Privacy policy

Data Controller and Contact Details

The Data Controller is the Limited Liability Company “MMK Riepu Serviss” (hereinafter referred to as the Company), reg. 31/3-72, Riga, LV-1021, Latvia.

Phone: (+371) 23 000 100

E-mail: info@mmkserviss.lv.

Personal data enquiries: edgars.kunickis@mmkserviss.lv.

General Rules

The Company is an online retailer of car tyres, wheels, and services. The Company’s Privacy Policy is available on the website mmkriepas.lv. The policy sets out the basic principles and rules for the processing and protection of personal data. The purpose of this Privacy Policy is to provide you with information on the purposes for which the Company collects personal data, the amounts and time limits of data processing and data protection, and to inform you of your rights and obligations. 

When processing personal data, the Company complies with the laws and regulations in force in the Republic of Latvia, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter, referred to as the Regulation), as well as other laws and regulations in the field of privacy and personal data processing. 

The processing of personal data and its provisions apply to the data of natural persons; it does not apply to legal persons but may apply to a related natural person (such as an officer, agent, or employee) of that legal person. 

We have the right to make changes or additions to the Privacy Policy as necessary due to changes in the Company’s data processing or regulatory laws. We will notify you of the current version of the Privacy Policy in the “Privacy Policy” section of our website. The Company’s Cookie Policy is available in the “Cookie Policy” section of our website.

We take appropriate measures to ensure that your personal data is always secure with us and that the processing of your personal data is carried out in accordance with applicable data protection legislation and our internal procedures.

Purpose, Grounds, and Types of Data

The Company processes personal data for the purposes for which it is collected, obtained, and used. Purposes of the processing of personal data in the provision of the Company’s services include:

• Conclusion, implementation, and monitoring of service and cooperation agreements;
• Customer and client services;
• Processing online purchases;
• Protecting legal interests, debt recovery, and debt enforcement;
• Preventing illegal activities, protecting property, security of employees, and customers (video surveillance);
• Complying with the obligations, instructions, and requirements of law enforcement authorities (e.g., police) and national and local authorities;
• Settlement administration;
• The management of Company documents (accounting, archiving, record-keeping);
• Recruitment;
• Marketing, with the consent of the individuals; and
• The maintenance, development, and protection of information systems and the website.

Legal basis for processing:

• On the basis of the law, to comply with obligations imposed by laws, regulations, or administrative provisions, or to exercise rights conferred by law (Article 6(1)(c) of the Regulation);
• With the consent of the individual (Article 6(1)(a) of the Regulation);
• Legitimate interest of the undertaking, including the provision of services, identification of customers, ensuring internal processes, video surveillance for security purposes, administration of payments and debts, promotion, and the development of the undertaking’s image (Article 6(1)(f) of the Regulation); and
• For the performance of contracts, including the conclusion of contracts, the performance of the obligations of the parties, and the provision of processes (Article 6(1)(b) of the Regulation).

The following personal data may be processed by the Company for various purposes: name, surname, personal identification number, year of birth, home address, telephone number, e-mail, place of work, job title, bank account, biometric data, audio data, website traffic data, and possibly other data if the purposes of the processing change.

Storage and Protection of Personal Data

The duration of storage is based on contracts with the Customer, the legitimate interests of the Company, applicable laws and regulations or as long as the Customer’s consent to the processing of personal data is valid. Upon expiry of the retention period or purpose, the Company shall delete or destroy the personal data. 

The Company uses various technical and organisational measures to store personal data. The Company shall protect personal data from unauthorised access, accidental loss, disclosure, or destruction. The Company uses state-of-the-art solutions, firewalls, SSL encryption, and internal instructions to protect personal data. The Company shall not be held liable for any unauthorised access to or loss of personal data caused by the fault or negligence of the Data Subject.

Transmission and Receipt of Personal Data

The Company may transfer personal data to comply with the requirements of the Company’s binding regulatory enactments (state and municipal authorities, law enforcement authorities), as well as for the performance of service and cooperation agreements or for the performance of a customer task (authorisation). 

We process personal data available in public and private registers, databases, and websites for the performance of a service contract and the provision of a service, as well as for the operation of a business. We may receive, transfer, or process personal data (to credit institutions, debt collectors, legal advisors) in compliance with the requirements of the regulatory enactments. 

The Company does not carry out profiling of personal data and does not make any automated decisions. Personal data is not transferred outside the European Union/European Economic Area (EU/EEA).

Rights of the Data Subject

The person or client (Data Subject) is entitled to receive the information required by the laws and regulations on what data the Company processes, for what purposes, the retention periods, and the recipients of such data. 

A person may receive data about themselves which they have provided and which the Company processes on the basis of the person’s consent or on the basis of a contract. The Customer or the Data Subject has the right to withdraw the consent provided for the processing of personal data based on the legitimate interest of the Company as well as for marketing purposes at any time. 

The Data Subject may request the rectification, completion, erasure, or restriction of the processing of personal data where the data is inadequate or inaccurate unless restricted by the Company’s ability to ensure the performance of the service contract or by applicable laws and regulations. 

The Subject also has the right to transfer their personal data to another controller, this right being for data that the Subject has transferred to the Company with their consent. The Data Subject may contact the Company in relation to personal data processing issues, withdrawal of consent, requests, the exercise of Data Subjects’ rights, and complaints about data processing by sending a relevant request to edgars.kunickis@mmkserviss.lv or by contacting the Company at its address at 31/3-72 Kaivas Street, Riga, LV-1021, Latvia. 

The Company shall respond to such submissions and requests where the Data Subject is identifiable. Requests shall be dealt with as soon as possible but no later than one month from the date of receipt of the request. If the Data Subject is not satisfied with the response received, they have the right to lodge a complaint with the Data Inspectorate at www.dvi.gov.lv.

Version dated 01.12.2024.