We take appropriate measures to ensure that your personal data are always safe with us and processed in accordance with the existing data protection legislation, our internal policies, guidelines and procedure.
Controller and controller’s contact details
Controller of the processing of personal data: AS VALMIERAS STIKLA ŠĶIEDRA, registration No 40003031676, registered office: Cempu iela 13, Valmiera, LV-4201, tel. 64202216; data.GDPR@valmiera-glass.com.
Sources of personal data
For the most part, personal data available to us have been collected directly from you or your interaction with us, our websites or social media sites. We can obtain your personal data also from other sources, such as counterparties, subcontractors providing technical, payment and delivery services, advertising networks, suppliers of analytical services, suppliers of information search services, credit reference agencies, anti-fraud databases and other third party databases, including sanctions lists, business information and research tools.
Purpose and legal basis for processing
According to the General Data Protection Regulation, we must define a legal basis for using your personal data and inform you to that effect. With respect to each application referred to below, we specify the purpose for using and disclosing the data and the basis for using the data concerned. Each basis is described below.
We shall use your personal data for the following purposes, depending on how you communicate with AS VALMIERAS STIKLA ŠĶIEDRA:
- To provide products and services requested by you – To fulfil our obligations under contracts signed between us, including those on delivery, the execution or cancellation of orders, the supply of information, products and services requested by you, and informing you about changes in our products and services.
Legal basis: performance of contracts, legitimate interests (to enable us to fulfil our obligations and supply products and services to you, or to inform you about changes in our products and services).
To ensure the selection of potential employees – when your CV and application are received, for more details: Regulation on Personal Data Processing for the Purposes of Staff Selection.
Legal basis: legitimate business interests, based on the data subject’s consent.
- To ensure practical communication with you – To answer your questions, comments, complaints or other communication, including questions about our products.
Legal basis: legitimate interests (to enable us to contact you and supply products and services), lawful claims.
- To monitor activities and record correspondence between us – To monitor communication between us, including the purpose of ensuring the quality of services and their conformity with procedures, and for training purposes.
Legal basis: legitimate interests (to ensure the quality of our products and services).
- To provide marketing materials to you – To provide you with information by post or e-mail, online or in person, or advertisements in social media about our products, services, vacancies and events if these products or services are similar to those you have already purchased or looked at, or if you have agreed to be contacted for this purpose. We may use your information also for the purposes of marketing activities concerning selected products and services of counterparties. If required so by law, we shall request your consent each time when data will be collected for the purposes of such marketing activities. We shall ensure a possibility to unsubscribe or opt out of further communications concerning the electronic marketing activity sent to you, or opt out of such communications at any time by contacting us, and to see why respective communications are received.
Legal basis: consent, legitimate interests (to provide you with the latest information about our products and services).
- To understand our customers and improve and customise our products and services – We may analyse personal data available to us in order to measure and understand the effectiveness of advertisements addressed to you and others and provide advertisements that would be relevant to you. We may supply our advertisers with aggregated data and provide you, our customers and users of our websites with recommendations and suggestions concerning products or services that might be interest for you or them.
Legal basis: legitimate interests (to ensure the quality of our products and services, enable us to improve our products and services, and provide you with content and services on our websites).
- To organise promotional actions and competitions – If you take part in promotional actions and competitions, and if you win. If you win a prize, we may publish your available personal data on our websites and social media sites and in press releases according to local law. We may disclose these data also to third parties who may need them for securing the prize.
Legal basis: legal obligations, performance of contracts, legitimate interests (to organise our promotional actions and events successfully).
- To organise our events – If you attend an event held or otherwise supported by us, we may use your personal data, including specific nutritional needs, information concerning your health status and requests for assistance in moving, in relation to the event.
Legal basis: legitimate interests (to enable us to organise our events and meet your specific needs during events), unequivocal consent (if necessary).
- To prevent fraud - We and other organisations may have access to certain information and use it at any time for the prevention of fraud according to applicable laws and the Regulation. If false or inaccurate information has been supplied or a fraud has been detected or is suspected, information may be transferred to anti-fraud authorities and other organisations, and it may be recorded by both us and these authorities.
Legal basis: legal obligations, legitimate interests (to facilitate the prevention of crime and fraud), substantial public interest.
- To check the data subject, e.g. creditworthiness - If you are a current or potential counterparty, we may use your personal data to check you (and/or your business). To this end, we may disclose your information to competent authorities, including credit reference agencies, public agencies and anti-fraud agencies. This information may also be accessed and used by law enforcement authorities. We and other organisations accessing and using information aggregated by these agencies may do this only when being located in the same country as you.
Legal basis: legal obligations, lawful claims, substantial public interest, legitimate interests (to facilitate the prevention of crime and fraud).
- To improve and administer our websites and provide relevant content – To improve our websites and secure that their content is presented in a manner that is most effective for you and your computer; to administer our websites, and for the purposes of our internal activities, including troubleshooting, the analysis of data, including information flow data, testing, and research, statistics and surveys; as part of our efforts to ensure the safety and security of our websites; to ensure that the content of our websites is presented in a manner that is most effective for you and your device, which may include the transfer of your data to counterparties, service suppliers and suppliers of analytical and search engine services.
