Privacy Policy

SIA “EKO OSTA” privacy policy.

SIA “Eko Osta”

Reg. No.: 40003428805

Address: Tvaika street 39, Riga, LV- 1034

1. Controller’s identity and contact information

The Controller is SIA “Eko Osta'', Reg.No. 40003428805. The Controller’s address is Tvaika street 39, Riga, LV- 1034, homepage – www.ekoosta.lv, electronic e-mail address - ekoosta@ekoosta.lv, telephone – +371 67393860.


2. Introduction

The Controller takes all necessary action for the purpose that your personal data, which come into its possession, would be in safety, and their processing would comply with the General Data Protection Regulation no.267/2016 (hereinafter referred to as the Regulation), the Personal Data Processing Law as well as other applicable legal acts. Considering the above, the Controller has developed this privacy policy with the aim of providing information to you stipulated in the Regulation.


The Controller ensures:

-  data processing lawfully and fairly;

-  data processing only in conformity with the purposes which are appropriate and explained to the data subject;

-  data minimisation (processing only to the extent necessary);

-  data accuracy;

-  data retention no longer than necessary for the processing purposes;

-  data safety and confidentiality.



3. Processes of data processing performed by the Controller.

Your personal data may be collected and processed:

-  when applying for provision of service, filling out the application form on the Controller’s webpage via phone or using electronic mail address;

-  upon conclusion of the agreement for receipt of service;

-  when visiting the Controller’s legal address at Riga, Tvaika street 39, where video surveillance is in operation;

-  when providing the consent for receiving of commercial messages;

-  when visiting the Controller’s web site;

-  when contacting the Controller, using the contact form on the internet site;

-  when participating in drawing lots or lotteries organized by the Controller.



4. Purposes and legal basis of personal data processing.

            1) If you fill out the application form on the Controller’s internet site, the personal data submitted by you are processed with the purpose to assess the application,                   identify you and provide the service. The legal basis is Article 6 (1) (a) (data subject’s consent). 


                  In this process of data processing the following personal data are collected: first name, surname, address, phone number, electronic mail address.

                  If after the application for the service is placed, the service agreement is concluded between the Controller and you, the personal data shall be processed and                                  retained in conformity with the purpose specified in the next clause. In case the service agreement is not concluded, the personal data shall be deleted within 20                            days. 



            2) If the service agreement is concluded between you and the Controller, the purpose of personal data processing is your identification, the conclusion and fulfilment                   of the agreement. The legal basis is Article 6 (1) (b) of the Regulation (fulfilment of the agreement).

                 If the service agreement is concluded between the Controller and a legal entity, then the purpose for personal data processing of the legal entity’s contact person                     is the possibility of communication and information exchange. The legal basis is Article 6 (1) (f) of the Regulation (controller’s legitimate interest).


                 In this process of data processing the following personal data are collected: first name, surname, address, phone number, electronic mail address, personal code, b                       bank  account number.

                 The following data are collected from the legal entity’s contact person: first name, surname, position, electronic mail address, phone number. 

 

                 The personal data, which are comprised in the concluded service agreement, shall be retained in compliance with the regulatory enactments on storage of                                        accounting documents.

                 The data of the legal entity’s contact person, if they are not included in the service agreement, may be retained until termination of the service agreement/change of                        the contact person.

 



             3) The purpose of video surveillance at the Controller’s legal address is monitoring of technological processes and preservation of material values. The legal                              basis is Article 6 (1) (f) of the Regulation (controller’s legitimate interest).


                   In this process of data processing your video image and date and time of location shall be processed.

 

                   The personal data for this purpose of processing shall be retained for seven days.



              4) The Controller sends commercial messages to you with the purpose to offer new products, campaigns and discounts for goods and services on the basis of                              Article 6 (1) (a) of the Regulation (data subject’s consent). The Controller confirms that the commercial message, which is being sent, complies with Section 8                          and 9 of the Law on Information Society Services.


                    In this process of data processing your electronic mail address is processed.

 

                   The personal data for this purpose shall be retained until the moment when you withdraw your consent for receipt of commercial messages, or the Controller                                 terminates sending commercial notifications. 


