SIA “DANIR 19”, registration No. 40103361877, legal address: 100 K.Valdemāra Street, Riga, LV-1013 (“us”, “we”, “our” or the “Company”) as the Data Controller operates the https://11d19.com/ website providing Project Cargo & General Logistics services (the “Service”).
This Privacy Policy informs you (the “User” or the “Customer”) of our policies regarding the processing (collection, storage, use, disclosure, erasure etc.) of Personal Data when you visit our website and / or use, has used or expressed a wish to use any of our Service or if you are in any way connected with this Service, and the choices you have associated with that data. We use your Personal Data to provide and to improve the Service, perform a contract and to fulfil legal obligations to which we are the subject.
By using the Service, your Personal Data is processed in accordance with this Privacy Policy.
If the User does not agree with the Privacy Policy or certain provisions thereof, the User does not have to provide Personal Data to the Company. In cases when the User does not provide the Company with Personal Data necessary for the performance of the contract or Services, as well as for the performance of legal obligations of the Company specified in regulatory enactments, the Company has a legal basis to refuse to provide the User Services in whole or in part.
If the Personal Data provided by the User has changed or the information processed by the Company about the User is inaccurate or incorrect, the User has the right to request to change, clarify or correct this information. The Company shall not be liable for inaccurate or incomplete data submitted by the User.
1. DEFINITIONS
1.1. Data Controller
Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data. Definition shall have the same meaning as in Article 4 (7) of GDPR.
1.2. Data Processor (or Service Providers or Sub-contractors)
Data Processor (or Service Provider or Sub-contractor) means any person (other than an employee of the Data Controller) who processes the Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your Personal Data more effectively. Definition shall have the same meaning as in Article 4 (8) of GDPR.
1.3. Data Subject
Data Subject is any living individual (natural person) who is the subject of Personal Data.
1.4. Cookies
Cookies are small pieces of data stored on a User’s device.
1.5. GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.6. Personal Data
Personal Data means data about a living individual (natural person) who can be identified or identifiable from those data (or from those and other information either in our possession or likely to come into our possession). Definition shall have the same meaning as in Article 4 (1) of GDPR.
1.7. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data. Definition shall have the same meaning as in Article 4 (10) of GDPR.
1.8. Usage Data
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (information that your browser sends whenever you visit our webpage or when you access the Service by or through a mobile device, for example, your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the duration of a page visit, unique device identifiers and other diagnostic data, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data).
1.9. User
The User is the individual (including, but not limited, a member of a legal entity, board member, company representative, beneficial owner) who visits the Company’s premises, website and/or who uses, has used, has expressed a wish to use or is in any way connected with the Service provided by the Company. The User corresponds to the Data Subject, who is the subject of Personal Data.
2. CATEGORIES AND TYPES OF PERSONAL DATA PROCESSED, LEGAL BASIS FOR PROCESSING AND PURPOSES OF PROCESSING
The Company processes the User’s personal data in accordance with the following legal basis and purposes for processing personal data:
CATEGORIES AND TYPES OF PERSONAL DATA PROCESSED |
LEGAL BASIS FOR PROCESSING |
PURPOSES OF PROCESSING |
Identification data (name, surname; personal identification number (if any); date, month and year of birth); passport or identity card details (document number; date of issue; issuing authority; issuing country); contact details (address); Details of the Customer’s beneficial owner. If the beneficial owner is a resident of Latvia: name, surname; personal identification number; date, month and year of birth; nationality; country of permanent residence. If the beneficial owner is a non-resident of Latvia: name, surname; date, month and year of birth; passport or identity card number and date of issue; country and issuing authority; nationality; country of permanent residence. |
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested by law in the controller pursuant to Article 6(1)(e) of the GDPR. |
To comply with the requirements of Article 2(2) of the International and National Sanctions Law of the Republic of Latvia and to ensure risk management and corporate governance of the Company. |
Identification and research data: name, surname, personal identification number, date, month and year of birth; identity document data (passport data, ID card data and copies thereof); marital status; contact details: telephone number, e-mail address, home address; language of communication; financial data (name of bank, account holder, current account number). |
The processing is necessary for the performance of pre-contractual measures at the request of the Customer (data subject) and for the performance of the contract. |
To identify the Customer; To perform the contract and to ensure that the personal data is up-to-date and correct by checking and updating the data; To communicate with the Customer and generally manage the Customer relationship and to provide and administer the contract:. |
Identifying data (name, surname); contact details (telephone number, e-mail address). |
Performance of the contract. |
Invoicing. |
Identification data (name, surname, date, month and year of birth); Contact details (telephone number, email address, home address). |
Consent. |
For administering personalised offers and other benefits; Direct marketing. |
Contract documentation and documentation related to the service (including the Customer’s file (e.g. applications, requests, complaints submitted by the Customer; notices, warnings, etc. sent to the Customer). |
