Privacy Policy

Privacy Policy

• Purpose

The purpose of the Privacy Policy is to provide individuals – data subjects – with information about the purpose, scope, protection, processing period and rights of data subjects during the collection and processing of their personal data.

This privacy policy (hereinafter referred to as the Policy) provides a general description of the procedure by which SIA “MULTIPACK” (hereinafter referred to as the Company) processes personal data as a data controller.

By providing personal data to the Controller, the Person acknowledges and expressly agrees that the Controller will process the Person’s personal data in accordance with this privacy policy and the regulatory enactments in force in the Republic of Latvia and the relevant European Union legislation.

2.Personal data controller and contact information

The personal data controller is SIA “MULTIPACK”, unified registration No. 40003216217, legal address: “Mālkalni”, Vētras, Mārupes novads, LV-2167, phone 67420420, e-mail: office@multipack.lv.

The company’s contact information is office@multipack.lv with the note “Data Protection Specialist”. The company’s contact information is also available on the website: www.multipack.lv/kontakti.

The Partner may contact the Company regarding personal data processing issues, withdrawal of consent, requests, exercise of data subject rights and complaints about the use of personal data.

3.Scope of application of the document

The Privacy Policy applies to ensure privacy and personal data protection in relation to:

− Natural persons – representatives of the Company’s customers, suppliers or partners, including potential, former and current ones, whose Personal Data is processed by the Company;

− Visitors to the Company’s offices and other premises, including those subject to video surveillance;

− Visitors to the Company’s website.

A partner is any natural or legal person, their representatives and employees who use, have used, or has expressed a wish to use any goods and/or services provided by the Company or is in any other way related to them or provides or plans to provide goods and/or services to the Company or is in any other way related to them;

Personal data is any information relating to or which could relate to an identified or identifiable natural person (data subject); An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The policy applies to data processing regardless of the form and/or environment in which the Partner provides personal data (in paper format, electronically or by telephone) and the company systems or paper format in which it is processed.

The Company takes care of the Partner’s privacy and personal data protection, respects the Partners’ rights to the lawfulness of personal data processing in accordance with applicable legislation – the Personal Data Protection Law, Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter – the Regulation) and other applicable legislation in the field of privacy and data processing.

With regard to specific types of data processing (e.g., cookie processing, etc.), additional specific provisions may be established depending on the environment and purposes, of which the Partner shall be informed at the time when he or she provides the relevant data to the Company.

When processing personal data, the Company ensures the confidentiality of personal data and implements appropriate technical and organizational measures to protect personal data from unauthorized access, unlawful processing or disclosure, accidental loss, alteration or destruction.

This Policy applies to any natural person (data subject) whose personal data is processed.

The Company may use personal data processors for the processing of personal data. In such cases, the Company shall take the necessary measures to ensure that such personal data processors process personal data in accordance with the Company’s instructions and in accordance with applicable regulatory enactments and require the implementation of appropriate security measures.

The Company has the right to make additions to the Policy, making its current version available to Partners by posting it on the Company’s website www.multipack.lv.

4. Categories of personal data

The Company processes the following categories of personal data:

− Identification data, such as name, surname, personal identification number, date of birth (for non-residents);

− Contact information, such as address, telephone number, e-mail address;

− Information about payment accounts;

− Service-related data, such as contract performance or non-performance, transactions made, contracts concluded and terminated, applications submitted, requests and complaints;

− Communication data, such as e-mail, letters or other information related to the Partner’s communication with the Company;

− Data that the Partner itself discloses to the Company;

− Video surveillance recordings and images;

− Photographs, for example, from corporate events;

− Data that the Company’s Partners provide to the Company for the purpose of publishing in advertisements, announcements, etc.

