Controller and Contact Details
The Personal Data Processing Controller is SIA R.A.S.A. un Ko, registration number LV40003115278, registered office: Meistaru iela 10-301, Riga, LV-1050, Latvia (hereinafter referred to as RASA).
RASA contact details for matters related to personal data processing: email@example.com. By using this contact information or contacting the registered office of RASA, you may ask a question regarding personal data processing. You may submit a request regarding the exercise of your rights in accordance with the procedure laid down herein.
Scope of the Document
Personal data is any information regarding an identified or identifiable natural person: given name, surname, ID number, residential address, personal phone number, personal e-mail address, occupation, amount of income, services received, billing information, information related to telephone and electronic communication, and other information pertaining to the natural person, such as a customer of RASA, its business partner, employee or job candidate.
- natural persons, such as customers and other users of services (including potential, past and existing users of services) as well as third parties receiving or transmitting any information (including contact persons, payers, etc.) to RASA in connection with the provision of services to a natural person (a customer or user);
- RASA store;
- visitors of the web pages and mobile applications maintained by RASA (hereinafter referred to as the Customers).
RASA takes care of the privacy of the Customers and protection of their personal data and respects the Customers’ rights to the lawfulness of personal data processing in accordance with applicable legislation: laws of the Republic of Latvia and subordinated regulations, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Regulation) and other applicable legislation on privacy and data processing.
Purposes of Personal Data Processing
RASA processes personal data for the following purposes:
1. Provision of services and sale of goods:
- customer identification;
- preparation and conclusion of a contract;
- delivery of goods and provision of warranty services (fulfilment of contractual obligations);
- provision/maintenance of services;
- fulfilment of warranty obligations;
- improvement of goods and services, development of new goods and services;
- promotion of the use of a service;
- advertising and distribution of services, i.e. commercial purposes;
- customer service;
- examination and handling of objections;
- customer retention, loyalty building, satisfaction measurement;
- invoicing administration;
- debt recovery and collection;
- maintenance of web pages and mobile applications and improvement of their performance.
2. Business planning and analytics:
- statistics and business analysis;
- planning and record keeping;
- efficiency measurements;
- data quality assurance;
- market and public opinion polling;
- report preparation;
- conducting customer surveys;
- as part of risk management activities.
3. Provision of information to public administration institutions and bodies performing operational activities in the cases and to the extent provided for in external regulations.
4. Security of RASA property and persons, prevention of theft and fraudulent activities at the RASA office and stores, recording of criminal offenses and identification of possible offenders within video surveillance. Video surveillance data are stored for up to 30 days. After this term expires, RASA ensures complete automatic deletion of the data if no data have previously been requested or no criminal offenses have been identified. If the data have previously been requested by competent national or local authorities or if criminal offenses have been identified, the data shall be stored as necessary.
5. Other specific purposes that are notified to the Customer at the time when he/she provides the relevant data to RASA.
Legal Basis for Personal Data Processing
RASA processes the Customer’s personal data on the following legal basis:
- for the conclusion and performance of the contract in order to enter into the contract based on the Customer’s application and ensure its execution;
- for compliance with laws and regulations in order to fulfil the obligation of RASA set forth in binding external regulations;
- based on the consent of the Customer who is the data subject;
- in lawful (legitimate) interests in order to exercise the lawful (legitimate) interests of RASA resulting from the obligations existing between RASA and the Customer or under a contract or law.
The lawful (legitimate) interests of RASA are as follows:
- carrying out business activities;
- offering high-quality and proven IT products and solutions;
- verifying the Customer’s identity before entering into the contract;
- ensuring fulfilment of contractual obligations;
- preventing unjustified financial risks to its business activities (including performing credit risk assessment prior to the sale of goods and services and during the execution of the contract);
- saving the Customers’ submissions and applications for the purchase of goods and provision of services, other submissions and applications and remarks regarding thereof, including those made orally by calling and on the web pages;
- analysing the performance of the RASA web pages, websites and mobile applications, and developing and implementing their improvements;
- administering the Customer’s account on the RASA web pages, websites and mobile applications;
- carrying out activities aimed at Customer retention;
- segmenting the Customer database for more efficient provision of services;
- designing and developing goods and services;
- promoting its goods and services by sending commercial communications;
- sending other communications on the progress of the contract execution and events relevant to the contract execution, as well as conducting customer surveys on the goods and services and their experience of using them;
- preventing fraud;
- ensuring corporate governance, financial and business accounting and analytics;
- ensuring effective business management processes;
- ensuring effectiveness of the provision of services, sale of goods and delivery;
- ensuring and improving the quality of services;
- administering payments;
- administering outstanding payments;
- going to public administration institutions and bodies performing operational activities and the courts for the protection of its legal interests;
- informing the public about its activities.
