Privacy notice

Privacy Policy

This is a notice regarding the processing of personal data and consent to the processing of personal data for registered users ("User") of the online store www.citasantehnika.lv ("Online Store"), as well as potential customers who visit the www.citasantehnika.lv website ("Website"), purchase goods at the store in person, or purchase goods at the online store without registration ("Customer"), as well as for the Cita Santehnika brand social media pages, the link to which is indicated on the Website ("Social Media"). In connection with the fact that personal data processing is carried out on the Online Store, Website, and Social Media ("Pages"), and to inform the User and Customer about their personal data processing, as well as to provide a basis for the User and Cita Santehnika customer personal data processing, this policy ("Policy") provides the User and Customer with information about the processing of their personal data.

1. Data Controller

The personal data of the User and Customer is controlled by Cita Santehnika.

Cita Santehnika: SIA "Cita Santehnika", registration number 40003451144, address: Riga, G.Astras 8.

Users and Customers have the right to contact Cita Santehnika regarding personal data processing issues.

Data protection manager: For personal data processing issues, please contact the Data Protection manager by writing to the email: reklama@cita.lv

2. User and Customer Personal Data, Processing Purposes, Grounds and Terms, as well as Data Recipients:
   • Personal Data Name, surname, email, phone number, as well as authentication and profile data received from third parties (such as Facebook, Inc., Facebook Ireland Ltd., SIA Draugiem, Google LLC, and similar entities) about the User at the User's request and choice. Processing Purposes User registration and authentication for the use of the Online Store Processing Grounds:
   • Performing actions to conclude a contract and fulfill a contract.
   • Data controller's legitimate interests to ensure the security of the information available to the data controller.
   • Consent to the use of the authentication data of the aforementioned social networks.

Processing Term As long as the User is registered on the Online Store, but no longer than 3 (three) years from the last login to the User's account.

Recipients:

• Data controller's affiliated companies in the EU and EEA for the optimization of the processing purposes;
• Data processor service providers, including data storage service providers, IT and security service providers, and individuals involved in maintaining the Pages.
• Passport Data Passport data (for leasing purposes), residence and/or address, contact information, User and/or Customer number, name, surname, information about payment methods (including gift cards), payment options for goods, and similar financial information, information about the Customer's or User's financial status, information about the purchased product, geolocation data (in the case of renting transportation for goods delivery). Processing Purposes Ensuring the purchase and delivery of goods after placing an order.

Processing Grounds:

• Performing actions to conclude a contract and fulfill a contract.
• Data controller's legitimate interests to ensure the security of the data controller's property.

Processing Term As long as the User is registered on the Online Store, but no longer than 10 years from the last login to the User's account on the Online Store.

Recipients:

• Data controller's affiliated companies in the EU and EEA for the optimization of the processing purposes.
• Data processor service providers, including data storage (including with respect to geolocation data) service providers, IT and security service providers, individuals involved in maintaining the Pages, individuals involved in the purchase and delivery of goods (such as couriers, logistics companies).
• Leasing and similar financial service providers.
• Email, phone number, name and surname, date of birth (if disclosed), information about Website visits, Website usage habits, and shopping habits as mentioned in point 2.6. Processing Purposes Management of Customer cards and provision of services in accordance with the Customer card and profile terms.

Processing Grounds:

• Conclusion and execution of a contract between the Cardholder and the Company in accordance with the Customer card and profile terms.
• Consent for marketing purposes as described below in point 2.6. Processing Term As long as the User is registered on the Online Store, but no longer than 10 years from the last login to the User's account on the Online Store.

Recipients:

• Data controller's affiliated companies in the EU and EEA for the optimization of the processing purposes.
• Data processor service providers, including data storage service providers, IT and security service providers, individuals involved in maintaining the Pages, marketing and PR service providers, Social Media and similar platforms (such as Google) with cookie usage involved.
• Name, surname, contact information, call recordings, information about purchases, or any other information provided by the User or Customer to the Controller when requesting assistance, including on online communication platforms.

