PRIVACY POLICY
This Privacy Policy applies to personal data processing performed by personal data handler SIA “BAJTEL.LV”, unified registration No. 40003979897, legal address: Brīvības gatve 214B, Riga, LV-1039, Latvia (“Data Handler”).
This Privacy Policy applies to all data subjects (“Users”) whose personal data are processed by the Data Handler, including all users of the website www.eleme.lv (“Website”) who are natural persons (including self-employed persons and individual entrepreneurs) or natural persons acting on behalf of a legal entity or in its interests (including, but not limited to board members, proctors, employees or proxies of limited liability companies or joint stock companies (“Commercial Operator”)).
The objective of this Privacy Policy is to provide information and explanations as to how and for what purposes the Data Handler collects and processes personal data, as well as to inform data subjects (Users) about their rights and obligations.
This Privacy Policy shall be applicable to:
- product deliveries performed by the Data Handler;
- functions and services provided by the Website to the User in the course of using the Website;
- use of any software provided on the Website by the User;
- communication between the User (or the Commercial Operator represented by the User) and the Data Handler via the Website or e-mail, or during telephone conversations between the User and the Data Handler;
- video surveillance performed by the Data Handler.
By providing personal data to the Data Handler the User is aware and unequivocally consents to the Data Handler processing the User’s personal data in accordance with this Privacy Policy and the laws and regulations in force in the Republic of Latvia, and relevant European Union law (“laws and regulations”), also consenting to the personal data being used by the employees of the Data Handler and to this data being transferred within the territory of the Republic of Latvia or outside of it in accordance with the conditions contained in this Privacy Policy.
Any questions about this Privacy Policy or the personal data processing performed by the Data Handler shall be addressed to the Data Handler by e-mail to [email protected] or to its legal address: Brīvības gatve 214B, Riga, LV-1039, Latvia.
CONTENTS OF THE PRIVACY POLICY
1. PERSONAL DATA
2. LEGAL BASIS OF PERSONAL DATA PROCESSING
3. PERSONAL DATA COLLECTED BY THE DATA HANDLER
4. PERSONAL DATA SOURCES
5. PURPOSE OF PERSONAL DATA PROCESSING
6 UPDATING PERSONAL DATA
7. PERSONAL DATA SECURITY
8. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
9. TRANSFER OF PERSONAL DATA ABROAD
10. AUTOMATED PROCESSING OF PERSONAL DATA
11. ADVERTISING
12. PERSONAL DATA STORAGE
13. USER RIGHTS
14. RESPONSIBILITY
15. COOKIES
16. POSSIBLE CONSEQUENCES OF USER NOT PROVIDING PERSONAL DATA
17. CHANGES TO THE PRIVACY POLICY
18. THIRD PARTY WEBSITES AND PERSONAL DATA PROCESSING
19. CONTACT INFORMATION
1. PERSONAL DATA
1.1. Personal data is information regarding the data subject – a natural person (user), which directly or indirectly identifies this natural person.
2. LEGAL BASIS OF PERSONAL DATA PROCESSING
2.1. The Data Handler shall process personal data on the following grounds:
- a contract concluded with the Data Handler;
- in order to fulfil the Data Handler’s obligations in accordance with laws and regulations;
- the lawful (legitimate) interests of the Data Handler (in processing personal data based on the Data Handler’s lawful (legitimate) interests, the Data Handler shall not violate the user’s rights and interests and shall adhere to the requirements set forth in laws and regulations);
- the user’s consent.
3. PERSONAL DATA COLLECTED BY THE DATA HANDLER
3.1. The exact type of personal data processed by the Data Handler depends on the type of legal relationship existing between the Data Handler and the user (or the commercial operator represented by the user). For example, when using the Website and concluding a contract with the Data Handler on their own behalf (or that of the commercial operator whom the user represents) the Data Handler may request the user to provide the following personal data:
- name;
- surname;
- personal identification number or date of birth, gender, nationality;
- passport or ID card number, or another personal identification number issued by a state authority;
- address (postal address, declared residence and/or legal address);
- postal code;
- telephone number;
- e-mail address;
- financial information;
- bank account number;
- information about place of employment;
- vehicle registration number, make and model;
- IP address, internet browser settings, search history (see Cookies Policy); and
- other information.
3.2. In addition to the aforementioned the Data Handler may record telephone conversations, perform video surveillance or take photos on the commercial premises of the Data Handler, its warehouse, point of sales or at organised events.
