Privacy Policy

1. General Provisions 

1.1. This Privacy Policy describes how SIA "Blue Lotus," registration number 4020350078 (hereinafter referred to as the "Data Controller"), receives, processes, and stores personal data obtained from its clients and website visitors (hereinafter referred to as the "Data Subject" or "You"). 

1.2. Personal data refers to any information related to an identified or identifiable individual, i.e., the Data Subject. Processing includes any action related to personal data, such as its collection, recording, alteration, use, viewing, deletion, or destruction.

1.3. The Data Controller adheres to the data processing principles provided by legislation and can confirm that personal data is processed in accordance with applicable laws.

2. Collection, Processing, and Storage of Personal Data 

2.1. The Data Controller primarily receives, processes, and stores information identifying individuals using the website and email. (Note! Please add if personal data is also collected by other means, e.g., in writing.) 

2.2. By visiting and using services provided on the online store, you agree that any provided information is used and managed in accordance with the purposes outlined in the Privacy Policy. 

2.3. The Data Subject is responsible for ensuring that the provided personal data is accurate, precise, and complete. Providing false information is considered a violation of our Privacy Policy. The Data Subject must promptly inform the Data Controller of any changes to the provided personal data. 

2.4. The Data Controller is not liable for losses incurred by the Data Subject or third parties due to the provision of false personal data.

3. Processing of Customer Personal Data 

3.1. The Data Controller may process the following personal data: 

3.1.1. Name, Surname 

3.1.2. Date of Birth 

3.1.3. Contact information (email address and/or phone number) 

3.1.4. Transaction data (purchased goods, delivery address, price, payment information, etc.). 

3.1.5. Any other information provided during the use of website services, purchase of goods, or communication with us. CUSTOMIZE THE LIST BASED ON THE PERSONAL DATA PROCESSED BY YOUR COMPANY. 

3.2. Additionally, the Data Controller has the right to verify the accuracy of the provided data using publicly available registries. 

3.3. The legal basis for processing personal data is points a), b), c), and f) of Article 6(1) of the General Data Protection Regulation: a) the data subject

3.4.1. Personal data is necessary for the purposes for which they were obtained. 

3.4.2. As long as the Data Controller and/or the Data Subject can pursue their legitimate interests in accordance with external regulations, such as filing objections or bringing legal claims to court. 

3.4.3. As long as there is a lawful mandatory data retention period, such as according to the Accounting Law.

3.4.4. As long as the Data Subject's consent to the relevant processing of personal data exists, unless there is another lawful basis for data processing. Upon the expiration of the above conditions, the storage period for the Data Subject's personal data ends, and all relevant personal data is irreversibly deleted from computer systems and electronic and/or paper documents containing such data, or these documents are anonymized.

3.5. To fulfill its obligations to you, the Data Controller has the right to transfer your personal data to cooperation partners, data processors performing necessary data processing on our behalf, such as courier services, etc. Data processors act as Data Controllers. Payment processing is ensured by the payment platform makecommerce.lv, so our company transfers the necessary personal data to the owner of the Maksekeskus AS platform for payment processing. Upon request, we may transfer your personal data to state and law enforcement authorities to protect our legal interests, file claims, and defend legal actions.

3.6. While ensuring the processing and storage of personal data, the Data Controller implements organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.

4. Data Subject Rights 

4.1. In accordance with the General Data Protection Regulation and the laws of the Republic of Latvia, you have the following rights: 

4.1.1. Access your personal data, obtain information about their processing, request a copy of your personal data in electronic format, and the right to transfer this data to another controller (data portability). 

4.1.2. Request the correction of incorrect, inaccurate, or incomplete personal data. 

4.1.3. Delete your personal data ("right to be forgotten"), except when the law requires data retention. 

4.1.4. Withdraw your consent provided for the processing of personal data. 

4.1.5. Restrict the processing of your data - the right to demand the temporary cessation of processing all your personal data. 

4.1.6. Contact the State Data Protection Inspectorate. Requests to exercise your rights can be submitted by sending an electronic request or writing to the customer support email address [email protected].

5. Final Provisions 

5.1. This Privacy Policy is developed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as the current laws of the Republic of Latvia and the European Union. 

5.2. The Data Controller reserves the right to make changes or additions to the Privacy Policy at any time without prior notice. Changes come into effect from the moment of their publication on the website www.bluelotus.club