also keep requests, complaints and feedback for a longer period of time, as long as the obligations arising from the contractual obligations for the purchase of goods expire and, if necessary, for the Controller to defend his legitimate interests in claims against him.

RECIPIENTS OF PERSONAL DATA
The Controller takes appropriate measures to process the Customer's personal data in accordance with the applicable law and regulation and to ensure that third parties who do not have the appropriate legal basis for processing the Customer's personal data do not have access to the Customer's personal data. 

Customers' personal data could be accessed as needed:
1) Controller's employees or directly authorized persons who need it for the performance of their duties; 
2) processors of personal data in accordance with the services they provide and only to the extent necessary, such as auditors, financial management and legal consultants, technical maintenance of the database, security service provider, other persons involved in the provision of services to the Controller; 
3) state and local government institutions in cases specified by law, for example, law enforcement agencies, local governments, tax administrations, sworn bailiffs, courts, supervisory authorities;
4) third parties, after careful consideration of the appropriate legal basis for such transfers, such as debt recovery service providers, courts, out-of-court redress bodies, insolvency administrators, third parties maintaining registers (eg debtors' registers, credit bureaux, etc.);
5) the Client himself as a data subject, if the Controller has the possibility to verify the identity of the information requester.

Personal data is not transferred to countries outside the European Union or the European Economic Area, nor is it transferred to international organizations.

COOPERATION PARTNERS IN THE PROCESSING OF PERSONAL DATA
The Controller takes appropriate measures to ensure the processing, protection and transfer of the Customer's personal data to the data processors in accordance with the applicable legislation. The Controller carefully selects the processors of personal data and assesses the need for the transfer and the amount of data to be transferred. The transfer of data to processors is carried out in compliance with the requirements of confidentiality and secure processing of personal data.
The Controller is currently able to work with the following categories of processors:
1) outsourced auditors, financial management and legal consultants;
2) IT infrastructure, database developer / technical maintainer; 
3) debt collection service providers;
4) other persons who are related to the provision of the Controller's services.
The processors of personal data are subject to change, about what the Controller will also make changes to this document.

SECURITY OF PERSONAL DATA
The Controller protects the Customer's data using the capabilities of modern technology, taking into account the existing privacy risks and the organizational, financial and technical resources reasonably available to the Controller.
The Controller processes personal data lawfully, in good faith and in a manner that is transparent to the data subject, and shall take appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage. 
The Controller reserves the right to publish certain personal data on its website and social networking pages, such as, but not limited to, Customer Feedback. 
At public events and venues, the Controller does not ensure the protection of personal data against the taking and possible further unauthorized disclosure of photographs / videos by third parties.
The Controller regularly reviews the security measures taken and update the technical means and organizational arrangements used.

RETENTION PERIODS FOR PERSONAL DATA
The Controller will store the personal data of the Clients and / or their legal representatives in accordance with the terms specified in regulatory enactments. If the term of personal data storage is not specified in the regulatory enactment, then personal data will be stored for as long as it is necessary to achieve the purpose of personal data processing. Personal data provided by the Data Subject on the basis of their consent shall be kept by the Controller until the purpose for which the data were collected or when the Data Subject withdraws their consent.

RIGHTS OF THE DATA SUBJECT
The data subject is a person who can be directly or indirectly identified. The data subject has the right to receive information on whether the controller processes personal data and, if so, to access them, to request the correction of personal data if they are inappropriate, incomplete or incorrect, to object to the processing of their personal data if the use of personal data is justified by a legitimate interest, to withdraw its consent if personal data are processed on the basis of the consent. Withdrawal of consent shall not affect any processing operations carried out in the consent period.
The data subject has the right to request the deletion of their data, for example if personal data are processed on the basis of consent. This right does not apply if the personal data whose deletion is requested is processed also on the basis of another legal basis, such as a contract or regulatory obligation, to restrict the processing of personal data, for example during the period when the Controller assesses whether the Customer has the right to delete data.

