Privacy policy
SMARTFUL OÜ undertakes to ensure the protection and privacy of your personal data in accordance with:
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
• other regulatory acts in force in the Republic of Latvia and the Republic of Estonia in the field of personal data processing and privacy;
• in accordance with this Privacy Policy.
With this Privacy Policy, SMARTFUL OÜ provides you with information about the principles, types, purposes, scope, conditions, and terms of its personal data processing, as well as your rights in relation to our personal data processing.
1. Definitions
1.1. Personal data – any information relating to an identified or identifiable natural person.
1.2. Data subject – an identified or identifiable natural person (hereinafter – the customer).
1.3. Controller – SMARTFUL OÜ (hereinafter also referred to as the Company).
1.4. Processor – a natural or legal person who processes personal data on behalf of the controller (the Company).
1.5. Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
1.6. Consent of the data subject (customer) – a freely given, specific, informed and unambiguous indication by the Customer in the form of a statement or a clearly affirmative action that the Customer consents to the processing of their personal data.
1.7. Cookies – text files that are stored on the user's device in order to personalize the Company's website for each specific website user.
2. Personal data controller and processor
2.1. The personal data controller is SMARTFUL OÜ, Estonian registration number 16874712, legal address: Läänemere tee 70/2-136, 13914, Tallinn, Estonia.
2.2. Personal data processors are legal entities that process personal data on behalf of the Company and in accordance with the Company's instructions, and who have undertaken to comply with the requirements of regulatory enactments in the field of data processing.
3. Categories and types of customer personal data being processed
3.1. The Company processes customer personal data only for the purpose of placing orders in the Company's e-store and other related activities.
3.2. For the purpose of processing orders in the Company's e-shop, the Company may process the following customer personal data, depending on the amount of information provided by the customer: name, surname, registered address, delivery address, mobile phone number, e-mail address.
3.3. For the execution of transactions made in the Company's e-shop – delivery of goods – the Company may process the following customer personal data, depending on the type of delivery selected by the customer: name, surname, delivery address, mobile phone number, e-mail.
4. Basis and term of personal data processing
4.1. The Company may process personal data only on the basis of one of the following grounds:
4.1.1. Customer consent – the customer's personal, freely given, specific and informed indication that the customer consents to the processing of their personal data. By personally providing their personal data, the customer confirms their consent to the processing of their personal data.
4.1.2. Compliance with a legal (statutory) obligation – if it arises from legislation or administrative acts issued by state institutions or lawful requests. The Company has the right to process the data received from the customer to the extent necessary to comply with the requirements of the relevant legislation or administrative acts, or to respond to official lawful requests from state institutions.
4.1.3. Respect for legitimate interests – The Company has the right to process customers' personal data in order to ensure the observance of its legitimate interests, in particular, but not limited to, the protection and security of property.
4.2. The Company processes the personal data provided by customers for as long as the customer's consent to data processing is valid, or for as long as the Company needs to protect its legitimate interests or fulfill its legal obligations, and for as long as the purpose of personal data processing has not yet been achieved.
5. Recipients of personal data
5.1. When processing customer personal data, the Company observes strict confidentiality and ensures protection against unauthorized access to personal data by third parties, as well as against accidental loss or destruction of personal data. Where there is a legal basis, the Company may, in exceptional cases, also transfer customer personal data to the following persons:
5.1.1. public administration authorities, law enforcement authorities, upon a lawful request from these institutions;
5.1.2. persons who have provided services to the Company, such as lawyers, if there is a legal basis for the transfer of personal data to service providers.
5.2. The Company transfers the personal data necessary for the delivery of goods to:
5.2.1. Omniva SIA (registration number: 40103527192, legal address: Mārupes nov., Mārupes pag., Mārupe, Dzirnieku iela 24, LV-2167). Omniva's customer data processing principles are available on the Omniva website.
5.2.2. Venipak Latvija SIA (registration number: 40103483447, legal address: Mārupes nov., "Kalniņi B", LV-2167, Latvia). Venipak's customer data processing principles are available on the Venipak website.
6. Company cookie policy
6.1. The company's website uses cookies that store information about the actions performed by the website user on the website, such as the user's IP address, domain name, web browser and operating system type, duration of the visit to the website, and information searched for on the website.
6.2. The Company uses cookies only on the basis of the website user's explicit consent to their use. This condition does not apply to cookies that are necessary for the smooth functioning of the Company's website, but which do not permanently store information about the user's activities on the Company's website.
7. Customer rights in relation to the processing of personal data by the Company
7.1. The customer has the right to choose the extent and type of data to be provided to the Company, as well as to withdraw their consent to the processing of their personal data in whole or in part by requesting the Company to terminate the processing of all or certain parts of the customer's data. Withdrawal of consent does not affect the lawfulness of the processing of the customer's personal data prior to withdrawal.
7.2. If the customer chooses not to provide personal data in part or withdraws consent in whole or in part (in relation to specific data provided), the Company will not be able to provide the customer with services that require the relevant personal data.
7.3. The customer may send their refusal to the Company by email to ildze@smartkids.lv, indicating their name, surname, and the extent to which consent is being withdrawn.
7.4. The customer has the right at any time to object to the processing of personal data by the Company, as well as to request the Company to perform certain actions in relation to the customer's personal data by sending a request to the Company by e-mail to ildze@smartkids.lv, asking:
7.4.1. to issue the personal data about the customer in the Company's possession;
7.4.2. to correct, delete or supplement personal data in accordance with the customer's instructions, justifying their request;
7.4.3. restrict (suspend for a certain period of time) the processing of certain types or all of the customer's data;
7.4.4. transfer personal data to another controller – to the extent and in the form in which the data is held by the Company.
7.5. The customer has the right to obtain information from the Company about the transfer of personal data to third parties and about the persons (natural or legal) and/or state institutions to whom the Company has provided any information related to the personal data of a specific customer, except in cases where such information has been provided on the basis of a request from an operational entity or other competent authority in criminal proceedings.
7.6. In the event of a dispute regarding the Company's processing of personal data, the customer has the right to submit a complaint to the supervisory authority – the Data State Inspectorate.
8. Changes to the privacy policy
8.1. The Company may make changes to the privacy policy at any time and at its discretion, provided that such changes comply with the requirements of regulatory enactments in the field of personal data protection. The amendments shall take effect after their publication on the Company's website. It is your responsibility to periodically review this privacy policy to ensure that you are familiar with any changes.