PRIVACY POLICY
1. Controller of personal data processing.
Controller of personal data processing is COMUS OÜ, registry code 16293607, registered address Parnu mnt 142, 11317 Tallinn, Estonia, hereinafter referred to as the COMUS, websites www.comus.lv, electronic mail info@comus.lv.
2. Processor of personal data.
Processor of personal data is COMUS OÜ, registry code 16293607, registered address Parnu mnt 142, 11317 Tallinn, Estonia, following the instructions of COMUS and using technical and organizational data protection measures, will process the Client’s personal data to the extent and procedures required and permitted by the laws and regulations of the Republic of Estonia and the European Union. Other personal data processors of COMUS shall be authorised to receive and process Client’s data.
3. Applicable laws.
3.1. Regulation of the European Parliament and of the Council No. 2016/679 on the protection of individuals regarding processing of personal data and on the free circulation of such data (April 27, 2016).
3.2. Personal Data Protection Law.
4. What is Privacy Policy?
4.1. The Privacy Policy, hereinafter referred to as Policy, provides information on how COMUS collects, processes, stores, shares, deletes and protects the Client’s personal data, thereby ensuring that the Client’s personal data is processed lawfully, in good faith and in a transparent manner to the Client. The policy applies to Client’s personal data, any processing of natural person’s personal data and service provided to the Client.
4.2. If COMUS updates this policy, all changes will be published on COMUS website www.comus.lv, under “Information – Privacy Policy”.
4.3. In order to provide better and more appropriate products and services to the Client and to ensure, maintain, protect and improve existing products and services, COMUS processes data collected from the provision of services.
5. What personal data is processed by COMUS?
5.1. Personal data categories processed by COMUS depend on the products and services used by the Client. COMUS is entitled to process the following personal data categories for the purposes of paragraph 7 of this Policy:
– name, surname, correspondence address, telephone number and e-mail address;
– communication data – e-mail, letter or other information regarding Client’s communication with COMUS;
– data disclosed to COMUS by Client himself.
5.2. COMUS shall process the following data on the use of products and services for the purposes of paragraph 7 of this Policy:
– Client’s IP address information;
– cookies (website browsing data) – data on browsing COMUS websites www.comus.lv, hereinafter referred to as COMUS website;
– date, time, and Internet browsing volume, location during browsing;
– other personal data, depending on the type of service provided to the Client, by informing the Client in advance.
6. What are the grounds for processing Client’s personal data?
6.1. Client’s consent – Client, as personal data subject, gives consent to the collection and processing of personal data for certain purposes. The Client’s consent for direct marketing purposes to express new and individual offers will be attributed to COMUS activities following the entry into force of the E-Private Regulation. The Client’s consent is his free will and an independent decision that can be made at any time, thereby allowing COMUS to process personal data for certain purposes. The Client’s consent is bound by it if it is given in writing (by filling out the form in COMUS store, by sending the electronic request to info@comus.lv). The Client is entitled to withdraw his previously given consent at any time using the specified channels of communication with COMUS. Appropriate changes will be applied within three working days. The withdrawal of consent shall not affect the legality of the processing based on the consent prior to the withdrawal.
6.2. Conclusion and fulfilment of the Agreement – to allow COMUS to conclude and execute an agreement with the Client, by providing quality services and serving the Client, it must collect and process certain personal data collected prior to the conclusion of the agreement with COMUS or during an agreement period.
6.3. Legitimate interests of COMUS – by observing COMUS interests, based on ensuring quality services and timely support to the Client, COMUS is entitled to process the Client’s personal data to the extent that it is objectively necessary and sufficient for the purposes specified in paragraphs 7.1 to 7.2 of this Policy. Legitimate interests of COMUS can be considered processing of personal data by direct marketing, as a result Client receives offers for new and/or individual COMUS products and services (see also paragraphs 8.2 and 8.3 of this Policy).
