Menu

1.  Objective

The objective of the Privacy Policy shall be to provide the natural person – data subject – with the information regarding purpose, extent, protection, processing time and rights of the data subject during acquisition and processing of personal data of the data subject.

The present privacy policy, hereinafter referred to as the Policy, describes in general the arrangements whereunder SIA “POLIPAKS”, hereinafter referred to as the Company, performs the processing of personal data as Controller.

By providing personal data to the Controller, the Person is aware and unequivocally agrees that the Controller processes the Personal Data in accordance with the present Privacy Policy and with the effective regulatory enactments of the Republic of Latvia and the relevant laws of the European Union.

2.  Personal Data Controller and its contact information

Controller – SIA “POLIPAKS”, unified registration No 40003283415, legal address: “Mālkalni”, Vētras, Mārupes municipality, LV-2167, telephone 67517651, e-mail: [email protected]. Contact details of the Company in the matters related to the processing of personal data shall be: SIA “POLIPACS”, legal address: “Mālkalni”, Vētras, Mārupes municipality, LV-2167, telephone 67517651, e-mail: [email protected] bearing note for attention of “Data protection specialist”. Contact details of the Company are available also at the website: www.polipaks.com/contacts.

The Partner may contact the Company in relation to the Personal Data processing issues, withdrawal of consent, requests, use of the rights of data subjects and complaints regarding the use of personal data.

3.  Scope of application of the document

 

The Privacy Policy shall be applicable for the purpose of ensuring privacy and personal data in respect of:
  • Natural persons – representatives of customers, suppliers or partners of the Company, including potential, former and existing, which Personal Data are processed by the Company;
  • Visitors of the offices and other premises of the Company, including for which video surveillance is performed;
  • Visitors to the Company website.

Partner means any natural and legal person, representatives and staff thereof using, having used, or having expressed their intention to use any goods and/or services provided by the Company, or in any other way related thereto or providing or intending to provide any goods and/or services to the Company or having any other relation thereto;

Personal data means any information related to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The policy shall be attributable to the processing of data regardless of what form and/or media (in paper, electronic or telephonic format) the Partner is providing personal data and in which systems of the enterprise or paper form these are processed.

The Company shall take care of the privacy and the protection of personal data of the Partner, respecting the Partners’ rights to lawfulness of the processing of personal data in accordance with 3 the applicable legislation – the Personal Data Protection Law, Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation) and other applicable legislation in the field of privacy and data processing.

With regard to specific types (e.g. processing of cookies, etc.), media and purposes of data processing, additional specific rules may be prescribed whereof the Partner shall be informed when they provide appropriate data to the Company.

In the processing of personal data, the Company shall ensure the confidentiality of personal data and implement appropriate technical and organisational measures in order to ensure that personal data are protected against unauthorised access, illegal processing or disclosure, accidental loss, alteration or destruction.

The present Policy shall be applicable to any natural person (data subject) whose personal data are processed.

The Company may use personal data processors for the processing of personal data. In such cases, the Company shall take the necessary measures in order to ensure that such personal data processors undertake the processing of personal data in accordance with directions of the Company and in accordance with the applicable regulatory enactments and require that appropriate security measures are carried out.

The Company shall be entitled to make additions to the Policy by making its current version available to the Partners through placement at the Company website www.polipaks.com.

4.  The Personal Data categories

 

  • Identification data such as given name, surname, personal identity number, date of birth (for nonresidents);
  • Contact information, such as address, telephone number, e-mail address;
  • Information regarding current accounts;
  • Services-related data such as performance or non-performance of contracts, transactions carried out, contracts concluded and invalidated, applications, requests and complaints submitted;
  • Communication data such as e-mail, letter or other information related to the Partner’s communication with the Company;
  • Data communicated to the Company by the Partner themselves;
  • Video surveillance records and images;
  • Photographs, such as from corporate events;
  • Data transferred to the Company by the Partners, with a view to publishing in commercials and advertisements, et al.

