DataGroove

Privacy Policy

PRIVACY POLICY

1. General Provisions

1.1.
This Privacy Policy regulates the principles for the collection, processing, and storage of personal data.
Personal data is collected, processed, and stored by the responsible data controller Maksekeskus AS
(hereinafter – the Data Controller).

1.2.
For the purposes of this Privacy Policy, a data subject is a customer or any other natural person whose personal data is processed by the Data Controller.

1.3.
For the purposes of this Privacy Policy, a customer is any person who purchases goods or services via the Data Controller’s website.

1.4.
The Data Controller complies with the principles of personal data processing set out in applicable legislation and ensures that personal data is processed lawfully, fairly, and securely.
The Data Controller is able to demonstrate that personal data is processed in accordance with applicable legal requirements.

2. Collection, Processing, and Storage of Personal Data

2.1.
Personal data is collected, processed, and stored electronically, primarily via the website and email communication.

2.2.
By providing their personal data, the data subject grants the Data Controller the right to collect, organize, use, and manage personal data for the purposes specified in this Privacy Policy.

2.3.
The data subject is responsible for ensuring that the data provided is accurate, correct, and complete.
Knowingly providing false data is considered a violation of this Privacy Policy.
The data subject is obliged to immediately notify the Data Controller of any changes to their data.

2.4.
The Data Controller is not liable for damages resulting from the provision of incorrect data.

3. Processing of Customers’ Personal Data

3.1.
The Data Controller may process the following personal data:

  • first and last name

  • date of birth

  • phone number

  • email address

  • delivery address

  • bank account number

  • payment card details

3.2.
In addition, the Data Controller has the right to obtain data from public registers.

3.3.
The legal basis for the processing of personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR).

3.4.
Purposes of processing and retention periods:

  • security and protection – in accordance with applicable legislation

  • order processing – 1 year

  • ensuring the operation of the online store – 1 year

  • customer service – 1 year

  • accounting – in accordance with applicable legislation

  • marketing – 1 year

3.5.
The Data Controller has the right to transfer personal data to third parties, including authorized processors, accountants, courier and delivery service providers, and payment service providers.
Personal data necessary for processing payments is transferred to the authorized processor Maksekeskus AS.

3.6.
The Data Controller applies appropriate organizational and technical security measures to protect personal data.

3.7.
Personal data is stored for no longer than 1 year unless otherwise required by applicable legislation.

4. Rights of the Data Subject

The data subject has the right to:

  • access their personal data

  • receive information about the processing of personal data

  • correct inaccurate data

  • withdraw consent

To exercise these rights, the data subject may contact:
shop@datagroove.lv 

The data subject also has the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

5. Final Provisions

5.1.
This Privacy Policy has been prepared in accordance with the GDPR, the Estonian Personal Data Protection Act, and applicable European Union legislation.

5.2.
The Data Controller has the right to amend this Privacy Policy by publishing an updated version on the website:
https://datagroove.lv/e-veikals