6.4. Enforcement of legal obligations — COMUS is entitled to process personal data in order to comply with regulatory requirements and to provide answers to legitimate requests from state and local government.
7. For what purposes COMUS will process Client’s personal data?
7.1. COMUS processes personal data to ensure the quality, timely and convenient service during the contractual relationship with COMUS:
– for the management of the Client’s relationship (including remote), ensuring the conclusion and execution of the Agreements, as well as the implementation of the related processes;
– for reviewing Client’s complaints and ensuring support (including technical support) for the services provided;
– to inform Client about products and services of other companies;
7.2. COMUS processes personal data to promote industry development and to offer new services to Clients, including:
– to create new products and make offers regarding them;
– statistical data processing of COMUS clients is carried out to analyse the market and develop business model.
7.3. COMUS processes personal data to create and maintain COMUS internal processes, ensure circulation of documents and other internal processes (e.g. archiving of contracts and other documents) for the necessary and adequate extent.
7.4. COMUS is entitled to process data for the following purposes, receiving a free and explicit consent from the Client:
– to promote image of COMUS on the market, by sending the Client a nice wishes, awarding bonuses, organizing surveys for improving existing products and services and creating new products.
8. Is Client entitled to restrict the data processing?
8.1 Customer personal data profiling as data processing:
– profiling means the processing of any kind of automated personal data manifested as the use of personal data for the purpose of assessing certain personal aspects related to a natural person, in particular to analyse or predict aspects regarding natural person’s individual wishes, interests, reliability, behaviour, location or movement;
– when processing Client’s personal data COMUS can carry out profiling to send nice wishes, gifts, award bonuses, creating and expressing individual offers. Automated individual decisions are only accepted for business purposes and will not result in legal consequences for the Client. The client has the right at any time to object to the adoption of an automated decision and not to be the subject of a decision, by informing COMUS (see also the provisions of paragraph 8.3 of this Policy).
8.2 Direct marketing and basis for sending commercial messages to the Client: COMUS shall perform direct marketing by distributing commercial reports to the Client so that the Client is always informed about new, modern and/or directly established products, services and special contract terms (e.g. discounts) in accordance with the basis for the processing of personal data specified in paragraph 6.3 of this Policy. The Client is entitled to waive the refuse to receive commercial communications at any time and without charge, by informing COMUS (see also the provisions of paragraph 8.3 of this Policy).
8.3. The Client is entitled to object to the profiling of his personal data (see paragraph 8.1) or refuse to receive commercial communications (see paragraph 8.2) at any time, by informing COMUS in writing (by sending an electronic request to a info@comus.lv signed with a secure electronic signature. Changes will not affect the legality of the processing of personal data before the Client’s objections and/or refusal specified in this clause.
9. What are cookies and how can COMUS process them?
9.1. Cookies are small text files that are created and stored on the Client’s device (computer, tablet, mobile phone, etc.) by visiting COMUS website. The cookies “remember” user experience and basic information and thus improve the ease of using the COMUS website.
9.2. By using cookies, common user habits and website usage history is processed, diagnoses problems and deficiencies in the site’s operation, collected user statistics, and ensured full and easy use of website functionality.
9.3. If the Client does not want to allow the use of cookies, the Client may mark it in browser settings, but in this case the use of the site may be significantly impaired and burdened. Deleting saved cookies is possible in your device’s browser settings by deleting the saved cookie history.
9.4. The websites maintained by COMUS use functional, analytical, advertising and mandatory cookies.
10. How COMUS receives Client’s personal data?
10.1. COMUS receives Client’s personal data when Client:
– purchases and uses COMUS products or services (in COMUS stores or remotely);
– sign up for news and other services from COMUS;
– asks COMUS for more information about the product used by the Client or the service connected to the Client or is contacted by COMUS in connection with complaints or information request by identifying the Client;
– participates in contests, lotteries or surveys;
– visit or browse COMUS website;
10.2. COMUS can process Client’s personal data received from third parties if the Client has agreed to it.
10.3. COMUS can process customer personal data on the Client from other companies and partner companies (see paragraph 12 of this Policy) with prior consent from the Client.
