SIA Thermowhite Baltic, a company registered in the Republic of Latvia with registration number 40103772357 and registered office at Jaunelku iela 39, Riga, LV-1024, Latvia, hereinafter referred to as the Controller. Privacy Policy, hereinafter referred to as the Policy, is a document providing information to natural persons on how Thermowhite processes data to improve the quality of the content of the website www.thermowhite.lv, for ease of use and adaptation to the needs of users. The Controller is committed to privacy and is committed to protecting your personal data appropriately. This policy sets out the basis on which we process any personal data collected from you or that you provide to us when using our services or the www.thermowhite.lv website. Please take the time to review this policy so that you understand our beliefs and practices regarding your personal data and how we process it.
How we obtain information
We may obtain data about you in the following cases:
- Information you provide by filling in forms or documents on our website or in person.
- If you contact us, we may retain this correspondence and the information provided therein (including details and order information).
- Detailed information about your visits to our website and the resources you access.
- The information you provide in your consent or submissions to us.
IP addresses and cookies
We may collect information about your computer (terminal equipment), including your IP address, operating system and browser type for system administration. These are statistical data analysed in relation to browsing activities and patterns and does not identify any individual.
The Controller may also obtain information about your general use of the Internet through the use of cookies, which are stored on the terminal equipment used to access the website www.thermowhite.lv. You can find out more about the terms and types of cookies in our Cookie Policy: https://www.thermowhite.lv
Where we store your personal data
We carry out our activities and process the data within the territory of the European Union. At the same time, in certain cases, if you are separately informed and/or agree, the data collected from you may be transferred to and stored at a destination outside the European Economic Area (EEA). For example, where this is in connection with the performance of a contract (for example, an order from a manufacturer or supplier outside the EU/EEA or product registration) or where you have consented to third party cookies and these cookies are managed by a third party located outside the EU/EEA.
Security and retention periods of personal data
The Controller implements and maintains appropriate administrative, technical and organisational measures to protect the personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
The Controller keeps the personal data for no longer than is reasonably necessary for the purposes for which the personal data concerned are processed. The retention periods of personal data are determined on the basis of applicable laws and regulations or the legitimate interests of the Controller. After the retention period expires, personal data will be deleted. If there are obstacles to the deletion of personal data (e.g. an order prohibiting the deletion of personal data), the personal data are retained until the obstacles are eliminated or cancelled. We reserve the right to delete or permanently anonymize your data earlier if the legal basis for the use thereof has ceased to exist or if they are no longer necessary for the provision of further services.
In normal cases, we destroy completed purchase and order forms and requests within 3 months after the transaction is completed. Accounting documents (e.g. invoices, delivery notes) are required by applicable law to be kept by us unaltered for a longer period – usually 5 years after the transaction.
We keep the consents given for the processing of data for evidentiary purposes for the period of the validity thereof and for further 5 years after the withdrawal thereof, however, we may digitise or destroy them earlier if the retention of the consents is not deemed necessary.
For statistical purposes, data are anonymized.
Please remember that you are responsible for storing and deleting the data on your terminal equipment (use the appropriate settings on your internet browser to delete cache and cookies).
What categories of personal data do we process and for what purposes
We use the personal data (categories of personal data) set out below for the purposes set out below.
1. The data you provide when communicating with us
1.1. Purpose: Management of customer submissions and communications, handling of applications and other requests.
When you contact us or we need to inform you in order to respond to your request, process your submission or contact you under applicable law, we may identify you and contact you using the contact information available to us (phone number, e-mail address, postal address), ask for additional identifying information if necessary to protect your privacy adequately or to fulfil our obligation, or to better respond to your requests or improve our products and services.
1.2. Types of data processed and legal basis for processing. For the purposes of this processing, we will process the following categories of your personal data and for the following legal bases:
| Categories of personal data processed |
Identifying information (including name). Contact details (including e-mail, phone number, address). The content of the communication (including the data used to communicate with you, data necessary to process your requests and applications). |
| Legal basis for processing |
We are legally obliged to: respond to customer enquiries and submissions; in the event of the exercise of the consumer right of withdrawal, consumer complaints, product recalls. We have a contractual obligation: to perform the Contract if the request or application is related to the Contract. Our legitimate interest in defending your rights and interests if you make a claim against us or if we are involved in a legal dispute. Our legitimate interest in providing adequate customer service and efficient corporate governance processes. |
1.3. Duration of storage of personal data: as long as the Controller considers the application or other request and provides a response and for a further 2 years after the last communication. If the application, claim or other request gives rise to a legal dispute or the possibility of such a dispute, we may keep your data longer until the expiry of the statutory limitation periods for bringing a claim or the entry into force of a final decision.
