When registering at website www.brios.lv , you entrust your personal data to SIA BambuKK (registration No. 44103130180, registered office Mellužu prospekts 9-2, Jūrmala, LV-2008) as the Controller of data processing (hereinafter – the Company or us, or the Controller) and grant us the right to process such data in accordance with the volumes, types and purposes specified in this Policy (hereinafter – the Policy) and the terms and conditions of the Online Store Purchase and Sale Agreement (hereinafter – the Terms and Conditions). We inform that we are implementing the processing of your personal data, only if you choose to provide us with your personal data.
By implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), we provide you with a particularly transparent and fair processing of your personal data, and we take care of your privacy and the security of your personal data.
In this Policy you will find all the information about what data types we collect and process, what we use them for, how long we store them, and other information. This information is important, therefore we encourage you to read this Policy carefully before providing us information about your personal data.
We would also like to address your attention to the fact that both the Policy and the Terms and Conditions may be changed, supplemented, and updated.
If you do not agree to the Terms and Conditions, this Policy or separate regulations of it, unfortunately we will not be able to provide you the opportunity to use all or any of our services (hereinafter referred to as – the Services).
1. What is personal data and what types of personal data do we process and what for?
Personal data is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person, who can be directly or indirectly identified, in particular by reference to an identifier such as the person’s name, identification number, location data, online identifier or one or more physical, physiological, genetic, spiritual, economic, cultural or social identity factors.
Data required for the Agreement:
- Data categories
- Your name, surname, address (city, street name, house number, apartment number), e-mail address and phone number.
- Legal basis for data processing
- For the signing and performance of the Agreement of which you are the contractual party, as well as for the protection of our legitimate interests.
- The period of data processing
The entire period, while the Agreement is in force and while you are using our Services. We may also store the Agreement signed with you and evidence of its signing for a longer period of time, as long as the claims that may arise from the contractual obligations expire, and, if required, to protect our legitimate interests in case of claims, complaints or requirements submitted against us.
According to the personal data submitted by you, by registering at www.brios.lv, after signing the Agreement, a unique user profile (account) is created, according to which we will identify you as registered at website www.brios.lv, which will provide you the opportunity to use the Services available to the registered users in accordance with the terms and conditions of the Agreement and the provisions of this Policy.
According to the personal data you provide, we recognize you when, for example, you want to update or change your data, contact us regarding the submission of the relevant personal information, the exercise of rights related to the processing of personal data, etc.
We may use the contact information provided by you (e-mail, phone number) to communicate with you to fulfil the obligations under the Agreement, including to respond to your requests, claims, to provide important information about the Services, their provision and/or changes to this Policy, to contact you, if you have forgotten your ordered purchases, to specify the exact time of delivery of the goods, or if we state problems in fulfilling the obligations of the Agreement related to the implemented purchase transactions, etc.
It is very important that the personal data you provide is accurate and correct. If you provide incorrect (false) personal data, forget the data or do not update it, when your personal data changes, we may not ensure the fulfilment of the obligations under the Agreement and the provision of the Services to you, as well as other problems may arise in exercising your rights. We bear no responsibility for any damages you may suffer, if you have provided incorrect or imprecise personal data.
If the data submitted by you changes, you must immediately inform us about it by changing the relevant personal data in the profile of your registered user at website www.brios.lv. Information, on how to update your personal data in case it changes, is provided in Section 6.2 of this Policy.
The Company is not able to verify the accuracy and truthfulness of the personal data you provide, if you do not provide it to us. By accepting your registration and by signing an Agreement with us, we consider that the personal data submitted by you is accurate and correct.
1.2. Administration of your account
We process your personal data in order to monitor and to administer your account.
Data categories - Data provided during registration (on website www.brios.lv), data of connecting to the account, activities in the account, including technical browsing data (IP address, connection and technical information of browsing).
Legal basis for data processing - The Agreement you have signed and the created account, fulfilment of the obligations of the Agreement, as well as the protection of our legitimate interests.
The period of data processing - For as long as you are the account user. We may also keep evidence of the signing of the agreement for a longer period of time, if this is required in order to be able to defend ourselves in case of claims, complaints or objections made against us.