To comply with a legal obligation to which the controller is subject (document storage, archiving, bookkeeping requirements; requirements arising from the requirements set out in regulatory enactments that apply to the economic activity of the controller). |
Bookkeeping, record-keeping, archiving, etc. |
Identifying data (e.g. name, surname, personal identification number, address of residence). |
The legitimate interests of the controller (establishment of a right of recourse). |
Establishing, defending, assigning and providing evidence against claims of non-conformity of service, as well as providing evidence against a possible claim arising in delict. |
Communication and device data: data contained in communications, emails, visual images, video and/or audio recordings (e.g. zoom meetings), and other forms of communication and interaction data; Data collected when the Customer visits the website, mobile application or other channels of communication; data on habits, preferences and satisfaction, such as usage activity, services used, personal preferences, survey responses, customer satisfaction: 1) technical information (e.g. device type, Internet Protocol (IP) address and Internet Service Provider (ISP) used to connect the device to the Internet; registration information; browser type and version; time zone settings, browser plug-in types and versions, operating system and platform, screen resolution, location, font encoding; 2) visit information, including full URLs, clickstreams to, through and from the website (including date and time); services viewed or searched for; reference/exit pages, files viewed on the website (e.g. HTML pages, graphics, etc.); and (e.g. HTML pages, HTML files, web pages (e.g. HTML pages, HTML files, web pages with HTML content, etc.), page response times, download errors, duration of visit to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to navigate away from the page, date/time stamp and/or clickstream data; the telephone number used to contact a representative of the Company. |
Contract performance and service provision; To protect the vital interests of the Customer (personal data); To meet the legitimate interests of the Controller (performance of management functions; monitoring, improving and developing the quality of service provision and/or Customer service; testing the website, mobile application, digital environment; information security and improvement of technical systems and IT infrastructure to prevent, limit and investigate misuse or unlawful use or disruption of services, including fraudulent activities; establishment of rights of recourse); Customer consent to the processing of personal data (including the use of cookies when visiting the website); Customer consent to automated processing of personal data, including profiling; Customer consent to the processing of personal data (including direct marketing). |
For general Customer Relationship Management and access to and administration of services: to provide services and to ensure the timeliness and accuracy of personal data by checking and updating data; Maintaining Customer’s file documentation; Information security and technical system and IT infrastructure development; Prevention or detection of criminal offences in connection with the protection of property owned or used by the Controller (including website security); The performance of management functions (business strategy, sound risk management and corporate governance); Monitoring, improving and enhancing the quality of service provision and/or Customer service; measuring productivity; Prevention of fraudulent use and proper performance of services, to sanction and control access to and operation of digital channels, to prevent unauthorised access and fraudulent use, and to ensure information security; To improve technical systems, IT infrastructure, to adapt the display of the service on devices and to develop services, for example: by testing and improving technical systems and IT infrastructure; Preparation of personalized and tailored information, provision of a more user-friendly service:
|
3. THE SOURCES OF PERSONAL DATA.
Personal Data may be obtained directly from the User (the User provides information by completing submissions, through social media, by mail, by email, by telephone, or through any other media or services), from the use of the Services (the email communications and documents including interactions and communications with the Company), and from external sources, including public and private registries, databases and publicly accessible trusted websites (through KYC (“know your customer”) procedures), and from third parties as mutually agreed or as required by law or regulation.
4. RETENTION OF DATA
The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.
We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. The Company will also retain Usage Data for internal analysis purposes.
Where the same personal data are processed for more than one purpose, they shall be kept for the longer applicable retention period.
The storage period of the processed personal data may be based on the Customer’s (data subject’s) consent (until revocation, if there is no other basis for processing the personal data), the Contract (to provide evidence against claims of non-compliance with the service and/or performance of the obligations under the Contract, as well as to provide evidence against a potential claim, arising from a tort, the retention period is ten years from the date of performance of the service or the Contract), the legitimate interests of the Controller or a legal obligation to which the Controller is a subject arising from applicable laws and regulations (e.g. laws and regulations on accounting (basic accounting documents to be kept for 10 years); laws and regulations on archiving of documents, etc. etc.).
If none of the legal grounds for processing personal data no longer exist and the normative acts do not provide for a longer period of storage of personal data, the Controller shall delete the personal data.
5. TERRITORY OF PROCESSING OF PERSONAL DATA AND TRANSFER OF PERSONAL DATA
Personal data is processed in the European Union / European Economic Area (EU / EEA).