5.  The purposes of the processing of Personal Data

 

The Company shall process personal data for the following purposes:
A. For the provision of services and for the sale of goods:
  • Identifying a Customer or other Partner and preparing, receiving and processing an offer;
  • Preparation and conclusion, supplementation, reconclusion and termination of the contract;
  • Customer services;
  • Supply of goods and installation and delivery of services the services (compliance with the contractual obligations);
  • Providing information to the Customers regarding the products and services of the Company;
  • Provision/maintaining operation of the services;
  • Fulfilment of the guarantee obligations;
  • Creation of new products and expression of offers regarding the same;
  • Improving products and services, developing new goods and services;
  • Marketing purposes: advertising of the products and the Company, distribution of products, or for commercial purposes;
  • Consideration and processing of objections;
  • Customer satisfaction measurements, Customer retention, loyalty raising;
  • Performance of the market and the public opinion research;
  • Payment and settlement management;
  • Creditworthiness assessment, credit monitoring;
  • Recovery and enforcement of debts;
  • Maintenance and improvement of the website;
  • Promotion of the use of service;
  • Dealing with the Customer complaints and ensuring support;
B. For the business planning and analytics:
  • Statistics, accounting and business analysis;
  • Planning and accounting;
  • Efficiency measurements;
  • Ensuring data quality;
  • Performance of the market and the public opinion research;
  • Preparation of reports;
  • Performance of the Customer surveys;
  • Within the framework of the risk management activities.
C. For the provision of information to the public authorities and to the bodies performing operational activities in cases and to the extent specified in external regulatory enactments.
D. For other specific purposes of which the Customer or other Partner is informed at the time they provide relevant data for the Company.

6.  Legal basis for the processing of personal data

 

The Company shall process the Partner’s personal data on the basis of the following legal grounds:
  • Lawful (legitimate) interests – in order to enforce the lawful (legitimate) interests of the Company arising from the obligations existing between the Company and the Partner or the contracted agreement or the statute.
  • Entering into and performance of the contract, with a view to enter into a contract and to ensure performance thereof;
  • Compliance with regulatory enactments – in order to comply with the obligations prescribed by external regulatory enactments binding to the Company;
  • In accordance with consent of the Partner – data subject;
Lawful (legitimate) interests of the Company shall include:
  • Undertaking of commercial activities;
  • Verification of the Partner’s identity prior to conclusion of the contract or the time of cooperation – via telephone, electronically or in presence;
  • Provision of compliance with the contractual obligations;
  • Prevention of unjustified financial and other risks for their commercial activities;
  • Storage of the Partners’ offers/applications for selling/purchase of the products or services, other applications and submissions, comments thereon, including those made by electronic means (through e-mail);
  • Promotion of their products by sending commercial communications;
  • Sending other reports regarding performance of the contract and the relevant events for performance of the contract, as well as to carry out the Customer surveys regarding the quality of the Company products and service;
  • Providing information regarding changes to the order, deadlines and price list of the service provision;
  • Providing information to the Customers about the news in the sector;
  • Prevention of fraud;
  • Ensuring effective governance processes of the Company, including sales of the Company products, provision of services and delivery efficiency, supply chain;
  • Ensuring and improvement of the quality of products and services;
  • Ensuring delivery of the products;
  • Providing information to the Partners regarding delayed payments or deliveries;
  • Sending commercial communications and to use other forms of communication;
  • Arrangement of the Customer loyalty programmes and measures;
  • Addressing potential Partners;
  • Analysis of the operation of the Company homepage and website, development and implementation of the improvements thereto, use of cookies;
  • Applying to the public administration authorities and bodies of operational activities and in court for the protection of their legal interests.

7.  The processing of personal data and data protection

 

The Company is processing the Partner’s data by means of modern technology capabilities, taking into account the existing privacy risks and the organisational, financial and technical resources reasonably available to the Company. The Company shall ensure, continuously review and improve the protective measures in order to protect the Partner’s personal data against unauthorised access, accidental loss, disclosure or destruction.

For the provision of performance of the obligations contracted with the Partner in a high quality and in an operative manner, the Company shall authorize other enterprises, their collaboration partners, to carry out the product and materials supply services. Where in fulfilment of these tasks the collaboration partners are processing the Partner’s personal data being at disposal of the Company, the relevant collaboration partners shall be considered to be the Company data processing operators (processors) and the Company shall be entitled to transfer the Partner’s personal data required for performance of these activities to the collaboration partners, to the extent necessary for performance of the said activities. Collaboration partners of the Company (in the personal data processor status) will ensure enforcement of the personal data processing and protection requirements in accordance with requirements of the Company and legislation, and will not use personal data for other purposes, save only for fulfilment of the obligations contracted with the Partner on behalf of the Company.

The Company shall scrutinise all the partners – service providers (personal data processors) processing the Partners’ personal data for and on behalf of the Company, as well as shall evaluate whether the collaboration partners (personal data controllers) are applying appropriate security measures in order to ensure that the processing of the Partners’ personal data would take place in accordance with delegation of the Company and the requirements of regulatory enactments. Collaboration partners are prohibited from processing the Partner’s personal data for their own purposes.

The Company shall not bear responsibility for any unauthorised access to personal data and/or loss of personal data if it is not dependent on the Company, such as due to the Partner’s fault and/or negligence.

The Company shall provide guarantees for confidentiality and security of the Partners’ data through undertaking appropriate technical and organisational measures, taking into consideration the reasonably available organisational, financial and technical resources, ensuring physical and 6 environmental security of the Personal Data by limiting the rights of access to the Personal Data, as far as possible by means of carrying out transfer of the Personal Data in an encrypted manner, ensuring protection of the computer network, personal devices, backup copies of the data, etc. security measures, thereby ensuring protection of the Partners’ data against illegal access, use or disclosure.

8.  Automated processing of personal data

 

a. The Controller may conduct automated processing of personal data, including profiling. The Partner shall be entitled to contact the Controller with regard to automated decision making and to request the Controller to take a decision, by involving the Controller’s employee.
b. The Controller can use automated processing of personal data, including profiling, for their advertising purposes (see paragraph 13 of the Policy). The Partner shall be entitled to object to this kind of profiling, by providing notification to the Controller thereof in writing.

9.  Categories of recipients of personal data

 

The Company shall not disclose to third parties personal data of the Partner or any information obtained during the provision of services and during validity of the contract, with the exception of:
  • If data have to be transferred to third party concerned within the framework of the contract concluded for performance of any function required for performance of the contract or delegated by law (for example, in order to ensure delivery of the Company products to the Customers);
  • Sending postal consignments to the Partner;
  • According to the Partner’s consent (see paragraph 12 of the Policy);
  • Other persons provided for by regulatory enactments upon their reasonable request, under procedures and in the volumes prescribed by the external regulatory enactments;
  • In other cases specified by regulatory enactments, for the protection of legitimate interests of the Company, for example, by applying to courts or other public authorities against any party who has infringed these legitimate interests of the Company.

10.  Access to personal data by third-country entities

 

In certain cases, pursuant to the requirements of regulatory enactments, personal data of the Company shall be accessed by the Partners (within the meaning of the Regulation – transfers to third countries) located in third countries (i.e. in the countries outside the European Union and the European Economic Area).

In such cases, the Company shall ensure the procedures prescribed by regulatory enactments for ensuring the processing and the protection of personal data equivalent to that provided for in the Regulation.

11.  Duration of storage of the personal data

 

The Company shall store and process the Partner’s personal data while at least one of the following criteria exists:
  • Only as long as the contract concluded with the Partner is effective;
  • While in accordance with the procedures prescribed by external regulatory enactments, the Company or the Partner can exercise its own legitimate interests (such as lodging objections or bringing or conducting claim in court);
  • While any party has a legal obligation to store the data;
  • While the Partner’s consent for the relevant processing of personal data is effective, if there is no other legal basis for data processing;
After these conditions expire, the Partner’s personal data shall be deleted.

12. Access to personal data and other rights of the Partner

 

The Partner shall be entitled to receive the information specified in regulatory enactments regarding the processing of their data.

The Partner shall also be entitled, in accordance with regulatory enactments, to require access to their personal data and to require the Company to perform supplement, repair or deletion thereof or restriction of the processing in respect of the Partner, or the right to object to the processing (including the processing of personal data based on lawful (legitimate) interests of the Company), as well as the right to portability of data. These rights shall be implemented in so far as the processing of data is not derived from the obligations of the Company which have been imposed thereon by the effective regulatory enactments and which is carried out in the interests of the Company.

The Partner may submit a request for the exercise of their rights:

  • in a written form at the Company’s legal address, producing a personal identification document;
  • by means of electronic mail, by signing with a secure electronic signature;

Upon receipt of the Partner’s request for the exercise of its rights, the Company shall verify the identity of the Partner, evaluate the request and execute it in accordance with regulatory enactments.