5. Purposes of personal data processing

The Company processes personal data for the following purposes:

a) Provision of services and sale of goods:

− To identify the Customer or other Partner and to prepare, receive and process offers;

− To prepare, conclude, supplement, amend and terminate contracts;

− For customer service;

− Delivery of goods and installation and provision of services (fulfilment of contractual obligations);

− To inform customers about the Company’s products and services;

− Ensuring/maintaining the operation of services;

− To fulfill warranty obligations;

− To create new products and make offers about them;

− Improving products and services, developing new goods and services;

− For marketing purposes: to advertise the Company’s products and services, to distribute products or for commercial purposes;

− For reviewing and processing complaints;

− Measuring customer satisfaction, retaining customers, increasing loyalty;

− Conducting market and public opinion research;

− Payment and settlement administration;

− Credit assessment, credit monitoring;

− Debt recovery and collection;

− Website maintenance and improvement;

− Promotion of service use;

− Handling customer complaints and providing support.

b) Business planning and analytics:

− Statistics, accounting and business analysis;

− Planning and accounting;

− Measuring effectiveness;

− Data quality assurance;

− Conducting market and public opinion research;

− Preparation of reports;

− Conducting customer surveys;

− As part of risk management activities.

c) To provide information to state administrative authorities and operational entities in cases and to the extent specified in external regulatory enactments.

d) For other specific purposes about which the customer or other partner is informed at the time when he or she provides the relevant data to the Company.

6. Legal basis for the processing of personal data

The Company processes the Partner’s personal data based on the following legal grounds:

7. Use of cookies

Cookies are small pieces of information that are stored on the user’s computer or mobile device when they visit the online store www.multipack.lv (hereinafter referred to as the Online Store). This allows the server to collect information from the user’s browser, so that the user does not have to re-enter data when returning to the website or moving from one page to another.

The Company’s website may use cookies to improve the quality of the services offered. The Company may use session cookies or persistent cookies to:

− Recognize new or previous Partners;

− Remember Partner screen preferences;

− Anonymously compile statistics on how and what products offered by the Company the Partner has searched for;

− Collect reliable website usage information that allows the Company to measure how well the website meets the needs of its users and to make any necessary improvements;

− Analyze the intensity of website visits from specific geographical regions.

In addition to the data provided by individuals or authorized representatives of legal entities who visit the online store (hereinafter referred to as the Customer), information contained in the online store’s access files is collected (IP address, Internet service provider, time of visit, sections of the store viewed and products viewed).

The online store uses cookies to provide a better experience for the website and the online store. Cookies are small text files that a web browser (such as Internet Explorer, Firefox, Google Chrome or Safari) stores on the web user’s computer, tablet or smartphone. In this way, websites can also store the web user’s individual settings. Cookies usually contain information about the name of the website, the storage period on the device and a unique number. Cookies can be considered a way for a website to obtain information that allows it to recognize the user and respond accordingly.

There are three main types of cookies:

− session cookies are temporary files that are stored on the user’s computer, tablet or smartphone until the end of the session, leaving the website or closing the web browser, and are used to provide services that require verification on a specific website;

−Persistent cookies are stored on your computer, tablet or smartphone for a period specified in the cookie settings or until you delete them, and are used to remember your preferences and personalize your experience.

− Third-party cookies allow information to be obtained about how websites are used and to provide users with advertising content that is optimally tailored to their interests.

The Company’s cooperation partners – third parties – may use cookies to evaluate the effectiveness of the online store’s advertising and to personalize advertising content. The information that third-party advertisers may collect may include data such as your geographic location or contact information, such as your email address. By using the online store, the Customer agrees to the analysis of cookies on their computer in order to provide personalized offers.

Information related to cookies is not used to personally identify the user. Cookies are used for the following purposes:

− To adapt the online store to the Customer’s preferences;

− To optimize the use of the online store;

− For advertising and marketing optimization based on interest in certain benefits;

− To compile statistics on the number of visitors to the online store.

Cookies are not required for the online store website to function, but they provide a wider range of features for the online store. It is possible to disable cookies in the online store by changing your browser settings or deleting cookies, but in some cases, certain features may be limited when browsing the online store.

8. Personal data processing and data protection

The Company processes the Partner’s data using modern technology, taking into account existing privacy risks and the Company’s reasonably available organizational, financial, and technical resources. The Company ensures, continuously reviews and improves security measures to protect the Partner’s personal data from unauthorized access, accidental loss, disclosure or destruction.

