Privacy policy
Privacy Policy
1. General Provisions.
1.1. This Privacy Policy describes how SIA NORTH EFFECT, Reg. No.: 40203201290, address: Dārza iela 2, Rīga, LV-1007, Latvia (hereinafter referred to as the "Data Controller") collects, processes, and stores personal data obtained from clients and individuals visiting the website www.e-oga.com (hereinafter referred to as the "Data Subject" or "You").
1.2. Personal data refers to any information related to an identified or identifiable individual, i.e., the Data Subject. Processing is any operation performed on personal data, such as collection, recording, modification, usage, viewing, deletion, or destruction.
1.3. The Data Controller adheres to the principles of data processing as prescribed by law and can confirm that personal data is processed in accordance with applicable legislation.
2. Collection, Processing, and Storage of Personal Data.
2.1. The Data Controller collects, processes, and stores personally identifiable information primarily through the e-commerce website and email.
2.2. By visiting and using the services offered by the online store, you agree that any information provided will be used and managed in accordance with the purposes set out in this Privacy Policy.
2.3. The Data Subject is responsible for ensuring that the personal data submitted is accurate, precise, and complete. Knowingly providing false information is considered a violation of our Privacy Policy. The Data Subject is obliged to notify the Data Controller immediately of any changes to the submitted personal data.
2.4. The Data Controller is not responsible for any loss or damage suffered by the Data Subject or third parties as a result of false personal data being submitted.
3. Processing of Client Personal Data.
3.1. The Data Controller may process the following personal data:
3.1.1. First name, last name
3.1.2. Date of birth
3.1.3. Contact information (email address and/or phone number)
3.1.4. Transaction details (purchased products, delivery address, price, payment information, etc.).
3.1.5. Any other information provided to us during the use of the website's services and product purchases or when contacting us.
3.2. In addition to the above, the Data Controller has the right to verify the accuracy of the submitted data using publicly available registers.
3.3. The legal basis for processing personal data is Article 6, paragraph 1, points (a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
a) The Data Subject has given consent for the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the Data Subject is a party or to take steps at the request of the Data Subject before entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
f) Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, particularly if the Data Subject is a child.
3.4. The Data Controller retains and processes the personal data of the Data Subject as long as at least one of the following criteria exists:
3.4.1. The personal data is necessary for the purposes for which it was collected;
3.4.2. As long as the Data Controller and/or the Data Subject can exercise their legitimate interests, such as filing objections or bringing claims or defending claims in court, as prescribed by external laws;
3.4.3. As long as there is a legal obligation to retain the data, such as under the Accounting Law;
3.4.4. As long as the Data Subject's consent for the relevant data processing is valid, if no other legal basis for data processing exists.
Once the conditions listed in this section no longer apply, the retention period for the Data Subject's personal data expires, and all related personal data is permanently deleted from computer systems and electronic and/or paper documents containing the relevant personal data, or such documents are anonymized.
3.5. To fulfill its obligations to you, the Data Controller has the right to transfer your personal data to its cooperation partners and data processors who perform the necessary data processing on our behalf, such as accountants, courier services, etc. The payment processing is handled by the payment platform makecommerce.lv, therefore, our company transfers the personal data necessary for payment processing to the platform's owner, Maksekeskus AS.
Upon request, we may transfer your personal data to state and law enforcement authorities to defend our legal interests if necessary, by preparing, submitting, and defending legal claims.
3.6. In processing and storing personal data, the Data Controller implements organizational and technical measures to ensure the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.
4. Rights of the Data Subject.
4.1. According to the General Data Protection Regulation and the laws of the Republic of Latvia, you have the following rights:
4.1.1. To access your personal data, receive information about its processing, request an electronic copy of your personal data, and request the transfer of this data to another controller (data portability);
4.1.2. To request the correction of inaccurate, incorrect, or incomplete personal data;
4.1.3. To request the deletion of your personal data ("right to be forgotten"), except in cases where the law requires the data to be retained;
4.1.4. To withdraw your previously given consent for the processing of personal data;
4.1.5. To restrict the processing of your data – the right to request that we temporarily stop processing all your personal data;
4.1.6. To contact the Data State Inspectorate.
You can submit a request to exercise your rights by filling out a form in person at Dārza iela 2, Rīga, LV-1007, Latvia, or by submitting a request electronically by emailing our customer support at info@e-oga.com.
5. Final Provisions.
5.1. This Privacy Policy has been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as the applicable laws of the Republic of Latvia and the European Union.
5.2. The Data Controller reserves the right to make changes or additions to the Privacy Policy at any time and without prior notice. Amendments take effect upon their publication on the website www.e-oga.com.
Cookies
Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.
Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.
How We Disclose Personal Information
In certain circumstances, we may disclose your personal information to third parties for contract fulfillment purposes, legitimate purposes and other reasons subject to this Privacy Policy. Such circumstances may include:
- With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
- With business and marketing partners to provide services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices.
- When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations, with your consent.
- With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.
- In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.
We disclose the following categories of personal information and sensitive personal information about users for the purposes set out above in "How we Collect and Use your Personal Information" and "How we Disclose Personal Information":
| Category | Categories of Recipients |
|---|---|
|
|
We do not use or disclose sensitive personal information without your consent or for the purposes of inferring characteristics about you.
With your consent we share personal information for the purpose of engaging in advertising and marketing activities, as follows.
Third Party Websites and Links
Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.
Children's Data
The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.
As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.
Security and Retention of Your Information
Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.
How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.
Your Rights
Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.
- Right to Access / Know: You may have a right to request access to personal information that we hold about you, including details relating to the ways in which we use and share your information.
- Right to Delete: You may have a right to request that we delete personal information we maintain about you.
- Right to Correct: You may have a right to request that we correct inaccurate personal information we maintain about you.
- Right of Portability: You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
- Right to Opt out of Sale or Sharing or Targeted Advertising: You may have a right to direct us not to "sell" or "share" your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. Please note that if you visit our Site with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out of the "sale" or "sharing" of information for the device and browser that you use to visit the Site.
- Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information.
- Withdrawal of Consent: Where we rely on consent to process your personal information, you may have the right to withdraw this consent.
- Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.
- Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.
You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.
We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.
Complaints
If you have complaints about how we process your personal information, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.
International Users
Please note that we may transfer, store and process your personal information outside the country you live in. Your personal information is also processed by staff and third party service providers and partners in these countries.
If we transfer your personal information out of Europe, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.
Contact
Should you have any questions about our cookies, or if you would like to exercise any of the rights available to you, please call or email us at info@e-oga.com or contact us at Dārza iela 2, Rīga, 1007, Latvia.
For the purpose of applicable data protection laws and if not explicitly stated otherwise, we are the data controller of your personal information.