Legal basis: legitimate interests (to enable us to administer our websites and provide content and services on our websites to you), legal obligations.
Legal basis: legitimate interests (to enable us to modify our business), legal obligations.
- To ensure compliance with legal and statutory obligations - We may process your personal data to comply with legal and statutory requirements applicable to us, which may include a requirement to disclose your personal data to third parties, including insurance companies, judicial authorities and/or regulatory or law enforcement authorities, concerning the relevant person anywhere in the world or in a place designated for inquiries, litigations or investigations.
Legal basis: legal obligations, lawful claims, legitimate interests (to cooperate with law enforcement and regulatory authorities).
The Company performs video surveillance. The purpose of video surveillance is the control of order in monitored premises, the security of employees and visitors, the protection of property, and the prevention, elimination and detection of offences.
Video surveillance is carried out on the basis of stringent security and privacy rules, using state-of-the-art technologies and equipment.
Disclosure of your information
Apart from third parties referred to above, we may disclose your personal data also to our group’s companies, namely: our subsidiaries and parent company and its subsidiaries, which may use these data for the purposes defined above. We shall share your personal data also with third-party service suppliers (for example, suppliers of marketing, IT or administrative services), which may process these data for us for the purposes defined above.
Cookies are small text files generated and stored on your device as an Internet user (computer, tablet, mobile phone, etc.) when you visit our website. Cookies “remember” your experience and basic information, thereby making the use of our website more convenient and providing information that is more relevant to you.
Storage of personal data
Data collected from you may be transferred and stored in a place outside the European Economic Area (hereinafter – the EEA). They may also be processed by our employees or employees of our suppliers who are located outside the EEA. Inter alia, these employees may be involved in the execution of your order, the processing of your payment information, or the supply of support services.
Period of storage of personal data
The Company stores personal data in conformity with the defined purposes of the processing of personal data and statutory requirements as long as at least one of the following criteria applies:
- as long as the Company may pursue its legitimate interests following the procedure set out in external regulations
- as long as the Company has a legal obligation to store the data
- as long as the data subject’s consent for the respective data processing remains in force unless there is another legal basis for the processing.
For example, we may keep some transaction data and correspondence until expiry of the limitation period with respect to the specific transactions, or for compliance with statutory requirements concerning the storage of such data.
Consent to the processing of data and the right to withdraw consent
Where the processing of personal data is based on consent given to the processing, the person may withdraw the consent at any time in the same manner as the consent was given, in which case no further processing of data based on the consent previously given for the specific purpose will be performed.
The withdrawal of consent does not affect the processing of data at the time while the person’s consent was in force.
The withdrawal of consent does not affect the processing of data based on other legal grounds.
If you are located within the European Economic Area at the time of our interaction, you may request that we, subject to certain conditions:
- provide you with additional information about how we use and process your personal data;
- provide you with a copy of all your personal data known to us;
- rectify inaccuracies in your personal data and complete incomplete personal data processed by us;
- erase personal data where we no longer have grounds for processing, and
- restrict the processing of your personal data pending the consideration of your request.
In addition, you may have the following rights under certain circumstances:
- to withdraw your consent if the processing is based on your consent;
- to request that we send personal data provided by you or your data that are still available to us to third parties by electronic means;
- to object to the processing of personal data based on “legitimate interests” or “public interest” unless the grounds for processing your data override your interests, rights and freedoms, and
- to object to direct marketing at any time (including profiling for such purposes).
These rights are subject to some exceptions for safeguarding public interest (for example, the prevention or detection of crime) and our interests (for example, for the purposes of legal confidentiality), and may not be in force in the state in which you are located.
You may exercise the rights you have, for which purpose you should contact us by e-mail: data.GDPR@valmiera-glass.com.
If you are not satisfied that we use your personal data or with how we have responded to the exercise of your rights, you may lodge a complaint to the State Data Inspectorate, www.dvi.gov.lv.
Following your request, the Company will provide a reply to your application concerning the use of your personal data free of charge twice a year. Starting from the third time, the fee for the supply of such information is EUR 50.
Having received your application, the Company will assess its substance and possibilities of your identification and, if necessary, request additional information to make sure, to the maximum extent possible, that the data will be sent to the respective data subject and to minimise the risk of misuse of your data.
Personal data – any information relating to an identified or identifiable natural person (‘data subject’).
Processing of personal data – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Legal basis for the use of personal data
Consent: the data subject must explicitly consent to the processing of his or her data for one or several specific purposes and goals.
Performance of contracts: if your information is necessary for signing or performing a contract with you.
Legal obligation: if the controller is obliged by law to carry out an activity requiring the processing of data.
Legitimate interests: if we use your information to pursue legitimate interests and our grounds for using your data override restrictions of any right to protect your data.
Substantial public interest: if we use your information to perform a task for reasons of public interest.
Vital interests: if the processing of data will be necessary in extraordinary situations, such as natural disasters, to save a person’s life.