PRIVACY POLICY
1. General provisions
1.1.
This Privacy Policy regulates the principles of collection, processing, and storage of personal data. Personal data is processed and stored by SIA Datagroove, registration number 40203710279, who is the controller of the personal data (hereinafter – the Controller).
1.2.
For the purposes of this Privacy Policy, a data subject means the customer or another natural person whose personal data is processed by the Controller.
1.3.
For the purposes of this Privacy Policy, a customer means anyone who purchases goods or services on the Controller’s website.
1.4.
The Controller observes the principles relating to personal data processing provided by applicable legislation and processes personal data in a lawful, fair, and secure manner.
2. Collection, processing, and storage of personal data
2.1.
Personal data is collected, processed, and stored electronically, mainly via the website and e-mail.
2.2.
By sharing personal data, the data subject grants the Controller the right to collect, arrange, use, and administer personal data for the purposes defined in this Privacy Policy.
2.3.
The data subject is responsible for ensuring that submitted data is accurate, correct, and complete. Submission of knowingly false data is regarded as a breach of this Privacy Policy.
2.4.
The Controller is not liable for damage caused by false or incorrect data submitted by the data subject.
3. Processing of personal data of customers
3.1.
The Controller may process the following personal data:
- Given name and surname
- Telephone number
- E-mail address
- Delivery address
- Billing address
- Company details (if applicable)
- Bank account number (refunds if needed)
- Order history
- Communication history
- IP address and technical usage data
The Controller does not store full payment card details.
3.2.
In addition, the Controller has the right to collect data available in public registers where necessary.
3.3.
The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
- consent
- contract performance
- legal obligation
- legitimate interest
3.4.
Processing purposes and retention periods:
3.4.1. Security and fraud prevention
Storage period: according to applicable legal requirements or reasonable necessity.
3.4.2. Processing of orders
Storage period: up to 3 years
3.4.3. Ensuring the functioning of online store services
Storage period: up to 1 year
3.4.4. Customer service and communication
Storage period: up to 2 years
3.4.5. Accounting and financial obligations
Storage period: according to applicable legal requirements.
3.4.6. Marketing
Storage period: until consent is withdrawn or up to 1 year after last interaction.
3.5.
The Controller may share personal data with third parties such as:
- payment service providers
- accountants
- transport and courier companies
- IT and hosting service providers
- legal authorities where required by law
The Controller transmits personal data necessary for payments to the payment processor Maksekeskus AS / MakeCommerce.
3.6.
The Controller implements appropriate organizational and technical measures to protect personal data against unlawful destruction, alteration, disclosure, or unauthorized processing.
3.7.
Personal data is stored only as long as necessary for the purpose of processing and no longer than required by law.
4. Rights of the data subject
4.1.
The data subject has the right to access their personal data.
4.2.
The data subject has the right to receive information about the processing of their personal data.
4.3.
The data subject has the right to rectify inaccurate data.
4.4.
Where processing is based on consent, the data subject has the right to withdraw consent at any time.
4.5.
To exercise rights, the data subject may contact:
4.6.
The data subject has the right to lodge a complaint with the Latvian supervisory authority:
Datu valsts inspekcija
5. Final provisions
5.1.
This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 (GDPR), applicable laws of the Republic of Latvia, and European Union legislation.
5.2.
The Controller has the right to amend this Privacy Policy by publishing the updated version on the website: