Privacy policy
Manager and contact details
The data controller is the Limited Liability Company “MMK Riepu Serviss” (hereinafter – the company), reg.
31/3-72, Riga, LV-1021, Latvia. Phone: (+371) 23 000 100, e-mail: info@mmkserviss.lv.
Contact details of the company in matters related to the processing of personal data: edgars.kunickis@mmkserviss.lv.
General rules
The company is an online retailer of car tyres, wheels and services. The company’s privacy policy is available on the website mmkriepas.lv. The policy sets out the basic principles and basic rules for the processing and protection of personal data. The purpose of this privacy policy is to provide you with information on the purposes for which the company collects personal data, on the amounts and time limits of data processing, on data protection, as well as to inform you of your rights and obligations.
When processing personal data, the company complies with the laws and regulations in force in the Republic of Latvia, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation), as well as other laws and regulations in the field of privacy and personal data processing.
The processing of personal data and its provisions apply to the data of natural persons, it does not apply to legal persons, but may apply to a related natural person (such as an officer, agent or employee) of that legal person.
We have the right to make changes or additions to the privacy policy due to changes in the company’s data processing or regulatory laws. We will notify you of the current version of the Privacy Policy in the “Privacy Policy” section of our website.
The Company’s Cookie Policy is available in the “Cookie Policy” section of our website.
We take appropriate measures to ensure that your personal data is always secure with us and that the processing of your personal data is carried out in accordance with applicable data protection legislation, our internal procedures.
Purpose, grounds, types of data
The Company processes personal data for the purposes for which it is collected, obtained and used.
Purposes of the processing of personal data in the provision of the company’s services:
- Conclusion, implementation and monitoring of service and cooperation agreements
- Customer and client service;
- For processing online purchases;
- For the protection of legal interests, debt recovery and debt enforcement;
- Preventing illegal activities, protecting property, security of employees and customers (video surveillance);
- Comply with the obligations, instructions and requirements of law enforcement authorities (e.g. police) and national and local authorities;
- For settlement administration;
- For the management of company documents (accounting, archiving, record-keeping);
- For recruitment;
- For marketing purposes, with the consent of the individuals;
- For the maintenance, development and protection of information systems and the website.
Legal basis for processing:
- On the basis of the law, to comply with obligations imposed by laws, regulations or administrative provisions, or to exercise rights conferred by law (Article 6(1)(c) of the Regulation);
- With the consent of the individual (Article 6(1)(a) of the Regulation);
- Legitimate interest of the undertaking – provision of services, identification of customers, ensuring internal processes, video surveillance for security purposes, administration of payments and debts, promotion and development of the undertaking’s image (Article 6(1)(f) of the Regulation);
- For the performance of contracts – the conclusion of contracts and the performance of the obligations of the parties and the provision of processes (Article 6(1)(b) of the Regulation).
The following personal data may be processed by the company for various purposes: name, surname, personal identification number, year of birth, home address, telephone number, e-mail, place of work, job title, bank account, biometric data, audio data, website traffic data, and possibly other data if the purposes of the processing change.
Storage and protection of personal data
The duration of storage is based on contracts with the customer, the legitimate interests of the company, applicable laws and regulations or as long as the customer’s consent to the processing of personal data is valid. Upon expiry of the retention period or purpose, the company shall delete or destroy the personal data.
The company uses various technical and organisational measures to store personal data. The company shall protect personal data from unauthorised access, accidental loss, disclosure or destruction. The company uses state-of-the-art solutions, firewalls, SSL encryption and internal instructions to protect personal data. The Company shall not be held liable for any unauthorised access to or loss of personal data caused by the fault or negligence of the data subject.
Transmission and receipt of personal data
The company may transfer personal data to comply with the requirements of the company’s binding regulatory enactments (state and municipal authorities, law enforcement authorities), as well as for the performance of service and cooperation agreements or for the performance of a customer task (authorisation).
We process personal data available in public and private registers and databases, websites. For the performance of a service contract and the provision of a service, as well as for the operation of a business. We may receive, transfer or process personal data (to credit institutions, debt collectors, legal advisors) in compliance with the requirements of the regulatory enactments.
The company does not carry out profiling of personal data and does not make any automated decisions.
Personal data is not transferred outside the European Union/European Economic Area (EU/EEA).
Rights of the data subject
The person or client is entitled to receive the information required by the laws and regulations on what data the company processes, for what purposes, what are the retention periods and who are the recipients of such data. A person may receive data about him or her which he or she has provided and which the company processes on the basis of the person’s consent or on the basis of a contract.
The customer or the individual has the right to withdraw the consent provided for the processing of personal data based on the legitimate interest of the company as well as for marketing purposes at any time.
The person or client may request the rectification, completion, erasure or restriction of the processing of personal data where the data is inadequate or inaccurate, unless restricted by the company’s ability to ensure performance of the service contract or by applicable laws and regulations. The subject also has the right to transfer his/her personal data to another controller, this right being for data which the subject has transferred to the company with his/her consent.
The data subject may contact the company in relation to personal data processing issues, withdrawal of consent, requests, exercise of data subjects’ rights and complaints about data processing by sending a relevant request to edgars.kunickis@mmkserviss.lv or by contacting the company at its address at 31/3-72 Kaivas Street, Riga, LV-1021, Latvia.
The Company shall respond to such submissions, requests, etc. in which the submitter is identifiable. Requests shall be dealt with as soon as possible, but no later than one month from the date of receipt of the request.
If the data subject is not satisfied with the response received, he or she has the right to lodge a complaint with the Data Inspectorate at www.dvi.gov.lv.
Editorial 06.03.2024.