Processing Purposes Providing customer support. Processing Grounds • Performing actions to conclude a contract and fulfill a contract.

• Controller's legitimate interests in ensuring the provision of quality services, protecting employees, and maintaining reputation.
• Compliance with regulatory requirements (including consumer protection laws). Processing Term As long as the request for support is relevant, and up to 10 years after resolving the request. Call recordings are stored for up to 12 months. Recipients
• Data controller's affiliated companies in the EU and EEA for the optimization of the processing purposes.
• Data processor service providers, including data storage service providers, IT and security service providers, individuals involved in maintaining the Pages, individuals involved in the purchase and delivery of goods, and any other individuals whose involvement would be necessary for providing requested support, call centres, and online communication service providers.

Information about the ordering party and payer, order history, payment details, delivery information.

Processing Purposes

Providing customer support. Conducting Controller's financial accounting, including organizing accounting.

Processing Grounds

As indicated in the relevant regulatory enactments.

Processing Term

In accordance with the storage periods specified in the relevant regulatory enactments (approximately 10 years).

Recipients

• Data controller's affiliated companies in the EU and EEA for the optimization of the processing purposes.
• Data processor service providers, including data storage service providers, IT and security service providers, accounting maintenance service providers, supervisory authorities upon their request, payment service providers.
• Name, surname, contact information, gender, photo, date of birth, purchasing habits, website usage information and habits, images, videos, visited pages, IP address, geolocation information, browser type and version, operating system, referral source, duration of website visits, pages viewed within the website, website browsing paths, social media usage habits related to the company's products and services, data on the products viewed by the user (who may also be a cardholder), product reviews, information on discounts and similar promotions (such as coupons), information on participation in games (lotteries and draws), information on surveys, information on the existence of a customer card, Personal data processed through cookies. More detailed information on cookies is available in the Cookie Policy.

Purposes of use

The Company's economic development (including the collection of surveys and research on customer and user satisfaction), promotion of products and services, and conducting marketing activities. This includes providing information about the Company's products and services, adapting the functioning of the Website and commercial communications to the purchasing habits of the User and Customer, as well as sending marketing materials to the User and/or Customer (or otherwise engaging in marketing-related communication) and ensuring the operation of the customer card.  Additional information on Personal data processing related to the use of customer cards is available here.

Basis of use

• The Company's legitimate interests in attracting new Customers and Users, as well as promoting its products and services, including collecting information on Customer and User satisfaction and communicating marketing information, also using Social Media targeting and similar solutions, such as Google Customer Match.
• Customer and/or User consent (especially for sending commercial communications via email, SMS, and making advertising calls, as well as in cases of using cookies and pixels) or in other cases where consent is required.

Term of use

Personal data are retained for as long as necessary for the purposes specified by the Company, in the relevant scope, unless in certain cases the Customer or User has valid objections to processing or has revoked consent and has requested deletion of Personal data.

After Personal data are no longer necessary for a specific Customer or User, they may be stored for up to 5 years if they may be needed for dispute resolution.

Feedback on products may be retained for up to 10 years.

Recipients

• Companies affiliated with the Company in the EU and EEA for optimizing the processing of Personal data for the stated purposes;
• Service providers of the Company, including data storage service providers, IT and security service providers, individuals involved in maintaining the Website, archiving service providers;
• Archives.

If the Controller does not have information that the Controller is required to provide under the law, the Controller cannot be held responsible for any negative impact on the Client and/or User resulting from the non-provision of this information. If the Controller does not have the information necessary for legal compliance, it may affect the rights and obligations of the Client and/or User, and the Controller cannot be held responsible for such impact.

If the User and/or Client does not provide the Controller with the Personal data necessary for the performance of the contract, the Controller may be limited in its ability to perform the contract with the User and/or Client. If the Controller does not have the information necessary for the performance of the contract, it may affect the rights and obligations of the Client and/or User, and the Controller cannot be held responsible for such impact.

