Privacy Policy

PRIVACY POLICY

The Privacy Policy has been developed in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter – the Regulation.

The purpose of the Privacy Policy is to provide information to the individual (data subject) about the purpose, legal grounds, scope of processing of personal data, protection of personal data and duration of processing during the collection of data and when processing the personal data of the data subject.

Limited liability company “AVE STEEL” fully respects the rights of the data subject to privacy and shall not collect any personal information about you on its website www.avesteel.lv, except for the information you voluntarily provide. Any information you voluntarily provide in any form to limited liability company “AVE STEEL” shall not be made available to third parties and limited liability company “AVE STEEL” will be used solely for the purposes for which you have provided it.

1. The identity and contact details of the Controller:

Limited liability company “AVE STEEL”, registered in the Register of Enterprises of the Republic of Latvia under unified Reg. No. 40103380859, registered office: 2 Rītausmas Street, Riga, LV-1058, e-mail info@avesteel.lv , contact phone ________, hereinafter – the Controller.

2. Contact details of the Data Protection Officer: regarding questions about data processing, please use the previous contact details or contact our Data Protection Officer by e-mailing to info@avesteel.lv and provide “To Data Protection Officer” in the subject line.

3. Personal data that we process:

  • Personal data of participants – name, surname, personal identification number, address of residence, e-mail, phone;
  • Personal data of customers – name, surname, in separate cases – personal identity number, bank account information, transaction amount, e-mail, image, IP address from which the order and payment for the transaction have been made, telephone number; in case of applications – e-mail, place of residence, IP address from which the application has been sent, telephone number;
  • Personal data of third parties (potential customers, potential employees), the processing of which results from regulatory enactments or contractual obligations, or the willingness of the data subject to establish contractual obligations – name, surname, personal identity number, the declared place of residence, occupation, telephone number, e-mail, the potential employees – additional information included in the CV and information provided by the data subject during the job interview.
  • Information collected to provide the security of your data and data of other persons:
  • IP addresses (for website visitors);
  • access times (for website visitors);
  • access dates (for website visitors);
  • previously visited websites;
  • the language used;
  • software error report.
  • For the purposes of this Privacy Policy personal data shall mean information associated with you or information that would enable direct or indirect identification of you. The Controller may collect personal data about the data subject from various sources (data collected from other websites, from the data subject in person or electronically, from third parties, data on the data subject’s visits to the controller website, the recorded data of video surveillance systems and other lawful publicly available sources).
  • Purposes of data processing, for which personal data are intended:
  • The Controller collects and processes personal data for the following purposes:
  • to provide relevant services of high quality;
  • to provide efficient management processes of the company;
  • for business planning and analysis, including customer surveys, research and analysis;
  • to enter into transactions, including to conclude service and distance agreement, to prepare and to send invoices;
  • to fulfil business obligations (payments);
  • to monitor the concluded transactions;
  • for recruitment and management purposes;
  • to provide the security of the customers, controllers and employees and to protect property;
  • to manage documents;
  • for accounting purposes;
  • to fulfil the obligations specified in the regulatory enactments (maintaining of the register of participants, recording of the participants’ meetings, informing, data transferring, etc.);
  • to process applications and requests for information and to respond to them;
  • for analysis of the Controller’s website history.
  • Within the applicable regulatory enactments the Controller ensures the confidentiality of personal data and has implemented appropriate technical and organisational measures to protect personal data from unauthorised access, unlawful processing or disclosure, accidental loss, alteration, or destruction.
  • Legal grounds of data processing:
  • The processing of personal data is based on the following legal grounds set forth in the Regulation for each specific situation:
  • Data processing is carried out in accordance with Article 6 (1) (b) of the Regulation, when the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (for identification of a person; for concluding an employment contract; for communication with the data subject when it is necessary to calculate the service fee and for providing the process of making payment);
  • Data processing is carried out pursuant to Article 6 (1) (a) of the Regulation, which stipulates that the data subject has given consent to the processing of his/her personal data for one or more specific purposes (to conclude a transaction, to execute a transaction – to process data at the bank,– to inform about news (about the offer, product and service), to process and to store the CV of the potential employee, to obtain recommendations from third parties, to communicate at the suggestion of the data subject);
  • Data processing is implemented pursuant to Article 6 (1) (c) of the Regulation, when processing is necessary for compliance with a legal obligation to which the controller is subject (provision of data to public administration institutions for the performance of their functions (State Revenue Service, State Labour Inspectorate, court, prosecutor’s office, police, state inspectors for the protection of children’s rights, orphans’ court, ombudsman, as well as pre-trial investigation institution); to maintain the register of participants, to draw up minutes of the meeting, to inform, and for other activities resulting from the Commercial Law; to prepare statistics and reports, to review applications, for accounting; for compliance with the requirements of record keeping and circulation of documents, for archiving);
  • Data processing is implemented pursuant to Article 6 (1) (f) of the Regulation when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (for effective provision of corporate governance processes, for customer database, for collection of evidence to prove the legitimacy of the recruitment process, for provision of workforce, for video surveillance for the security of the employee and customers, for service quality checks and service improvement, for analysis of the website history).
  • Recipients or categories of recipients of personal data, if any:

6.1. In the cases as specified by the regulatory enactments, the Controller shall be obliged to provide information regarding the processed personal data:
– to law enforcement authorities, the court, and public administration institutions to the extent necessary for the performance of the functions assigned to them;
– to third parties within the agreements concluded by the data subject;
– to third parties, such rights of whom arise from the law and only to the extent specified therein (trade union);
– to the data subject himself/herself.
6.2. In cases specified in the regulatory enactments, the Controller may transfer personal data:
– to processors, in order to ensure more efficient performance of their functions, in accordance with the services they provide and to the extent necessary (auditors, accountants, legal advisers, IT service providers, labour protection specialists, data protection specialists);
– to third parties, provided that their requests have appropriate legal basis.
6.3. Personal data shall not be transferred outside the EU or the EEA. If personal data is transferred outside the EU and the EEA, this shall take place in accordance with the requirements of the Regulation.

  • Period for which the personal data will be stored or, if not possible, the criteria used to determine such period:
  • The Controller shall store and process the Customer’s personal data for as long as at least one of the following criteria exists:

7.1.1. as long as the obligations of the agreement concluded between the Controller and the data subject are fulfilled or the service is provided to the data subject;
7.1.2. as long as the Controller has an obligation specified in the regulatory enactments to store the relevant data;
7.1.3. until the request/application of the data subject is fully reviewed and/or executed;
7.1.4. as long as the data subject’s consent to the processing of their data is still valid, unless there are other legal grounds for the processing of the data;
7.1.5. as long as the Data Controller and/or Data Subject are able to exercise their legitimate interests, (such as filing objections or bringing an action in court), in accordance with the procedures specified in the regulatory enactments;
7.1.6. personal data (video recordings) obtained by means of video surveillance shall be stored for no longer than 30 days from the day they are obtained, except in cases when they are used to review violations;
7.1.7. the information obtained during the recruitment process about the candidates to the position of an employee shall be stored in full or in part for a maximum of two years in order to protect the legal interests of the Controller. If the Controller receives complaints about a particular recruitment process, all information processed during the recruitment process shall be stored for as long as it is necessary for the particular process.

