Privacy Policy
1. General Provisions
1.1 This Privacy Policy describes how SIA "Kārlis Anitens", registration number 40103671539, legal address Dignājas iela 3-6A, Rīga, LV-1004 (hereinafter referred to as the "Data Controller") collects, processes, and stores personal data that the online store "karlisanitens.lv" obtains from its clients and individuals who visit the website (hereinafter referred to as the "Data Subject" or "You").
1.2 Personal data refers to any information relating to an identified or identifiable natural person, i.e., the Data Subject. Processing refers to any operation or set of operations which are performed on personal data, such as collection, recording, alteration, use, viewing, deletion, or destruction.
1.3 The Data Controller complies with the data processing principles set out in the applicable legislation and can confirm that personal data is processed in accordance with current laws.
2. Collection, Processing, and Storage of Personal Data
2.1 The Data Controller collects, processes, and stores personal data that identifies individuals, mainly using the online store website and email.
2.2 By visiting and using the services provided by the online store, you agree that any information provided will be used and managed in accordance with the purposes outlined in this Privacy Policy.
2.3 The Data Subject is responsible for ensuring that the personal data submitted is correct, accurate, and complete. Providing false information intentionally is considered a breach of our Privacy Policy. The Data Subject must immediately inform the Data Controller about any changes to the submitted personal data.
2.4 The Data Controller is not responsible for any losses caused to the Data Subject or third parties due to the submission of false personal data.
3. Processing of Client’s Personal Data
3.1 The Data Controller may process the following personal data:
3.1.1 First name, last name
3.1.2 Date of birth
3.1.3 Contact information (email address and/or phone number)
3.1.4 Transaction data (purchased items, delivery address, price, payment information, etc.)
3.1.5 Any other information provided to us during the purchase of goods or services or when contacting us.
3.2 In addition to the above, the Data Controller has the right to verify the accuracy of the submitted data by using publicly available registers.
3.3 The legal grounds for processing personal data are specified in Article 6(1) of the General Data Protection Regulation (GDPR):
a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which the controller is subject;
f) Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, particularly when the data subject is a child.
3.4 The Data Controller retains and processes the Data Subject’s personal data as long as at least one of the following criteria applies:
3.4.1 The personal data is necessary for the purposes for which it was collected;
3.4.2 As long as the Data Controller and/or Data Subject may exercise their legitimate interests under applicable external regulations, such as submitting objections or filing or defending claims in court;
3.4.3 As long as there is a legal obligation to store the data, for example, under the Accounting Law;
3.4.4 As long as the Data Subject’s consent remains valid for the personal data processing, if no other lawful basis exists.
Once the circumstances in this section cease to apply, the Data Subject’s personal data storage period ends, and all relevant personal data will be permanently deleted from computer systems and/or paper documents, or these documents will be anonymized.
3.5 In order to fulfill its obligations to you, the Data Controller has the right to share your personal data with partners and data processors who perform necessary data processing on our behalf, such as accountants, courier services, etc. The data processor is a personal data controller. Payment processing is provided by the payment platform makecommerce.lv, so our company transfers the necessary personal data to the platform owner, Maksekeskus AS.
Upon request, we may share your personal data with state and law enforcement authorities if necessary to defend our legal interests, by preparing, submitting, and defending legal claims.
3.6 When processing and storing personal data, the Data Controller implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
4. Rights of the Data Subject
4.1 According to the General Data Protection Regulation and the laws of the Republic of Latvia, you have the right to:
4.1.1 Access your personal data, receive information about its processing, and request a copy of your personal data in electronic format, as well as the right to transfer this data to another controller (data portability);
4.1.2 Request correction of inaccurate, incorrect, or incomplete personal data;
4.1.3 Request the deletion of your personal data ("right to be forgotten"), except in cases where the law requires the data to be retained;
4.1.4 Withdraw your consent for personal data processing;
4.1.5 Restrict your data processing – the right to request that we temporarily stop processing all your personal data;
4.1.6 Lodge a complaint with the Data State Inspectorate.
Requests regarding the exercise of your rights can be submitted by completing the form in person at Dignājas iela 3-6A, Rīga, LV-1004, or by sending the request electronically to customer support at [email protected].
5. Final Provisions
5.1 This Privacy Policy has been developed in accordance with the European Parliament and Council Regulation (EU) 2016/679 (April 27, 2016) on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as the applicable laws of the Republic of Latvia and the European Union.
5.2 The Data Controller has the right to make changes or additions to this Privacy Policy at any time without prior notice. Changes will take effect once they are published on the website karlisanitens.lv.