The Controller may also receive Personal data of the Client and User from state and local government authorities, authentication partners (such as Facebook, Inc., Facebook Ireland Ltd., SIA Draugiem, Google LLC), and other Controller-affiliated companies involved in the processing of the Client or User Personal data.

3. Transfer of Personal Data Outside the European Union

In some cases, the Controller may transfer Personal data outside the European Union, for example, when using data storage solutions that provide data storage services outside the European Union.

Depending on the circumstances, the Controller may choose to implement special safeguards for the protection of Personal data as indicated in the Regulation (in accordance with Article 46 of the EU General Data Protection Regulation), such as entering into standard contractual clauses with the recipient of Personal data or using exceptions, such as the necessity of performing a contract between the Controller and the User (in accordance with Article 49 of the EU General Data Protection Regulation). The User and Client have the right to access or receive information about the transfer of their Personal data outside the European Union by the Controller, using the information provided in this document.

4. User and Client Rights Regarding Personal Data Processing

Users and Clients have the right to:

• request access to their Personal data from the Controller,
• request correction of their Personal data in case of inaccuracies. The User can change their personal data in their client profile on the Website. If the User cannot make changes to their profile on the Website for any reason, they can contact Customer Service and request changes.
• request deletion of their Personal data if the basis for processing and storage of Personal data has been lost,
• request restriction of processing of their Personal data,
• object to the processing of Personal data,
• request the Controller to provide the opportunity to transfer the Client's or User's Personal data to another legal or physical person electronically, taking into account the exceptions specified in applicable laws,
• lodge a complaint with the Data State Inspectorate of Latvia if they believe that their rights have been violated. However, in this case, the Controller encourages initially contacting the Controller to resolve the existing issue as effectively as possible.
• withdraw their consent to the processing of their Personal data in cases where the basis for processing Personal data is consent. The User or Client may:

- use the contact information provided in this document to withdraw consent;

- submit the withdrawal of consent in writing in free form at Cita Santehnika store in Latvia;

- manage consent options in their profile on the Website;

- click on the link in a commercial email or text message if the Client wishes to unsubscribe from receiving commercial communications via email.

If the User or Client withdraws their consent, including consent to the use of cookies, the Controller has the right to restrict the functionality and scope of their services, including the operation of the Website and the Online Store. In such cases, the Controller will not be able to provide the appropriate services to the User or Client if the necessary Personal data for providing services and/or functionality is not available due to the withdrawal of consent by the Controller. Withdrawal of consent does not affect the lawfulness of processing based on consent given before the withdrawal.

5. Automated Decision Making in Personal Data Processing

The Controller may use automated decision-making regarding User and Client Personal data for the development of Controller's economic activities, promotion of goods and services, and marketing activities, including adapting the Website's functionality and commercial communications to the User's purchasing habits. Specifically, the Controller may analyze Website visitation and usage data to offer advertisements, products, services, discounts, or participation in specific promotions tailored to each User or Client's habits and interests, including the use of the Client card.

The Controller will analyze User and Client profile personal data generally or with the assistance of a specific algorithm depending on the chosen marketing solution.

6. Cookies and Similar Technologies

In addition to what has already been mentioned in this document regarding Personal data processing, which is carried out through cookies and similar technologies (including pixels).

A cookie is a small file that requires permission to be placed on the hard drive of a computer. Once the person agrees, the file is added, and this cookie helps analyse website traffic or informs the person about visiting a certain website. Cookies allow web applications to respond to individual Client or User requests. The web application can tailor its operation to the needs and interests of the Client or User by aggregating and remembering information about their preferences. The Controller uses traffic log cookies to analyse data about website visits and improve the website according to the needs of the Client or User. The Client or User has the option to reject, accept, or personalize cookies.

In addition to cookies, the Controller may use similar technologies (such as pixels) that provide information collection about Client and/or User purchasing habits or interests.

The Privacy Policy was last updated on 01.06.2024.

Click here to download the privacy policy.