  • In the event such conditions arise that further storage of personal data is no longer necessary, the personal data of the data subject shall be deleted.
  • The Controller’s document containing, inter alia, personal data shall be stored in accordance with the Case Nomenclature approved by the Controller. Storage periods in the Case Nomenclature shall be determined in accordance with the requirements of the regulatory enactments.
  • The rights to request the Controller to access and to edit or to erase the personal data of the data subject, or to restrict the processing regarding the data subject, or the right to object to the processing and the right to data portability:
  • Data subject shall have the right to receive his/her personal data provided and processed on the basis of written consent or in one of the most frequently used electronic formats and, if possible, to transfer such data to another service provider (data portability).
  • To receive information about the personal data processed by the Controller, the purposes of the processing, the recipients of the data and the terms of storage, a written application must be submitted:
  • by submitting it in person and by presenting an identity document at the Controller’s Office at 2 Rītausmas Street, Riga, LV-1058;
  • by submitting it electronically at the Controller’s e-mail address info@avesteel.lv and by signing it with a secure electronic signature.
  • The data subject shall have the right to request that the personal data be deleted and their processing be restricted, to object to the processing of the personal data, and to request corrections to the personal data, if it is irrelevant, incomplete or incorrect, in accordance with the provisions of the Regulation.
  • The data subject shall have the right to have his/her personal data deleted and to terminate its further processing, if the personal data is no longer necessary for the purposes for which it had been collected or otherwise processed or if the processing of their personal data in any other way does not comply with the Regulation. In accordance with Article 18 (1) (a), (b) and (c) of the Regulation, the data subject shall have the right to have the processing restricted by the Controller, except for the provision of storage obligations referred to in Clause 2 of the mentioned Article.
  • The Controller reserves the right to request additional information from the data subject, if it deems it necessary.
  • The right to revoke consent
  • If the data subject has issued his/her consent to the processing of his/her personal data, and such processing has begun, the data subject shall have the right to revoke such processing, by e-mailing the revocation to info@avesteel.lv .
  • Revocation of consent shall not affect the data processing that was carried out when the data subject’s approval was still in effect. Revocation of consent shall not interrupt any data processing carried out on other legal grounds.
  • Processing of cookies:
  • We use cookies and similar technologies of the following categories to collect information about you, when you visit the Controller’s website:

10.1.1. functional and performance cookies;
10.1.2. analytical cookies;
10.1.3. advertising cookies;

  • The Controller uses cookies for the following purposes:

10.2.1. session management and user/customer authentication/identification;
10.2.2. provision of functionality of the website and analysis of the main performance of the website;
10.2.3. customer order management (preparing/payment) and execution;
10.2.4. to improve the efficiency of the website;
10.2.5. to provide visitors with relevant advertising and marketing campaigns;
10.2.6. for statistical purposes – to obtain data about the flow of website users, including the number of visits, and the total time spent using the website.

  • Technical details that are recorded:
  • the server address of the visitor’s website;
  • the domain name (e.g. lv, com, org, net);
  • the previous website, from which the visitor has reached us, including any search terms used;
  • data indicating the flow of visitors to this website (such as the accessed pages and the downloaded documents);
  • what type of device operating system and network browser the user has used.

10.4. The legal grounds for the processing of personal data within cookies is in the legitimate interests of the Controller as defined in this policy.
10.5. The Controller does not use cookies to track the habits of its users, which is why the Controller warns you about the use of cookies, but does not require you to consent to it, in accordance with the law.
10.6. The Controller does not associate each user’s IP address and email address with the data that identifies that user, if the user does not place an order. This means that the session of each user, who does not place an order will be registered, but the user of the website www.avesteel.eu shall remain anonymous.

11. Controlling cookies

11.1. The data subject may delete the cookies according to his/her choice (more information at www.youronlinechoices.com/lv).
11.2. You can delete all cookies that are already stored on your computer, and you can prevent your browser from storing them. But in such case, you have to manually specify your choice each time you visit the site, and some services and website features may not work.

12. Right to submit a complaint to a supervisory authority

You have the right to contact the Controller or the institution supervising the processing of personal data (the State Data Inspectorate) regarding questions about the processing of personal data or to lodge a complaint. We would appreciate it if you would first contact us with any questions or concerns.

13. Automated decision making.

Your data are not used for automated decision making.