We consider your registration for using the account at website www.brios.lv as received, when you perform the actions required for the creation of the account specified in the Terms and Conditions and confirm the registration.
1.3. Processing of your purchase data
Processing of purchase data
When providing you Services and various benefits – when signing the agreement and executing various contractual obligations, when paying money for the product, when we refund you money (if you return the purchased goods to us), when granting discounts on purchases, etc. – at the same time with your registration data, we process data of your purchase operations (hereinafter – purchase data) and issue you substantiating accounting documents (invoices, bills, bills of lading, etc.) in accordance with the requirements of the regulatory enactments of the Republic of Latvia tax law (e.g., the Law “On Accounting”, Section 7 provides the personal data details to be provided in the substantiating accounting documents, etc.).
Your purchase data to be processed for the purpose of Service administration:
Data categories - Your name, surname, e-mail address, phone number, delivery address, signature (if you accept the goods yourself), date and time of purchase and delivery, product names, quantities, purchase prices and discounts granted, purchase payment method and payment information.
Legal basis for data processing - The Agreement you have signed and the created account, fulfilment of the obligations of the Agreement, as well as the protection of our legitimate interests and the provision of our legal obligations that may arise and are applicable to the Company.
The period of data processing - Substantiating accounting documents – 5 years after the date of implementing the purchase operation and signing of the invoice. We may also store the Agreement signed with you and the substantiating accounting documents that approve the purchase for a longer period of time, as long as the claims that may arise from the contractual obligations expire, and, if required, to protect our legitimate interests in case of claims, complaints or requirements submitted against us.
We store the purchase data and substantiating accounting documents for 5 years from the date of the purchase operation and signing of the invoice, and if no claims are made against us at the end of the term, we delete them from the database and/or reliably anonymize them, i.e., permanently separate them from your data and other information that personalizes you.
1.4. Data profiling, when administering the provision of Services
When administering the provision of Services and seeking to achieve the objectives set forth in the Terms and Conditions, we may use automated analysis of personal data (including your purchase data) and automated decision making, including your profiling. We may group and analyse your data according to the goods you have purchased and (or) take into account other characteristics specific to you (e.g., name, address, etc.).
For example, we can analyse and profile your purchase data for your benefit by correcting errors in our operations. If we notice that due to a mistake the wrong item price or discount has been applied to our customers, we can identify the buyers, who have bought such products according to the purchase data and correct our mistake (compensate for the price difference, etc.).
It is important to emphasize that our analysis and profiling of your data does not affect you legally or in any other way.
However, if you object to the automated analysis and profiling of your data for the purposes set out in this section of the Policy, we would accept and take your objections into account. However, due to the requirements for the provision of the Services, your objection may mean that we will not be able to provide you the opportunity to use our Services.
1.5. Provision of offers and information
If, when registering at website www.brios.lv, you have agreed to receive offers and/or current offers in your e-mail or mobile application or in the form of SMS news to your phone number from us, we process your personal data, providing you with such offers and information, for example, general newsletters, information about offers, discounts, promotions, and sale campaigns provided by us and our partners, invite you to participate in promotions, lotteries and to win prizes, ask your opinion about the services and products provided, etc. We provide offers and information in your account and mobile application, as well as in another communication channels of your choice, for example, by e-mail, via SMS messages to the phone number provided by you.
Personal data to be processed for the purpose of providing offers and information:
Data categories - Your name, email address and (or) phone number.
Legal basis for data processing - Your consent to receive offers and information about current news, as well as the protection of our legitimate interests.
The period of data processing - As long as your consent to receive offers and news is in force. We may also keep your provided consent and evidence thereof for a longer period of time, if this is required in order to be able to defend ourselves in case of claims, complaints or objections made against us.
You can select the desired communication channels in the privacy settings of website www.brios.lv. You can change these settings at any time without restriction.
If you do not want us to send you offers and/or newsletters, you may not give us your consent, or if you have given your consent to receive offers and/or newsletters, you may opt out at any time or change your notification methods (channels). Your refusal to receive offers and news will not affect the use of the Services and the fulfilment of the obligations of the concluded Agreement.