However, if the Personal Data is transferred outside the EU / EEA, the Company undertakes to take all necessary security measures to ensure the same level of security of Personal Data as in the EU / EEA, and appropriate guarantees in accordance with the provisions of Article 46 of the GDPR. The Company shall transfer Personal Data to a third country or to an international organisation only if there is a legitimate basis for it and appropriate safeguards have been put in place:
(a) the European Commission has decided in accordance with Article 45 of the GDPR that the third country or organisation concerned ensures an adequate level of protection; or
(b) the controller or processor has provided adequate guarantees in accordance with Articles 46 or 47 of the GDPR: (i) binding corporate rules; (ii) standard contractual clauses adopted and approved by the European Commission or the national supervisory authority; (iii) other ad hoc contractual clauses, if approved by the competent national supervisory authority; (iv) an approved code of conduct together with a binding and legally enforceable commitment by the third-country data controller or processor to apply the relevant safeguards; (v) an approved certification mechanism together with a binding and legally enforceable commitment by the third-country data controller or processor to apply the relevant safeguards; or
(c) there is an exception set out in Article 49 of the GDPR ((i) the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards; (ii) where the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person; (iii) the transfer is necessary for the establishment, exercise or defence of legal claims; (iv) where the transfer is necessary for important reasons of public interest; (v) where it is necessary for the protection of the vital interests of the data subject or of another natural person, where the data subject is physically or legally incapable of giving consent.
Upon a written request, the User can receive more detailed information on the transfer of Personal Data to countries outside the EU / EEA.
In the event of any onward transfer, the Company will comply with all other safeguards, in particular the purpose limitation. The Company will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data and other personal information.
6. DISCLOSURE OF DATA
When the Company receives and transfers your Personal Data to Data Processors who process Personal Data on behalf of the Company, the Company shall take all necessary measures to ensure that the Personal Data is processed by the Data Processors in accordance with the agreement or regulatory enactments and documented Company instructions.
When the Company receives and transfers your Personal Data to the Third parties (independent Data Controllers), the Third parties, as independent Data Controllers, process the Personal Data in accordance with their privacy policies, which are available on the website of the respective service provider.
6.1. Legal Requirements
Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. State Revenue Service, courts, government agency, out-of-court dispute resolution institutions, insolvency process administrators, sworn bailiffs, etc).
The Company may disclose your Personal Data:
- To comply with a legal obligation
- To protect and defend the rights or property of the Company
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of Users of the Service or the public
- To protect against legal liability.
6.2. Service Providers (Sub-contractors)
The Company may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on the Company’s behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
The Company may disclose your Personal Data to the Service Providers including, but not limited to:
- companies in the same group as the Company and the authorities of the country of residence of their shareholders/members, if so requested by such authorities;
- persons who provide services to or otherwise cooperate with the Company in order to provide services or perform their obligations under the agreement where disclosure of personal data is necessary for the provision of that service or cooperation;
- a person to whom (or through whom) the Company transfers or the Company intends to transfer a right of claim arising under the contract (assignment);
- other third parties to protect the Company’s legitimate rights or in cases where the Customer has failed to properly perform its obligations under the contract (e.g. persons providing debt collection services to the Company on a contractual basis);
- server providers and data storage providers selected by the Company; website and mobile application operators; tele-marketing, marketing and survey service providers, email and SMS gateway service providers, online intermediaries and other third parties involved in the provision of the services provided by the Company (incl, banks, archiving, postal and courier service providers, etc.), ensuring that such parties will process the Customer’s personal data only to the extent and for the purposes (purposes) set out in this Privacy Policy;
- persons who, on behalf of the Company, carry out a statistical, market or public opinion study or survey, if the disclosure of personal data is necessary for the purpose of carrying out the study or survey in question;
- any accounting service provider, auditor, financial adviser, legal adviser, solicitor, notary public and/or bailiff selected by the Company.
If the Customer fails to fulfil or performs its obligations under the contract, the Company shall be entitled, without obtaining the Customer’s separate consent, to provide information on the Customer’s debt by transferring the Customer’s personal data for processing to credit reference bureaus for inclusion in credit history databases and debt collection service providers for inclusion in debt history databases, which will result in the processing of such data in accordance with the applicable regulatory enactments and information being transferred to third parties for assessing the creditworthiness or managing the credit risk of third parties. The Customer agrees that his/her data from credit and debt history databases will be disclosed to third parties.
The Company shall also use the personal data received for the purpose of communication with the Customer and for the purpose of establishing the Customer’s credit history. The Company shall also verify and update personal data in public registers and databases established in accordance with the statutory regulations without obtaining the Customer’s prior additional consent.
For the purpose of financial management by the Company, assessing the Customer’s solvency and checking the Customer’s credit history, the Company shall process natural person data received from third parties and supplement the natural person data processing systems under their control with information obtained about the Customer from public registers (e.g, the Customer, the personal data processing systems of state or local government institutions (e.g. from the Population Register, the State Social Security Agency, the State Revenue Service, etc.) or other public sources, provided that the provision of such information or the possibility to access it complies with the provisions of regulatory enactments.