14. Changes to our Privacy Policy:

We may change this Privacy Policy from time to time by posting the current version of the Privacy Policy on our website. We recommend that you visit this section regularly to find the most current information.

TERMS AND CONDITIONS OF USE

1. Rights of the User

1.1. As set forth in these Terms and Conditions and all applicable regulatory enactments, the Controller grants you the right to view and download the materials provided on the Controller’s Website for your personal, non-commercial use only, provided that you observe the copyright notices and other proprietary notices.
1.2. All rights not expressly granted herein are reserved.

2. Intellectual Property Rights (IPR)

2.1. All intellectual property rights (such as copyrights, trademarks, and domain names) associated with the service are owned by the author of the material, the Controller or its cooperation partner.
2.2. It is prohibited to present, reproduce, copy, transfer, transmit, store, modify, distribute, publish, reuse, license, sell or otherwise use any information on the website for commercial purposes without the prior written consent of the Controller or its cooperation partner.
2.3. However, it is permitted to store or copy information for personal use. All intellectual property rights referring to the material shall remain with their original owner.
2.4. Upon the express consent of the Controller, the user may even use and display by downloading or printing the information published on the website, publicly, if accordingly referring to its source.

3. Duties

3.1. The Controller’s website and its contents constitute the services provided by the Controller to the users of the Website. The Controller shall make every effort to ensure the accuracy of the content of the website and the continuous availability of the website. 
3.2. Notwithstanding the foregoing, the content of the Controller’s website service shall be provided “as is” and “as available”. 
3.3. The Controller makes no warranties as to the accuracy or reliability of the content of the website or the continuous, timely and perfect functionality of the website.
3.4. The Controller, its licensors, cooperation partners, responsible persons or employees shall not be liable for any direct, indirect, immediate, consequential, incidental, or occasional damages, penalties, or other damages arising from the use of the Controller’s website or its content, website, or the unavailability of the information or programs contained therein.
3.5. The Controller’s website may contain links to sites or applications that are owned and operated by third parties and such links are the service provided to users of the Controller’s website. The Controller assumes no responsibility or liability for such websites, applications, their content or their accuracy. Switching to such third party websites is subject to the terms and conditions of that site.
3.6. The Controller reserves the right to change the website at any time.

4. Information submitted by the users

4.1. Users who submit materials (information, images, questions, orders, etc.) to the Controller’s server (via email or through the website) acknowledge and agree to the following terms and conditions of material providers:
4.1.1. No part of the material reflects in any manner something that is unlawful, threatening, offensive, violates religious beliefs, infringes any intellectual property right, or otherwise is unsuitable for publication;
4.1.2. Prior to uploading the material, reasonable steps have been taken to detect and eliminate viruses and other harmful elements;
4.1.3. The provider of the material owns the material and/or unrestricted right to submit it to the Controller, who may publish and use it free of charge or to use any ideas contained therein in its own products free of charge and without restrictions of use, including without any reference to the source and without any other obligations;
4.1.4. The provider of materials shall not bring any legal action against the Controller regarding the submitted material, and the provider of the material shall reimburse the Controller for all costs and damages incurred as a result of any legal action brought by any party against the Controller regarding the submitted Material.
4.2. The Controller shall have the right to dispose of the materials submitted by the users at any time. 

5. Access to the website

5.1. The Controller reserves the right to change the content of the website, to deny or restrict access to the website or to close the website at any time for any reason and without notice, and shall not be liable for any changes or closing of its website before its users.

6. Revision of the Terms and Conditions of Use

6.1. The Controller reserves the right to revise these Terms and Conditions of Use at any time without notice. The amendments shall take effect as soon as they are published on the website.

7. The applicable regulatory enactments

These Terms and Conditions of Use are governed by the laws of the Republic of Latvia, except for the conditions regarding the connection. Any disputes related to these Terms and Conditions of Use shall be settled in the court of the Republic of Latvia.