The Company shall send a reply to the Partner by post, to their specified contact address, in a registered letter or, as far as possible, taking into consideration the manner of receiving the response specified by the Partner.

The Company shall ensure compliance with the data processing and protection requirements in accordance with regulatory enactments and, in the event of objection from the Partner, take useful measures in order to resolve the objection. However, if failing to do this, the Partner shall be entitled to refer to the supervisory authority – the National Data Protection Agency.

13.  The Partner’s consent to the processing of data and the right to withdraw it

 

It is assumed in the Company that the Company Partners, i.e. (including existing, potential or former) customers, suppliers, partners, their representatives and/or employees, when initiating, continuing or renewing collaboration, or communication with the Company about potential, existing or former collaboration or other issues, by default agree to the processing of their personal data.

The Partner shall be entitled to withdraw their consent at any time and to refuse the processing of Personal Data. Unless a refusal is received, the Company considers that the natural person agrees with the processing of their personal data.

The Partner may refuse the processing of data by referring to specific purposes for the processing of data (see paragraph 4 of the Policy) by means of:

  • Sending e-mail to e-mail address of the Company [email protected] and/or to e-mail address of the sales representative, customer service or the employee of the Company from which the communication has been received hereto;
  • On the spot by writing a submission at legal address of the Company: “Mālkalni”, Vētras, Mārupes municipality, LV-2167.

Withdrawal of the consent shall not affect the processing of data carried out at the time when the Partner’s consent was in force.

Upon withdrawal of the consent, the processing of data carried out on the basis of other legal grounds may not be suspended.

If a refusal has been received from the Partner with regard to processing of personal data, indicating the purpose/s of the processing of personal data which prevents the continuation of collaboration on the basis of lawful (legitimate) interests, conclusion and enforcement of the contract or compliance with the regulatory enactments, the Company shall be entitled to restrict or to suspend the provision of its services and even terminate collaboration.

14.  Communication with the Partner and commercial communications

 

The Company communicates with the Partner using the contact details (telephone number, e-mail address, registered address, mailing address) provided by the Partner.

Communications regarding fulfilment of the contractual obligations of services shall be carried out by the Company on the basis of contract entered into or derived from an application/order received from the Partner.

The Company shall undertake interaction concerning commercial communications with regard to services of the Company and/or third-parties and other communications not directly related with rendering of the contracted services (such as customer surveys) in accordance with the provisions of the external regulatory enactments, or in accordance with the consent of the Partner. By expressing their opinion in the surveys or leaving their contact information (e-mail, telephone), the Partner agrees that the Company can communicate with them by means of the contact details provided in relation to the assessment provided by the Partner. The Partner’s consent to the receipt of commercial communications shall be valid until withdrawal thereof (also after termination of the service contract). The Partner may, at any time, refuse subsequent receipt of the commercial communications in one of the following ways (by indicating refusal from the processing of data for a particular purpose (see paragraph 4 of the Policy), which is:

  • Sending e-mail to e-mail address of the Company [email protected] and/or to e-mail address of the sales representative, customer service or the employee of the Company from which the communication has been received hereto;
  • On the spot at legal address of the Company
Withdrawal of the consent shall not affect the processing of data carried out at the time when the Partner’s consent was in force. Upon withdrawal of the consent, the processing of data carried out on the basis of other legal grounds may not be suspended.

15.  Use of cookies

 

Cookies shall mean a detailed information, which the website stores on the user’s computer or on a mobile device when the user visits the website. It allows the server to collect information from the user’s browser, thereby the user does not always have to re-enter the data anew when they return to the website or move from one page to another. More information about how cookies work is available from the website www.cookiecentral.com.

The Company website can use cookies in order to improve the quality of the services offered. The Company may use session cookies or permanent cookies in order to:
  • Recognize new or earlier Partners;
  • Remember the Partner’s screen options (preferences)
  • Anonymously summarize statistics on how and what of the Company’s offered products have been searched by the Partner;
  • Collect reliable website usage information that would allow the Company to measure how well the website corresponds to the needs of its users and in order to make any necessary improvements;
  • Analyze the intensity of visiting the website from certain geographical regions.

16.  Amendments to the Policy

 

The present Policy may be amended without prior notice. The latest version of the Privacy Policy, published at the website: www.polipaks.com, shall replace all the previous versions of the Privacy Policy.