11. What is the Client’s personal data processing time?
COMUS will process the Client’s personal data while at least one of the following conditions exists:
– agreement between the Client and COMUS;
– the period for the retention of personal data is determined or resulting from the regulatory enactments of the Republic of Estonia and the European Union;
– the extent necessary for COMUS to realise and protect legitimate interests;
– until Client’s consent to the processing of personal data has been revoked.
12. Sharing Client’s personal data
12.1. To provide services to Client, COMUS can share Client’s personal data with:
– partners or representatives involved in the provision of products and services ordered or used by the Client.
12.2. COMUS is obliged to provide information on personal data to the following institutions and services:
– law enforcement authorities, court or other state and local government authorities, if this arises from regulatory enactments or requests for information from the institution concerned;
12.3. COMUS will provide the Client’s personal data only in the necessary and sufficient amount in accordance with the requirements of regulatory enactments and the objective conditions of the situation.
13. How COMUS protects Client’s personal data?
13.1. COMUS shall ensure, continuously review and improve protective measures to protect customer personal data from unauthorised access, accidental loss, disclosure or destruction. To ensure this COMUS applies modern technology, technical and organisational requirements, including firewalls, intrusion detection, analysis software.
13.2. COMUS thoroughly examines all the service providers that handle and process the Client’s personal data on behalf of the COMUS, and assess, whether cooperation partners (personal data processors) apply appropriate security measures in order to process the Client’s personal data in accordance with COMUS delegation and requirements of the regulatory enactments. Cooperation partners are not allowed to process Client’s personal data for their purposes.
13.3. COMUS shall not take responsibility for any unauthorised access to personal data and/or loss of personal data if it is does not depend on COMUS, for example due to the fault and/or negligence of the Client.
13.4. In case where Client’s personal data is threatened, COMUS will notify the DSI and, if necessary, the Client.
14. What are the Client’s rights?
14.1. To contact COMUS (by writing to info@comus.lv), to receive a copy of personal data held by COMUS.
14.2. To correct all personal data about themself held by COMUS by writing to info@comus.lv.
14.3. The Client is entitled to receive information about those natural or legal persons who have received information about this Client within a certain period of time from COMUS. COMUS will not provide the Client with information about the state institutions that are the guarantors of the criminal proceedings, operative entities or other institutions for which the law prohibits disclosure of such information.
14.4. To request to delete or restrict the processing of personal data if processing is no longer necessary in accordance with the purposes for which they were collected and processed (right to “be forgotten”).
14.5. The Client is entitled to the transferability of their personal data, if processing is carried out in an automated manner, by submitting a written application.
From May 25, 2018, the Client is entitled to:
– object to the processing of personal data by COMUS on the basis of legitimate interests, however, COMUS will continue to process the data, even if the Client has objected to it, if there are compelling reasons to continue processing the data. In order to implement the rights referred to above, the Client must submit to COMUS a written submission to info@comus.lv;
– in certain circumstances the Client is entitled to request that COMUS deletes personal data, but it does not apply to cases where the law requires the retention of data. In order to implement the rights referred to above, the Client must submit to COMUS a written submission to info@comus.lv;
– in certain circumstances the Client has the right to restrict the processing of personal data. Please note that if the Client requests to restrict the processing of data, the execution of the order may be affected. In order to implement the rights referred to above, the Client must submit a written submission to info@comus.lv;
– The customer has the right to receive or transfer personal data to another data manager (“data transferability”). This right shall include only the data provided by the Client to COMUS on the basis of its consent or contract, and if the processing is carried out in an automated manner. In order to implement the rights referred to above, the Client must submit a written submission to info@comus.lv.
