PRIVACY
POLICY
This Privacy Policy (hereinafter referred to as the Policy) provides
important information about how our Company collects and processes personal
data of its clients and other persons, how it uses such data and what measures
it undertakes to protect it. In order to ensure your awareness, we recommend
you read to carefully this Policy and to get acquainted with the information
provided in it.
- DEFINITIONS
The
following definitions are used in this Policy:
The Company, or we means SIA «Māksla Ceļot« – Latvija (company
registration code: 40203017444; company address: Aleksandra Čaka iela 49-26,
Rīga; Latvija. Company
website: makslacelot.lv. The Company described under this Policy is a controller of personal data.
GDPR means the Regulation (EU) 2016/679 of the European Parliament and
of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection Regulation)
(Text with EEA relevance).
Dada subject means a natural person from which the Company receives and
processes the personal data.
Employee means a person with whom the Company concluded an employment
contract or any contract of similar character and, upon the decision of the
head of the Company, such a person is authorized to process personal data or
whose personal data is processed.
Personal data means any information about a natural person whose
identity was defined or whose identity is possible to define (data subject); a
natural person is a person whose identity can be defined either directly or
indirectly, in particular by using such identifiers as name and surname,
personal identification number, location identifier or Internet identifier data,
or several identity attributes of such a person like physical, physiological,
genetic, mental, economic, cultural, or social identity attributes.
Data recipient means a natural or legal person to whom the personal data
is provided.
Data provision means the disclosure of personal data by transfer or
other means making such data available (except for publication in the media).
Data processing means an operation conducted with personal data:
collecting, recording, storing, classification, grouping, merging, changing
(amending or correcting), supplying, publishing, using, logical and (or)
arithmetical operations, search, dissemination, destruction or any other
activity or collection of such activities
Automatic data processing means data processing operations done by
automatic or semi-automatic means.
Data processor means a legal or natural person (who is not the employee
of the data controller) authorized by the data controller to process personal
data. Data processor and/or its authorization procedures can be defined
under laws or other legal acts.
Data controller means a legal or natural person who, alone or together
with other persons, defines data processing purposes and methods. If the
purposes of data processing are defined under laws or other legal acts, the
data controller and /or its authorization procedures may be defined under such
laws or other legal acts.
Personal data of special categories means the data related to the racial
or ethnic origin of a natural person, his/her political, religious, philosophical,
or other beliefs, membership in professional unions, health, sexual life, as
well as the information about previous criminal convictions.
Health data means the personal data related to the physical or
mental health of a natural person including the data about provision of the
health services revealing the information about the health status of such a
natural person.
Consent means data provided upon free will, a specific and unambiguous
expression of the will of a properly informed person with a statement or
unambiguous action, with which he/she agrees gives his/her consent to process
the personal data related to him/her.
Direct marketing means activities for proposing to persons goods or
services and/or for asking their opinions about such proposed goods or
services, made by email, telephone, or any direct method.
Internal Administration means the activities ensuring an independent
functioning of the data controller (structure management, personnel management,
management of the available material and financial resources and their use,
clerical work).
Other definitions used in this Policy are in compliance to the GDPR or other
applicable legal acts.
- DATA
PROCESSING PRINCIPLES
The general principles
The employees of the company when carrying their functions and processing
personal data, shall follow the GDPR and other legal acts and this Policy, as
well as to follow the requirements of internal documents of the Company
executing or supplementing such requirements.
The personal data can be processed only in legal, fair, and transparent manner.
In addition, the Company must be able to provide proof that it actually follows
the principles of data processing defined under this Policy.
Purpose limitation
Personal data may only be collected for the specified and clearly defined and
legal purposes and shall not be processed in contradiction to such proposes.
Regarding the personal data related to the employees, the legal purposes, for
example, are the management of human resources and internal administration
(assignment to duties, and revoking from them, payment of salaries, work
management and other human resources issues related to the employees).
Storage and deletion of personal data
Personal data may be kept in a form which permits identification of the data
subjects for no longer than it is necessary for the purposes for which personal
data is processed.
Data quality and proportionality
The personal data shall be accurate and updated when needed. All reasonable
means shall be undertaken to ensure that the personal data which are not
accurate, taking into consideration the purposes of their processing, shall be
deleted or corrected in an immediate manner. Moreover, the personal data
shall be adequate, suitable, and only such (and for the exact amount of) which
is necessary for the purposes of their collection and/or processing. The
personal data shall be processed in such a way as, by applying technical and
organizational instruments, as to be able to ensure proper security of the personal
data, including the protection of the data processing without permission or
illegal data processing, and from unintentional loss or damage, illegal access.
