The controller and data processor is AS “Korķa stils” (hereinafter – “Data processor”).
BASIS FOR PROCESSING OF PERSONAL DATA (PD)
The Customer’s consent. By providing (entering) the necessary data (information) for placing an order, the Customer confirms their consent to the processing of the data provided by them, so that the Data Processor can accept the Customer’s order and deliver the purchased goods. When entering the information, the Customer agrees to receive messages related to the processing of their order to the email address provided by the Customer. The Customer may withdraw his prior consent at any time by sending a message to this effect to email@example.com. In such a case, the Data processor will make the relevant changes/delete the Customer’s data within 3 (three) working days. The withdrawal of consent does not affect the legality of the processing prior to the withdrawal of consent.
Performance of the Distance Contract. The data processor may process the Customer’s data in order to comply with the provisions of the Distance Contract to which the Customer consents, by placing the order.
Performance of legal obligations. The Data processor may personal data in order to comply with the requirements of regulatory enactments, as well as to respond to legitimate requests from State and local governments.
PD PROCESSING PURPOSE
The Data processor processes the Customer’s PD for the purpose of providing top quality services, for accounting purposes and for complying with other laws of the Republic of Latvia.
The Data processor obtains the Customer’s data as the Customer buys the goods traded by the Data processor on the website www.purrfectyarn.com, as well as in cases when the Customer is willing to receive from the Data processor more information on the goods or contacts the Data processor using the email address info@ purrfecyarns.com.
PD TO BE PROCESSED
Based on the Customer’s consent and the terms ad conditions of the Distance Contract, the above mentioned purposess, the Data processor may process the Customer’s personal data as follows: the Customer’s given name, surname, delivery address, phone number, email address, bank account number, as well as other data made known by the Customer to the Data processor in relation to their purchases.
The Data processor does not disclose the Customer’s personal data to third parties unless required to do so under the laws of the Republic of Latvia.
PD PROCESSING PERIOD
The Data processor will process the Customer’s personal data until such time as is necessary to perform the legal interests (the Distance Contract) of the Controller or until such time as the Customer withdraws their consent to the processing of their PD.
The Data processor processes the Customer’s personal data in accordance with the Personal Data Protection Law of the Republic of Latvia and Regulation No 2016/679 of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data (27 April 2016)
THE CUSTOMER'S RIGHTS
The Customer the right to correct all of their personal data at the disposal of the Data processor by notifying of the changes in an email to firstname.lastname@example.org. The Customer has the right to request the deletion or limitation of the processing of such personal data, which is no longer required for the purposes for which they were collected and processed. The Customer has the right to refer any personal data related issued to the National Data Inspectorate (www.dvi.gov.lv).
Datu apstrādātājs pastāvīgi nodrošina aizsardzības pasākumus, lai aizsargātu Pircēja personas datus no nesankcionētas piekļuves, nejaušas nozaudēšanas, izpaušanas vai iznīcināšanas. Minētajam nolūkam Datu apstrādātājs pielieto mūsdienu tehnoloģijas, tehniskas un organizatoriskas prasības, t. sk., izmantojot ugunsmūrus, ielaušanās atklāšanas, analīzes programmatūras un datu šifrēšanu.
Datu apstrādātājs nenodos Pircēja datus apstrādei citiem pakalpojumu sniedzējiem.
The data processor shall continuously provide protective measures to protect the Customer’s personal data from unauthorised access, accidental loss, disclosure or destruction. For this purpose, the Data procesor shall use modern technology, comply with the technical and organisational requirements, including through firewalls, intrusion detection, analysis software and data encryption.
The data processor will not transfer the Customer’s data to other service providers.
The Data processor is not liable for any unauthorised access to the Customer’s personal data and/or loss thereof unless that occurred due to the fault of the Data processor, e.g., it has occurred due to the fault and/or neglect on the part of the Customer.