1.6. Data profiling, by providing individual offers
If, when registering at website www.brios.lv, you have also chosen to receive individual (personalized) offers, according to your order history, and have given your consent to profiling for such purpose, to get to know you as good as possible, we will process not only your provided data, but we will also additionally analyse and use your purchase data history.
Personal data to be processed for the purpose of providing individual offers:
Data categories - Your name, surname, address, e-mail address and phone number, purchase data (including date and time of purchase, product names, quantities, total purchase price), history of individual offers offered to you and information on their use.
Legal basis for data processing - Your consent for your data to be profiled, providing you with individual offers, as well as for the protection of our legitimate interests.
The period of data processing - As long as your consent to data profiling to send you individual (personalized) offers is in force. We may also keep your provided consent and evidence thereof for a longer period of time, if this is required in order to be able to defend ourselves in case of claims, complaints or objections made against us.
If you agree that your data is profiled to send you individual (personalized) offers, you acquire the opportunity to receive personalized offers, taking into account your needs, and receive other benefits specifically designed for you. To achieve the above mentioned goal, we use automated data analysis and decision making, including profiling. We group and analyse your data and/or your purchase data and, taking into account your shopping habits and/or other features (e.g., address, specific purchases, etc.) provide you with up-to-date, interesting and useful offers, as well as other information about individual offers.
For example, by taking into account your shopping history and shopping habits, we can grant discounts to your favourite categories of goods, inform you about the news of the individual assortment, etc.
If you are not willing that your data is profiled, when sending you individual offers, you may not give us your consent or, if you have given your consent to receive individual offers, you can opt out at any time. In such case your refusal to receive individual offers will not prevent you from using the Services and fulfilling your obligations under the Agreement, but you will no longer be able to receive individual offers and individual information relevant to you.
1.7. Statistics, market and studying of our buyers’ behaviour
We are constantly working to make our product range, the applied promotions and discounts as suitable as possible to our customers, incl., to your needs.
Data to be processed for statistics, market analyses and studying of the activities of our customers:
Data categories - Address, purchase details (including date and time of purchase, product names, quantities, total purchase price, amount of discounts granted).
Legal basis for data processing - Our legitimate interests are to analyse purchase data in a specific region based on customer addresses and to prepare the reports required for our commercial activities to evaluate our commercial activities and to generate benefits for you as a customer, as well as for the commercial activities of the Company.
The period of data processing - 5 calendar years from the moment of placing the order
We use automated data analysis to study statistical data, market analyses and customer behaviour, as well as to prepare the reports required for our commercial activities. During the analysis, we use non-personalized data and do not process your name, contact information and other information that personalizes you. Data analysis of studying statistical data, market data and data to be processed for studying the behaviour of our customers (address and purchase data) helps us make important business decisions about the needs of our customers, about creating the right product range, pricing, etc.
The analysis of this data does not affect your legitimate or similar interests, nor does it affect the further performance of the Services and obligations of the Agreement that you have signed.
1.8. Servicing of customer requests, complaints, applications and feedback
We will use your personal data to respond to your inquiries, complaints, requests and to administer your feedback (hereinafter referred to as – the Request).
Data to be processed for the purpose of servicing customer requests, complaints, applications and feedback:
Data categories - Identification and contact details provided by you: name, surname, phone number, e-mail address, address, date of birth, etc.;
The content of your Request: the case regarding which you are contacting us, its circumstances, date, place, your request, claim or reference, product, other information provided in the Request;
Other documents and (or) data submitted along with the Request: for example, data on the item purchase – invoice/bill/bill of lading of the item, photo images of the product;
Phone call record, if you contact our Customer Service Helpline.
Legal basis for data processing: Fulfilment of our legal obligations to review and to reply to your requests, as well as our legitimate interests to evaluate your feedback as a customer and to record phone conversations to improve the quality of our operations and services provided to you and to protect our legitimate interests.
The period of data processing: Up to 12 months. We may also store your requests regarding the goods for a longer period of time, as long as the claims that may arise from the contractual obligations regarding the item purchases expire, and, if required, to protect our legitimate interests in case of claims, complaints or requirements submitted against us.
We use your data only for the purpose of properly and objectively reviewing your Request, providing you with the required information, answering your questions, and for resolving your requests or claims (complaints). We may analyse your feedback to improve our operations and the quality of the services we provide to you, taking into account your opinion and suggestions.1.9. How long do we process and store your data?
We process and store your Request and your data related to it for as long as we are reviewing the Request, provide you with a response and execute the decisions made, as well as for up to 6 (six) months after the Request is resolved, but no less than the following period:
- regarding requests in electronic e-mail format – no longer than 6 months;
- complaints – 12 months;
- records of phone conversations received at the Helpline – 14 days;
- feedback ratings (saving of stars) – no longer than 12 months;
- Facebook direct messages – no longer than 6 months.
If a legal dispute is initiated or there is a possibility of such a dispute regarding the Request, we may store your data for a longer period until the statutory limitation period for filing a complaint or claim expires and (or) the final decision enters into force.
Upon expiration of the term of processing and storing your data specified in this Policy, we will destroy the documents containing your personal data independently, or will erase or anonymize your personal data in electronic form reliably and irrevocably, as soon as possible within a reasonable and substantiated time period required for implementing such actions.2. What sources do we obtain and collect your personal data from?
We collect and process your personal data in accordance with the following legal substantiation:
- your consent;
- for the signing and fulfilment of the terms and conditions of purchase and sale of goods (hereinafter – the agreement) of which you are a contractual party;
- our legitimate interests;
- fulfilment of legal obligations arising and applicable to the Company.
One or more of the above legal substantiations may apply to the processing of your data.
We collect almost all of your personal data only from you. By registering at website www.brios.lv, you submit data directly to us, but purchase data – by using the Services.
We also collect your data directly from you, when you submit a Request in any way you choose: by emailing us an electronic letter and by sending it to us at the email address, by submitting a written request in paper format to us, by calling our Customer Service Helpline orally, etc.
When we have to obtain additional information or investigate significant circumstances in order to review your Request in a qualitative and objective manner, we may link your Request data to our existing data and/or data collected during the processing of your Request, such as, we may review purchase transaction data, your account usage history, interview our employees, etc.
3. How do we store and destroy data?
At the end of the period of processing and storing your data that is provided in this Policy (except as provided in case below), we will destroy your data in a secure manner and, in the cases provided in the Policy, reliably and irrevocably anonymise them as soon as possible within a reasonable and substantiated period of time that is required to implement such actions.
Your personal data may only be stored for longer than specified in this policy, if any of the following conditions exist:
- it is required for us to be able to defend ourselves against claims, objections or complaints and to be able to exercise our rights;
- the term of storing personal data is determined or results from the regulatory enactments of the Republic of Latvia and the European Union;
- there are reasonable grounds for suspecting unlawful actions, as a result of which investigation is being conducted;
- your data is required for adequate reviewing of a dispute or complaint;
- it is required to provide a backup copy and other similar purposes;
- in the presence of other grounds provided for by law.
In case such circumstances have occurred, the information containing personal data will be stored until the transfer of the relevant proceedings (criminal proceedings, proceedings of administrative violations, completion of administrative proceedings) to the law enforcement authority or until its final decision is adopted.4. In what cases do we disclose your data and to what recipients of personal data?
We may transfer your data to the recipients of personal data, i.e., to persons, who help us provide and administer the Service provision, provides us the services related to the administration of customer requests. Such persons may include suppliers of IT database software, providers of database administration services, data centres, providers of maintenance and cloud services, providers of direct marketing services, providers of market research or business analytics services, etc. In any case, we provide data processors with only as much data as is required to perform a specific task or to provide a specific service. Our data controllers may process your personal data only in accordance with our instructions and may not use such data for other purposes or transfer it to other persons without our consent. In addition they must ensure the protection of your data in accordance with the applicable law and in accordance with the written agreement signed with us.
If the case described in the Request is recognized as an insured event, we will transfer your Request and data to the insurance company(ies), with which we have insured our civil liability, property or which provides us with other insurance services related to the insurance coverage of the case mentioned provided in your Request. Insurance companies act as independent/separate data controllers and process your data in accordance with the terms and conditions of the insurance company.