4. PERSONAL DATA SOURCES
The Data Handler may obtain personal data from the following sources:
4.1. The user:
- when the user (or the commercial operator represented by the user) registers and/or uses the Website, providing their contact information (or the contact information of the commercial operator represented by the user) or saving missing data on the Website;
- when the user (or the commercial operator represented by the user) makes a purchase, placing a product order on the Website and/or concluding a contract with the Data Handler;
- when using the right of withdrawal (if the user is a consumer) or when the user (or the commercial operator represented by the user) submits a claim to the Data Handler;
- when the Data Handler uses cookies on the Website to obtain technical data about users: IP address, internet browser settings and search history.
4.2. From third parties:
- state and municipal institutions, including registers maintained by such institutions (e.g., the insolvency register);
- public data bases (e.g., Lursoft) and publicly available information;
- the commercial operator, which is represented by the user and/or is the user’s employer;
- service providers and cooperation partners;
- social networks.
5. PURPOSE OF PERSONAL DATA PROCESSING
The Data Handler shall process personal data in a lawful and prudent manner and in accordance with the requirements set forth in laws and regulations. The Data Handler shall not use personal data for purposes which are inconsistent with the purpose for which the personal data was collected. The Data Handler shall process personal data for the following purposes:
5.1. To execute commercial operations of the Data Handler:
- to ensure the fulfilment of the product order placed by a user (or the commercial operator represented by the user);
- to ensure the sale and delivery of the product ordered by the user (or the commercial operator represented by the user) (e.g., to prepare accounting documents, return money paid in excess, return money for products returned by the user (or the commercial operator represented by the user), and to administer debts);
- to ensure the user (or the commercial operator represented by the user) with the opportunity to pay via the Website, if such a function is available on the Website;
- to contact the user (or the commercial operator represented by the user);
- to resolve disputes with the user (or the commercial operator represented by the user);
- to provide the user (or the commercial operator represented by the user) service during the product purchasing process and afterwards, including, but not limited to providing warranty service for sold products and/or post-sales service;
- to identify the user (or the commercial operator represented by the user);
- to take measures to prevent risk of fraud;
- to perform other actions required of the Data Handler by laws and regulations or the terms and conditions of the contract concluded between the Data Handler and the user (or the commercial operator represented by the user).
Legal grounds for processing:
The lawful (legitimate) interests of the Data Handler:
- execution of a contract concluded with the Data Handler;
- performance of duties of the Data Handler as stipulated in laws and regulations;
- the lawful (legitimate) interests of the Data Handler.
- ensuring commercial operations;
- efficient product delivery;
- execution of contractual obligations;
- collection and storage of documentation;
- fulfilling obligations stipulated in laws and regulations;
- developing commercial operations;
- warranty service for products;
- post-sales service for products;
- cooperation with customers of the Data Handler;
- organisational management of the Data Handler.
5.2. To ensure the functioning of the Website (see also the Cookies Policy):
- to authenticate access to the Website by the user (or the commercial operator represented by the user);
- to ensure a safe environment on the Website and its security;
- to reduce risks associated with unlawful use of the Website;
- to personalize and improve the functioning of the Website;
- to analyse the behaviour and choices of Website users;
- to ensure appropriate functioning of servers;
- to perform Website usage analytics (incl. collection of statistical data on processes, services, information systems and networks, analysis and correlation thereof and identification of trends).
Legal grounds for processing:
The lawful (legitimate) interests of the Data Handler:
- execution of a contract concluded with the Data Handler;
- performance of duties of the Data Handler as stipulated in laws and regulations;
- the lawful (legitimate) interests of the Data Handler;
- ensuring commercial operations;
- efficient product delivery;
- developing commercial operations;
- fulfilling obligations stipulated in laws and regulations;
- maintenance of IT systems and prevention of security threats.
5.3. To develop the commercial operations of the Data Handler:
- to develop and improve the commercial operations of the Data Handler;
- to perform market analysis;
- to assess the effectiveness of advertising and marketing activities performed by the Data Handler;
- to improve the experience of users (or the commercial operator represented by the user).
Legal grounds for processing:
The lawful (legitimate) interests of the Data Handler:
- execution of a contract concluded with the Data Handler;
- performance of duties of the Data Handler as stipulated in laws and regulations;
- the lawful (legitimate) interests of the Data Handler;
- ensuring commercial operations;
- efficient product delivery;
- developing commercial operations;
- performing obligations stipulated in laws and regulations.
