1. Controller of personal data processing:
Controller of personal data processing is IK “COMUS”, reg. No. 40002180355, registered address Sesku 63-89, Riga, LV-1082, email@example.com (hereinafter referred to as the “Comus”), websites www.comus.lv.
2. Processor of personal data:
The processor IK “COMUS”, reg. No 40002180355, Sesku 63-89, Riga, LV-1082, following the instructions of “Comus” and using technical and organisational data protection measures, will process the Client’s personal data to the extent and procedures required and permitted by the laws and regulations of the Republic of Latvia and the European Union. Other personal data processors of “Comus” shall be authorised to receive and process Client’s data.
3. Applicable laws:
– Regulation of the European Parliament and of the Council No. 2016/679 on the protection of individuals regarding processing of personal data and on the free circulation of such data (April 27, 2016).
– Personal Data Protection Law.
4.3. In order to provide better and more appropriate products and services to the Client and to ensure, maintain, protect and improve existing products and services, “Comus” processes data collected from the provision of services.
5. What personal data is processed by “Comus”?
5.1. Personal data categories processed by “Comus” depend on the products and services used by the Client. “Comus” is entitled to process the following personal data categories for the purposes of paragraph 7 of this Policy:
– name, surname, correspondence address, telephone number and e-mail address;
– communication data – e-mail, letter or other information regarding Client’s communication with “Comus”;
– data disclosed to “Comus” by Client himself.
5.2. “Comus” shall process the following data on the use of products and services for the purposes of paragraph 7 of this Policy:
– Client’s IP address information;
– cookies (website browsing data) – data on browsing “Comus” websites (www.comus.lv), (hereinafter referred to as “”Comus” website”);
– date, time, and Internet browsing volume, location during browsing;
– other personal data, depending on the type of service provided to the Client, by informing the Client in advance.
6. What are the grounds for processing Client’s personal data?
6.1. Client’s consent – Client, as personal data subject, gives consent to the collection and processing of personal data for certain purposes. The Client’s consent for direct marketing purposes to express new and individual offers will be attributed to “Comus” activities following the entry into force of the E-Private Regulation. The Client’s consent is his free will and an independent decision that can be made at any time, thereby allowing “Comus” to process personal data for certain purposes. The Client’s consent is bound by it if it is given in writing (by filling out the form in “Comus” store, by sending the electronic request to firstname.lastname@example.org). The Client is entitled to withdraw his previously given consent at any time using the specified channels of communication with “Comus”. Appropriate changes will be applied within three working days. The withdrawal of consent shall not affect the legality of the processing based on the consent prior to the withdrawal.
6.2. Conclusion and fulfilment of the Agreement – to allow “Comus” to conclude and execute an agreement with the Client, by providing quality services and serving the Client, it must collect and process certain personal data collected prior to the conclusion of the agreement with “Comus” or during an agreement period.
6.3. Legitimate interests of “Comus” – by observing “Comus” interests, based on ensuring quality services and timely support to the Client, “Comus” is entitled to process the Client’s personal data to the extent that it is objectively necessary and sufficient for the purposes specified in paragraphs 7.1 to 7.2 of this Policy. Legitimate interests of “Comus” can be considered processing of personal data by direct marketing, as a result Client receives offers for new and/or individual “Comus” products and services (see also paragraphs 8.2 and 8.3 of this Policy).
6.4. Enforcement of legal obligations — “Comus” is entitled to process personal data in order to comply with regulatory requirements and to provide answers to legitimate requests from state and local government.
7. For what purposes “Comus” will process Client’s personal data?
7.1. “Comus” processes personal data to ensure the quality, timely and convenient service during the contractual relationship with “Comus”:
– for the management of the Client’s relationship (including remote), ensuring the conclusion and execution of the Agreements, as well as the implementation of the related processes;
– for reviewing Client’s complaints and ensuring support (including technical support) for the services provided;
– to inform Client about products and services of other companies;
7.2. “Comus” processes personal data to promote industry development and to offer new services to Clients, including:
– to create new products and make offers regarding them;
– statistical data processing of “Comus” clients is carried out to analyse the market and develop business model.
7.3. “Comus” processes personal data to create and maintain “Comus” internal processes, ensure circulation of documents and other internal processes (e.g. archiving of contracts and other documents) for the necessary and adequate extent.
7.4. “Comus” is entitled to process data for the following purposes, receiving a free and explicit consent from the Client:
– to promote image of “Comus” on the market, by sending the Client a nice wishes, awarding bonuses, organizing surveys for improving existing products and services and creating new products.
8. Is Client entitled to restrict the data processing?
8.1 Customer personal data profiling as data processing:
– profiling means the processing of any kind of automated personal data manifested as the use of personal data for the purpose of assessing certain personal aspects related to a natural person, in particular to analyse or predict aspects regarding natural person’s individual wishes, interests, reliability, behaviour, location or movement;
– when processing Client’s personal data “Comus” can carry out profiling to send nice wishes, gifts, award bonuses, creating and expressing individual offers. Automated individual decisions are only accepted for business purposes and will not result in legal consequences for the Client. The client has the right at any time to object to the adoption of an automated decision and not to be the subject of a decision, by informing “Comus” (see also the provisions of paragraph 8.3 of this Policy).