               5) You have the possibility to use the contact form on the Controller’s internet site with the purpose to contact the Controller and clarify the desirable information,                         the legal basis is Article 6 (1) (a) of the Regulation (data subject’s consent). 


                   In this process of data processing the following personal data are collected: first name, surname, address, phone number, electronic mail address.


                   The personal data shall be retained for 30 days in the Controller’s information system. 


                6) The purpose for use of cookies is the functionality of the Controller’s homepage.  In this process of data processing the information storage takes place in the                           end-user device. The legal basis is Article 6 (1) (f) of the Regulation (controller’s legitimate interest). See below regarding cookies.


                 7) The Controller may organize drawing lots and/or lotteries with the purpose to involve you as the Controller’s customer in marketing activities. The legal basis is                           Article 6 (1) (a) of the Regulation (data subject’s consent).


                       In this process of data processing the following personal data are processed: first name, surname, electronic mail address of the participant of drawing lots                                    and/or lottery.

 

                     The personal data for the purpose of this processing shall be retained until the end of drawing lots /lottery or until the moment when you withdraw your consent                             during the process of drawing lots/lottery. 



5. Categories of the recipients of personal data

The data are disclosed to the Controller’s employees whom they are necessary for performance of direct tasks for fulfilment or conclusion of the respective agreement for service provision.


When obtaining and using the personal data, the Controller may use the outsourcing services. The personal data processors and cooperation partners, in conformity with the provided service, shall observe the processor’s obligations set forth in the General Data Protection Regulation, including observance of confidentiality and disclosure only for a specific purpose.

 

In case of necessity the personal data may be transferred to competent authorities in order to prevent, investigate, detect criminal offences.


6. Data transfer outside Latvia

The received data are not intended to be transferred outside Latvia, the European Union and the European Economic Area, as well as they will not be transferred to any international organization. At the same time, taking into consideration that the Website is linked with Google and Facebook services, the Controller cannot guarantee that the above-mentioned companies would not transfer the data outside the European Union and the European Economic Area.


7. Data retention period

1) The retention period for the data, which are processed by the Controller on the basis of the regulatory enactments, is determined in accordance with the regulatory enactments which govern the data retention (as for example, the concluded contracts are retained in conformity with the normative acts on the retention periods for accounting documents).


2) The data, which are processed by the Controller on the basis of the consent provided by you, shall be retained as far as the respective consent is valid (it is not withdrawn) or the data processing purpose is achieved (as for example, drawing lots and/or lottery).


3) The data, which are processed by the Controller on the basis of Article 6 (1) (f) of the Regulation, namely, the Controller’s legitimate interest, shall be retained as long as required for achievement of the specific purpose, for which the personal data were obtained.

 


8. Data subject’s access to the personal data

You have the rights to request the Controller and receive information related to your data processing; the rights to request access to your personal data; as well as to request the Controller to supplement, rectify, delete them, to restrict the processing or the rights to object against the processing insofar as this right does not contradict the data processing purpose.


You can lodge the request for implementation of your rights in a written form in person at the Controller’s legal address (presenting a personal identification document), by post, or via e-mail, signing with a secure electronic signature.


The reply to your request shall be provided no later than within 30 days and sent (by post or electronically signed) to the contact address (address of the place of residence or e-mail address), which you have indicated in your request.


The Controller draws attention that the personal data, the retention of which is set forth by the regulatory enactments (accounting records, issued invoices, concluded contracts etc.), may be deleted only in compliance with the requirements of the regulatory enactments.


You are not entitled to receive information if prohibition to disclose this information is imposed by law in the spheres of national security, national defence, public security, criminal law, as well as with the purpose to ensure financial interests of the State in tax matters or supervision of the financial market participants and the macroeconomic analysis. 


10. Processing of cookies

The Controller’s internet site (hereinafter referred to as the Site) gathers the data on the Site visitors, thus the Controller has the possibility to assess, how useful is the Site and how it could be improved.


The Controller regularly updates the Site with the purpose to improve its use, therefore the Controller needs to know what information is important for the Site visitors, how often they visit this Site, which devices and browsers they use, from which region the visitors come from and what content they prefer to read.


