PRIVACY AND PERSONAL DATA PROTECTION POLICY
1. DEFINITIONS
Processing – any action performed on Client’s data, such as collection, registration, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Processor – a natural or legal person, or another entity that processes Client’s data on behalf of the Controller.
Client – a natural person who visits the Website and receives the Service.
Company – SIA “Viesmīlība Mežezers”, registration number: 44103133562, legal address: Strēlnieku iela 9-7, Rīga, LV-1010, email address: info@mezezers.lv.
Website – the website www.mezezers.lv.
Service – the electronic reservation of the “Mežezers” recreation complex via the Website, provided by the Company to the Client.
Controller – the entity responsible for the processing of the Client’s data, which is the Company. Contact information regarding personal data processing: Strēlnieku iela 9-7, Rīga, LV-1010, info@mezezers.lv.
Personal Data – any direct or indirect information related to the Client that is processed by the Company.
Policy – this Privacy and Personal Data Protection Policy developed by the Company.
Cookies – small text files that the Website stores on the Client’s computer or smart device when the Client visits the Website. Cookies help the Website remember the Client’s login information and preferences, improving the ease of Website usage.
GDPR – the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC. The GDPR aims to protect the privacy of individuals within the European Union.
2. GENERAL INFORMATION
2.1. The purpose of this Policy is to provide the Client with information about the purposes for which the Company collects personal data, the scope of data processing, processing periods, data protection measures, as well as inform the Client about their rights and obligations.
2.2. The Policy applies to the protection of privacy and personal data concerning Clients who are natural persons – Website visitors and the Company.
2.3. When processing the Client’s personal data, the Company:
Ensures the privacy and protection of the Client’s personal data in accordance with the applicable laws of the Republic of Latvia, GDPR, and other relevant legal regulations in the field of privacy and data processing.
Protects the Client’s personal data by implementing administrative, technical, and physical security measures.
Informs and explains to the Client what personal data is required for the provision of the Service and for what purposes it will be used.
Transfers data to third parties only in compliance with applicable legal regulations.
2.4. The Company primarily, but not exclusively, processes the following categories of Personal Data:
Identification data – name and surname.
Contact information – phone number and email address.
Visit and communication data – visiting the Website, communication with the Company, and visits to the “Mežezers” recreation complex (address: “Mežezers”, Aiviekstes pagasts, Pļaviņu novads, LV-5120), where video surveillance (visual data) is conducted.
2.5. The Company may also process other Client personal data if necessary for the provision and execution of the Service, compliance with legal requirements, and the protection of the Company’s operations and legal interests.
3. PURPOSES AND LEGAL BASIS OF CLIENT’S PERSONAL DATA PROCESSING
3.1. The Company processes personal data for the following purposes:
Processing and administering the Service.
Identifying the Client in the Company’s information systems.
Resolving issues related to the provision, use, or execution of the Service.
Communicating with the Client in case of changes to the Service conditions.
Conducting general analysis to improve the quality of the Service.
3.2. Data processing may also be conducted for other purposes specified at the time the Client provides their personal data to the Company.
3.3. The Company processes Client’s personal data based on the following legal grounds:
Service provision – the Client agrees that the Company processes their data to provide the Service and fulfill obligations between the Company and the Client.
Legitimate interest – the Company processes the Client’s data to protect the legitimate interests of the Client and/or the Company, to monitor and ensure the security of the Service, and to provide proof of communication with the Company (e.g., call recordings, video surveillance recordings, transaction monitoring, IT system security).
Consent – in specific cases, based on the Client’s consent.
4. PROCESSING, PROTECTION, AND STORAGE OF PERSONAL DATA
4.1. The Company processes Client’s data using modern technology while considering privacy risks and available organizational, financial, and technical resources.
4.2. To ensure the protection of Client’s interests, the Company continuously improves its internal processes and measures.
4.3. The Company retains Client’s data only as long as necessary to achieve the objectives set out in this Policy unless a longer storage period is required or permitted by legal regulations. Data is stored based on at least one of the following criteria:
As long as the Client receives the Company’s Service.
As long as the Company or Client can exercise their legitimate interests (e.g., legal claims).
As long as there is a legal obligation to retain the data.
Video surveillance recordings are retained for no longer than 30 days.
As long as the Client’s consent for specific data processing is valid.
4.4. If further storage of the Client’s data is no longer necessary, the data is deleted or destroyed in compliance with legal requirements.
4.5. The Company ensures the confidentiality of Client’s data, protects it from unauthorized access, unlawful processing, disclosure, accidental modification, loss, or destruction through organizational and technical measures.
5. CLIENT’S RIGHTS AS A DATA SUBJECT
5.1. The Client has the right to access personal data processed by the Company, its purposes, storage terms, and recipients, subject to legal limitations.
5.2. The Client can request the correction of inaccurate or outdated personal data.
5.3. The Client can request the Company to stop processing their personal data unless such processing is required by law or necessary for the provision of the Service and Company operations.
5.4. The Client’s rights may be restricted under specific legal circumstances, including the protection of business secrets or security systems.
6. CLIENT’S CONSENT TO DATA PROCESSING AND WITHDRAWAL
6.1. The Client may provide consent for data processing via the Company’s electronic Service.
6.2. Consent can be withdrawn at any time via email. In this case, further data processing based on the previous consent will cease.
6.3. The withdrawal of consent does not affect data processing that occurred while consent was valid.
6.4. Data processing based on other legal grounds cannot be terminated by consent withdrawal.
7. USE OF COOKIES
7.1. Cookies process usage data, improve user experience, and ensure full Website functionality.
7.2. Cookies identify only the Client’s device, not the Client personally.
7.3. The Client may disable cookies via browser settings, but this may impair Website usability.
7.4. The Website may contain links to third-party websites with their own privacy policies, for which the Company is not responsible.
8. OTHER TERMS
8.1. The Company may unilaterally modify this Policy and will notify Clients through the Website or other agreed means.
8.2. Clients may contact the Company regarding data processing matters via email: info@mezezers.lv. Anonymous requests will not be processed.