If the Company doubts the correctness of the personal data it processes, it
shall suspend the actions of such processing, to check and correct the data.
- WHAT
DATA WE COLLECT AND FOR WHICH PURPOSES WE STORE IT
Data processing purposes
The Company processes the data of the persons visiting the websites of the
Company and/or purchasing the services offered for the following purposes:
• for processing of the purchase (order) of services, administration;
• for the identification of the data subject in the information systems of the
Company;
• for the identification of the data subject during the login to his/her
account at the website of the Company (when the Company provides with such an
opportunity);
• for issuing of coupons, approvals, invoices, and other financial documents;
• for solutions of problems related to the execution, presentation, and use of
the services,
• for communications with the data subject if the terms and conditions of the
services purchased by the data subject change;
• for the execution of other contractual obligations;
• for direct marketing purposes;
• for business analysis and statistical analysis, general studies which allow
to improve services and their quality.
The data can be processed for other purposes which are indicated when you
provide your personal data to the Company.
Data processing when purchasing the tourism services offered by the Company
During the purchase of the tourist services, depending on specific types of
services (travel direction), the Company, upon the purposes defined under this
Policy, collects and processes the following personal data: name, and surname,
sex, date of birth or personal identification code, the data of a document
proving the personal identity, address, phone number, email address, payment
card data, personal contact information (phone number, email address),
citizenship, information about the special needs, personal information of the
persons who travel together (names, surnames, dates of birth or personal
identification codes, salutations, and citizenships, other personal data which
are requested during the purchase of service. The data is provided during the
execution of an agreement, purchasing a service, as well as during the
consultations by phone, email, or by providing the information through other
persons.
The Company, in this case, processes your personal data on the the following
legal basis:
• seeking to ensure a proper provision of services and high quality of the
provided services (legitimate interest);
• on the basis of your consent (when the data of special categories (health)
are processed);
• for the purpose of execution of the Agreement;
• for the execution of own duties as of the travel organizer, defined under the
legal acts.
Processing of personal data when providing other services
When obtaining gift coupons, child escort or other services offered by the
Company, for the purposes defined under this Policy, and on the basis of the
agreement execution, the Company may process other personal data. The scope of
the processed data depends on the specific service which you want to obtain.
The data to be provided to be able to provide a service, are indicated during
the ordering of the service.
Processing of personal data when using mobile devices
When you use your mobile devices, the data may be collected for the purpose of
indicating the type of your mobile device, device settings, geographical
coordinates (longitude and latitude).
Processing of personal data when administering and investigating complaints
and/or requests
The Company processed the personal data indicated by you when you submit to the
Company a request and/or complaint in this internet website, by email, post, or
telephone.
The Company processes your personal data under the cases indicated upon the
following legal basis:
• seeking to administer requests and/or complaints, to ensure the quality of
the services provided (legitimate interest);
• on the basis of your consent expressed by your active actions when you submit
a request and/or complaint;
• for the execution of own duties as of the travel organizer, defined under the
legal acts.
The Company, seeking to investigate your request and/or complaint, provide
information and ensure the quality of its services, has the right to register
the information provided by you at the internal information system of the
Company.
The Company requests to follow at least these minimal personal data protection
requirements when you address the Company:
• not to indicate such personal data, as personal ID code, date of birth, bank
account number, vehicle state registration number, real estate data, health
data, other personal data of special categories or any sensitive personal data,
and similar neither in the subject of your request and/or complaint (your email
letter, documents provided in writing, on the internet website), neither in the
attached titles of files;
• in the request and/or complaint text or during the telephone call not to
indicate personal personal data of special categories or any sensitive personal
data, and similar identification code, bank account number, vehicle state
registration number, real estate data, health data or any other data if such
data has no direct relationship with the request and/or complaint, and to
indicate the personal data of other persons only as much as it is necessary for
the purposes of the submitted request and/or complaint.
Should the Company need any additional information for the investigation of
your request and/or complaint, it will use your contact information to be able
to contact you.
The Company also wants to draw your attention that the personal data of the
persons who contacted the Company with their requests or complaints, may be
transferred to the company UAB «Aviaturas ir partneriai» belonging to
the Company group, and that this company helps to ensure fluent and prompt administration
of complaints.