8.2 Direct marketing and basis for sending commercial messages to the Client: “Comus” shall perform direct marketing by distributing commercial reports to the Client so that the Client is always informed about new, modern and/or directly established products, services and special contract terms (e.g. discounts) in accordance with the basis for the processing of personal data specified in paragraph 6.3 of this Policy. The Client is entitled to waive the refuse to receive commercial communications at any time and without charge, by informing “Comus” (see also the provisions of paragraph 8.3 of this Policy).
8.3. The Client is entitled to object to the profiling of his personal data (see paragraph 8.1) or refuse to receive commercial communications (see paragraph 8.2) at any time, by informing “Comus” in writing (by sending an electronic request to a email@example.com signed with a secure electronic signature. Changes will not affect the legality of the processing of personal data before the Client’s objections and/or refusal specified in this clause.
9. What are cookies and how can “Comus” process them?
9.1. Cookies are small text files that are created and stored on the Client’s device (computer, tablet, mobile phone, etc.) by visiting “Comus” website. The cookies “remember” user experience and basic information and thus improve the ease of using the “Comus” website.
9.2. By using cookies, common user habits and website usage history is processed, diagnoses problems and deficiencies in the site’s operation, collected user statistics, and ensured full and easy use of website functionality.
9.4. The websites maintained by “Comus” use functional, analytical, advertising and mandatory cookies.
10. How “Comus” receives Client’s personal data?
10.1. “Comus” receives Client’s personal data when Client:
– purchases and uses “Comus” products or services (in Comus stores or remotely);
– sign up for news and other services from “Comus”;
– asks “Comus” for more information about the product used by the Client or the service connected to the Client or is contacted by “Comus” in connection with complaints or information request by identifying the Client;
– participates in contests, lotteries or surveys;
– visit or browse “Comus” website;
10.2. “Comus” can process Client’s personal data received from third parties if the Client has agreed to it.
10.3. “Comus” can process customer personal data on the Client from other companies and partner companies (see paragraph 12 of this Policy) with prior consent from the Client.
11. What is the Client’s personal data processing time?
“Comus” will process the Client’s personal data while at least one of the following conditions exists:
– agreement between the Client and “Comus”;
– the period for the retention of personal data is determined or resulting from the regulatory enactments of the Republic of Latvia and the European Union;
– the extent necessary for “Comus” to realise and protect legitimate interests;
– until Client’s consent to the processing of personal data has been revoked.
12. Sharing Client’s personal data
12.1. To provide services to Client, “Comus” can share Client’s personal data with:
– partners or representatives involved in the provision of products and services ordered or used by the Client.
12.2. “Comus” is obliged to provide information on personal data to the following institutions and services:
– law enforcement authorities, court or other state and local government authorities, if this arises from regulatory enactments or requests for information from the institution concerned;
12.3. “Comus” will provide the Client’s personal data only in the necessary and sufficient amount in accordance with the requirements of regulatory enactments and the objective conditions of the situation.
13. How “Comus” protects Client’s personal data?
13.1. “Comus” shall ensure, continuously review and improve protective measures to protect customer personal data from unauthorised access, accidental loss, disclosure or destruction. To ensure this “Comus” applies modern technology, technical and organisational requirements, including firewalls, intrusion detection, analysis software.
13.2. “Comus” thoroughly examines all the service providers that handle and process the Client’s personal data on behalf of the “Comus”, and assess, whether cooperation partners (personal data processors) apply appropriate security measures in order to process the Client’s personal data in accordance with “Comus” delegation and requirements of the regulatory enactments. Cooperation partners are not allowed to process Client’s personal data for their purposes.
13.3. “Comus” shall not take responsibility for any unauthorised access to personal data and/or loss of personal data if it is does not depend on “Comus”, for example due to the fault and/or negligence of the Client.
13.4. In case where Client’s personal data is threatened, “Comus” will notify the DSI and, if necessary, the Client.
14. What are the Client’s rights?
14.1. To contact “Comus” (by writing to firstname.lastname@example.org), to receive a copy of personal data held by “Comus”.
14.2. To correct all personal data about themself held by “Comus” by writing to email@example.com.
14.3. The Client is entitled to receive information about those natural or legal persons who have received information about this Client within a certain period of time from “Comus”. “Comus” will not provide the Client with information about the state institutions that are the guarantors of the criminal proceedings, operative entities or other institutions for which the law prohibits disclosure of such information.
14.4. To request to delete or restrict the processing of personal data if processing is no longer necessary in accordance with the purposes for which they were collected and processed (right to “be forgotten”).
14.5. The Client is entitled to the transferability of their personal data, if processing is carried out in an automated manner, by submitting a written application.
From May 25, 2018, the Client is entitled to:
– object to the processing of personal data by “Comus” on the basis of legitimate interests, however, “Comus” will continue to process the data, even if the Client has objected to it, if there are compelling reasons to continue processing the data. In order to implement the rights referred to above, the Client must submit to “Comus” a written submission to firstname.lastname@example.org;
– in certain circumstances the Client is entitled to request that “Comus” deletes personal data, but it does not apply to cases where the law requires the retention of data. In order to implement the rights referred to above, the Client must submit to “Comus” a written submission to email@example.com;
– in certain circumstances the Client has the right to restrict the processing of personal data. Please note that if the Client requests to restrict the processing of data, the execution of the order may be affected. In order to implement the rights referred to above, the Client must submit a written submission to firstname.lastname@example.org;
– The customer has the right to receive or transfer personal data to another data manager (“data transferability”). This right shall include only the data provided by the Client to “Comus” on the basis of its consent or contract, and if the processing is carried out in an automated manner. In order to implement the rights referred to above, the Client must submit a written submission to email@example.com.