Privacy Policy

1. General Provisions

1.1. This Privacy Policy describes how SIA “Ģimenes sirds”, reg. no. LV50203085391, registered address Gāles 27, Sigulda, LV-2150, Latvia (hereafter also “Data Controller”) obtains, processes and stores personal data that are collected from its clients and persons visiting the website www.gimenessirds.lv (hereafter “Data Subject” or “You”).
1.2. Personal data means any information relating to an identified or identifiable natural person, that is, a Data Subject. Processing means any operation or set of operations performed on personal data such as collection, recording, organization, structuring, use, disclosure, destruction or erasure.
1.3. The Data Controller observes the data-processing principles set out in the legislation and confirms that personal data are processed in accordance with applicable laws.

2. Collection, Processing and Storage of Personal Data

2.1. The Data Controller obtains, processes and stores identifying information of persons mainly through the online store website and e-mail.
2.2. By visiting and using the services provided in the online store, You agree that any information provided is used and managed according to the purposes described in this Privacy Policy.
2.3. The Data Subject is responsible for ensuring that the personal data submitted are correct, precise and complete. Deliberately giving false data is considered a breach of this Privacy Policy. The Data Subject is obliged to immediately notify the Data Controller of any changes to the submitted personal data.
2.4. The Data Controller is not responsible for damages caused to the Data Subject or third parties arising from data submitted incorrectly.

3. Processing of Clients’ Personal Data

3.1. The Data Controller may process the following personal data:

• 3.1.1. First and last name
• 3.1.2. Date of birth
• 3.1.3. Contact information (email address and/or phone number)
• 3.1.4. Transaction data (purchased items, delivery address, price, payment information etc.)
• 3.1.5. Any other information submitted during purchase of products or services or when contacting us.
  3.2. In addition, the Data Controller has the right to verify submitted data accuracy using publicly available registers.
  3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c) and (f) of the General Data Protection Regulation (GDPR):
  a) the data subject has given consent for one or more specific purposes;
  b) processing is necessary for performance of a contract to which the data subject is party or prior to the contract;
  c) processing is necessary for compliance with a legal obligation;
  f) processing is necessary for the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
  3.4. The Data Controller stores and processes the data while at least one of the following applies:
  3.4.1. The personal data are necessary for the purposes for which they were collected;
  3.4.2. While the data subject or controller may exercise legitimate interests (e.g., bring legal claims);
  3.4.3. While there is a legal obligation to retain data (for example under the Accounting Law);
  3.4.4. While consent remains in effect when no other legal basis applies.
  Once none of these criteria apply, personal data are irreversibly erased or anonymised from the systems.
  3.5. To fulfil its obligations to You, the Data Controller may provide your personal data to cooperation partners or data-processors acting on its behalf, e.g. accountants, courier services. Payment processing is handled by the payment platform makecommerce.lv owned by Maksekeskus AS, thus our company sends required personal data to this platform owner.
  The Data Controller may provide your personal data to governmental or law-enforcement authorities if necessary to protect its legitimate interests by drafting, submitting or defending legal claims.
  3.6. While processing and storing personal data, the Data Controller implements organisational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.

4. Rights of the Data Subject

4.1. Under the GDPR and Latvian law, You have the following rights:
4.1.1. To access your personal data, obtain information about processing, receive a copy electronically, and the right to data portability;
4.1.2. To request correction of inaccurate, incomplete or incorrect personal data;
4.1.3. To request deletion (“be forgotten”), except when the law requires retention;
4.1.4. To withdraw your prior consent to processing;
4.1.5. To request restriction of processing – ask that we temporarily stop processing your data;
4.1.6. To lodge a complaint with the Data State Inspectorate.
Requests may be submitted in person at Gāles 27, Sigulda, LV-2125, or electronically by email to gimenessirdsveikals@gmail.com with secure electronic signature.

5. Final Provisions

5.1. This Privacy Policy is developed in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) and other applicable Latvian and EU laws.
5.2. The Data Controller has the right to make amendments or additions to the Privacy Policy at any time and without prior notice. Changes become effective after publication on the website www.gimenessirds.lv.