2. Direct marketing, advertising and information materials
2.1. Purpose: Sending marketing information and offers.
With your consent, we will keep you informed about various news and updates related to our offers and those of our cooperation partners. If you wish to receive our newsletters, you must indicate this on our website or by signing up to any other method offered.
2.2. Types of data processed and legal basis for processing. For the purposes of this processing, we will process the following categories of your personal data and for the following legal bases:
| Categories of personal data processed |
Identifying information (including name). Contact details (e-mail, phone number). |
| Legal basis for processing | Your consent. You may withdraw your consent at any time. This can be done by selecting the unsubscribe link in the received e-mail, WhatsApp message or SMS, or by notifying the contact details of the Manager. |
2.3. Duration of storage of personal data: see section “Security and storage periods of personal data”.
Data accuracy
If the details you have provided to us have changed (e.g. your contact details for the newsletter), you must inform us immediately by correcting the incorrect or inaccurate details. You may actualise and update the data you have provided to us at any time so that they are correct.
Cases where data may be disclosed to the third parties
Disclosure of personal data may be for the purposes of the Controller’s obligations to you, the operation of the website and the provision of services – we may transfer your personal data to companies and bodies that provide services to us, such as services related to the maintenance and operation of the website, or to send direct marketing messages, to ensure the delivery of goods.
We make reasonable efforts to verify all service providers that process your personal data on our behalf and on our instructions. We assess whether our business partners (personal data processors) apply appropriate security measures to ensure that the processing of your personal data is carried out in accordance with our assignments, instructions and regulatory requirements. These companies are not entitled to use your personal data for any other purpose. We transfer your personal data to the third parties who are involved in the execution of the transaction you have chosen.
Your data may also be transferred at the request of competent authorities (law enforcement authorities, national and local authorities) (e.g. a supervisory authority responsible for the protection of personal data or the police).
Changes to the privacy policy
We may amend or update this Privacy Policy from time to time by posting amendments on the Website. Any amendments and the new version take effect immediately upon posting, unless otherwise provided for. You should ensure that you are aware of the current version of this Privacy Policy when using this Website.
Data subject’s rights in relation to the processing of personal data
The data subject has the following rights in relation to his or her personal data:
- to receive information from the Controller as to whether or not his/her personal data are being processed and, if they are being processed, to have access to his/her personal data and to receive information on the purpose (intent) of the processing of personal data, the category of personal data, the recipient(s) of the personal data, the period of retention of the personal data, automatic decision-making, including profiling, and its consequences, information on other sources of personal data where personal data are obtained from a third party, information on safeguards where personal data are transferred to a third country or an international organisation, and information on the data subject’s rights;
- information on whether the provision of personal data is contractually or legally required, whether the provision of personal data is a precondition for the conclusion of a contract, the requirement for the data subject to provide personal data and the consequences of not providing personal data;
- request the rectification of your personal data if it is inaccurate, incorrect or incomplete;
- request the restriction of the processing of your personal data;
- object to the processing of your personal data;
- request the deletion of your personal data;
- withdraw your consent to the processing of your personal data;
- not be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject. These conditions do not apply where the decision is necessary for entering into, or performance of, a contract between the data subject and a controller, or is based on the data subject’s explicit consent, or is permitted under applicable law or regulation;
- portability of his/her personal data in respect of personal data which the data subject has provided to the Company in a structured, commonly used and machine-readable format;
- to lodge a complaint with the Controller about the processing of personal data. In cases where the Controller does not satisfy the complaint, lodge a complaint about the processing of personal data with the Data State Inspectorate (the contact details of the Data State Inspectorate are available on the website: www.dvi.gov.lv).
The rights of the data subject are ensured by the Controller in compliance with the requirements of the Regulation for the exercise of those rights.
If the data subject withdraws his or her consent to the processing, this does not affect the lawfulness of the processing carried out prior to the withdrawal of consent.
Data processing on other linked websites
The Controller’s website www.thermowhite.lv may contain links to the third party websites, which have their own terms of use and personal data protection, for which Thermowhite is not responsible.
Manager and contact details
The Controller is SIA Thermowhite Baltic, reg. No. 40103772357, registered office: Jaunelku iela 39, Riga, LV-1024, Latvia. If you have any questions, comments or requests regarding the privacy policy or the processing of your personal data, please contact us by e-mail info@thermowhite.lv or by sending a letter to Jaunelku iela 39, Riga, LV-1024.
We will process your data protection request without undue delay and will respond to your request or non-compliance with it no later than one month from the date of receipt. In the event that it takes us longer to comply with the request, we have the right to extend the time for compliance by a further two months, but in any event you will be informed within one month.
Version 1.0.
3 September 2024