PRIVACY POLICY

PRIVACY POLICY

Ltd. “ERKO Group” privacy policy

The purpose of Privacy Policy is to provide the natural person, the data subject, with information about the purpose, legal basis, amount, protection and duration of the processing of the personal data at the time of data acquisition and processing of personal data of the data subject.

Manager and its contact details

Contact details of the Company regarding personal data processing: info@kosmed.shop. You may ask questions about the processing of personal data using this contact information or by contacting the Company in its legal address. A claim for the exercise of one’s rights may be made in accordance with paragraph 23.
Contact details of the Company for information on possible data protection breaches are info@kosmed.shop.

General terms

Personal data is any information about an identified or identifiable natural person.
The Privacy Policy is applied to ensure the protection of privacy and personal data regarding the following groups (collectively, the Clients):
natural persons – customers of the Company (including potential, past and present);
visitors to the Company’s hosted websites.
The Company takes care of its Clients’ privacy and personal data protection, respects the Clients’ right to the lawfulness of personal data processing in accordance with applicable laws – Personal Data Processing Law, European Parliament and Council Regulation 2016/679 of 27 April 2016 about the protection of natural persons regarding the processing of personal data and the free movement of such data (hereinafter – the Regulation) and other applicable legislation in the field of privacy and data processing.
The Privacy Policy applies to the processing of data, regardless of the form and/or medium in which the Client provides personal data (in person, on the Company’s website, in paper form or by telephone).

Purpose of processing of personal data

The Company processes personal data for the following purposes:
provision of services;
Client identification;
preparation and conclusion of the contract;
the supply of services (for the performance of contractual obligations);
development of new services;
advertising and distribution of services, i.e. for commercial purposes;
Client service;
consideration of objections or claims;
Client retention, loyalty building, satisfaction measurement;
payment administration;
debt recovery and collection;
website maintenance and performance improvement;
business planning and analytics;
For other specific purposes for which the Clients have given their consent at the time they submit the relevant data to the Company.

Legal basis for the processing of personal data

The Company processes the Client’s personal data on the following legal grounds:
for the conclusion and execution of the contract – to enter into the contract upon the Client’s application and to ensure its execution (the contract also includes an oral agreement to purchase the service);
compliance with regulatory enactments – to fulfill an obligation specified in binding external regulatory enactments of the Company;
with the consent of the Client, the data subject;
based on legitimate interests – to fulfil the legitimate interests of the Company arising from the obligations existing between the Company and the Client or from the contract or law.
The Company’s legitimate interests are to:
conduct business;
verify the Client’s identity before purchasing the services;
ensure fulfillment of contractual obligations;
keep Client’s applications for the provision of services;
carry out activities to attract and/or retain Clients;
segment Client database for more efficient provision of services;
design and develop services;
promote services by sending commercial notifications;
send other reports on the progress of contract execution and events significant to the execution of the contract, as well as conduct Client surveys on services;
prevent fraudulent practices against the Company;
provide corporate governance, financial and business accounting and analytics;
ensure effective business management processes;
ensure and improve the quality of service;
administer payments;
inform the public about the Comany’s activities.

Processing of personal data

The Company processes Client Data using the possibilities of modern technology, taking into account existing privacy risks and the organisational, financial and technical resources available to the Company.
The Company may make automated decisions regarding the Client. The Client is notified separately of such Company activities in accordance with regulatory enactments.
Automated decisions that have legal consequences for the Client (such as approval or rejection of the Client’s application) may only be made in the course of entering into or executing a contract between the Company and the Client, or based upon the Client’s unambiguous consent.
Protection of personal data The Company protects Client Data using the possibilities of modern technology, taking into account existing privacy risks and reasonably available organisational, financial and technical resources to the Company.
Categories of recipients of personal data The Company will not disclose to third parties the Client’s personal data or any information obtained during the provision of the services and during the term of the contract, including information about the services received, except:
in accordance with the Client’s clear and unambiguous consent;
to persons intended for in external regulatory enactments upon their reasoned request, in accordance with the procedures and to the extent prescribed by the external regulatory enactments;
in cases prescribed by external laws and regulations, for the protection of the Company’s legitimate interests, for example, in court or other state institutions against a person who has violated the Company’s legitimate interests.

Transfer of personal data

The Company will not transfer personal data to third parties except to the extent necessary for the reasonable conduct of business, provided that such third parties maintain the confidentiality of personal data and provide appropriate protection.
The Company is entitled to transfer personal data to the Company’s suppliers, subcontractors, strategic partners, and others who assist the Company in its commercial practice to conduct the corresponding cooperation. However, in such cases, the Company requires the recipients of the data to undertake to use the information received only for the purposes for which the data were transmitted and in accordance with the applicable laws and regulations.
Access to personal data by third country entities
The Company does not transfer personal data to third countries (outside the European Union and the European Economic Area).