Correction of personal data
If there is a change in the personal data provided by the Client to the Controller as a data subject, such as a change in communication address, telephone number or e-mail, etc., the Customer must contact the Controller and provide up-to-date data to enable the Controller to achieve the relevant personal data processing purposes. Information can be updated by calling +371 26870269 or by writing to an email address [email protected]

The data subject's right to access and correct their personal data
In accordance with the rules of the General Data Protection Regulation, the Data Subject has the right to request the Controller to access their personal data, ask to correct, delete, restrict the processing of their personal data, object to the processing of the Data Subject's data. The data subject also has the right to data portability in the cases and according to the procedures set out in the General Data Protection Regulation.
Upon receipt of the data subject's request, the Controller will respond within the time limits specified by law (usually no later than one month, unless there is a specific request requiring a longer response time, of which the Controller will inform the data subject) and, if possible, then the personal data of the data subject will be corrected or deleted accordingly. 
The data subject may obtain information on the data subject's personal data held by the Controller or realize other rights as a data subject in any of the following ways:
1) By submitting a relevant application, send it to our e-mail: [email protected], it is recommended to sign it with a secure electronic signature;
2) By submitting a relevant application, send it to us by mail to: 47-16 Krūzes Str., Riga, LV-1002, Latvia.
Upon receipt of the data subject's application, the Controller will assess its content and the possibility of identifying the data subject and, depending on the situation, will retain the possibility to request additional identification of the data subject to ensure the security and disclosure of the data subject's data to the person concerned.

Withdrawal of consent
If the processing of the data subject's personal data is based on the data subject's consent, the data subject has the right to revoke it at any time and the Controller no longer processes the data subject's personal data processed on the basis of the consent for the relevant purpose. However, the withdrawal of consent may not affect the processing of personal data which is necessary for the fulfillment of the requirements of regulatory enactments or which is based on a contract, the legitimate interests of the Controller or other rules specified in regulatory enactments for lawful data processing. 
The data subject may also object to the processing of his or her personal data if the processing of personal data is based on a legitimate interest (in this case the Controller and the data subject shall endeavor to reach a mutual agreement in writing, if the situation permits it). 
The data subject may also object to the processing of their personal data if the processing of personal data is used for marketing purposes (eg sending commercial offers or participating in lotteries). In this case, the data subject may at any time refuse, for example, further receipt of commercial offers by writing to the e-mail address [email protected]. The Controller stops sending commercial offers as soon as the data subject's request has been processed. The processing of the request depends on the technological possibilities, which can take up to three days. 

If the data subject has any questions or objections related to the processing of the data subject's personal data by the Controller, the Controller appeal to contact directly Controller first.
However, if the data subject considers that the data Controller has not been able to resolve the issue and the data subject considers that the Controller nevertheless violates the data subject's right to protection of personal data, the Data Subject has the right to submit a complaint to The Data State Inspectorate. Samples of applications to the Data State Inspectorate and other related information can be found on the website of the Data State Inspectorate of Latvia (https://www.dvi.gov.lv/lv/iesniegumu-paraugi). 

USE OF COOKIES
The Controller's website uses cookies, which are small files that the browser saves on the visitor's computer to the extent specified in the visitor's browser settings each time a visitor visits the website. By using this website, the Customer agrees to the use of cookies.
The Controller uses cookies to improve the functionality of the website and ease use of the Controller website, to obtain information about page traffic statistics and to improve marketing communications.
If the Customer does not wish to store cookies, the Customer must select the option not to save cookies in the settings of their Internet browser.

AVAILABILITY AND AMENDMENT OF THE PERSONAL DATA PROTECTION PRINCIPLES
The principles of personal data protection are available on the Controller's website www.majaiunpirtij.lv. 
The Controller is entitled to amend the Principles unilaterally at any time in accordance with the applicable laws and regulations, informing the Clients thereof on the Controller's website www.majaiunpirtij.lv.