These Service Providers have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
6.3. Analytics (Sub-contractor)
We may use third-party Service Providers to monitor and analyze the use of our Service.
- Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page
6.4. Behavioral Remarketing (Sub-contractor)
The Company uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use Cookies to inform, optimize and serve ads based on your past visits to our Service.
- Google Ads
Google Ads remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page.
Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
6.5. Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
7. CHILDREN’S PRIVACY
Our Service does not address anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
8. SECURITY OF DATA
The Company has established necessary legal, organizational, physical and technical security measures to protect your Personal Data against unauthorised access, accidental or unlawful alteration, disclosure, loss, destruction, erasure, including measures against threats caused by physical exposure and measures implemented by means of software. Some examples of the measures we use:
Physical measures – paper-based documents containing Personal Data are stored in locked rooms and cabinets to which only certain employees have access for fulfilling their job duties; data processing rooms and IT-systems are sufficiently protected against fire, overheating, water, current instability and power outages.
Technical measures – all employee work computers are protected with password protected screensavers when the employee leaves; it is ensured that the IT- system does not accept new login attempts and locks the username if certain number of access attempts has been exceeded; it is ensured that especially vulnerable systems (e.g. laptops, smartphones) are sufficiently protected (using encryption or other means).
Organizational means – all IT system Users are assigned roles and profiles; it is ensured that access rights are deleted when an employee leaves the Company; it is ensured that there is no access from publicly used rooms to rooms where Personal Data is being processed.
In case we use external companies for providing services, which include data processing, we conclude data protection agreements with such Service Providers obligating them to: a) take appropriate measures to ensure confidentiality and security of the Personal Data and ii) process Personal Data in accordance with the applicable legal requirements.
9. YOUR RIGHTS
- Right to be informed and Right of access
If you wish to be informed what Personal Data we hold about you and receive a copy of the Personal Data we hold about you, please contact us. Please note that we may ask you to verify your identity before responding to such requests.
- Right to rectification
You have rights to request updating any personal information about you if it is inaccurate or incomplete.
- Right to erasure
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have Personal Data erased and to prevent processing in specific circumstances: (i) where the Personal Data is no longer necessary in relation to the purpose for which it was originally collected/processed; (ii) the Personal Data is processed in relation to the offer of information society services to a child; (iii) when you withdraws consent; (iii) the Personal Data was unlawfully processed (i.e. otherwise in breach of the GDPR); (iv) when the individual objects to the processing and there is no overriding legitimate interest or other legal basis for continuing the processing; (v) the Personal Data has to be erased in order to comply with a legal obligation.
- Right to restrict processing
You have rights under certain circumstances to request to ‘block’ or suppress processing of Personal Data for a certain period (e.g. if you have objected to Personal Data processing). When processing is restricted, we are permitted to store the Personal Data, but not further process it.
- Right to object
You have the right to object to such data processing which is based on the Company’s legitimate interest incl. profiling based on our legitimate interest. We shall stop processing your Personal Data when you present an objection, unless we can demonstrate compelling legitimate grounds for the processing or processing is needed for the establishment, exercise or defense of legal claims. You also have the right to object at any time to processing of your Personal Data concerning for direct marketing. Upon receiving such objection, we shall stop processing your Personal Data for direct marketing.
- Right to data portability
In case processing the Personal Data is based on your consent or on a contract between us and Personal Data is processed automatically, you have the right to access Personal Data concerning you which you have given to us in a structured, generally usable and in machine readable form. You have rights to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way. We will provide all Personal Data in a structured way using open formats like CSV.
- Right to withdraw your consent
You have right to withdraw your consent where the personal data is provided to the Company on the basis of your consent (withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal);
- Right to not be subject to fully automated decision-making, including profiling
You have right not to be subject to fully automated decision-making, including profiling, where such decision-making has legal effects or similarly significantly affects you (data subject). This right shall not apply if the decision-making is necessary for entering into or performance of a Contract with the Customer (data subject), if the decision-making is permitted under applicable laws or regulations or if the Customer (data subject) has given its explicit consent.
- Right to contact us, submit a complaint to the Data State Inspectorate of Republic of Latvia and the court
If you want to exercise any of the abovementioned rights, please contact us using the e-mail address [email protected]. In order to respond to your inquiry, we must first authenticate you to avoid granting information to unauthorized persons. We will respond to your inquiries within 30 days.
We respect your privacy and wish that processing your Personal Data by us would be understandable and transparent. For that we have also drafted these Privacy Policy. Should you need further information about processing your Personal Data or exercising your rights, please contact us at e-mail address [email protected].
If you believe that processing of your Personal Data violates the GDPR requirements, you have the right to turn to the Data State Inspectorate of Republic of Latvia ([email protected]) and the courts to protect your rights and interests.
10. CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
11. CONTACT US
If you have any questions about this Privacy Policy, please contact us by email: [email protected].