SIA "Praline Nr.1" (hereinafter – the Controller) processes personal data obtained from the data subject – the user of the website sweetandbrew.com (hereinafter – the Website).
Privacy Policy
1. Introduction
- The Controller cares about the privacy and protection of the user’s personal data and respects the users’ rights to lawful personal data processing in accordance with the applicable laws, including the European Parliament and Council’s Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data (Regulation), and other applicable privacy and data processing regulations.
- Considering the above, the Controller has developed this privacy policy to provide users with the information stipulated by the Regulation.
- This privacy policy applies to data processing regardless of the form and/or environment in which the user provides personal data (on the Website, in paper form, in person, or by phone).
- The Controller reserves the right to change these terms at any time. It is the responsibility of the website visitor to independently review the content of the Website to stay informed about any changes.
2. Purposes and Legal Basis for the Processing of Personal Data
- If the user submits their personal data to the Controller by phone, through the Website's contact forms, by email, or by postal mail, we store and use this information to fulfil or conclude the relevant service contract, including customer identification; contract preparation and conclusion; service provision (fulfilment of contract obligations); customer support; handling complaints; improving customer loyalty; managing payments and settlements; debt recovery and collection; fact verification; maintaining and improving the website; business planning and analytics; and planning and record keeping. We will also process this data to provide information to government authorities and operational entities under the circumstances and scope prescribed by external regulatory acts.
- The legal basis for data processing is the conclusion and performance of contracts, compliance with regulatory requirements, the user’s consent, and our legitimate interests (for example, verifying the customer’s identity before concluding a contract, ensuring contract performance, analysing website usage, ensuring service provision efficiency, etc.).
3. Personal Data
Categories of Personal Data
- Categories of personal data – name, surname, personal ID code, email or postal address, IP address, phone number, content of a message or letter, etc.
Categories of Personal Data Recipients
- Data is disclosed to those employees of the Controller who require it to perform their direct duties to fulfil or conclude the relevant service contract.
- When obtaining and using personal data, we partially use the services of external service providers who strictly comply with our instructions under contract and whom we constantly monitor before and during the use of their services.
Transfer of Data Outside Latvia
- The data received is not intended to be transferred outside Latvia, the European Union, or the European Economic Area, nor will it be transferred to any international organisation. At the same time, given that the Website is linked to services provided by Google and Facebook, the Controller cannot guarantee that these companies will not transfer data outside the European Union or the European Economic Area.
Data Retention Period
- We process and store the user’s personal data for as long as either party has a legal obligation to retain the data.
- Once these conditions cease, and unless otherwise specified in the data protection regulations, we delete personal data no later than three months after the original reason for retaining the data is no longer valid, unless we are legally required to continue retaining this data (e.g., for accounting or litigation purposes).
Data Subject's Access to Personal Data
- The data subject has the right to access their personal data within one month from the date of the relevant request.
- The user can submit a request to exercise their rights in writing in person at the Controller's registered office (upon presentation of an identity document), by post, or by email, signed with a secure electronic signature.
- Upon receiving the user’s request to exercise their rights, the Controller verifies the user’s identity, evaluates the request, and fulfils it in accordance with the law.
- The user has the right to receive the information specified in the regulations concerning the processing of their data, the right to request access to their personal data, and the right to request that the Controller supplements, corrects, or deletes the data, restricts its processing, or objects to its processing, as long as these rights do not conflict with the purpose of data processing (contract conclusion or performance).
- The data subject is not entitled to receive information if it is prohibited to disclose such information by law in the areas of national security, state defence, public security, criminal law, or to safeguard the state’s financial interests in tax matters or supervise financial market participants and macroeconomic analysis.
4. Cookie Processing
Data on website visitors is collected to enable the Website operator to assess the usefulness of the Website and how it can be improved.
The Controller continuously improves the Website to enhance its usability. Therefore, the Controller needs to know which information is important to Website visitors, how often they visit, which devices and browsers they use, where visitors are coming from, and which content they prefer to read.
The Controller uses the system Google Analytics, which allows the Controller to analyse how visitors use the Website. The Controller uses the collected data for its legitimate interests to improve its understanding of visitor needs and improve the accessibility of publicly available information. Visitors can opt out of Google Analytics data collection at any time as described here: https://tools.google.com/dlpage/gaoptout/.
The server hosting the Website can log the requests sent by the visitor (used device, browser, IP address, access date, and time). The data mentioned in this section is used for technical purposes: to ensure the proper functioning and security of the Website and to investigate potential security incidents. The legal basis for collecting this data is the Controller’s legitimate interest in ensuring the Website’s technical availability and integrity.
Cookies are small files that a browser stores on a visitor’s computer each time the Website is visited, as indicated in the settings of the visitor’s computer browser. Certain cookies are used to select and customise the information and advertisements offered to the visitor based on the content they have viewed previously, thus making Website usage simple, convenient, and tailored to visitors. Additional information on cookies, as well as how to delete and manage them, can be found on the website www.aboutcookies.org.
The Website uses cookies to collect the user’s IP addresses and browsing information and allows the Website to remember the visitor’s choice. Cookies allow the Controller to track Website data flow and users’ interactions with the Website – the Controller uses this data to analyse visitor behaviour and improve the Website. The legal basis for using cookies is the Controller’s legitimate interest in ensuring the functionality, availability, and integrity of the Website.
Visitors can control and/or delete cookies at their discretion. More information on this process is available here: www.aboutcookies.org. Visitors can delete all cookies stored on their computer, and most browsers can be set to block cookie placement. Visitors can opt out of cookies via the browser menu or https://tools.google.com/dlpage/gaoptout/. To make the necessary settings, the visitor should consult their browser’s guidelines. If cookies are blocked, the visitor will have to manually adjust the settings each time they visit the Website, and some services and functions may not work.
Only those employees of the Controller who are responsible for analysing such data can access the statistical data on Website visitors.
Unless stated otherwise, cookies are stored until the action for which they were collected is completed, and they are then deleted.
If the Website provides a forum or comment feature, the Website stores the visitor’s IP address and the data provided by the visitor. Cookies that contain this data may be stored for one year for the visitor's convenience (so that they do not need to re-enter the information next time).
5. Third-Party Websites
We may cooperate with third parties authorised to place third-party cookies on our websites or services, applications, and tools with your consent. These service providers allow us to provide you with a better, faster, and safer browsing experience. Note that third-party cookies are subject to the third-party privacy policies, and we assume no responsibility for these privacy policies.
The Website has a tool installed called the "Facebook pixel". The purpose of using this tool is to customise content and advertisements for Facebook users. To learn more about Facebook's privacy policy, click here. You can also change your advertising settings in your Facebook profile.
6. Right to Lodge a Complaint with a Supervisory Authority
The data subject has the right to lodge a complaint with a supervisory authority (Data State Inspectorate). Documents can be submitted to the Data State Inspectorate by post, by email (signed with a secure electronic signature), or they can be left in the post box on the first floor at Blaumaņa iela 11/13, Rīga. The Data State Inspectorate accepts email submissions sent to info@dvi.gov.lv.
7. Effectiveness of the Privacy Policy
We reserve the right to change and supplement the content of this privacy policy from time to time to clarify how we process your data.
Therefore, we encourage you to regularly review this privacy policy to stay informed about how your personal data is processed on the Website.
8. Data Storage and Access
Our website servers are located in the United Kingdom and are managed by the company Ionos. Customer data is accessible only to website server administrators, website management, and developers who ensure the operation and maintenance of the website.
However, we guarantee that this data will never be transferred or sold to third parties, except in cases where it is required by law or government authorities.