AIVE kosmētika - Privacy Policy

Privacy Policy

SIA AIVE EVIA is committed to protecting your personal data and ensuring that it is processed in accordance with the laws of the Republic of Latvia and the regulations of the European Union on the protection of personal data, including the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our online store www.aive.lv.

1. General provisions.

1.1. This Privacy Policy describes how SIA AIVE EVIA , REG.NO.40203709636 , LEGAL ADDRESS Ausmas iela 19-16, Dobele, LV-3701, Latvia (hereinafter also referred to as “Data Controller”) obtains, processes and stores personal data obtained by www.aive.lv from its customers and persons who visit the website (hereinafter referred to as “Data Subject” or “You”).

1.2 Personal data is any information relating to an identified or identifiable natural person, i.e. the Data Subject. Processing is any operation relating to personal data, such as collection, recording, organisation, use, consultation, erasure or destruction.

1.3. The data controller shall comply with the principles of data processing provided for in the legislation and be able to confirm that the personal data are processed in accordance with the legislation in force.

2. Collection, processing and storage of personal data

2.1. The Data Controller obtains, processes and stores personal data primarily through the online store website and e-mail. (NB! To be supplemented if personal data is also collected in another way, e.g. on paper).

2.2. By visiting and using the services provided in the online store, you agree that any information provided is used and managed for the purposes set out in the Privacy Policy.

2.3. The Data Subject is responsible for the correctness, accuracy and completeness of the personal data provided. Knowingly providing false information is considered a violation of our Privacy Policy. The Data Subject is obliged to immediately notify the Data Controller of any changes in the personal data provided.

2.4. The Data Controller shall not be liable for any damage caused to the Data Subject or third parties if it is caused by the false submission of personal data.

3. Processing of personal data of customers

3.1. The Data Controller may process the following personal data:

3.1.1. Name

3.1.2. Date of birth

3.1.3. Contact details (e-mail address and/or telephone number)

3.1.4. Transaction data (products purchased, delivery address, price, payment information, etc.).

3.1.5. Any other information provided to us when purchasing services and goods offered on the website or when contacting us.3.1.6. Marketing activities (if you have agreed to receive promotional e-mails or notifications)

3.1.7. Analytics and website improvement using cookies and similar tracking tools

3.2. In addition to the above, the Data Controller has the right to verify the accuracy of the submitted data by using publicly available registers.

3.3. The legal basis for the processing of personal data is Article 6(1)(a), (b), (c) and (f) of the General Data Protection Regulation:

(a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

3.4. The Data Controller shall store and process the Data Subject's personal data for as long as at least one of the following criteria is met:

Personal data are necessary for the purposes for which they were received;

3.4.2. Until the Data Controller and/or the Data Subject can exercise their legitimate interests in accordance with the procedure laid down in external regulatory enactments, such as to submit objections or to bring or pursue a claim in court;

3.4.3. As long as there is a legal obligation to store data, such as under the Accounting Act;

3.4.4. For as long as the Data Subject’s consent to the relevant processing of personal data is valid, if there is no other legal basis for the processing of personal data.

When the circumstances referred to in this paragraph cease to exist, the period of storage of the Data Subject's personal data also ceases and all relevant personal data is irrevocably deleted from computer systems and electronic and/or paper documents containing the relevant personal data or these documents are anonymised.

3.5. In order to fulfil its obligations to you, the Data Controller has the right to transfer your personal data to cooperation partners, data processors who perform the necessary data processing on our behalf, such as accountants, courier services, etc. The data processor is the controller of personal data. Payment processing is provided by the makecommerce.lv payment platform, so our company transfers the personal data necessary for the execution of payments to the owner of the platform Maksekeskus AS.

Upon request, we may transfer your personal data to state and law enforcement authorities to defend our legal interests in the preparation, filing and defence of legal claims, if necessary.

3.6. When processing and storing personal data, the Data Controller shall implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.

4. Rights of the data subject

4.1. In accordance with the General Data Protection Regulation and the laws of the Republic of Latvia, you have the right to:

4.1.1. access your personal data, receive information about their processing, and request a copy of your personal data in electronic format and the right to transfer these data to another controller (data portability);

4.1.2. Request the correction of inaccurate, incomplete or incorrect personal data;

4.1.3. to erase your personal data (‘to be forgotten’), unless the law requires us to keep the data;

4.1.4. Withdraw your consent to the processing of your personal data;

4.1.5 Restrict the processing of your data – the right to ask us to temporarily stop processing all your personal data;

4.1.6. to contact the Data State Inspectorate

You can submit a request to exercise your rights by sending a request electronically to e-mail: [email protected].

5. Final provisions

5.1. This Privacy Policy has been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as the laws in force in the Republic of Latvia and the European Union.

5.2. The Data Controller has the right to make changes or additions to the Privacy Policy at any time and without prior notice. The amendments shall enter into force upon their publication on the website www.aive.lv.

6. Storage of personal data

Your personal data will only be stored for as long as is necessary to fulfil our obligations in relation to your order and to take other necessary actions, such as providing warranties or resolving legal issues. After that, the data will be deleted or anonymised, depending on the specific situation.

7. Protection of personal data

We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, destruction or damage. This includes encryption, firewalls and other security measures.