- General provisions
1.3. The controller observes the principles relating to personal data processing provided by legislation and, among other things, processes personal data in a lawful, fair, and secure manner. The controller is able to declare that personal data has been processed in accordance with the provisions of the legislation.
- Collection, processing, and storage of personal data
2.1. The personal data collected, processed, and stored by the controller has been collected electronically, via e-shop and e-mail subcription.
2.4. The controller is not liable for any damage or loss caused to the data subject or a third party as a result of the submission of false data by the data subject.
- Processing of personal data of customers
3.1. The controller may process the following personal data of the data subject:
3.1.1. Given name and surname;
3.1.2. Contact information (Telephone number, e-mail address, delivery adress)
3.1.3. For companies (company name, registration number, address)
3.1.4. Payment details (products, price, payment card details etc.)
3.1.5. Any other information disclosed while making purchases on the website or contacting us.
3.2. In addition to the foregoing, the controller has the right to collect data about the customer that are available in public registers.
3.3. The legal basis for the processing of personal data points (a), (b), (c) and (f) of Article 6(1) of the General Data Protection Regulation:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3.4. Processing of personal data according to the purpose of processing:
3.4.1. Personal data is necessary for the purposes for which it was received;
3.4.2. While in accordance with the procedures specified in external regulatory enactments, the Data Controller and / or the Data Subject may exercise their legitimate interests, such as to submit objections or to bring or bring an action in court;
3.4.3. As long as there is a legal obligation to keep the data, such as under the Law On Accounting;
3.4.4. As long as the Data Subject's consent to the relevant processing of personal data is valid, unless there is another legal basis for the processing of personal data.
Upon termination of the circumstances referred to in this paragraph, the data subject's personal data shall also expire and all relevant personal data shall be permanently deleted from computer systems and electronic and / or paper documents containing the relevant personal data or these documents shall be anonymised.
3.5. The controller has the right to share personal data of customers with third parties such as cooperation partners, data controllers carrying out the necessary data control on our behalf such as accountants, booking administrators, etc. The controller is in charge of the processing of personal data.
3.6. Payment processing is provided by the payment platform makecommerce.lv, therefore our company transfers the personal data necessary for the execution of payments to the platform owner Maksekeskus AS.
Upon request, we may transfer your personal data to government and law enforcement authorities to defend your legal interests, if necessary, in drafting, filing and defending legal claims.
3.7. The controller processes and stores personal data of the data subject implementing the organizational and technical measures to ensure that the personal data is protected against any accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
- Rights of the data subject
4.1. In accordance to the General Data Protection Regulation and the laws of the Republic of Latvia, the data subject has the following rights:
4.1.1. To gain access to and examine personal data, obtain information on the processing of personal data, receive an electronic copy of the data and transfer the data to another data controller.
4.1.2. Modify or rectify inaccurate data.
4.1.3. Delete personal data except in cases when not permitted by law.
4.1.4. If the controller processes personal data of the data subject based on the consent granted by the latter, the data subject has the right to withdraw their consent at any time.
4.1.5. Limit the scope of the data processing.
4.1.6. To submit an appeal in the Data Protection Inspectorate
5.1. Cookies are small text files stored by websites you visit on your computer. They are used to keep the website running and to provide information to the site owners.
5.2. The website uses several cookies for different purposes
5.2.1. Functional cookies.These cookies are necessary for you to be able to navigate the website and use its features. Without these cookies, we are unable to provide the services you have requested, such as shopping cart functionality.
5.2.2. Google Analytics Cookies. These cookies are used to obtain statistics about traffic to our website. We use this information to improve site performance and advertising.
- How to opt out of cookies
6.1. To opt out of receiving cookies, you can use the incognito browsing mode provided by most browsers (private window, incognito window or InPrivate window). Any cookies created while in private browsing mode are deleted as soon as you close all browser windows.
- Final provisions
7.1. These data protection terms and conditions have been prepared in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Estonia and legislation of the Republic of Estonia and the European Union.
7.2. The controller has the right to amend the data protection terms and conditions in part or in full, notifying the data subjects of the amendments via www.pavarumaja.lv.