Privacy policy
- General Provisions
1.1. This Privacy Policy describes how SIA Alis CO, registration number 40103131137, Vējstūru iela 38, Rīga, LV-1063 (hereinafter referred to as the “Data Controller”) collects, processes, and stores personal data obtained by www.alis-co.lv
from its customers and persons visiting the website (hereinafter referred to as the “Data Subject” or “You”).
1.2. Personal data means any information relating to an identified or identifiable natural person, i.e., the Data Subject. Processing means any operation performed on personal data, such as collection, recording, modification, use, viewing, deletion, or destruction.
1.3. The Data Controller complies with the data processing principles provided by law and can confirm that personal data is processed in accordance with the applicable legislation.
2. Collection, Processing, and Storage of Personal Data
2.1. The Data Controller primarily collects, processes, and stores personally identifiable information through the online store website and email.
2.2. By visiting and using the services provided in the online store, You agree that any information provided by You may be used and managed in accordance with the purposes defined in this Privacy Policy.
2.3. The Data Subject is responsible for ensuring that the personal data provided is accurate, correct, and complete. Knowingly providing false information is considered a violation of this Privacy Policy. The Data Subject must immediately notify the Data Controller of any changes in the submitted personal data.
2.4. The Data Controller is not responsible for any losses incurred by the Data Subject or third parties if they arise due to the submission of false personal data.
3. Processing of Customer Personal Data
3.1. The Data Controller may process the following personal data:
3.1.1. Name and surname
3.1.2. Date of birth
3.1.3. Contact information (email address and/or phone number)
3.1.4. Transaction data (purchased goods, delivery address, price, payment information, etc.)
3.1.5. Any other information provided to us during the purchase of goods and services offered on the website or when communicating with us
3.2. In addition, the Data Controller has the right to verify the accuracy of the submitted data using publicly available registers.
3.3. The legal basis for the processing of personal data is provided in Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
a) The Data Subject has given consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the Data Subject is a party or to take steps at the Data Subject’s request before entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
f) Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, especially where the Data Subject is a child.
3.4. The Data Controller stores and processes the Data Subject’s personal data as long as at least one of the following criteria applies:
3.4.1. The personal data is necessary for the purposes for which it was collected;
3.4.2. While the Data Controller and/or the Data Subject may exercise their legitimate interests in accordance with external regulatory enactments, for example, to file objections or bring/defend legal claims;
3.4.3. While there is a legal obligation to retain the data, for example, under the Accounting Law;
3.4.4. While the Data Subject’s consent for the relevant data processing remains valid, unless another lawful basis for processing applies.
Once the circumstances mentioned in this point cease to exist, the storage period for the Data Subject’s personal data also expires, and all related personal data are permanently deleted from computer systems and electronic and/or paper documents containing such data, or these documents are anonymized.
3.5. To fulfill its obligations towards You, the Data Controller has the right to transfer Your personal data to cooperation partners or data processors who perform necessary data processing on our behalf (e.g., accountants, courier services, etc.).
The data processor is a personal data controller. Payment processing is provided by the makecommerce.lv payment platform, therefore, for payment execution, our company transfers the necessary personal data to the platform owner Maksekeskus AS.
Upon request, we may also transfer Your personal data to state and law enforcement authorities to defend our legal interests when preparing, submitting, or defending legal claims.
3.6. When processing and storing personal data, the Data Controller implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
4. Rights of the Data Subject
4.1. In accordance with the General Data Protection Regulation (GDPR) and the laws of the Republic of Latvia, You have the right to:
4.1.1. Access your personal data, receive information about its processing, request a copy of your personal data in electronic format, and the right to transfer this data to another controller (data portability);
4.1.2. Request the correction of incorrect, inaccurate, or incomplete personal data;
4.1.3. Delete your personal data (“the right to be forgotten”), except in cases where data retention is required by law;
4.1.4. Withdraw your previously given consent to personal data processing;
4.1.5. Restrict the processing of your data – the right to request that we temporarily stop processing all of your personal data;
4.1.6. Submit a complaint to the Data State Inspectorate (Datu valsts inspekcija).
A request to exercise your rights may be submitted in person at Vējstūru iela 38, Rīga, LV-1063, or electronically by sending an email to info@alis-co.lv
5. Final Provisions
5.1. This Privacy Policy has been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR), as well as the applicable laws of the Republic of Latvia and the European Union.
5.2. The Data Controller reserves the right to amend or supplement this Privacy Policy at any time and without prior notice.
Amendments take effect upon their publication on the website www.alis-co.lv