Processing of personal data of the shareholders of the Company
The Company processes the personal data of its shareholders in its operations:
• for the purpose of internal administration;
• for the purpose of execution of its legal liabilities related to the
registration and processing of the data of the Company shareholders, the
accounting of shares, and execution of other liabilities applicable to them.
Processing of personal data of other administrative bodies of the Company
The Company in its activities processes the personal data of the members of the
administrative bodies of the Company:
• for the purpose of internal administration;
• seeking to execute its legal obligations related to the administrative bodies
(head of the Company, the board of observers, committees, and etc.) formation,
organizing of their activities, providing of the data of the administrative
body and its members to the public registers and for registration at such
registers, application of the Law on the Financial Accounting of Companies
(e.g. statement of the data of the board and its members in the annual report),
and similar.
The processing of personal data of the administrative bodies of the Company is
mandatory on the basis defined bu legal acts.
Data processing for the purposes of employees’ selection
By applying for a vacancy in the Company, or contacting the Company in relation
to the vacancy announcement, the Company collects and processes the personal
data provided in your letter and CV.
The Company processes the data you provided:
• for the purposes of staff selection;
• on the basis of your consent which you express with your active actions when
providing your personal data.
The Company stores your data provided via this internet website in relation to
the staff selection for 12 months.
The Company wants to draw your attention that the fact of providing of any
personal data for the purpose of staff selection and the storage of such data
does not mean the application to the vacancies wanted. If you find an
advertisement in the website of the company or employment search websites in
relation to your wanted vacancy, we invite you to apply directly by using the
email address indicated in such an advertisement.
The Company informs that for the purpose of evaluation of your application, it
can apply for recommendations to your previous employers you indicated and
request information on your qualification, processional, and business skills.
The Company can request such information from your existing employee only
having received your separate consent.
The Company also wants to emphasize that it can receive your personal data from
the third parties, for example, the companies managing employment
advertisements websites, employment agencies, when you provided your data to
such companies, as well as from publicly available sources where you published
your personal data.
- Marketing
proposals and newsletters
Using the services provided by the Company and concluding tourism services
provision agreements the data subject can upon his/her own will agree to allow
to use his/her personal data provided for the marketing purposes of the Company
by expressing such of his/her consent in an appropriate graph of the tourism
services provision agreement with his/her signature.
The data subject may agree to receive the information sent by the Company:
- After
visiting the website of the Company (makslacelot.lv) and
subscribing for Company newsletters.
- By
using the services provided by the Company (filling in the questionnaires
of the Company after your travel by air plane, by bus on-line or during
the events organized by the Company), and by concluding tourism services
provision agreements (via our travel agents) by expressing your consent to
receive newsletters, information notifications, proposals, discounts,
sales off and etc. by marking this in an appropriate graph (e.g. by
ticking).
- If
an opportunity is provided to register and become the member of the
Company’s club, after the registration and approval of the Company club
membership, the data subject may express his/her consent to receive
newsletters, information notifications, proposals, discounts, sales off
and etc.
- If you
are provided with an opportunity to register to the website of the Company
and to become a register user of it, after completion of the registration
and after becoming the registered member of the Company website, the data
subject may express his/her consent to receive newsletters, information
notifications, proposals, discounts, sales off and etc.
The data subject has the right to refuse the information sent by the Company by
clicking on the refusal link in the newsletter or any other letter sent to the
data subject by the Company and to refuse such proposals and news.
If, when filling in the questionnaires of the Company after trips (in buses,
air planes, or on-line) the data subject does not mark (e.g. by ticking) that
he/she agrees to receive the news, proposals, and other information sent by the
|Company — he/she will no longer receive them because the information of the
data subject will be updated and the latest information provided by the data
subject will be used.
If the data subject is a registered user of the Company website who does not
want to receive unwanted information about the services of the Company, he/she
can make the changes at an time by logging into his/her account at the Company
website and marking this (e.g. by ticking) in his/her account at «My
data» -> «Information settings».
The data provided by the data subject which are used for the purposes of direct
marketing help to ensure a continuous improvement and development of the
Company website and services provided by the Company, and provides the
opportunity to offer the best proposals.
The data subject can also use his/her right to refuse to process his/her data
for direct marketing purposes by informing the Company in writing by post or
means of electronic communications.
- PERIOD
OF STORING OF PERSONAL DATA
The Company shall store the personal data for as long as it is necessary to
reach its targets for which such data is processed (e.g. to provide services,
to investigate a complaint, and etc.) as well as following the requirements of
storage of such data defined under the legal acts, legal requirements for
limitation periods in relation of providing or protecting against legal clams,
and if such are submitted — as long as it is necessary for this purpose..
