Privacy Policy

1. General Provisions

​

1.1. This Privacy Policy outlines how Zalishi.eu, Company Registration No.40203504800, Legal Address Smiltenes nov., Blomes pag., Blome, Ceriņu iela 2, LV-4707 (hereinafter referred to as "Data Controller") collects, processes, and stores personal data obtained from its clients and individuals visiting the website (hereinafter referred to as "Data Subject" or "You").

1.2. Personal data refers to any information related to an identified or identifiable natural person, i.e., the Data Subject. Processing refers to any operation performed on personal data, such as collection, recording, alteration, use, viewing, deletion, or destruction.

1.3. The Data Controller adheres to the data processing principles outlined in applicable legislation and can confirm that personal data is processed in compliance with the current legal framework.

​

2. Collection, Processing, and Storage of Personal Data

​

2.1. The Data Controller collects, processes, and stores personal data primarily through the Zalishi.eu website and email. (Note: Please add if personal data is collected in any other way, e.g., in paper form).

2.2. By visiting and using the services offered on the Zalishi.eu website, you agree that any information provided is used and managed in accordance with the purposes specified in this Privacy Policy.

2.3. The Data Subject is responsible for ensuring that the personal data provided is accurate, complete, and correct. Deliberately providing false information is considered a breach of our Privacy Policy. The Data Subject must promptly inform the Data Controller of any changes to the submitted personal data.

2.4. The Data Controller is not responsible for any damages caused to the Data Subject or third parties if they arise due to the submission of inaccurate personal data.

​

3. Processing of Customer Personal Data

​

3.1. The Data Controller may process the following personal data:

3.1.1. First and last name
3.1.2. Date of birth
3.1.3. Contact information (email address and/or phone number)
3.1.4. Transaction data (purchased products, delivery address, price, payment information, etc.)
3.1.5. Any other information provided to us during the use of services or the purchase of products on the website, or when contacting us.

(Please tailor this list according to the personal data processed by your company.)

​

3.2. In addition to the above, the Data Controller reserves the right to verify the accuracy of the submitted data by using publicly available registers.

​

3.3. The legal basis for the processing of personal data is in accordance with Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):

a) The Data Subject has given consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the Data Subject is a party or to take steps at the request of the Data Subject prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
f) Processing is necessary for the purposes of legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the Data Subject's rights and freedoms, particularly if the Data Subject is a child.

​

3.4. The Data Controller retains and processes the Data Subject's personal data for as long as at least one of the following criteria applies:

3.4.1. The personal data is needed for the purposes for which it was collected;
3.4.2. As long as the Data Controller or the Data Subject can exercise their legitimate interests under applicable law, such as submitting objections or initiating legal claims;
3.4.3. As long as there is a legal obligation to retain the data, such as in compliance with accounting laws;
3.4.4. As long as the Data Subject's consent remains valid for the processing of personal data, unless there is another legitimate basis for processing.

When the above conditions are no longer met, the Data Subject's personal data will be deleted from computer systems and electronic and/or paper documents containing the relevant personal data, or the documents will be anonymized.

​

3.5. To fulfill its obligations, the Data Controller may share the Data Subject's personal data with partners and data processors who perform necessary data processing on behalf of the Data Controller, such as accountants, courier services, etc. A data processor is an entity that processes personal data on behalf of the Data Controller. Payment processing is provided by the payment platform makecommerce.lv, so the company shares necessary personal data with the platform owner Maksekeskus AS.

Upon request, we may provide your personal data to government and law enforcement authorities when required to defend our legal interests, prepare, submit, and defend legal claims.

​

3.6. The Data Controller takes organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.

​

4. Rights of the Data Subject

​

4.1. In accordance with the General Data Protection Regulation (GDPR) and applicable Latvian law, you have the following rights:

4.1.1. The right to access your personal data, receive information on its processing, and request a copy of your personal data in electronic format, as well as the right to transfer this data to another data controller (data portability);
4.1.2. The right to rectify any incorrect, inaccurate, or incomplete personal data;
4.1.3. The right to erase your personal data ("right to be forgotten"), except in cases where the law requires retention of the data;
4.1.4. The right to withdraw your consent to the processing of personal data;
4.1.5. The right to restrict processing – the right to request that we temporarily stop processing all of your personal data;
4.1.6. The right to lodge a complaint with the Data State Inspectorate.

You may submit a request to exercise your rights by sending an electronic request to customer support at hello@zalishi.eu.

​

5. Final Provisions

​

5.1. This Privacy Policy is drafted in accordance with the European Parliament and Council Regulation (EU) 2016/679 (April 27, 2016) on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as applicable Latvian and European Union laws.

5.2. The Data Controller reserves the right to make changes or additions to this Privacy Policy at any time without prior notice. Amendments will take effect upon publication on the website www.zalishi.eu.