Personal Data Processing
RASA processes Customers’ data using capabilities of the modern technologies, taking into account the existing privacy risks and organisational, financial and technical resources reasonably available to RASA.
RASA may perform automated decision-making in relation to the Customer. The Customer shall be informed of such RASA activities separately in accordance with laws and regulations. The Customer may object to automated decision-making in accordance with laws and regulations, but shall be aware that in some cases it may limit the Customer’s right to use certain features potentially available to the Customer (such as receiving commercial offers).
RASA may authorise companies of RASA Group and its business partners to carry out separate activities in regard to delivery of goods and provision of services, such as delivering goods, carrying out work within the warranty service, invoicing and the like. If the Customer’s personal data held by RASA are processed by companies of RASA Group or its business partners in performing these tasks, the respective companies of RASA Group or business partners shall be deemed to be RASA data processors and RASA shall be entitled to transfer the Customer’s personal data necessary for the performance of these activities to the companies of RASA Group or its business partners to the extent necessary for the performance of these activities.
Business partners of RASA and companies of RASA Group (as personal data processors) shall ensure the fulfilment of personal data processing and protection requirements in accordance with RASA requirements and legislation and shall not use personal data for any other purpose than to fulfil the contractual obligations resulting from the contract with the Customer at the instruction of RASA.
Protection of Personal Data
RASA protects Customers’ data using capabilities of the modern technologies, taking into account the existing privacy risks and organisational, financial and technical resources reasonably available to RASA, including through the following security measures:
- Pseudonymisation of data;
- Intrusion protection and detection programs;
- Other protection measures according to the current technical development capabilities.
Categories of Recipients of Personal Data
RASA does not disclose to third parties the Customer’s personal data or any information provided during the servicing period and contract validity period, except:
- when the data must be provided to the relevant third party under the signed contract to perform any function necessary for the fulfilment of the contract or delegated by law (for example, to a bank within the scope of payments or within the scope of a warranty service when the goods are delivered to an authorised service centre of the relevant manufacturer since the RASA service is not authorised to repair them);
- in accordance with the Customer’s explicit and unambiguous consent;
- to persons prescribed in external laws and regulations at their reasonable request, based on the procedure and to the extent prescribed in external laws and regulations;
- in events prescribed in external laws and regulations, as well as for protection of the legitimate interests of RASA, for example, by bringing a claim before the court or another public institution against a person violating these legitimate interests of RASA.
Access to Personal Data by Third Country Entities
Personal data of RASA may not be accessed by the developers or service providers with the status of the data processor (operator) in third countries (i.e. countries outside the European Union and the European Economic Area) (transmission to third countries within the meaning of the Regulation).
Duration of Storing Personal Data
RASA stores and processes the Customer’s personal data as long as at least one of the following criteria exists:
- only as long as the contract signed with the Customer is in force;
- as long as RASA or the Customer may exercise their legitimate interests (for example, to lodge an objection or to bring or handle an action in court) in accordance with the procedure prescribed by external laws and regulations;
- as long as there is a legal obligation for one of the parties to store the data;
- as long as the Customer’s consent to the relevant processing of personal data is in force, unless there is another legitimate basis for the processing.
When the above conditions cease to exist, the Customer’s personal data shall be deleted.
Access to Personal Data and Other Rights of the Customer
The Customer has the right to receive the information specified in laws and regulations regarding the processing of his/her data, to verify the correctness of his/her data and to correct it.
In accordance with the laws and regulations, the Customer also has the right to request access to its personal data from RASA, as well as to request their completion, rectification or erasure from RASA, or restriction of processing concerning the Customer or the right to object to processing (including the right to object to data processing exercised based on the lawful (legitimate) interests of RASA) as well as the right to data portability. These rights shall be exercised insofar as the data processing does not result from the obligations imposed on RASA by the applicable laws and regulations and implemented in the public interest.
The Customer may submit a request for the exercise of his/her rights:
- in person at the office/store of RASA in writing, presenting an identification document;
- as long as RASA or the Customer may exercise their legitimate interests (for example, to lodge an objection or to bring or handle an action in court) in accordance with the procedure prescribed by external laws and regulations);
- by e-mail signing it with a secure electronic signature.
Upon receipt of the Customer’s request for the exercise of his/her rights, RASA shall verify the Customer’s identity, assess the request and fulfil it in accordance with the laws and regulations.