Duration of personal data storage

The Company shall store and process Client’s personal data as long as at least one of the following criteria exists:
only as long as the agreement with the Client is in force or the service is provided to the Client;
the data are necessary for the purpose for which they were collected;
while the Client’s application is fully considered and/or executed;
as long as the Company or the Client may pursue its legitimate interests (for example, to file a statement of objections or to file a lawsuit) in accordance with the procedure prescribed by external laws and regulations;
as long as the Company has a legal obligation to store the data;
as long as the Client’s consent to the relevant processing of personal data is in force, unless there is another legitimate basis for the processing.
After the circumstances described in paragraph 19 cease, the Client’s personal data shall be deleted. Audit records shall be preserved for at least one year from the date of their creation.

Access to personal data and other Client rights The Clients have the right to receive the information specified in regulatory enactments regarding the processing of their data.
The Clients also have the right, in accordance with laws and regulations, to request the Company to access their personal data, as well as to request the Company to add, correct, or delete the data, or to restrict processing with respect to the Client or to object to personal data processing (including personal data processing that is performed based on the Company’s legitimate interests), as well as the right to data portability. This right shall be exercised insofar as the processing of the data does not result from the Company’s obligations under applicable law and in the public interest.

The Clients may submit a request for the exercise of their rights in the following way:
in written form at the Company’s office, address: Pulkveža Brieža iela 15 (2nd floor), Rīga, LV-1010, phone: +371 26119959 or by postal service;
by e-mail, signing with secure electronic signature and sending it to the e-mail address – info@kosmed.shop.
Upon receipt of a Clients’ request for the exercise of their rights, the Company shall verify the Client’s identity, evaluate the request, and execute it in accordance with regulatory enactments.
The Company’s reply to the Client shall be sent by post to the Client’s contact address by a registered letter or by e-mail with a secure electronic signature (if the application is submitted with a secure electronic signature), taking into account the Client’s preferred method of response, if possible.
The Company ensures compliance with data processing and protection requirements in accordance with regulatory enactments and, in the event of the Client’s objection, takes reasonable steps to resolve the objection. However, if this fails, the Client shall have the right to approach the supervisory authority, the Data State Inspectorate.
The Clients are entitled to receive one copy free of charge with their personal data processed by the Company.
The receipt and/or use of the information referred to in paragraph 27 of this document may be restricted in order to prevent adverse effects on the rights and freedoms of others (including employees of the Company).
The Company undertakes to ensure the accuracy of the personal data and relies on its customers, suppliers and other third parties that provide the personal data to ensure that the transmitted personal data is complete and correct.

Commercial notifications

Communication regarding commercial notifications about the Company and/or third party services and other communications not related to the provision of directly contracted services (such as customer surveys) shall be made by the Company in accordance with external regulations or with Client’s consent.
Communication, including regarding commercial notifications, may also be made by the Company using automated calling or electronic communication devices.
The Clients give their consent to receive commercial notifications from the Company and/or its affiliates in written form at the Company’s office, on the Company’s website and in mobile applications, or other locations where the Company organises marketing activities.
The Client’s consent to receive commercial notifications is in force until revoked (also after termination of the service contract). The Client may at any time refuse receiving further commercial notifications in any of the following ways:
by sending an e-mail to info@kosmed.shop;
by calling +371 26119959;
by submitting a written application to the Company’s office;
by using the automated option in the commercial notification to refuse receiving further notifications, by clicking the refuse link at the end of the commercial notification (email).
The Company will stop sending commercial notifications as soon as the Client’s request is processed. Request processing depends on technological capabilities, which can take up to three days.
By expressing their opinion in the surveys and leaving their contact information (email, phone), the Clients agree that the Company may contact them using the contact information provided regarding the Client’s assessment.

Website visits and cookie processing

The Company’s website may use cookies:
Cookies are files that websites place on users’ computers in order to recognise the user and facilitate their use of the site. Internet browsers can be configured to alert the Client to the use of cookies and allow them to choose whether or not the Client agrees to accept them. Not accepting cookies will not prohibit the Client from using the website, but may limit the Client’s ability to use the website.
Company websites may include links to third party websites that have their own terms of use and personal data protection, for the completeness of which the Company is not responsible.

Other rules
The Company has the right to make changes and additions to the Privacy Policy, as well as to make it available to the Client by posting it on the Company’s website.
The Company retains the previous versions of the Privacy Policy, which are available on the website www.kosmed.shop.

Maksājumu apstrādi nodrošina maksājumu platforma makecommerce.lv, tāpēc mūsu uzņēmums maksājumu izpildei nepieciešamos personas datus nodod platformas īpašniekam Maksekeskus AS.”