The Controller uses the system Google Analytics which enables the Controller to analyse, how the visitors use the Site.


It is possible to find out, how the basic principles of Google Analytics are applied, on Google home page: https://support.google.com/analytics/answer/1012034?hl=lten&ref_topic=6157800. The Controller uses the collected data for its legitimate interests in order to improve the understanding about the needs of the Site visitors and improve access to the information published by the Controller. The visitor may at any time disable data collection by Google Analytics as described here: https://tools.google.com/dlpage/gaoptout/.


The server, on which the Site is located, can register the requests sent by the visitor (used device, browser, IP address, access date and time). The data referred to in this clause are used for technical purposes: to ensure the proper functioning and security of the Site and investigate possible security incidents. The basis for collection of data referred to in this clause is the Controller’s legitimate interest to ensure the technical availability and integrity of the Site.


Cookies are small files which, every time a visitor visits the Site, are saved by the browser on the visitor’s computer to such extent as specified in the settings of the visitor’s computer browser. Specific cookies are used in order to select and adjust the information and advertisements to be offered to the visitor, on the basis of the content previously viewed by the visitor and thus to make the use of the Site simple, convenient and personalized. Additional information about the cookies as well as their deletion and management may be obtained on the home page www.aboutcookies.org.


The Site uses cookies in order to collect the information about the user’s IP address and browser, and enable the Site to remember the visitor’s choice. The cookies allow the Controller to monitor the data flow on the Site and the users’ interaction with the Site – the Controller uses these data in order to analyse the visitors’ behaviour and improve the Site. The legal basis for using the cookies is the Controller’s legitimate interest to ensure the functionality, availability and integrity of the Site.

The visitor may control and/or delete the cookies as per his or her wish. More information about this process is available here: www.aboutcookies.org. The visitor may delete all cookies on his or her computer and the most part of browsers may be set in such a way as to block storage of cookies on the computer. The visitor may reject the cookies in the browser menu or  https://tools.google.com/dlpage/gaoptout. For activation of the necessary settings the visitor is required to get familiarized with the terms of his or her browser. In case of disabling the cookies, the visitor will have to manually adjust the settings every time when he or she visits the Site, besides the possibility exists that some services and functions will not work.


The statistical data on the Site visitors can be accessed only by those Controller’s employees who are responsible for analysis of such data.


Unless otherwise specified, the cookies shall be stored until the activity is accomplished for the purpose of which they are collected, and afterwards they are deleted.


In case the possibility of forum or comments is provided for on the Controller’s Site, in such event the IP address as well as the data entered by the visitor himself or herself shall be stored on the Site.  The cookies, which contain these data, may be stored for three months for convenience of the data subject (not to enter anew next time).


11. Third party websites

The Controller, possibly, will cooperate with third parties who are authorized to place third party cookies on the Controller’s internet site. These service providers allow the Controller to ensure experience for better, faster and safer use of the website. Please note that the third-party privacy policy applies to third party cookies therefore the Controller does not assume any responsibility for these privacy policies.


The tool "Facebook pixel" is installed on the website. The purpose for use of this tool is adjustment of content and advertisements for the Facebook users. To learn more about Facebook privacy policy, click here https://www.facebook.com/about/privacy/.


12. Right to lodge a complaint with the supervisory authority

In case you consider that the Controller has acted unlawfully in your data processing, you have the rights to lodge a complaint with the supervisory authority (Data State Inspectorate). The documents at the Data State Inspectorate are accepted using the post, electronic mail (documents signed with a secure electronic signature), as well as they may be put in the post box on the 1st floor at Blaumana street 11/13, Riga. The Data State Inspectorate accepts electronic mail messages which are received at electronic mail address info@dvi.gov.lv.


13. Validity of privacy policy

Considering the above, you are welcome to review this privacy policy regularly to be informed about the process of your personal data on the Site. The Controller reserves the rights to modify and supplement the content of this privacy policy from time to time with the purpose to update the description, how the Controller processes your personal data.

 

The last time, when the changes in the privacy policy were made, was on December 04th, 2023.

Share by: