Privacy Policy

General Information

1. The purpose of the personal data processing privacy policy (hereinafter – the Privacy Policy) of AS "Liepājas Papīrs" (hereinafter – the Controller) is to provide general information about the processing of personal data, its purpose, scope, and protection, as well as to inform the Data Subject about their rights and obligations.

2. When processing personal data, the Controller complies with the applicable regulatory enactments of the Republic of Latvia, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and other applicable legal acts in the field of privacy and data processing.

3. All terms used in the Privacy Policy are interpreted in accordance with the definitions provided in the General Data Protection Regulation.

4. In order to perform its functions and provide services in the most effective way, the Controller needs to collect, process, and use certain types of information about Data Subjects and organizations.

5. The controller for personal data processing is AS "Liepājas Papīrs", registration No. 40003048757, address: Pļavu iela 17, Liepāja, LV-3411, Latvia, phone: +371 63424605, email address: lp@lp.lv.

Obtaining and Processing of Personal Data

The Controller processes personal data in accordance with the terms of this Privacy Policy as a data controller, primarily for ensuring personnel management, conducting economic and administrative activities, ensuring the maintenance and operation of the website, and administering information systems for customer service purposes.

The Controller as a Processor

The Controller may process personal data on behalf of its Clients as an authorized processor of other persons. The processing of personal data for other data controllers may be subject to the respective data controller's privacy rules, policy, or mutual agreements. For such data processing, AS "Liepājas Papīrs" is not considered the controller and is therefore not responsible for the legal basis of the data processing.

The Client, in accordance with applicable privacy laws, provides the legal justification for the processing of personal data. Furthermore, the Client assesses and determines the risks to which Data Subjects are exposed by the processing of their personal data. It is also important that the Client, as the data controller, has a duty to inform Data Subjects about the processing of their personal data.

In any case, AS "Liepājas Papīrs" as a data processor cooperates with the Client to ensure compliance with the requirements of the General Data Protection Regulation, ensuring high standards of privacy and confidentiality, which are also mentioned in this Privacy Policy.

AS "Liepājas Papīrs", when processing personal data entrusted by the Client as a processor, ensures at least the following technical and organizational security measures:
4.1. User rights, ensuring that the respective user only has access to the information necessary for performing their duties (adherence to the principle of minimization);
4.2. Personal data storage is only carried out in European Union or European Economic Area countries, specifically, in Latvia;
4.3. The data repository can only be accessed by authorized persons;
4.4. The data repository allows for the retrospective determination and verification of all actions performed with the data available in the repository;
4.5. Application of the principles of integrated data protection and data protection by default to the system's operation, for example, audit logs (.log) of any personal data processing activity, recording the date, time, and user who performed the personal data processing.

Data Protection Principles

The Controller, when processing data, adheres to the following principles:
1.1. Processes personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures. The Controller takes appropriate measures to ensure that personal data processing is carried out in accordance with regulatory requirements;
1.2. Processes personal data lawfully, fairly, and in a transparent manner for the Data Subject;
1.3. Collects personal data only for specified, explicit, and legitimate purposes, and does not further process it in a manner incompatible with those purposes. Except when necessary to perform functions and duties specified in legal acts;
1.4. Processes personal data in a manner that is adequate, relevant, and limited only to what is necessary for achieving the processing purposes;
1.5. Processes only accurate personal data and, if necessary, updates it;
1.6. Stores personal data no longer than necessary for the purposes for which the personal data is processed;
Personal data provided by the Data Subject is not transferred or processed outside the European Union and the European Economic Area.

Purposes and Legal Bases for Personal Data Processing

The Controller processes the Data Subject's personal data only when there is a legal basis to do so.

• To fulfill legal obligations stipulated in legal acts, so that the Controller can perform its functions and tasks, process received applications, maintain accounting, etc.

• For the implementation of the Controller's legitimate interests, when performing system administration, etc.

• In cases where the Controller offers certain services, the Data Subject's data processing may be based on the Data Subject's consent, for example, to receive electronic emails about the latest offers or to use cookies on the website.

Categories of Personal Data Processed

The categories of personal data processed by the Controller depend on the services of the Controller used by natural persons. For example:
a) When communicating in writing with the Controller, the content and time of communication may be saved, as well as information about the communication tool used (email address);
b) Based on a purchase form created when purchasing a product in an e-shop, which processes the following personal data: name, surname, company name, address, phone number, email address.

Storage of Personal Data

The Controller stores personal data for the period specified by regulatory enactments or until the purpose for which the data was collected is achieved.
Personal data provided by the Data Subject based on their consent is stored by the Controller until the data collection purpose is realized or until the Data Subject withdraws their consent.

Rights of the Data Subject

Before obtaining personal data or at the time personal data is obtained, the Controller will provide the Data Subject with information about why the Controller needs the Data Subject's data. The Data Subject may be informed via separate information sheets, informational signs, or verbally about why the Controller needs the Data Subject's personal data and what the Controller will do with the Data Subject's personal data in accordance with Article 13 of the General Data Protection Regulation.

