We, Toplietas.lv, are committed to protecting your Personal Data and to clearly and transparently state what data is collected and used. This Privacy Policy explains how we process Personal Data that you provide or that is collected when you visit our website www.toplietas.lv/en.
Who we are and how to contact us
We are toplietas.lv/en, and in the event that you directly use our website or our services, we act as a data controller under the Personal Data Processing Act (“PDPA”) as well as the EU General Data Protection Regulation (“GDPR”).
If you have any questions about our processing of your personal data or about data protection in general, you can contact us at [email protected].
How do we use your Personal Data?
Any Personal Data we collect from you through the Website will only be processed for the purposes detailed below. This is done in accordance with the relevant legislation referred to above or only with your consent.
In particular, we process and collect Personal Data only if:
- You have given your consent
- The data is necessary for the performance of a contract/pre-contractual measures
- The data is necessary for compliance with a legal obligation
- The data is necessary to protect our legitimate business interests, provided that your interests are not overridden
In doing so, we only collect and process data that is strictly necessary for the maintenance and use of the website. Personal data can be collected in two ways. Namely, directly when you, for example, voluntarily provide it to us, or automatically, for example, when you install and use our website.
We process and store your Personal Data only for as long as necessary to achieve the relevant processing purpose or for as long as the legal retention period (in particular in commercial and tax law).
Once the purpose has been achieved or the retention period has expired, the relevant data will be deleted on a regular basis.
Personal data that you provide to us directly
The following is a summary of the data you provide to us directly when you visit and interact with our blog.
1. Contacting us
If you contact us, we process the data you provide to us in order to process and fulfil your request. This may include your name, email address and, where applicable, other information such as company name, telephone number if you have provided it.
The legal basis for processing the data is our obligation to perform a contract and/or to fulfil our pre-contractual obligations and/or our overriding legitimate interest in processing your request.
2. Comments on our blog articles
When you leave comments on our blog, your IP address, name and email address are stored on the basis of our legitimate interests. This is done for our security in case someone leaves illegal content in comments and messages.
In this case, we may be held liable for the comment or post ourselves, so we are interested in finding out the identity of the author.
Within a blog you may be able to display certain profile information, share certain information, interact with others, exchange knowledge and insights, publish and view relevant content.
It is your choice whether to include sensitive information in your comments and whether to make that sensitive information public. Please do not post or add personal data to your comment that you do not want to be accessible.
3. Processing of data in connection with the provision of our services
The protection of your data is of paramount importance to us in the provision of our services. We therefore only want to process as much personal data (such as your name, address, email address or telephone number) as is strictly necessary.
However, we rely on the processing of certain Personal Data in order to fulfil our obligations.
Personal data you provide to us automatically
The data you provide to us automatically is summarised in this section.
Cookies
In order to improve the services we provide on our website, we use cookies which collect information about your usage habits. Cookies are files that your web browser stores on your hard drive when you visit a website. Cookies can, under certain circumstances, identify you personally, either directly (e.g. through your email address) or indirectly (e.g. through the cookie’s unique identifier, IP address or device identifier).
The data stored may include the pages you visit, the date and time of your visit and other tracking information. For more information, please see our Cookie Policy.
Access data and log files
We also collect data about each access to our website. Access Data includes the name of the website visited, the file, the date and time of access, the amount of data transferred, the successful access notification, the browser type and version, the user’s operating system, the referring URL (previously visited page), the IP address and the requesting service provider.
Log file information is retained for security reasons (e.g. to detect abuse or fraud) for a maximum of 7 days and then deleted.
Data that require further storage for evidentiary purposes will not be deleted until the incident has been definitively clarified. The legal basis for processing the data is our legitimate interest in providing an attractive website.
Hosting
In order to provide our website, we use the services of Cloudway, which processes the following data on our behalf and any data that needs to be processed in connection with the operation of our website.
Third party services
Here is a summary of the third party services we use on our blog.
Google Fonts
We use Google Fonts by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA, and Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, to display external fonts on our website. In order to display certain fonts on our website, a connection to a Google server in the USA is established when you access our website.
The connection to Google established when you call up our website enables Google to determine from which website your request was sent and to which IP address the display of the font should be forwarded. This is a legitimate interest.
Google Analytics
We use Google Analytics to evaluate your use of our website, to compile reports on activities and to provide other services related to the use of our website in order to improve your user experience. With Google Analytics, the interactions of visitors to the website are mainly recorded and systematically evaluated with the help of cookies.
This is a legitimate interest, but your consent is also required due to the data transfer to the USA and the analytical functionality.
