Privacy Policy

The purpose of this Privacy Policy is to provide individuals and clients of SIA "Kapakmeņi Memoria" with information regarding the purposes of processing personal data, the scope of this processing, protection measures, processing timelines, and the rights of data subjects at the stage of data collection and during the processing of the client's personal data.

Data controller information and contact details
1. The data controller of personal data processing is SIA "Kapakmeņi Memoria" (hereinafter referred to as "Memoria"), Unified Registration Number 40203544466, legal address: Riga, Brīvības Street, 403.
2. Contact information for Memoria regarding personal data processing inquiries: ingo@memoria.lv. Questions about personal data processing can be asked using this contact information or by addressing Memoria at its legal address. Requests for the exercise of one's rights can be submitted in accordance with Section 23.

Scope of the document
3. Personal data refers to any information related to an identified or identifiable individual.
4. This Privacy Policy applies to the confidentiality and protection of personal data concerning:
- individuals – clients and other users of Memoria’s services (including potential, former, and current clients), as well as third parties who receive or transmit any information to Memoria in connection with the provision of services to an individual (client, user) (including contact persons, payers, etc.);
- visitors of the Memoria website and callers to Memoria’s contact numbers (hereinafter referred to as "Clients").
5. Memoria cares about the confidentiality and protection of Clients' personal data, adhering to Clients' rights concerning the legality of personal data processing in compliance with applicable legislation — Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data (the Regulation) and other applicable legal acts in the field of privacy and data processing.
6. This Privacy Policy applies to the processing of data regardless of the form and/or medium through which the Client provides personal data (on Memoria’s website, in the self-service portal, in paper form, or via phone) and in which systems of the company or in paper form this data is processed.
7. Specific types of data processing (e.g., processing of cookies) may have additional specific rules, of which the Client will be informed at the time of providing such data to Memoria.

Purposes of personal data processing
Memoria processes personal data for the following purposes:
Client service and product sales:
- client identification;
- preparation, conclusion, and confirmation of contract formation;
- delivery of goods and performance of services (fulfilling contractual obligations);
- ensuring the functioning/support of services;
- improvement of goods and services, development of new products and services;
- facilitating, advertising, and promoting services;
- customer service;
- reviewing and processing applications and complaints;
- customer retention, enhancing loyalty, conducting satisfaction measurements;
- administering calculations;
- creditworthiness assessment, loan monitoring;
- debt recovery and collection;
- maintaining and improving website performance.

For business planning and analysis:
- statistics and business analysis;
- planning and accounting;
- measurement of efficiency;
- ensuring data quality;
- conducting market and public opinion research;
- preparing reports;
- conducting customer surveys;
- within risk management activities.

For information, information systems, and company security.
Providing information to governmental authorities and operational entities in cases and volumes provided for by external regulatory acts.
For other specific purposes, of which the Client is informed at the time of providing the respective data to Memoria.

Legal grounds for personal data processing
Memoria processes the Client's personal data on the following legal grounds:
- for the conclusion and execution of a contract — to conclude a contract at the Client's request and ensure its execution;
- for compliance with regulatory acts — to fulfill Memoria's obligations as provided by external regulatory acts;
- based on the Client's consent — the data subject;
- legitimate interests — to fulfill existing obligations between Memoria and the Client or the legitimate interests of Memoria arising from a concluded contract or law;
- to protect the vital interests of the data subject or another individual — to ensure the physical safety of Memoria’s employees, clients, and visitors.

Memoria's legitimate interests include:
- conducting commercial activity;
- providing electronic communications services;
- verifying the client's identity before contract conclusion;
- ensuring fulfilment of contractual obligations;
- preventing unjustified financial risks for its commercial activity (including conducting credit risk assessments before selling goods and services and during contract execution);
- retaining statements and complaints from clients regarding the purchase of goods and the provision of services, as well as other statements and complaints, including those made in writing or orally, during phone calls, on websites, and in the self-service portal;
- recording conversations with clients to ensure service quality;
- recording conversations with clients to organize the fulfillment of service obligations;
- analyzing the performance of Memoria’s website and web resources, developing and implementing improvements;
- administering the Client’s account on Memoria’s websites and web resources;
- conducting client retention activities;
- segmenting the client database for more effective service provision;
- developing and enhancing products and services;
- advertising its goods and services;
- sending Clients notifications regarding the execution of contracts and important events related to their execution, as well as conducting customer surveys on goods and services and their usage experiences;
- preventing fraud;
- ensuring corporate governance, financial and business accounting, and analysis;
- ensuring efficient company management processes;
- effectiveness of service provision and goods sales, as well as their delivery;
- ensuring and improving service quality;
- administering payments;
- administering unpaid payments;
- communicating with governmental authorities and law enforcement agencies to protect its legitimate interests;
- informing the public about its activities.

Personal data processing
Memoria processes the Client's data using modern technologies and taking into account existing privacy risks and reasonably available organizational, financial, and technical resources.
Memoria may engage in automated decision-making concerning the Client. The Client will be separately informed about such actions by Memoria in accordance with legal acts. The Client may object to automated decision-making in accordance with the law, but understands that in some cases this may limit their rights regarding the use of potential benefits available to them (e.g., receiving commercial offers).
Automated decision-making that has legal consequences for the Client (e.g., granting or denying the Client's application) may only be carried out in the context of the conclusion or execution of a contract between Memoria and the Client based on the unequivocal consent of the Client or in cases provided for by external regulatory acts.
To ensure quality and timely fulfillment of obligations under the contract concluded with the Client, Memoria may authorize its cooperating partners to carry out specific actions for the delivery of goods or provision of services. If, in the course of performing these tasks, Memoria's partners process the Client's personal data, such partners are considered data processors, and Memoria has the right to transfer to them the personal data necessary for these actions to the extent necessary for such actions.
Memoria's partners (as data processors) will ensure compliance with the requirements for processing and protecting personal data in accordance with Memoria's requirements and legislation and will not use personal data for purposes other than fulfilling the contract with the Client on behalf of Memoria.

Protection of personal data
Memoria ensures, continually reviews, and improves protective measures to protect clients' personal data from unauthorized access, accidental loss, disclosure, or destruction. For this purpose, Memoria applies modern technologies, technical and organizational requirements, including the use of firewalls, intrusion detection software, data analysis, and encryption.
Memoria thoroughly audits all service providers who process clients' personal data on behalf of and for Memoria, and evaluates whether cooperating partners (data processors) apply appropriate security measures so that the processing of clients' personal data is conducted in accordance with Memoria’s instructions and regulatory requirements. Partners are prohibited from processing the Client's personal data for their purposes.
Memoria is not responsible for any unauthorized access to personal data and/or loss of personal data, if this is not due to Memoria's fault, for example, due to the Client's own negligence.
In case of a threat to the Client's personal data, Memoria will notify the Client.

Categories of personal data recipients
Memoria does not disclose the Client's personal data or any information obtained during the provision of services and execution of the contract to third parties, including information regarding provided electronic communications services, content, or other services, except in the following cases:
- if personal data must be transferred to relevant third parties in the framework of a concluded contract to perform a function necessary for contract execution or delegated by law, based on the clear and unequivocal consent of the Client;
- to persons specified by external regulatory acts upon their justified request, in the manner and to the extent provided for by law;
- in cases provided for by external regulatory acts, to protect Memoria’s legitimate interests, for example, in case of legal action against a person who has violated Memoria’s legitimate interests.

Retention period of personal data
Memoria retains and processes the Client's personal data as long as at least one of the following criteria is met:
- only as long as the contract with the Client remains in effect;
- data are necessary for the purposes for which they were obtained;
- while Memoria or the Client can assert their legitimate interests in accordance with external regulatory acts (e.g., to file objections or bring a lawsuit);
- while there is a legal obligation for one of the parties to retain the data (e.g., under the Accounting Act, issued invoices must be retained for 5 years, etc.);
- while the Client's consent for the relevant processing of personal data remains in effect, unless there is another legal basis for processing the data. After the termination of the aforementioned circumstances, the Client's personal data will be deleted. Audit records are retained for at least one year from the date of their execution in accordance with legislative requirements.

Access to personal data and other rights of the Client
The Client has the right, in accordance with the law, to request access to their personal data from Memoria, as well as to request their amendment, correction, deletion, or limitation of processing concerning the Client, or to object to the processing (including processing of personal data carried out on the basis of Memoria’s legitimate interests), as well as to request data portability. These rights may be exercised as long as the processing of data does not arise from obligations imposed on Memoria by applicable regulatory acts that are performed in the public interest.
The Client may submit a request to exercise their rights:
- in writing, in person at Memoria's office, presenting identification;
- electronically, using a secure electronic signature.
Upon receiving the Client's request to exercise their rights, Memoria will verify the Client's identity, assess the request, and execute it according to the law.
1. Memoria’s response will be sent to the Client by mail to the address indicated by them in a recorded letter or according to the manner of receipt indicated by the Client.
2. Memoria ensures compliance with data processing and protection requirements according to the law and takes necessary actions to resolve the Client's objections. However, if that is not possible, the Client has the right to contact the supervisory authority — the Data State Inspectorate.

Client's consent for data processing and the right to withdraw it
The Client may give consent for the processing of personal data, based on which processing occurs (e.g., analyzing data on service usage habits, individually tailored advertising, etc.). This consent can be provided in the service contract with Memoria, on Memoria’s portals/apps, by calling Memoria’s contact number, or in person at Memoria's office.
The Client has the right to withdraw their consent for data processing at any time in the same way it was given, i.e., by calling Memoria’s contact number or in person at Memoria's office, and in such a case, further processing of data based on previously provided consent for that purpose will no longer take place.
Revocation of consent does not affect the data processing that occurred while the Client's consent was valid.
Withdrawal of consent cannot stop data processing conducted on other legal grounds.

Communication with the Client
Memoria communicates with the Client using the contact information provided by the Client (phone number, email address, postal address, and/or other agreed methods).
Communication regarding fulfillment of contractual obligations by Memoria is conducted based on the concluded contract.

Visiting websites and cookie processing
Memoria may use cookies on its websites.
The Memoria website may contain links to third-party websites (Google Analytics), which have their own terms of use and personal data protection for which Memoria is not responsible.

Other provisions
Memoria has the right to make changes to the Privacy Policy, providing the Client with the current version by posting it on Memoria’s website.
This version of the Privacy Policy comes into effect on August 1, 2024.