In order to ensure the high quality and timely performance of the obligations under the agreement concluded with the Partner, the Company authorizes other companies, its cooperation partners, to provide production and material delivery services. If, in performing these tasks, cooperation partners process the Partner’s personal data held by the Company, the relevant cooperation partners shall be considered data processors of the Company (processors), and the Company has the right to transfer to the cooperation partners the Partner’s personal data necessary for the performance of these activities to the extent necessary for the performance of these activities.

The Company’s cooperation partners (in their capacity as personal data processors) shall ensure compliance with personal data processing and protection requirements in accordance with the Company’s requirements and legislation, and shall not use personal data for any purposes other than the performance of the obligations under the agreement concluded with the Partner on behalf of the Company.

The Company carefully checks all partners – service providers (personal data processors) who process the Partner’s personal data on behalf of and on the instructions of the Company, and assesses whether the cooperation partners (personal data processors) apply appropriate security measures to ensure that the Partner’s personal data is processed in accordance with the Company’s delegation and the requirements of regulatory enactments. Cooperation partners are prohibited from processing the Partner’s personal data for their own purposes.

The Company shall not be liable for any unauthorized access to personal data and/or loss of personal data if this is not dependent on the Company, for example, due to the fault and/or negligence of the Partner.

The Company guarantees the confidentiality and security of the Partner’s data by taking appropriate technical and organizational measures, taking into account reasonably available organizational, financial and technical resources, ensuring the physical and environmental security of Personal Data, restricting access rights to Personal Data, transmitting Personal Data in encrypted form whenever possible, ensuring the protection of computer networks, personal devices, data backup, etc., thereby also ensuring the protection of the Partner’s data against unlawful access, use or disclosure.

9. Automated processing of personal data

The Controller may carry out automated processing of personal data, including profiling. The Partner has the right to contact the Controller regarding automated decision-making and to request that the Controller make a decision involving the Controller’s employee.

The Controller may use automated processing of personal data, including profiling, for advertising purposes (see Section 15 of the Policy). The Partner has the right to object to this type of profiling by notifying the Controller in writing.

10. Categories of recipients of personal data

The Company shall not disclose to third parties the Partner’s personal data or any information obtained during the provision of services and the term of the contract, except:

−If the data must be transferred to the relevant third party within the framework of a concluded contract in order to perform a function necessary for the performance of the contract or delegated by law (for example, to ensure the delivery of the Company’s products to Customers);

− Sending postal items to the Partner;

− In accordance with the Partner’s consent (see clause 14 of the Policy);

− To persons specified in other regulatory enactments upon their justified request, in accordance with the procedure and to the extent specified in external regulatory enactments;

−In other cases specified in regulatory enactments for the protection of the Company’s legitimate interests, for example, by applying to a court or other state institutions against a person who has violated the Company’s legitimate interests.

11. Access to personal data by third country entities

In certain cases, in compliance with the requirements of regulatory enactments, the Company’s personal data is accessed by Partners located in third countries (i.e. countries outside the European Union and the European Economic Area) (within the meaning of the Regulation – transfer to third countries).

In such cases, the Company ensures the procedures specified in regulatory enactments for the processing of personal data and ensuring a level of protection equivalent to that set forth in the Regulation.

12. Duration of personal data storage

The Company stores and processes the Partner’s personal data for as long as at least one of the following criteria is met:

− Only for as long as the agreement concluded with the Partner is in force;

− As long as the Company or the Partner can exercise their legitimate interests in accordance with the procedure established by external regulatory enactments (for example, to submit objections or bring or defend a claim in court);

− As long as one of the parties has a legal obligation to store the data;

− As long as the Partner’s consent to the relevant personal data processing is valid, unless there is another legal basis for data processing.

Once the above circumstances cease to exist, the Partner’s personal data will be deleted.

13. Access to personal data and other Partner rights

The Partner has the right to receive information specified in regulatory enactments regarding the processing of his/her data.