5.4. To advertise the Data Handler’s commercial operations and products offered for sale:
- to determine the desire of the user(or the commercial operator represented by the user) to receive information from the Data Handler about products available on the Website, upcoming events, marketing activities, campaigns and news;
- to inform the user (or the commercial operator represented by the user) about products available on the Website, upcoming events, marketing activities, campaigns and news by sending information to the user’s e-mail address if the user has consented to receiving such information from the Data Handler.
Legal grounds for processing:
The lawful (legitimate) interests of the Data Handler:
- execution of a contract concluded with the Data Handler;
- performance of duties of the Data Handler as stipulated in laws and regulations;
- the lawful (legitimate) interests of the Data Handler;
- the user’s consent;
- ensuring commercial operations;
- efficient product delivery;
- collection and storage of documentation;
- developing commercial operations;
- performing obligations stipulated in laws and regulations.
5.5. To ensure security:
- the Data Handler may record telephone conversations, perform video surveillance or take photos on the commercial premises of the Data Handler, its warehouse, point of sales or at organised events.
Legal grounds for processing:
The lawful (legitimate) interests of the Data Handler:
- execution of a contract concluded with the Data Handler;
- performance of duties of the Data Handler as stipulated in laws and regulations;
- the lawful (legitimate) interests of the Data Handler;
- ensuring commercial operations;
- fulfilling obligations stipulated in laws and regulations;
- organisational management of the Data Handler.
6. UPDATING PERSONAL DATA
6.1. The Data Handler shall ensure that collected personal data of users are appropriate, accurate and correct, and contain only such data as necessary for the purposes of personal data processing as stipulated in this Privacy Policy. Inaccurate personal data will immediately be deleted or corrected. The user shall have the right to review, modify, amend or delete their personal data, which are stored on their user account on the Website.
7. PERSONAL DATA SECURITY
7.1. The Data Handler shall take all reasonable appropriate technical and organisational precautions required to ensure the confidentiality, integrity, privacy and security of the personal data processed by the Data Handler. The Data Handler shall implement internal procedures and control measures to prevent the unauthorised use, access to, disclosure, copying, alteration or damage of personal data. The users personal data are disclosed only to employees of the Data Handler who need this data in order to perform their duties.
7.2. If payment is possible on the Website, an encoded channel for data exchange with banks shall ensure the security of user personal data and bank details. The Data Handler shall not have direct access to the confidential information of the user's payment tool (i.e., card numbers, banking system access data). The Data Handler shall only receive payment confirmation from the payment service provider.
8. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
8.1. For the purpose of performing the Data Handler’s commercial operations, executing contractual obligations and providing better service to the user (or the commercial operator represented by the user) , the Data Handler may disclose certain personal data of the user and transfer this data to third parties falling into the following categories:
- cooperation partners, such as product delivery service providers, credit institutions, auditors or consultants of the Data Handler, debt recovery service providers and other cooperation partners providing services to the Data Handler;
- state or municipal institutions or law enforcement institutions which have the right to request information from the Data Handler in accordance with requirements set forth in laws and regulations.
8.2. In addition to the aforementioned, the Data Handler may also transfer personal data to another entity in the framework of the Data Handler or a division thereof being transferred, merged or acquired or in the event of sale of the Data Handler’s assets or other similar cases.
8.3. In the course of transferring personal data to third parties the Data Handler shall ensure third party compliance with the following requirements:
- received personal data shall only be used in consistence with the purpose for which it was collected and in accordance with applicable laws and regulations;
- personal data confidentiality shall be maintained and security measures shall be ensured in accordance with the requirements set forth in laws and regulation and this Privacy Policy.
9. TRANSFER OF PERSONAL DATA ABROAD
9.1. The Data Handler shall take all measures to ensure that in the event of personal data being transferred to a country outside of the European Economic Area (EEA), an adequate level of security of the data shall be ensured.
9.2. the Data Handler shall not disclose user personal data to third parties in countries where an adequate level of personal data protection is not ensured and which are not EEA member states, except for the following cases:
- the user has given consent;
- transfer of personal data is necessary to conclude a contract with a user (or the commercial operator represented by the user) or to execute a contract concluded with a user (or the commercial operator represented by the user);
- transfer of personal data is necessary to conclude a contract or execute a contract concluded in the interests of a user (or the commercial operator represented by the user);
- transfer of personal data is permitted in accordance with applicable laws and regulations.
