Privacy policy

This privacy policy refers to processing of personal data that is carried out by a data controller - SIA "BAJTEL.LV", joint registration No 40003979897, registered address: 214M-2 Brivibas gatve, Riga, LV-1039, Latvia (hereinafter referred to as – the Controller).
This privacy policy is binding to any data subject (hereinafter referred to as - user) whose personal data is processed by Controller, including to any user of a website service.bajtel.lv (hereinafter referred to as – the Website), who is a natural person (including self-employed persons and sole traders) or is a natural persons acting on behalf of or in the interests of a legal person (including, but not limited to, to a member of the management board, proxy, employee and authorised person of a limited liability company or joint stock company) (hereinafter referred to as – the company).
This privacy policy is to inform and explain how and for what purposes Controller collects and processes personal data; as well as to introduce with rights and obligations of a data subject (a user).
This privacy policy is applicable to:
• delivery of goods executed by Controller;
• features and services of the Website provided to a user while using it;
• use of any software of the Website that is provided to a user;
• communication between a user (or a company on behalf of which the user acts) and the Controller via the Website or e-mail, as well as to phone communication between the user and the Controller;
• video surveillance used by the Controller.
By providing personal data to the Controller, a user acknowledges and explicitly consents to the Controller’s processing of the user’s personal data in accordance with this privacy policy and the effective laws of the Republic of Latvia and the relevant European Union legislation (hereinafter referred to as – the applicable law), including use of the data by the Controller’s employees and to transferring of the data within or outside of the Republic of Latvia as provided for in this privacy policy.
In case of any questions regarding this privacy policy or the Controller’s processing of personal data, please contact the Controller by writing to its (i) e-mail: office@bajtel.lv or (ii) registered address: 214M-2 Brivibas gatve, Riga, LV-1039, Latvia.

CONTENTS OF THE PRIVACY POLICY
1 PERSONAL DATA
2 LEGAL BASIS FOR PROCESSING PERSONAL DATA
3 PERSONAL DATA OBTAINED BY THE CONTROLLER
4 SOURCES FROM WHICH PERSONAL DATA IS OBTAINED FOR
5 PUPOSES OF PROCESSING PERSONAL DATA
6 UPDATING PERSONAL DATA
7 SECURITY OF PERSONAL DATA
8 TRANSFER OF PERSONAL DATA TO THIRD PARTIES
9 TRANSFER OF PERSONAL DATA TO ABROAD
10 PROCESSING OF PERSONAL DATA BY AUTOMATIED MEANS
11 MARKETING
12 RETAINING OF PERSONAL DATA
13 RIGHTS OF A USER
14 LIABILITY
15 COOKIES
16 IF A USER CHOOSES NOT TO GIVE PERSONAL DATA
17 CHANGES THE PRIVACY POLICY
18 THIRD PARTY WEBSITES
19 CONTACT DETAILS
1 PERSONAL DATA
1.1 Personal data is information and data about a data subject - a natural person (a user), which can be directly or indirectly related to this natural person.
2 LEGAL BASIS FOR PROCESSING PERSONAL DATA
1.2 The Controller processes personal data on the basis of the following reasons:
• a contract that is concluded with the Controller;
• to comply with the Controller’s legal obligations set in the applicable law;
• the Controller’s legitimate interests (when the Controller process a user’s personal data for its legitimate interests, the Controller undertakes not to infringe the user’s rights and interests and to obey the applicable law);
• a user’s consent.
3 PERSONAL DATA OBTAINED BY THE CONTROLLER
1.3 The type of personal data to be processed by the Controller is dependent upon the legal relationship that exists between the Controller and a user (or a company on behalf of which the user acts). For example, if the user uses the Website and concludes a contract with the Controller in his or her own interests (or in the interests of a company on behalf of which the user acts), the Controller may ask the user to disclose the following personal data:
• name;
• last name;
• personal identity number or date of birth, sex and nationality;
• number of a passport, number of an ID card, or another personal identity number assigned by a government authority;
• address (mail address, domicile and/or registered address);
• post code;
• phone number;
• e-mail address;
• financial information;
• bank account number;
• information about a place of employment;
• vehicle registration number, make and model;
• IP address, settings of the internet browser, search history (please see: Cookie Policy); and
• other information.
1.4 In addition to afore mentioned, the Controller may record phone conversations, use video surveillance and take photos in the Controller’s commercial premises, warehouse, trading venues and at organized events.
