Controller and Contact Details
The Personal Data Processing Controller is SPA & VERANDAS SIA, registration number 40103804135, registered office: 31 Raņķa Dambis 31, Riga, LV-1048 (hereinafter referred to as SPA & VERANDAS).
SPA & VERANDAS contact details for matters related to personal data processing: firstname.lastname@example.org. By using this contact information or contacting the registered office of SPA & VERANDAS, you may ask a question regarding personal data processing. You may submit a request regarding the exercise of your rights in accordance with the procedure laid down herein.
Scope of the Document
Personal data is any information regarding an identified or identifiable natural person: given name, surname, ID number, residential address, personal phone number, personal e-mail address, occupation, amount of income, services received, billing information, information related to telephone and electronic communication, and other information pertaining to the natural person, such as a customer of SPA & VERANDAS, its business partner, employee or job candidate.
- natural persons, such as customers and other users of services (including potential, past and existing users of services) as well as third parties receiving or transmitting any information (including contact persons, payers, etc.) to SPA & VERANDAS in connection with the provision of services to a natural person (a customer or user);
- SPA & VERANDAS store;
- visitors of the web pages and mobile applications maintained by SPA & VERANDAS (hereinafter referred to as the Customers).
SPA & VERANDAS takes care of the privacy of the Customers and protection of their personal data and respects the Customers’ rights to the lawfulness of personal data processing in accordance with applicable legislation: laws of the Republic of Latvia and subordinated regulations, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Regulation) and other applicable legislation on privacy and data processing.
Purposes of Personal Data Processing
SPA & VERANDAS processes personal data for the following purposes:
1. Provision of services and sale of goods:
- customer identification;
- preparation and conclusion of a contract;
- delivery of goods and provision of warranty services (fulfilment of contractual obligations);
- provision/maintenance of services;
- fulfilment of warranty obligations;
- improvement of goods and services, development of new goods and services;
- promotion of the use of a service;
- advertising and distribution of services, i.e. commercial purposes;
- customer service;
- examination and handling of objections;
- customer retention, loyalty building, satisfaction measurement;
- invoicing administration;
- debt recovery and collection;
- maintenance of web pages and mobile applications and improvement of their performance.
2. Business planning and analytics:
- statistics and business analysis;
- planning and record keeping;
- efficiency measurements;
- data quality assurance;
- market and public opinion polling;
- report preparation;
- conducting customer surveys;
- as part of risk management activities.
3. Provision of information to public administration institutions and bodies performing operational activities in the cases and to the extent provided for in external regulations.
4. Security of SPA & VERANDAS property and persons, prevention of theft and fraudulent activities at the SPA & VERANDAS office and stores, recording of criminal offenses and identification of possible offenders within video surveillance. Video surveillance data are stored for up to 30 days. After this term expires, SPA & VERANDAS ensures complete automatic deletion of the data if no data have previously been requested or no criminal offenses have been identified. If the data have previously been requested by competent national or local authorities or if criminal offenses have been identified, the data shall be stored as necessary.
5. Other specific purposes that are notified to the Customer at the time when he/she provides the relevant data to SPA & VERANDAS.
Legal Basis for Personal Data Processing
SPA & VERANDAS processes the Customer’s personal data on the following legal basis:
- for the conclusion and performance of the contract in order to enter into the contract based on the Customer’s application and ensure its execution;
- for compliance with laws and regulations in order to fulfil the obligation of SPA & VERANDAS set forth in binding external regulations;
- based on the consent of the Customer who is the data subject;
- in lawful (legitimate) interests in order to exercise the lawful (legitimate) interests of SPA & VERANDAS resulting from the obligations existing between SPA & VERANDAS and the Customer or under a contract or law;
The lawful (legitimate) interests of SPA & VERANDAS are as follows:
- carrying out business activities;
- offering high-quality and proven IT products and solutions;
- verifying the Customer’s identity before entering into the contract;
- ensuring fulfilment of contractual obligations;
- preventing unjustified financial risks to its business activities (including performing credit risk assessment prior to the sale of goods and services and during the execution of the contract);
- saving the Customers’ submissions and applications for the purchase of goods and provision of services, other submissions and applications and remarks regarding thereof, including those made orally by calling and on the web pages;
- analysing the performance of the SPA & VERANDAS web pages, websites and mobile applications, and developing and implementing their improvements;
- administering the Customer’s account on the SPA & VERANDAS web pages, websites and mobile applications;
- carrying out activities aimed at Customer retention;
- segmenting the Customer database for more efficient provision of services;
- designing and developing goods and services;
- promoting its goods and services by sending commercial communications;
- sending other communications on the progress of the contract execution and events relevant to the contract execution, as well as conducting customer surveys on the goods and services and their experience of using them;
- preventing fraud;
- ensuring corporate governance, financial and business accounting and analytics;
- ensuring effective business management processes;
- ensuring effectiveness of the provision of services, sale of goods and delivery;
- ensuring and improving the quality of services;
- administering payments;
- administering outstanding payments;
- going to public administration institutions and bodies performing operational activities and the courts for the protection of its legal interests;
- informing the public about its activities.