In accordance with regulatory enactments, the Partner also has the right to request the Company to provide access to their personal data, as well as to request the Company to supplement, correct or delete it, or to restrict its processing in relation to the Partner, or the right to object to the processing (including against the processing of personal data carried out on the basis of the Company’s legitimate interests), as well as the right to data portability. These rights shall be exercised to the extent that the processing of data does not arise from the Company’s obligations imposed on it by applicable laws and regulations and which are carried out in the interests of the Company.

The Partner may submit a request to exercise their rights:

− in writing in person at the Company’s legal address, presenting a personal identification document;

− by e-mail, signed with a secure electronic signature;

Upon receiving a request from a Partner to exercise their rights, the Company shall verify the identity of the Partner, evaluate the request and fulfill it in accordance with regulatory enactments.

The Company shall send a response to the Partner by post to the contact address indicated by the Partner – by registered letter or, if possible, taking into account the method of receipt of the response indicated by the Partner.

The Company shall ensure compliance with data processing and protection requirements in accordance with regulatory enactments and, in the event of objections from the Partner, shall take appropriate measures to resolve the objections. However, if this fails, the Partner shall have the right to refer the matter to the supervisory authority – the Data State Inspectorate.

14. Partner’s consent to data processing and right to withdraw consent

The Company assumes that the Company’s Partners, i.e. customers, suppliers, partners, their representatives and/or employees (including current, potential or former ones), when starting, continuing or renewing cooperation or communication with the Company regarding possible, existing or former cooperation or other matters, by default consent to the processing of their personal data.

The Partner has the right to withdraw their consent and refuse the processing of personal data at any time. If no refusal is received, the Company will consider that the natural person consents to the processing of their personal data.

The Partner may refuse data processing, specifying the specific purpose of data processing (see Section 5 of the Policy), by:

− By sending an email to the Company’s email address office@multipack.lv and/or to the email address of the sales representative, customer service or Company employee from whom the communication was previously received;

− In person, by writing a statement to the Company’s legal address: “Mālkalni”, Vētras, Mārupes novads, LV-2167.

The withdrawal of consent does not affect the processing of data that was carried out while the Partner’s consent was valid.

Withdrawal of consent does not terminate data processing carried out on other legal grounds.

If a refusal to process personal data has been received from the Partner, citing such purpose(s) of processing Personal data that does not allow for the continuation of cooperation, based on legitimate interests, conclusion and performance of the contract or compliance with regulatory enactments, the Company has the right to limit or suspend the provision of its services and even terminate cooperation.

15. Communication with the Partner and commercial notifications

The Company shall communicate with the Partner using the contact information provided by the Partner (telephone number, e-mail address, legal address, postal address).

The Company carries out communication regarding the fulfillment of service contractual obligations based on the concluded contract or based on the application/order received from the Partner.

Communication regarding commercial announcements – about the Company’s and/or third parties’ services and other announcements not related to the provision of directly agreed services (e.g., customer surveys) The Company shall communicate in accordance with external regulatory enactments or with the Partner’s consent.

By expressing their opinion in surveys or leaving their contact information (e-mail, telephone), the Partner agrees that the Company may contact them using the contact information provided in connection with the Partner’s evaluation.

The Partner’s consent to receive commercial communications is valid until it is revoked (including after the termination of the service agreement).

The Company’s Partner may at any time refuse to receive further commercial communications in any of the following ways (indicating the refusal of data processing for a specific purpose (see Section 5 of the Policy)):

−By sending an email to office@multipack.lv and to the email address of the sales representative, customer service or Company employee from whom the communication was previously received;

− In person at the Company’s legal address.

Withdrawal of consent does not affect data processing that was carried out while the Partner’s consent was valid.

Withdrawal of consent does not terminate data processing carried out on other legal grounds.

16. Changes to the Policy

This Policy may be changed without prior notice. The latest version of the privacy policy published on the website: www.multipack.lv replaces all previous versions of the privacy policy.

Approved: by order No. 5/18-GDPR on August 27, 2018

Payment processing is provided by the payment platform makecommerce.lv, therefore our company transfers the personal data necessary for payment processing to the platform owner Maksekeskus AS.