The data may also be transferred to competent/supervising public authorities, municipalities or law enforcement authorities, such as the police, the prosecutor’s office, the court or the supervisory/monitoring authorities, but only when such institutions reasonably request such information or only if required so in the cases and the order as provided by the applicable regulatory enactments, in order to ensure the rights of the state, municipalities or law enforcement institutions and/or our rights, the safety of our customers, employees and IT resources, to raise, to submit and to defend legal claims, etc.
We only process your personal data in the territory of the European Union. We currently do not intend to transfer and we do not transfer your personal data to third countries. If we use www.facebook.com or Google Analytics services for the provision of the Services or for communication, with regard to the transfer of data to third countries, the respective service providers are considered third parties and we ask you to read the privacy policies of such service providers.6. What are your rights and how can you exercise them?
Regulatory enactments of data protection provides you several rights that you can exercise freely, and we provide you the opportunity to exercise them. We provide information about your specific rights and ways of exercising them in this Policy, therefore please read it carefully:
6.1. The right to access your personal data that we manage
You have the right to receive our confirmation, whether we process your personal data, as well as you have the right to access your personal data we process and information about the purposes of data processing, categories of the processed data, categories of data recipients, data processing period, data sources, automated decision-making, including profiling, as well as the meaning of it and consequences it has on you.
We provide most of this information in this Policy and we believe it will be useful to you.
If you are a registered user of website www.brios.lv, you can get acquainted with the personal data we process at any time in your user account (e.g., check the personal data submitted by you, update the information, your provided consents, etc.), receive invoices issued to you for the last 3 months.
If the information provided in this Policy, in your user account at website www.brios.lv is insufficient or you want to receive a history of purchase transactions for a period longer than 3 months, you can always contact us using the methods specified in Clause 8 of this Policy.
6.2. The right to correct your personal data
If the data provided at the time of your registration has changed or you note that the information we process about you is inaccurate or incorrect, you have the right to request that such information is changed, specified or corrected, by contacting us using the methods specified in Clause 8 of this Policy;
You can independently correct (update) your data in the account of website www.brios.lv.
6.3. The right to withdraw consent
In cases, when we process your data in accordance with your consent, you have the right to withdraw your consent at any time, which will be the basis for the termination of data processing. Withdrawal of consent shall not affect the lawfulness of the processing that has been implemented based on the provided consent prior to the withdrawal.
For example, you can withdraw your consent to receive offers and newsletters at any time, as well as your consent to data profiling as a result of which individual offers are provided to you. Withdrawal of such consents will not restrict you from continuing to use the Services and fulfilling the obligations of the signed Agreement, but in such case we will not be able to provide and you will not be able to receive current offers and news.
You may correct (withdraw or resubmit) your consents by submitting your registration information that is accordingly updated regarding the provided consents, changing the terms of the consent in your registered user account or at the mobile application, or by contacting us, using the methods specified in Clause 8 of this Policy.
When your consent is revoked, we will stop processing the data on the basis of the consent and, in the cases specified in the Policy, will reliably and irrevocably delete or anonymize the data.
In any case we may also keep your provided consent and evidence of your provided consent for a longer period of time, if this is required in order to be able to defend our legitimate interests in case of claims, complaints or objections made against us.
6.4. Right to submit complaints
If you believe that we are processing your data and violating the requirements of data processing/protection regulatory enactments, we ask you to contact us first directly. We believe that we will be able to clear all your doubts, satisfy your requests and correct any mistakes we have made.
If you are not satisfied with the solutions we offer or if, in your opinion, we are not taking the required actions in accordance with your request, you have the right to submit a complaint to the supervisory authority, which in the Republic of Latvia is the Data State Inspectorate.
6.5. The right to object to the processing of data, if the processing is justified by legitimate interests
You have the right to object to the processing of personal data, if the personal data is processed on the basis of our legitimate interests. However, taking into account the purpose of the Service provision and the balance of the legitimate interests of both parties (both as the data subject and as the controller of personal data), your objections may mean that we will not be able to provide you the opportunity to continue to use the Services and the Agreement validity will be terminated and cancelled.
If you wish to exercise the rights set out in this section, please submit a written request to our Data Protection Specialist, whose contact details are provided in Clause 8 of this Policy.