4 SOURCES FROM WHICH PERSONAL DATA IS OBTAINED FOR
The Controller may acquire a user’s personal data from the following sources:
1.5 From a user:
• when the user (or a company on behalf of which the user acts) registers at and/or uses the Website, and provides his or her (or the company’s on behalf of which the user acts) contact information or saves missing information on the Website;
• when the user makes purchases, orders goods from the Website, and/or concludes a concludes a contract with the Controller;
• when using the right of withdrawal (if the user is a consumer) or when the user (or the company on behalf of which the user acts) submits a complaint to the Controller;
• by using cookies on the Website, the Controller acquires the user’s technical data: IP address, internet browser settings, and search history.
1.6 From third parties:
• from government and local authorities, including, from their registers (for example, from the insolvency register);
• public data basis (for example, from Lursoft database) and publicly available information;
• from a company on behalf of which the user acts and/or which is an employer of the user;
• service providers and cooperation partners;
• social networks.
5 PUPOSES OF PROCESSING PERSONAL DATA
The Controller processes personal data lawfully, in good faith and in accordance with the requirements of applicable law. The Controller will not use personal data for purposes that are not in line with the purposes for which the personal data was collected for. The Controller processes personal data for the following purposes:
1.7 To ensure the Controller’s commercial activities:
• to ensure that a user’s (or a company’s on behalf of which the user acts) order of goods is processed;
• to carry out sale and delivery of goods ordered by a user (or a company on behalf of which the user acts) (for example, for preparation of accounting documents, for repayment of overpaid amounts and funds to be paid as a reimbursement for goods returned by the user (or the company on behalf of which the user acts), and administration of debts);
• to provide a possibility for a user (or a company on behalf of which the user acts) to make payments on the Website, if such function is available on the Website;
• to contact a user (or a company on behalf of which the user acts);
• to resolve a dispute with a user (or a company on behalf of which the user acts);
• to provide to a user (or to a company on behalf of which the user acts) with support in the process of purchasing the good and thereafter, including, but not limited, to provide warranty service for goods sold and/or after-sale service;
• to identify a user (or a company on behalf of which the user acts);
• to take measures to reduce the risk of fraud;
• to perform other activities which the Controller must perform in accordance with the applicable law or pursuant to terms of a contract that is concluded between a user (or a company on behalf of which the user acts) and the Controller.
Legal basis for processing:
The Controller’s legitimate interests:
• fulfilling a contract concluded with the Controller;
• fulfilling the Controller’s legal duty in accordance with the applicable law;
• the Controller’s legitimate interests.
• ensuring commercial activities;
• efficient delivery of goods;
• fulfilment of contractual obligations;
• collection and storing of documents;
• fulfilment of obligations set in the applicable law;
• development of commercial activities;
• provision of warranty service of goods;
• provision of after-sale service;
• cooperation with the Controller’s customers;
• the Controller’s organisational management.

1.8 To ensure operation of the Website (see Cookie Policy):
• to authorise a user’s (or a company’s on behalf of which the user acts) access to the Website;
• to ensure safety and integrity of the Website;
• to reduce risks that could arise from unlawful use of the Website;
• to personalise and improve operation of the Website;
• to analyse behaviour of the Website’s users and their preferences;
• to manage the load of servers;
• to carry out analytics of the Website (i.e., for evaluation and analysis of processes, services, information systems, network data statistics, analytics and trends).

Legal basis for processing:
The Controller’s legitimate interests:
• fulfilling a contract concluded with the Controller;
• fulfilling the Controller’s legal duty in accordance with the applicable law;
• the Controller’s legitimate interests.
• ensuring commercial activities;
• fulfilment of obligations set in the applicable law;
• management of the Controller.
6 UPDATING PERSONAL DATA
1.12 The Controller undertakes to ensure that personal data obtained from users are adequate, accurate and correct, and include only such data as are necessary for the purposes described in this privacy policy. Inaccurate personal data will be deleted or corrected without delay. A user is entitled, at any time, to view, modify, add or delete personal data stored on his/her user account on the Website.
7 SECURITY OF PERSONAL DATA
1.13 The Controller undertakes to use all reasonably adequate technical and organisational measures that are necessary to ensure confidentiality, integrity, privacy and security of personal data in line with applicable law when processed by the Controller. The Controller applies internal procedures and controls to prevent unauthorized use, access, disclosure, copying, modification or damage of personal data. A user's personal data will be disclosed only to those employees of the Controller's, to whom such data are necessary for performance of their duties.