9.3. If user personal data are transferred to a third party in a country, which is not a member state of the EEA, the Data Handler shall implement all necessary measures to ensure the protection of user personal data and processing thereof in accordance with this Privacy Policy. If personal data are transferred outside of the EEA, the Data Handler shall ensure the existence of one of the following guarantees:
- the state to which user personal data are transferred ensures the same level of personal data protection as in the EEA;
- a contract has been concluded on personal data processing between the Data Handler and the entity to whom the personal data has been transferred;
- personal data are transferred to an entity which is a member of Privacy Shield (Privacy Shield is an international agreement concluded between the European Union and the United States of America providing for the protection of persons’ rights to privacy and civil liberties).
9.4. If user personal data are transferred abroad, the Data Handler shall guarantee that users are provided their rights as data subjects and effective legal remedies as stipulated in laws and regulations. The user shall consent to their personal data being transferred abroad.
10. AUTOMATED PROCESSING OF PERSONAL DATA
10.1. The Data Handler shall perform automated processing of personal data, including profiling. The user shall have the right to contact the Data Handler regarding automated decisions and request the Data Handler to take decisions by involving an employee of the Data Handler.
10.2. The Data Handler shall use automated personal data processing, i.e., profiling, for advertising purposes (see Paragraph 11 of this Privacy Policy – “Advertising”). The user shall have the right to object to this type of profiling by informing the Data Handler in writing.
11. ADVERTISING
11.1. The Data Handler may use user personal data for advertising purposes, i.e., to inform the user (or the commercial operator represented by the user) about products available on the Website, upcoming events, marketing activities, campaigns and news by sending information to the user’s e-mail address if the user has consented to receiving such information from the Data Handler ("Advertising”).
11.2. For advertising purposes the Data Handler may also perform video surveillance or take photos on the commercial premises of the Data Handler, its warehouse, point of sales or at organised events.
11.3. The Data Handler shall have the right to use user personal data for advertising purposes only if the Data Handler has obtained explicit consent from the user or based on the lawful (legitimate) interests of the Data Handler.
11.4. For advertising purposes the Data Handler shall contact the user by e-mail unless the user has indicated to the Data Handler that they do not wish to receive advertising from the Data Handler by informing the Data Handler of this in writing to e-mail address: [email protected]. However, regardless of whether the user has indicated that they do not wish to receive advertising from the Data Handler, the Data Handler shall have the right to send to the user’s indicated e-mail address important information, such as information related to the execution of the contractual obligations of the user (or the commercial operator represented by the user).
12. PERSONAL DATA STORAGE
12.1. The Data Handler shall store personal data for as long as necessary to fulfil the objectives established under this Privacy Policy unless a longer term of storage of personal data has been established or permitted under applicable laws and regulations. In order to determine the period of storage of personal data, the Data Handler shall use criteria compliant with those set forth in laws and regulations (e.g., (i) the Law on Accounting and the Archives Law, as well as (ii) norms regarding examination of claims, protection of rights, resolution of disputes, statutes of limitations etc.). In any case, the Data Handler shall not process and shall delete all personal data which are not necessary or inconsistent with the purposes of personal data processing as established under this Privacy Policy.
13. USER RIGHTS
13.1. Pursuant to laws and regulations, the user (data subject) shall have the following rights:
- access rights: the user shall have the right to receive from the Data Handler information about (i) user personal data and categories thereof processed by the Data Handler; (ii) the source from which user personal data has been obtained (if such is used and laws and regulations permit such disclosure); (iii) the date of the last alterations made to the user's personal data; (iv) the purposes for which personal data are processed; (v) entities to which personal data has been transferred; (vi) period of storage of the user’s personal data; (vii) whether personal data are processed automatically; and (viii) other information in accordance with laws and regulations. Upon the user exercising the rights listed under this paragraph, the Data Handler shall have the right to request a reasonable fee based on the administrative costs it has incurred;
- the right to rectify data: in the event of inaccurate personal data, the user shall have the right to request that their personal data be rectified or amended;
- the right to deletion or the right “to be forgotten”: the user shall have the right to request that the Data Handler deletes the user’s personal data without undue delay if (i) the data are no longer necessary for the purpose for which they were collected or processed, (ii) the user objects to the processing, or (iii) the data are processed illegally. If the user exercises the rights listed under this paragraph, the Data Handler shall have the right to continue processing the user’s personal data in order for the Data Handler to implement or protect its legitimate interests and rights;
- the right to restrict processing: the user shall have the right to restrict the processing of their data, if (i) the data are inaccurate, outdated, uncomplete, incorrect, processed illegally or no longer consistent with the processing purposes indicated initially; (ii) the data are not necessary for the Data Handler to process data, but are necessary for the user to be able to submit, implement or defend their legitimate claims; or (iii) having exercised their rights, the user has objected to the processing of their data in the cases established under laws and regulations. If the user exercises the rights listed under this paragraph, the Data Handler shall have the right to continue processing the user’s personal data in order for the Data Handler to implement or protect its legitimate interests and rights, or to protect the legitimate interests and rights of another entity;
- the right to object: the user shall have the right to object against processing of their personal data in the cases established under laws and regulations;
- the right to refuse: the user shall have the right to refuse to receive information about products available on the Website, upcoming events, marketing activities, campaigns and news;
- the right to submit a claim: the user shall have the right to submit a claim regarding the personal data processing performed by the Data Handler in the order set forth in laws and regulations, including submitting a claim to the Data State Inspectorate (the data protection monitoring body of the Republic of Latvia). The Data Handler shall request the user to first contact the Data Handler, prior to contacting the Data State Inspectorate.