Google Maps
Our website accesses the Google Maps map service via an API. In order to use the Google Maps features, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there.
We have no influence on the transmission of this data. Google Maps is used to make our online offers user-friendly and to make our website user-friendly. The legal basis is our legitimate interests.
Google Tag Manager
We use Google Tag Manager. This service allows you to manage your website tags through an interface. Google Tag Manager only implements tags. No cookies are set and no personal data is collected. Google Tag Manager activates other tags that may collect data.
Google Tag Manager does not access this data. If deactivation is carried out at domain or cookie level, it remains valid for all tracking tags insofar as they are implemented by Google Tag Manager.
Content Management System (CMS)
We also use the WordPress Content Management System (CMS) provided by Automattic Inc. to publish and maintain the content and texts created and edited on our website, as well as to provide the forms used.
This means that all content and texts that users submit to us for publication are transferred to WordPress. In addition to texts, this also includes, for example, your data in our forms. This is a legitimate interest.
Disclosure of information to third parties
We will not disclose or otherwise distribute your Personal Data to third parties unless:
- Necessary for the provision of our services
- You have consented to the disclosure
- The disclosure is permitted under the relevant law
However, we have the right to outsource the processing of your Personal Data, in whole or in part, to service providers acting as processors in accordance with the relevant legislation referred to above. External service providers provide us with support. For example, in the technical operation and support of the website (see above), data management, the provision and performance of services, marketing, and the implementation and performance of reporting obligations.
However, our authorised service providers only process your data in accordance with our instructions and we remain responsible for the protection of your data in accordance with the relevant legislation referred to above. In doing so, we always make sure that our Authorised Service Providers are carefully selected, adhere to strict contractual terms, technical and organisational measures and additional controls that we have in place.
We may also disclose Personal Data to third parties where we are under a legal obligation to do so, for example by court order, or where it is necessary to support a criminal investigation or legal proceedings in the country or abroad, or to pursue our legitimate interests.
Automated decision-making
Automated decision-making, including profiling, does not take place on toplietas.lv.
Special categories of data
Processing of special category data does not take place on toplietas.lv.
Children’s data
Our services are intended for persons over the age of 18. We do not knowingly collect, use or disclose Personal Data of minors under the age of 18 without the prior consent of a legal guardian through direct offline contact.
We do not sell
We do not sell Personal Data to third parties.
Data security
We have put in place technical and organisational measures to ensure the protection, security and integrity of your Personal Data. Access to Personal Data is restricted to those who need to know and who have been trained to respect confidentiality requirements.
Appropriate mechanisms include, for example, SSL encryption (so that data is unreadable by others) during collection and transmission. This data is used only for the purpose for which it was collected and we assure you that we will use our best efforts to ensure that your Personal Data is not altered or corrupted and cannot be accessed by unauthorised third parties.
However, databases or datasets containing Personal Data may be breached by unintentional or unlawful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised and the notification will be accompanied by a description of the steps being taken to remedy any harm resulting from the data breach. Notifications will be made as soon as possible after the breach is discovered.
Our rights under data protection law
Under the PDPA and GDPR, you can exercise the following rights:
- Right to information
- Right to rectification
- The right to object to processing
- Right to erasure
- Right to information
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
- Right not to have a decision based solely on automated processing applied
Updating your information
If you believe that the information we hold about you is inaccurate or that we no longer have the right to use it and you wish to request its correction, deletion or object to its processing, please contact us via [email protected] or our Facebook TopLietas page.
Requesting access and updating your personal data
If you wish to make a subject access request, you may notify us in writing via [email protected].
We will respond to requests for access and rectification as soon as possible. If we are unable to respond to your request within thirty (30) days of receiving your request, we will notify you in writing within thirty (30) days of the time by which we will be able to respond to your request.
If we are unable to provide you with the Personal Data you have requested or to make the correction you have requested, we will normally inform you of the reasons why we are unable to do so (except where we are not required to do so under the relevant laws referred to above).
Supervisory authority
The competent data protection authority in Latvia is:
The Data Protection Authority (“DPA”)
17 Elijas Street
Riga, LV-1050
Latvia
Is this privacy policy changing?
Our privacy policy is updated from time to time. This may be for a variety of reasons, such as to reflect changes in the law or to adapt to changes in our business practices and the way we use cookies.
We recommend that you check our privacy policy periodically for changes.
Contact us
If you have any questions or comments about our privacy policy or wish to exercise your rights under applicable law, please contact us via [email protected].
This privacy policy was last updated on 4 April 2024.