1.14 If it is possible to make payments on the Website, an encrypted channel for transferring data between the banks will ensure security of a user's personal data and bank details. The Controller does not have direct access to the confidential information of a user’s payment instrument (i.e., card numbers, banking system log-in data). The Controller receives only conformation of a transfer from a payment service provider.
8 TRANSFER OF PERSONAL DATA TO THIRD PARTIES
1.15 For purposes of ensuring commercial activities, executing contractual obligations and providing a better service to users (or companies on behalf of which a user acts), the Controller may disclose personal data of particular users, or transfer and disclose them to third parties, which may be divided in these categories:
• cooperation partners, for example, delivery services, credit institutions, the Controller's auditors, consultants, debt recovery services and other partners who provide services to the Controller;
• government and local authorities and law enforcement authorities that are entitled to request information from the Controller in accordance the rights stipulated in the applicable law.
1.16 In addition to afore mentioned, it is possible, that the Controller may transfer personal data to other persons if the Controller sells, transfers or merge part or all of its business or assets, as well in case of similar arrangements.
1.17 When transferring personal data to third parties, the Controller undertakes to ensure that the third parties concerned:
• use the personal data received only for the purposes for which they were transferred and in accordance with the applicable law;
• preserve the confidentiality of personal data and ensure an adequate level of security in line with requirements of the applicable law and this privacy policy.
9 TRANSFER OF PERSONAL DATA TO ABROAD
1.18 The Controller undertakes to do his utmost to ensure that, when a user's personal data are transferred to a country which is not member state of the European Economic Area (hereinafter referred to as – the EEA), an adequate level of security is provided.
1.19 The Controller undertakes not to disclose a user's personal data to a third party located in a country where the level of protection of personal data is not sufficient and which is not a member states of the EEA, except in the following cases:
• the user has given his or her consent;
• transfer of personal data is necessary in order to conclude an agreement with the user (or the company on behalf of which the user acts) or to execute an agreement concluded with the user (or a company on behalf of which the user acts);
• transfer of personal data is in order to conclude or to execute a contract already concluded in the interests of the user;
• transfer of personal data is permitted in accordance with the applicable law.
1.20 If the Controller transfers a user’s personal data to third party, which is not a member state of the EEA, the Controller will take all steps reasonably necessary to ensure that a user’s personal data is treated securely un are processed in accordance with this privacy policy. If personal data is transferred outside the EEA, the Controller will make sure that one of the following safeguards is put in place:
• transfer of personal data to a non-EEA country with privacy laws that give the same protection as the EEA;
• a contract with the recipient according to which the recipient is obliged to protect personal data to the same standards as required in the EEA;
• personal data are transferred to organisations that are part of Privacy Shield (a framework that sets privacy standards for data sent between the European Union and the United States).
1.21 If a user's personal data are transferred abroad, the Controller guarantees that the user will have access to the rights specified in the applicable law for a data subject, and effective legal remedies. The user gives his or her consent to the transfer of personal data to abroad.
10 PROCESSING OF PERSONAL DATA BY AUTOMATIED MEANS
1.22 The Controller processes personal data by automated means, including profiling. A user has the right to contact the Controller regarding automated decision making and may ask the Controller to involve an employee in decision making process.
1.23 The Controller uses the automated decision making, i.e. profiling, for marketing purposes (see Section 11 – Marketing of this privacy policy). A user has the right to object such profiling by sending a written notification to the Controller.
11 MARKETING
1.24 The Controller may use a user’s personal data for marketing purposes, in particular, to inform a user (or a company on behalf of which the user acts) about the goods displayed on the Website, upcoming events, marketing activities, campaigns and updates, by sending information to the user’s e-mail address provided that the user has agreed to receive such information from the Controller (hereinafter referred to as – marketing).
1.25 For marketing purposes the Controller may also make videos or take photos in the Controller’s commercial premises, warehouse, trading venues and at organized events.
1.26 The Controller may only use a user’s personal data for marketing purposes if the Controller has either received the user’s consent or a legitimate interest.
