Privacy policy
1. General Terms and Conditions:
1.1 This Privacy Policy describes how SIA “Losbergi”, Reg. No. 40103581216 (hereinafter also referred to as the 'Data Controller') collects, processes, and stores personal data collected by the “Losbergi – art & wedding resort” from its customers and persons who visit the website (hereinafter also referred to as the 'Data Subject' or 'You').
1.2 Personal data means any information relating to an identified or identifiable natural person, i.e., the Data Subject. Processing means any operation relating to personal data, such as obtaining, recording, transforming, using, consulting, erasing, or destroying.
1.3 The Data Controller shall comply with the principles of data processing as required by law and shall be able to confirm that personal data are processed in accordance with applicable law.
2. Collection, processing, and storage of personal data:
2.1 The Data Controller collects, processes, and stores personally identifiable information primarily through the website, e-mail and paper-based guest questionnaires.
2.2 By visiting and using the services provided on the website, you agree that any information provided will be used and managed in accordance with the purposes set out in the Privacy Policy.
2.3 The Data Subject shall be responsible for ensuring that the personal data submitted are accurate, correct, and complete. Providing false information knowingly is considered a violation of our Privacy Policy. The Data Subject shall immediately notify the Data Controller of any changes to the personal data provided.
2.4 The Data Controller shall not be liable for any damage caused to the Data Subject or third parties if they are caused as a result of the false submission of personal data.
3. The processing of customers' personal data:
3.1 The Data Controller may process the following personal data:
- Name, surname,
- Personal identity number or identification number,
- Address,
- Contact information (e-mail address and/or telephone number),
- Transaction data (purchased goods, price, payment information, etc.),
- Any other information provided while purchasing the services offered by the website or while contacting us.
3.2 In addition to the aforesaid, the Data Controller shall be entitled to verify the accuracy of the data submitted by using publicly accessible registers.
3.3 The legal basis for the processing of personal data is Article 6(1)(a), (b), (c) and (f) of the General Data Protection Regulation:
(a) the Data Subject has given consent to the processing of their personal data for one or more specified purposes,
(b) the processing is necessary for the performance of a contract to which the Data Subject is a party or for the performance of measures at the request of the Data Subject prior to the conclusion of the contract,
(c) the processing is for the performance of a legal obligation to which the Data Controller is legally subject,
(f) processing is necessary for the pursuit of the legitimate interests of the Data Controller or of a third party, except where the interests or the fundamental rights and freedoms of the Data Subject which require the protection of personal data override such interests, in particular where the Data Subject is a child.
3.4 The Data Controller shall store and process the Data Subject's data as long as at least one of the following criteria applies.
3.5 The Personal Data is necessary for the purposes for which the data were received,
3.6 While the Data Controller and/or the Data Subject may exercise their legitimate interests in accordance with the procedures laid down in the external laws and regulations, for example, by lodging an objection or bringing or pursuing legal proceedings.
3.7 As long as there is a legal obligation to keep the data, for example under the Accounting Law.
3.8 As long as the consent of the Data Subject to the processing of personal data is valid unless there is another lawful basis for the processing of personal data. Upon termination of the circumstances referred to in this clause, the personal data of the Data Subject shall also cease to be stored and all relevant personal data shall be permanently erased from the information systems and electronic and/or paper documents that contained the relevant personal data, or such documents shall be anonymised.
3.9 To fulfil their obligations towards you, the Data Controller has the right to transfer your data to cooperation partners, the data processors who carry out the necessary data processing on our behalf. The data processor is the controller of personal data. The payment processing is provided by the payment platform stripe.com, therefore our company transfers the personal data necessary for the payment processing to the owner of the platform, which is Stripe, Inc.
Upon request, we may disclose your data to the public and law enforcement authorities to defend our legal interests by drafting, submitting, and defending legal claims, if necessary.
3.10 When processing and storing personal data, the Data Controller shall implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
4. The rights of the Data Subject:
4.1 In accordance with the General Data Protection Regulation and the laws of the Republic of Latvia, you are entitled to:
- The access to your personal data, information about the processing of your personal data, a copy of your personal data in electronic format and the right to transfer your personal data to another controller (data portability),
- Request the rectification of incorrect, inaccurate or incomplete personal data,
- Delete your personal data (" to be forgotten"), except where the law requires retention,
- To withdraw your prior consent to the processing of personal data,
- Restrict the processing of your data – your right to request that we temporarily stop processing all your personal data,
- Contact the Data State Inspectorate of the Republic of Latvia.
You can submit a request to enforce your rights by completing a form in person at the “Losbergi – art & wedding resort” or by sending an electronic request to info@losbergi.lv.
5. Final provisions:
5.1 This Privacy Policy has been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), as well as the applicable laws of the Republic of Latvia and the European Union.
5.2 The Data Controller shall have the right to make changes or additions to the Privacy Policy at any time and without prior notice. The amendments shall enter into force upon their publication on www.losbergi.lv.