The Data Subject has the right, by submitting an application to the Controller in person upon presenting an identity document or by sending an electronically signed document:
2.1. To contact the Controller and request information about the processing of their personal data carried out by the Controller;
2.2. To request the supplementation, correction, deletion, or restriction of processing of their personal data, or to object to the processing of the Data Subject's personal data, as well as the right to data portability. The Controller will evaluate the Data Subject's request and implement the Data Subject's rights in accordance with regulatory requirements;
2.3. To withdraw consent for the processing of their personal data, if the basis for the processing of the Data Subject's personal data is the Data Subject's consent; however, this does not affect the lawfulness of processing based on consent before its withdrawal;
2.4. To submit a complaint regarding unlawful processing of personal data to the Data State Inspectorate, if the Data Subject has doubts about it;
2.5. In any case, to realize all their rights as a Data Subject, as defined in Chapter III of the General Data Protection Regulation.

The Controller will evaluate the Data Subject's request and implement the Data Subject's rights in accordance with regulatory requirements. The Controller will provide a response to the Data Subject's application no later than within one month; in specific cases, the Controller may extend the response time by another two months, about which the Controller will inform the Data Subject.

Communication with the Controller

In case of any questions or uncertainties regarding the processing of personal data performed by the Controller, Data Subjects must contact the Controller using the contact information specified in point 1.

Cookies

Processing of Cookies

Data about Website visitors is collected on the Website, thereby enabling the Website maintainer to evaluate how useful the Website is and how it could be improved. The Website uses cookies to collect the user's IP address and browsing information and to allow the Website to remember the visitor's choices. Cookies allow the Controller to track Website data flow and user interaction with the Website – the Controller uses this data to analyze visitor behavior and improve the Website. The legal basis for the use of cookies is the Controller's legitimate interest in ensuring the functionality, availability, and integrity of the Website.

Cookies are small files that, each time a visitor visits the Website, the browser saves on the visitor's computer to the extent specified in the visitor's computer browser settings. Individual cookies are used to select and apply information and advertisements offered to the visitor based on content the visitor has viewed earlier, thereby making the use of the Website simple, convenient, and individually tailored for visitors. Additional information about cookies, as well as their deletion and management, can be found on the website www.aboutcookies.org.

The visitor can control and/or delete cookies at their discretion. More information about this process is available at www.aboutcookies.org. The visitor can delete all cookies on their computer, and most browsers can be set to block the placement of cookies on the computer. The visitor can refuse cookies in the browser menu or at https://tools.google.com/dlpage/gaoptout. To make the necessary settings, the visitor needs to familiarize themselves with the terms of their browser. If cookies are blocked, the visitor will have to manually adjust the settings each time they visit the Website, and there is a possibility that some services and functions will not work.

The Controller continuously improves the Website to enhance its usability, so the Controller needs to know what information is important to Website visitors, how often they visit this Website, what devices and browsers they use, what region visitors come from, and what content they prefer to read.

The Controller uses the Google Analytics system, which allows the Controller to analyze how visitors use the Website. The basic principles of how Google Analytics works can be found on the Google website at https://support.google.com/analytics/answer/1012034?hl=lten&ref_topic=6157800. The Controller uses the collected data in its legitimate interests to improve the understanding of Website visitors' needs and to improve the accessibility of information published by the Controller. The visitor can stop data collection by Google Analytics at any time, as described here: https://tools.google.com/dlpage/gaoptout/.

The server where the Website is hosted may register requests sent by the visitor (device used, browser, IP address, access date and time). The data mentioned in this point are used for technical purposes: to ensure the proper functioning and security of the Website and to investigate possible security incidents. The basis for collecting the data mentioned in this point is the Controller's legitimate interest in ensuring the technical availability and integrity of the Website.

Only those employees of the Controller who are responsible for the analysis of such data have access to statistical data about Website visitors.

Unless otherwise specified, cookies are stored until the action for which they were collected is completed, and are then deleted.

In case a forum or comment option is provided on the Controller's Website, the IP address is saved on the Website, as well as data provided by the visitor themselves. Cookies containing this data may be stored for one year for your convenience (so you don't have to write them again next time).

Third-Party Websites

We may cooperate with third parties who are authorized to place third-party cookies on our sites or in our services, applications, and tools with your consent. These service providers allow us to provide you with a better, faster, and more secure website experience. Please note that third-party cookies are subject to the third parties' privacy policies, so we assume no responsibility for these privacy policies.

A "Facebook pixel" tool is installed on the Website. The purpose of using this tool is to customize content and advertisements for Facebook users. To learn more about Facebook's privacy policy, click here https://www.facebook.com/about/privacy/. You can also change your ad settings in your Facebook profile.

Right to Lodge a Complaint with a Supervisory Authority

The Data Subject has the right to lodge a complaint with a supervisory authority (the Data State Inspectorate). Documents are accepted by the Data State Inspectorate by mail, email (documents signed with a secure electronic signature), or they can be left in the 1st-floor mailbox at Blaumaņa iela 11/13, Riga. The Data State Inspectorate accepts email submissions received at the email address pasts@dvi.gov.lv.

Validity of the Privacy Policy

We reserve the right to change and supplement the content of this Privacy Policy from time to time to clarify the description of how we process your data.

In view of the above, we encourage you to review this Privacy Policy regularly so that you are aware of the processing of your personal data on the Website.