Personal Data Processing
SPA & VERANDAS processes Customers’ data using capabilities of the modern technologies, taking into account the existing privacy risks and organisational, financial and technical resources reasonably available to SPA & VERANDAS.
SPA & VERANDAS may perform automated decision-making in relation to the Customer. The Customer shall be informed of such SPA & VERANDAS activities separately in accordance with laws and regulations. The Customer may object to automated decision-making in accordance with laws and regulations, but shall be aware that in some cases it may limit the Customer’s right to use certain features potentially available to the Customer (such as receiving commercial offers).
SPA & VERANDAS may authorise companies of SPA & VERANDAS Group and its business partners to carry out separate activities in regard to delivery of goods and provision of services, such as delivering goods, carrying out work within the warranty service, invoicing and the like. If the Customer’s personal data held by SPA & VERANDAS are processed by companies of SPA & VERANDAS Group or its business partners in performing these tasks, the respective companies of SPA & VERANDAS Group or business partners shall be deemed to be SPA & VERANDAS data processors and SPA & VERANDAS shall be entitled to transfer the Customer’s personal data necessary for the performance of these activities to the companies of SPA & VERANDAS Group or its business partners to the extent necessary for the performance of these activities.
Business partners of SPA & VERANDAS and companies of SPA & VERANDAS Group (as personal data processors) shall ensure the fulfilment of personal data processing and protection requirements in accordance with SPA & VERANDAS requirements and legislation and shall not use personal data for any other purpose than to fulfil the contractual obligations resulting from the contract with the Customer at the instruction of SPA & VERANDAS.
Protection of Personal Data
SPA & VERANDAS protects Customers’ data using capabilities of the modern technologies, taking into account the existing privacy risks and organisational, financial and technical resources reasonably available to SPA & VERANDAS, including through the following security measures:
- Pseudonymisation of data;
- Intrusion protection and detection programs;
- Other protection measures according to the current technical development capabilities.
Categories of Recipients of Personal Data
SPA & VERANDAS does not disclose to third parties the Customer’s personal data or any information provided during the servicing period and contract validity period, except:
- when the data must be provided to the relevant third party under the signed contract to perform any function necessary for the fulfilment of the contract or delegated by law (for example, to a bank within the scope of payments or within the scope of a warranty service when the goods are delivered to an authorised service centre of the relevant manufacturer since the SPA & VERANDAS service is not authorised to repair them);
- in accordance with the Customer’s explicit and unambiguous consent;
- to persons prescribed in external laws and regulations at their reasonable request, based on the procedure and to the extent prescribed in external laws and regulations;
- in events prescribed in external laws and regulations, as well as for protection of the legitimate interests of SPA & VERANDAS, for example, by bringing a claim before the court or another public institution against a person violating these legitimate interests of SPA & VERANDAS.
Access to Personal Data by Third Country Entities
Personal data of SPA & VERANDAS may not be accessed by the developers or service providers with the status of the data processor (operator) in third countries (i.e. countries outside the European Union and the European Economic Area) (transmission to third countries within the meaning of the Regulation).
Duration of Storing Personal Data
SPA & VERANDAS stores and processes the Customer’s personal data as long as at least one of the following criteria exists:
- only as long as the contract signed with the Customer is in force;
- as long as SPA & VERANDAS or the Customer may exercise their legitimate interests (for example, to lodge an objection or to bring or handle an action in court) in accordance with the procedure prescribed by external laws and regulations;
- as long as there is a legal obligation for one of the parties to store the data;
- as long as the Customer’s consent to the relevant processing of personal data is in force, unless there is another legitimate basis for the processing.
When the above conditions cease to exist, the Customer’s personal data shall be deleted.
Access to Personal Data and Other Rights of the Customer
The Customer has the right to receive the information specified in laws and regulations regarding the processing of his/her data, to verify the correctness of his/her data and to correct it.
In accordance with the laws and regulations, the Customer also has the right to request access to its personal data from SPA & VERANDAS, as well as to request their completion, rectification or erasure from SPA & VERANDAS, or restriction of processing concerning the Customer or the right to object to processing (including the right to object to data processing exercised based on the lawful (legitimate) interests of SPA & VERANDAS) as well as the right to data portability. These rights shall be exercised insofar as the data processing does not result from the obligations imposed on SPA & VERANDAS by the applicable laws and regulations and implemented in the public interest.
The Customer may submit a request for the exercise of his/her rights:
- in person at the office/store of SPA & VERANDAS in writing, presenting an identification document;
- as long as SPA & VERANDAS or the Customer may exercise their legitimate interests (for example, to lodge an objection or to bring or handle an action in court) in accordance with the procedure prescribed by external laws and regulations);
- by e-mail signing it with a secure electronic signature.
Upon receipt of the Customer’s request for the exercise of his/her rights, SPA & VERANDAS shall verify the Customer’s identity, assess the request and fulfil it in accordance with the laws and regulations.