13.2. In the event that the user wishes to exercise one or more of the aforementioned rights of a data subject, the user shall submit to the Data Handler a written request by sending it to the Data Handler (i) via e-mail to [email protected], or (ii) via post to the legal address: Brīvības gatve 214M-, Riga, LV-1039, Latvia. The Data Handler shall respond to the user’s submission in the same form as the submission was made to the Data Handler, unless the user has requested otherwise.
13.3. When submitting a submission, the user shall ensure that the Data Handler is able to identify them as a unique data subject and verify the substance and justification of the submission. The Data Handler shall examine submissions from users free of charge and without undue delay within one month of the date of receiving the submission. Based on the complexity on the information request submitted by the user, the Data Handler shall have the right to extend the aforementioned deadline by two months, by informing the user of this in writing.
14. RESPONSIBILITY
14.1. The user shall attest that the personal data and other data they have submitted are correct, valid, legitimate and complete. In the event of submission of untrue or false data, or in the event of identifying fraud or attempted fraud, the Data Handler shall have the right to immediately suspend the user’s access to the Website and/or notify law enforcement authorities in accordance with the procedure set forth in the laws and regulations of the Republic of Latvia.
14.2. The user shall be held responsible in accordance with the laws and regulations in force in the Republic of Latvia for all actions and consequences thereof performed by themself or a third person using the user’s data on the Website.
14.3. The user (or commercial operator represented by the user) shall have the obligation to read this Privacy Policy and acquaint with it any natural person whose interests may be affected by the personal data processing performed by the Data Handler.
15. COOKIES
15.1. The Data Handler shall have the right to collect data about Website users through the use of cookies. Information about the use of cookies on the Website is provided in the Cookies Policy.
16. POSSIBLE CONSEQUENCES OF USER NOT PROVIDING PERSONAL DATA
16.1. In the event that the user wishes to not disclose their personal data to the Data Handler or use only some of the data subject rights provided to them, the user shall have the right to restrict the Data Handler’s ability to ensure the functionality of the Website, provide product delivery and other services (including, but not limited to, warranty service and/or post-sales service for products) in the way initially envisioned by the Data Handler. In certain cases, in the event of the user failing to provide their personal data to the Data Handler, the Data Handler may not be able to sell products, deliver products or provide other services (including, but not limited to, warranty service and/or post-sales service for products) to the user (or the commercial operator represented by the user).
17. CHANGES TO THE PRIVACY POLICY
17.1. The Data Handler shall have the right to change this Privacy Policy at its discretion, informing users thereof on the Website.
18. THIRD PARTY WEBSITES AND PERSONAL DATA PROCESSING
18.1. This Privacy Policy shall not apply to personal data processing performed by third parties, including third party websites or provided services. In such cases users are asked to read the privacy policy of the relevant third party or the personal data protection guarantees issued by the third party.
19. CONTACT INFORMATION
19.1. In order to resolve any issue or problem related to this Privacy Policy or personal data processing, as well as in cases when the user wishes to refuse (i) receiving advertising from the Data Handler, (ii) delete all of their data from the user account created on the Website, or (iii) exercise their data subject rights, the user is kindly requested to contact the Data Handler by the following means:
- e-mail address [email protected]; or
- legal address: Brīvības gatve 214M-, Riga, LV-1039, Latvia.