RASA shall send a response to the Customer by registered post to the contact address specified by him/her, taking into account the method of receipt of the response indicated by the Customer to the extent possible.
RASA ensures fulfilment of data processing and protection requirements in accordance with laws and regulations and in case of the Customer’s objections takes proper action to resolve the objection, failing which the Customer has the right to go to the supervisory authority – the Data State Inspectorate.
The Customer’s Consent to Data Processing and Right to Withdraw it
The Customer may consent to the processing of personal data, the legal basis of which is the consent, at the service portals/applications of RASA, at RASA and at other web pages (for example, sign-up forms for loyalty programmes and subscription to newsletters) or in person at the office/store of RASA.
The Customer has the right at any time to withdraw the consent given to the data processing in the same way as it was given or by sending a relevant notice to firstname.lastname@example.org, in which case further processing of data based on the above-mentioned consent for the specific purpose will not be carried out anymore.
Withdrawal of the consent will not affect the data processing carried out at a time when the Customer’s consent was in force. Processing of data carried out on the basis of other legal grounds may not be terminated by withdrawing the consent.
Communication with the Customer
RASA communicates with the Customer using the Customer’s contact information (phone number, e-mail address, postal address, and via text messages from the service).
RASA conducts communication regarding the fulfilment of contractual service obligations on the basis of a contract concluded (for example, coordination of the time for the delivery of goods and provision of services and information on invoices, scheduled works, changes in services, etc.).
RASA shall communicate commercial announcements regarding RASA and/or third party services and other communications not directly related to the provision of the contracted services (such as customer surveys) in accordance with the external laws and regulations or with the Customer’s consent.
The Customer may consent to receive commercial communications of RASA and/or its business partners at RASA and other web pages (for example, sign-up forms for receiving newsletters).
The Customer’s consent to receive commercial communications shall be valid until withdrawn (also after termination of the service contract). The Customer may at any time opt out of receiving further commercial communications in any of the following ways:
- by sending an e-mail to info@RASA.lv;
- in person at the office/store of RASA;
- by using the automated option provided in the commercial communication to opt out of receiving further communications by clicking on the opt-out link at the bottom of the relevant commercial communication (e-mail).
RASA shall stop sending commercial communications as soon as the Customer’s request to withdraw his/her consent to receive commercial communications has been processed.
Depending on the functions and purpose of use, RASA uses required cookies, functional cookies, analytical cookies and targeting (advertising) cookies.
Required cookies are necessary for the user to freely visit and browse the website and use its offered opportunities, including obtaining information about the services and buying them. These cookies identify the user’s device, however, do not disclose the user’s identity, as well as they do not collect and do not compile information. Without these cookies, the website will not be able to work properly, for example, to provide the user with the information needed to deliver the required services at the online store. These cookies are stored on the user’s device until the web browser is closed.
Functional cookies remember the user’s selected settings and preferences for the user to be able to use the website more conveniently. These cookies are permanently stored on the user’s device.
Analytical cookies collect information about how the user uses the website and identify the most frequently visited sections, including content that the user chooses while browsing the website. The information is used for analysis to determine which websites users are interested in, and to improve the website’s functionality and make it easier to use. Analytical cookies identify only the user’s device, but do not disclose the user’s identity. In some cases, some of analytical cookies in place of the website owner, according to its instructions and only in accordance with the purposes specified, are managed by third-party personal data controllers (operators), such as Google Adwords.
Target (advertising) cookies are used to gather information about the websites visited by a user and to offer our services or our business partners’ services that are of direct interest to a particular user or to address appropriate offers to a specific user according to the interest shown by the user. Usually, these cookies are placed by a third party, such as Google Adwords, with the permission of the website owner for the purposes specified. Target cookies are permanently stored on the user’s device.
- to ensure functionality of the website;
- to adapt the website’s functionality to the user’s usage habits, including language, search requests and previously viewed content;
- to obtain statistical data on the website’s visitor traffic, number of visitors, time spent on a web page, etc.;
- to authenticate a user;
- to show offers tailored to the user’s needs in case the user is a customer of RASA services.
Unless otherwise specified, cookies are stored for the duration of the activity for which they were collected, and then they are deleted. Information on cookies is not transferred for processing outside of the European Union and the EEA.
Confirming and Disabling Cookies
The security settings of any web browser allow for restricting and deleting cookies. However, it should be taken into account that it is not possible to decline the use of mandatory and functional cookies, because without them it is not possible to ensure the full use of the website and the web page.
We recommend storing cookies for the best user experience and full operation of the website.
The websites of RASA may include links to third-party internet websites, which have their own usage and personal data protection rules, and which are not the responsibility of RASA.