- Introduction
arabusmarzas.lv (hereinafter – “controller”) processes personal data obtained from the data subject – the website user (hereinafter – “user”) on the website https://arabusmarzas.lv (hereinafter – “website”).
Company: ArabuSmarzas.lv, reg. no. -, VAT no. LV Email: hello@arabusmarzas.lv Address: Riga, Latvia, LV-1009
The controller cares about the user’s privacy and the protection of personal data, respecting the user’s rights to the lawfulness of personal data processing in accordance with applicable laws: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation) and other applicable laws in the field of privacy and data processing.
In view of the above, the controller has developed this privacy policy to provide the user with the information required by the Regulation.
The privacy policy applies to data processing regardless of the form and/or environment in which the user provides personal data (on the site, in paper format, or by phone).
- Controller – personal data and contact information Email: arabusmarzas.lv
- Purposes of processing, legal basis for processing
If the user, using the site’s contact forms, email, or other means of communication, transfers their personal data to the controller, such as name, surname, email or postal address, phone number, personal messages, etc., the controller stores and uses this information to fulfill or conclude the relevant service contract.
The data controller needs to process the aforementioned data to identify the customer, assess creditworthiness, prepare, conclude, and certify the conclusion of the contract, ensure/maintain the operation of services, provide customer service, review and process applications and objections, manage payments, as well as for other purposes directly related to the conclusion or performance of the contract.
The legal basis for data processing is Article 6(1)(b) of the Regulation, which states that data processing is lawful if it is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract.
- Categories of personal data
Categories of personal data – name, surname, email or postal address, IP address, phone number or message content, etc.
- Categories of personal data recipients
Data is disclosed to those employees of the controller who need it to perform their direct duties in order to fulfill or conclude the relevant service contract.
When collecting and using personal data, the controller partially uses the services of external service providers who strictly follow the controller’s instructions in accordance with the contract and who are checked by the controller before using the service and continuously monitored thereafter.
- Categories of data subjects
Categories of data subjects – current, former, and potential customers of the controller.
- Data transfer outside the European Union
The received data is not and will not be sent outside the European Union or the European Economic Area, nor will it be sent to any international organization.
- Data storage duration
Unless otherwise stated in the data protection instructions, the controller deletes personal data no later than three years after the original reason for data storage is no longer valid, except in cases where we have a legal obligation to continue storing this data (for example, but not limited to, for accounting purposes or legal proceedings).
- Data subject’s access to personal data
The data subject has the right to receive access to their personal data within one month from the date of submission of the relevant request.
The user can submit a request for the exercise of their rights in writing, by appearing in person at the controller’s legal address (presenting an identity document) or by email, signing with a secure electronic signature.
Upon receiving the user’s request for the exercise of their rights, the controller verifies the user’s identity, evaluates the request, and fulfills it in accordance with regulatory acts.
The user has the right to receive information specified in regulatory acts regarding the processing of their data, the right to request access to their personal data, as well as to request the Controller to supplement, correct, or delete them, restrict processing, or object to processing, as long as these rights do not conflict with the purpose of data processing (conclusion or performance of contracts).
The data subject does not have the right to receive information if the disclosure of this information is prohibited by law in the field of national security, national defense, public safety, and criminal law, as well as for the purpose of ensuring the state’s financial interests in tax matters or the supervision of financial market participants and macroeconomic analysis.
10. Commercial communications
The data controller sends commercial communications with the user’s consent. Section 9(2) of the Information Society Services Law also provides for cases where commercial communications can be sent without consent, for example, if the email address was obtained while providing a previous service, within the framework of providing services or selling goods.
The user can give their consent to receive commercial communications from the Controller in the service application form published on the site.
The consent provided by the user to receive commercial communications is valid until it is withdrawn. The user can opt out of receiving further commercial communications at any time by using the automatic opt-out option provided in the commercial communication, by clicking on the unsubscribe link at the end of the relevant commercial communication.
The data controller will stop sending commercial communications as soon as the user’s request has been processed.
