PRIVACY POLICY

1. General Provisions

1.1. This Privacy Policy describes how Santa Reiņikova, registration No. 16109211167, address: “Kalna Babrāni”, Sēlija (hereinafter – the Data Controller) obtains, processes, and stores personal data acquired by SantasArt.lv from its customers and visitors of the website (hereinafter – the Data Subject or You).

1.2. Personal data is any information relating to an identified or identifiable natural person. Processing is any operation performed on personal data, such as collection, recording, modification, use, viewing, transfer, deletion, or destruction.

1.3. The Data Controller complies with the personal data processing principles set out in applicable legislation and ensures that personal data is processed in accordance with legal requirements.

2. Collection, Processing, and Storage of Personal Data

2.1. The Data Controller collects, processes, and stores personal data mainly through the online store, email, and other communication channels.

2.2. By visiting the online store and using the services provided, You confirm that You have read this Privacy Policy and agree that Your information is used for the purposes specified herein.

2.3. The Data Subject is responsible for ensuring that the submitted personal data is accurate, complete, and up to date. The intentional provision of false information is considered a violation of this Privacy Policy. The Data Subject must immediately inform the Data Controller of any changes to personal data.

2.4. The Data Controller shall not be liable for any losses incurred by the Data Subject or third parties due to false or incomplete personal data provided by the Data Subject.

3. Processing of Customer Personal Data

3.1. The Data Controller may process the following personal data:

  • 3.1.1. First name, last name

  • 3.1.2. Date of birth

  • 3.1.3. Contact information (email address and/or phone number)

  • 3.1.4. Transaction data (purchased goods, delivery address, price, payment information, etc.)

  • 3.1.5. Any other information submitted when using the website’s services or contacting the Data Controller.

3.2. The Data Controller has the right to verify the accuracy of the submitted data using publicly available registers.

3.3. The legal basis for processing personal data is Article 6(1) of the General Data Protection Regulation (GDPR):

  • (a) the data subject has given consent;

  • (b) processing is necessary for the performance of a contract or prior to entering into a contract;

  • (c) processing is necessary to comply with a legal obligation;

  • (f) processing is necessary for the legitimate interests of the Data Controller.

3.4. Personal data is stored for as long as at least one of the following criteria exists:

  • 3.4.1. the personal data is necessary for the purpose for which it was collected;

  • 3.4.2. the Data Controller or the Data Subject may exercise their legitimate interests;

  • 3.4.3. there is a legal obligation to retain the data (e.g., under accounting legislation);

  • 3.4.4. the Data Subject’s consent for data processing is valid.

Once these conditions no longer apply, personal data is permanently deleted or anonymized.

3.5. To fulfill its obligations, the Data Controller may transfer personal data to cooperation partners and data processors (e.g., accountants, courier services) who process data on behalf of the Data Controller.
Personal data may also be disclosed to public authorities or law enforcement institutions in cases prescribed by law.

3.6. The Data Controller implements appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.

4. Rights of the Data Subject

4.1. In accordance with the GDPR, You have the right to:

  • 4.1.1. access Your personal data and receive a copy thereof;

  • 4.1.2. request correction of inaccurate or incomplete personal data;

  • 4.1.3. request deletion of personal data (“right to be forgotten”), where permitted by law;

  • 4.1.4. withdraw previously given consent;

  • 4.1.5. request restriction of personal data processing;

  • 4.1.6. lodge a complaint with the Data State Inspectorate.

4.2. Requests for exercising Your rights may be submitted by email to: [email protected]

5. Final Provisions

5.1. This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the applicable laws of the Republic of Latvia.

5.2. The Data Controller has the right to amend this Privacy Policy at any time. Amendments take effect upon publication on the website www.santasart.lv