SPA & VERANDAS shall send a response to the Customer by registered post to the contact address specified by him/her, taking into account the method of receipt of the response indicated by the Customer to the extent possible.
SPA & VERANDAS ensures fulfilment of data processing and protection requirements in accordance with laws and regulations and in case of the Customer’s objections takes proper action to resolve the objection, failing which the Customer has the right to go to the supervisory authority – the Data State Inspectorate.
The Customer’s Consent to Data Processing and Right to Withdraw it
The Customer may consent to the processing of personal data, the legal basis of which is the consent, at the service portals/applications of SPA & VERANDAS, at SPA & VERANDAS and at other web pages (for example, sign-up forms for loyalty programmes and subscription to newsletters) or in person at the office/store of SPA & VERANDAS.
The Customer has the right at any time to withdraw the consent given to the data processing in the same way as it was given or by sending a relevant notice to email@example.com, in which case further processing of data based on the above-mentioned consent for the specific purpose will not be carried out anymore.
Withdrawal of the consent will not affect the data processing carried out at a time when the Customer’s consent was in force. Processing of data carried out on the basis of other legal grounds may not be terminated by withdrawing the consent.
Communication with the Customer
SPA & VERANDAS communicates with the Customer using the Customer’s contact information (phone number, e-mail address, postal address, and via text messages from the service).
SPA & VERANDAS conducts communication regarding the fulfilment of contractual service obligations on the basis of a contract concluded (for example, coordination of the time for the delivery of goods and provision of services and information on invoices, scheduled works, changes in services, etc.).
SPA & VERANDAS shall communicate commercial announcements regarding SPA & VERANDAS and/or third party services and other communications not directly related to the provision of the contracted services (such as customer surveys) in accordance with the external laws and regulations or with the Customer’s consent.
The Customer may consent to receive commercial communications of SPA & VERANDAS and/or its business partners at SPA & VERANDAS and other web pages (for example, sign-up forms for receiving newsletters).
The Customer’s consent to receive commercial communications shall be valid until withdrawn (also after termination of the service contract). The Customer may at any time opt out of receiving further commercial communications in any of the following ways:
- by sending an e-mail to info@SPA & VERANDAS.lv;
- in person at the office/store of SPA & VERANDAS;
- by using the automated option provided in the commercial communication to opt out of receiving further communications by clicking on the opt-out link at the bottom of the relevant commercial communication (e-mail).
SPA & VERANDAS shall stop sending commercial communications as soon as the Customer’s request to withdraw his/her consent to receive commercial communications has been processed.
Depending on the functions and purpose of use, SPA & VERANDAS uses required cookies, functional cookies, analytical cookies and targeting (advertising) cookies.
Required cookies are necessary for the user to freely visit and browse the website and use its offered opportunities, including obtaining information about the services and buying them. These cookies identify the user’s device, however, do not disclose the user’s identity, as well as they do not collect and do not compile information. Without these cookies, the website will not be able to work properly, for example, to provide the user with the information needed to deliver the required services at the online store. These cookies are stored on the user’s device until the web browser is closed.
Functional cookies remember the user’s selected settings and preferences for the user to be able to use the website more conveniently. These cookies are permanently stored on the user’s device.
Analytical cookies collect information about how the user uses the website and identify the most frequently visited sections, including content that the user chooses while browsing the website. The information is used for analysis to determine which websites users are interested in, and to improve the website’s functionality and make it easier to use. Analytical cookies identify only the user’s device, but do not disclose the user’s identity. In some cases, some of analytical cookies in place of the website owner, according to its instructions and only in accordance with the purposes specified, are managed by third-party personal data controllers (operators), such as Google Adwords.
Target (advertising) cookies are used to gather information about the websites visited by a user and to offer our services or our business partners’ services that are of direct interest to a particular user or to address appropriate offers to a specific user according to the interest shown by the user. Usually, these cookies are placed by a third party, such as Google Adwords, with the permission of the website owner for the purposes specified. Target cookies are permanently stored on the user’s device.
- to ensure functionality of the website;
- to adapt the website’s functionality to the user’s usage habits, including language, search requests and previously viewed content;
- to obtain statistical data on the website’s visitor traffic, number of visitors, time spent on a web page, etc.;
- to authenticate a user;
- to show offers tailored to the user’s needs in case the user is a customer of SPA & VERANDAS services.
Unless otherwise specified, cookies are stored for the duration of the activity for which they were collected, and then they are deleted. Information on cookies is not transferred for processing outside of the European Union and the EEA.
Confirming and Disabling Cookies
The security settings of any web browser allow for restricting and deleting cookies. However, it should be taken into account that it is not possible to decline the use of mandatory and functional cookies, because without them it is not possible to ensure the full use of the website and the web page.
We recommend storing cookies for the best user experience and full operation of the website.
The websites of SPA & VERANDAS may include links to third-party internet websites, which have their own usage and personal data protection rules, and which are not the responsibility of SPA & VERANDAS.