In order to implement a proper control over the duration of data storage, the
Company has appropriate technical and organizational measures to ensure data
deletion after the expiration of the data storage period.
- PRIVACY
AND PERSONAL DATA SECURITY
Following the GDPR and other documents regulating data protection, the Company
applies measures to prevent illegal access to or illegal usage of the data of
the data subject. The Company ensures that the data provided by data subjects
will be protected from any illegal actions: illegal changes of the personal
data, their disclosure or destruction, theft of personal identity, fraud or
similar illegal actions.
The Company uses appropriate technical and organizational security measures,
appropriate business systems and procedures in place to protect and defend the
personal data of the data subject entrusted to the Company. The Company uses
security systems, technical and physical measures restricting access to the
personal data of the data subject and its use at the servers of the Company.
Only the staff of the Company with special permissions can see the personal
data of the data subject provided to the Company, and only for work purposes.
The Company uses only such data processors which guarantee the implementation
of all necessary technical and organisational measures for the protection of
personal data, and which follow such measures.
- USE OF
COOKIES
When you visit our website, we want to provide information and functions
specially customized only for you. Cookies are needed for this purposes. They
are small elements of information, text files, saved in your Internet browser.
For more information on the types of cookies we use and how you can control
them you can find in our Company Cookies Policy at
www.makslacelot.lv
- TRANSFER
OF PERSONAL DATA
The Company may use the services of certain service providers (data processors)
to manage your personal data. These data processors are the following: the
company providing services to the data centre, companies doing the analysis of
Internet browsing and internet activities and providing related services,
companies designing software, providing, supporting and developing it,
companies providing information technology structure services, companies
providing communication, security, recruitment, call centre services, and other
service providers to which the personal data is disclosed only to the extent
needed to provide their services.
If there are sufficient legal grounds (e.g. when it is necessary for concluding
or executing the agreement with you and when the information about this
transfer was properly provided for you), the data can be transferred to our
business partners or agents.
We would like to inform you that certain data related to your visits at out
website (IP address, cookies, technical information on the browser you use,
other activities related to your browser and information related to your
browsing at our website), browsing statistics, analyses, for relevant purposes
can be transferred or made available to the subjects operating both in the
European Economic Area (EEA), as well as out of this area (e.g. when we use
Google Analytics service, when such a subject ins a company registered in the
United States of America).
We would also like to draw your attention that if you select a trip outside the
EEA, the data you provided may be transferred to our partners operating in such
countries and helping us to organize your trip: airlines, hotels,
representatives of the Company at the direction of the trip, etc.
We would like remind that the level of personal data protection outside the EEA
countries can be lower compared to the EEA countries, and this means a higher
level of risk for illegal data processing, but we will meticulously evaluate
the conditions under which such data of yours will be processed later and
secured after the transfer of the data to the above-mentioned subjects. Your
data to such receivers will be transferred only to such scope which is needed
to perform the agreement made with you and to provide services for you. With
the major partners from the third countries the Company concludes Standard
Conditions for Agreements approved by the European Commission about which you
can get more information using the Contacts of the Company indicated below:
To other data receivers your personal data may be submitted only on the basis
defined under legal acts.
- RIGHTS
OF THE DATA SUBJECT
You, in relation to your personal data, have the following rights:
• to get to know about your personal data and how this data is processed;
• to demand to correct incorrect, inexact, or incomplete data;
• to demand to delete your personal data or to limit the processing of such
data when such data is processed without following the requirements defined
under legal acts or when there is another legal basis;
• to demand to transfer your personal data to another data processor or to
provide this data to you in a convenient form (applicable to the data you
provided yourself and which is processed using automatized means or on the
basis of your consent);
• to disagree to the processing of your personal data if such data is processed
on the basis of a legitimate interest, with the exception of cases when there
are legitimate reasons for such processing or when it is necessary to submit,
execute, or protect legal requirement;
• to revoke, at any time, your consent if you personal data is processed upon
the basis of your consent.
In such cases when you think your data is processed illegally or by breaching
your rights related to the data processing, you have the right to appeal to the
State Personal Data Protection Inspectorate (for more information please visit
www.ada.lt) and to submit your complaint to it.
However, the Company recommends before submitting the official complaint, to
contact the Company by email info@makslacelot.lv for trying to find a proper solution
of the problem.