6.6. Right to delete data (right to be forgotten)
In certain circumstances in accordance with the regulatory enactments on data processing (e.g., if personal data are processed unlawfully, the legal basis for the processing is lost, personal data are no longer required for the purposes, which they have been collected for or processed otherwise, etc.), you have the right to request us to delete your personal data. If you wish to exercise these rights, please submit a written request to our Data Protection Specialist, whose contact details are provided in Clause 8 of this Policy.
It is important to note that the data of the user registered in the account of website www.brios.lv will be deleted without your separate request, and the rest of the data will be deleted or securely anonymized, if you stop using the Services on website www.brios.lv and 2 (two) years have passed since your last activity as a registered user at website www.brios.lv.
6.7. Right to restrict data processing
In certain circumstances referred to in the regulatory enactments on data processing (if personal data is processed unlawfully, you dispute the accuracy of the data, to protect our legitimate interests in case you file objections to the processing of data, etc.), you still have the right to restrict your data processing. However, we must inform you that due to restrictions on data processing and for the duration of such restrictions, we may not be able to provide you with the Services and fulfil our obligations under the Agreement.
If you wish to exercise the rights set out in this section, please submit a written request to our Data Protection Specialist, whose contact details are provided in Clause 8 of this Policy.
6.8. Right to data transferability
You have the right to transfer data that we process in accordance with your consent and that are processed by automated means to another data controller. We will provide you with the data you are willing to transfer in an easy-to-use and computer-readable format on our systems, but if you are willing and if such technical possibilities exist, we will transfer the data directly to another data controller specified by you.
If you wish to exercise your right to data portability, please submit a written request to our Data Protection Specialist, whose contact details are provided in Clause 8 of this Policy.
7. How do we review and process your requests?
To protect the data of our customers from unauthorized disclosure, we will need to verify your identity, when we receive your request to receive your data or to exercise your other rights. For this purpose, we may ask you to indicate the current data registered in your user account at website www.brios.lv (for example, name, surname, address, e-mail address or phone number), after which we will compare whether your specified data matches the relevant data of the registered user. During this verification, we may also send a control notice to the contact information provided in the registration form for communication (via a text message or email) requesting authorization. If the verification procedure fails (for example, the data you provide does not match the data provided in the profile of the user registered at website www.brios.lv, or you do not implement the authorization procedure after receiving the sent text message or e-mail), we will be forced to state that you are not the subject of the requested data and we will have to reject your request.
Upon receipt of your request for the exercise of any of your rights and the successful completion of the above mentioned verification procedure, we undertake to provide you with information in accordance with your request without delay, but in any case no later than within one month after receiving your request and completing the verification procedure. Due to the complexity and number of requests, we have the right to extend the one-month period for another two months, informing you before the end of the first month and stating the reasons for such extension.
If your request has been submitted by electronic means, we will also provide the answer by electronic means, unless it is not possible (for example, due to the large amount of information) or if you ask us to reply in another way.
We will refuse to satisfy your request with a reasoned reply, if such circumstances specified in the regulatory enactments are stated, when we cannot provide the information to you, by informing you in writing thereof.8. How can you contact us?
9. How secure are your data?
- by e-mail, writing to the e-mail address: email@example.com
- by calling our free of charge Helpline: +371 29680588
We respect your privacy, therefore the security of your personal data is our priority. We use appropriate organizational and technical means to ensure the continued security of your personal data and the compliance of data processing with the requirements of personal data protection regulatory enactments and our internal policy.
We consistently adhere to the principle of minimizing personal data and do not collect data that we do not require to achieve the objectives set out in this Policy.
We use a variety of personal data protection and security technologies and procedures to protect your personal data from unauthorized access, use or disclosure. Our partners are carefully selected and we require them to use appropriate means to protect the confidentiality of personal data and to ensure the security of your personal information. However, complete security cannot be guaranteed in the transmission of your information to us via Internet or mobile communications; any case of transferring your information to us in the ways provided above is implemented at your own risk.10. Cookies
Also third-party cookies are used at our website. They are used to create the browsing history of each visitor in order to display the ads specifically intended for you and to provide the best experience, when visiting our website. If your browser allows you to record third-party cookies, our selected partner will be able to record their own cookies in your browser.
The policy is not applicable to other services provided by us or by our group companies.