In order to protect personal data against unauthorised disclosures, the
Company, having received your request for the implementation of your rights,
will have to verify your identity. For this reason the Company may ask you to
indicate your name, surname, date of birth, e-mail address, or phone number, or
request to appear in person in the Company or one of its offices for the
purpose of checking your identity. In carrying your this check, the Company may
also sent its control notification to the indicated contact (SMS or email)
asking to perform the action of authorisation. If the verification procedure is
not successful (e.g. your data will differ from the data the Company has, or
you do not authorize yourself upon the SMS or email message received), the
Company will consider that you are not the subject of the requested data and
will reject the request you submitted.
The Company, having received your request and successfully performed the above
mentioned verification, no later than within one month from the receipt of your
request and completion of the verification procedure, shall provide you with
the information about the actions it undertook in relation to your submitted
request. Taking into consideration the complexity and number of requests, the
Company may have the right to extend the period of one month up to two months
by informing you about this no later than within one month from the
receipt of your request and completion of the verification procedure and shall
state the reasons of such extension.
If you submit your request by electronic means and the Company would be able to
verify your identity properly, you will also receive the reply from the Company
by electronic means with the exception of the cases when this is impossible
(e.g. due to a substantial volume of information, other actual circumstances
and reasons), or if you request to reply in different ways.
Under the reasons and/or circumstances defined under legal acts, the Company
may refuse to fulfil your request and the Company will inform you about such a
refusal by providing the reasons.
- LIABILITY
The data subject shall provide the Company complete and correct personal data
and to inform about relevant changes of such personal data. The Company shall
not be held liable for damages caused to the data subject and/or third persons
if the data subject provides incorrect and/or incomplete data about
himself/herself or did not inform duly and on time about the changes of such
data.
It is strictly prohibited to submit false and deceitful orders. Travel,
services reservation services offered at the website, can only be used for
submitting a legitimate order or customized or purchase for oneself and other
persons in the name of which the person submitting the order has the right to
act. If the user performs any suspicious activity, frauds or abuses the travel
ordering services and other service ordering services offered at the website,
the Company may cancel all or part of such orders made in the name of such a
user, related to his/her email or account, or to close all accounts of such a
user. The Company shall have all rights to undertake necessary legal actions in
cases of fraud actions performed by the user. Under such cases, the user who
did the fraudulent actions shall be liable for the financial damages suffered
by the Company including costs of litigation and any other consequential
damages.
The data subject when purchasing the services offered by the Company or
otherwise providing to the Company not own, but third persons personal data
(e.g. family members, friends data and etc. who travel together) shall inform
such persons that all information related to the processing of data can be
found in this Policy. The data subject, by providing the personal data of other
persons, including the personal data of children and/or personal data of
special categories, certifies that he/she is a legitimate representative of
such persons (one of the parents, guardians) and that such persons agree on
such submitting of their data and processing of such data. The Company reserves
the right to contact the person indicated to make sure such a consent was
given.
Without providing the personal data requested by the Company, the Company will
not be able to provide certain services or to ensure the quality of the
services provided.
The Company shall not be liable for communication malfunctions due to which the
users of the Company website and other persons could not reach its website or
use the services.
The Company cannot absolutely guarantee that the functioning of the Company
website will be without any interruptions, without any malfunctions or errors,
that the website of the Company would be fully protected from viruses or any
other malicious components. The data subject is informed that any materials
read by the data subject, downloaded or otherwise received by using the website
of the Company, is exclusively received upon the discretion and risk of the
data subject, and only the data subject shall be held liable for the damages to
the data subject and to his/her computer system.
If the data subject is a registered user of the Company website (when the
Company provides such an opportunity), the data subject undertakes all risk and
responsibility for the actions of the third persons in the website of the
Company done by using the login data of the data subject, and undertakes to
execute all obligations undertaken in relation to the usage of the login data
of the data subject.
The user, when using this website, accepts and agrees to all liabilities
defined under this Policy.
- HOW TO
CONTACT US
If you have any questions related to the processing of your personal data or
this Policy, or questions relayed to the implementation of your rights, please
contact us:
SIA „Māksla Ceļot”, info@makslacelot.lv
- FINAL
PROVISIONS
The Company can update this Policy at any time. The Company will inform the
visitors about these updates by uploading a new version of this Policy together
with the date of the last changes. The visitors understand that by continuing
the use of this website after the implementation of the Policy updates, they
express their consent with such changes.
Should any of the provisions of this Policy be declared as void or not
applicable, this shall not have any effect to the legality of the remaining
provisions of the Policy and their validity.
This Policy shall enter info force from its publication on the website of the
Company.
Last Updated: December 20, 2019