1.27 For marketing purposes the Controller will contact a user by e-mail, unless the user has asked the Controller not to do so by sending a written notification to the Controller’s e-mail address: office@garmin.lv. However, even if the user has asked the Controller not to send marketing messages, the Controller is entitled to send to the user’s e-mail address information which by its nature is important, for example, information regarding execution of contractual obligations of the user (or a company on behalf of which the user acts).
12 RETAINING OF PERSONAL DATA
1.28 The Controller will retain personal data as long as it is needed to fulfil the purposes set in this privacy policy, unless longer retaining of personal data is provided or allowed under the applicable law. To determine the retaining period of the personal data the Controller applies criteria that are provided for in the applicable law (for example, (i) regulatory enactments of the Law on Accounting or Archives law, as well as (ii) handling of claims, legal protection, dispute settlement, prescription period, and a like). In any event, the Controller will not process and will delete personal data, that are not needed or do not comply with the purposes set in this privacy policy.
13 RIGHTS OF A USER
1.29 Pursuant to the applicable law a user (a data subject) has the following rights:
• right of access – the user has the right to receive from the Controller information on (i) the user personal data processed by the Controller and their categories; (ii) the source of acquiring the user's personal data (if such is used and the applicable law permit such source to be disclosed); (iii) the date when the last changes to user personal data were made; (iv) the purposes for which processing of the user's personal data is carried out; (v) persons, whom the user's personal data are transferred to; (vi) the retention period of the user's personal data; (vii) whether personal data are processed in by an automated means; and (viii) other information as provided in the applicable law. If the user uses the right provided for herein, the Controller has the right to charge a reasonable fee for providing or making available this information available;
• right to rectification – the user has the right ask to correct his or her personal data if they are incomplete;
• right to be forgotten – the user has the right to ask that the Controller immediately deletes his or her personal data if (i) they are no longer needed for the purposes they were obtained or processed; (ii) the user objects their processing; or (iii) they are processed unlawfully. If the user uses the right provided for herein, the Controller has the right to continue processing of his or her personal data in order for the Controller to be able to exercise its lawful interests and rights;
• right to restriction of the processing – the user has the right to restrict processing of his or he personal data if (i) they are inaccurate, outdated, untrue, false or has been processed unlawfully or no longer correspond to the original data processing purposes; (ii) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claims; or (iii) the user has objected to processing pursuant to the applicable law. If the user uses the right provided for herein, the Controller has the right to continue processing of his or her personal data in order for the Controller to be able to exercise its lawful interests and rights or to defend other person’s lawful interests and rights;
• right to object – the user has the right to object of his or her personal data in the cases specified in the applicable law;
• right to refuse – the user has the right to refuse from receiving information about the goods displayed on the Website, upcoming events, marketing activities, campaigns and updates from the Controller;
• right to submit a complaint – the user has the right to submit a complaint regarding the processing of personal data by the Controller in accordance with the applicable law, including to submit a complaint to the Data State Inspectorate (the data supervisory authority of the Republic of Latvia). Before the user submits a complaint to the Data State Inspectorate, the Controller ask to submit the complaint to it at first.
1.30 In order to use one or more of the afore mentioned rights of a data subject, the user shall submit a written request to the Controller by sending it to the Controller’s (i) e-mail address: office@bajtel.lv or (ii) registered address: 214M – 2 Brivibas gatve, Riga, LV-1039, Latvia. The Controller sends its replay to the user’s request in the same way as the user submitted it, unless the user has requested otherwise.
1.31 A user shall ensure that the Controller is able to identify him or her as an individual data subject and is able to verify the nature and basis of the user’s request. The Controller shall review the user’s request without undue delay and free of charge within one month after receiving it. Considering the complexity of the user information request, the Controller is entitled to extend the aforementioned period to two months by informing the user in writing.
14 LIABILITY
1.32 A user confirms that personal data and other data submitted by him or her are genuine, valid, lawful and complete. In case of submission of false or misleading data, as well as upon detection of fraud or attempted fraud, the Controller is entitled to immediately stop access of the Website to the user, as well as to inform law enforcement institutions in accordance with the procedures specified in the applicable laws of the Republic of Latvia.
1.33 A user is liable for all actions and their consequences, which he or she, or a third person using the user's data, performs through the Website, in accordance with the applicable laws of the Republic of Latvia.
1.34 A user (or a company on behalf of which the user acts) is obligated to familiarize himself or herself with this privacy policy, as well to inform about it any natural person whose interests may be affected by the processing of personal data of the Controller.
15 COOKIES
1.35 The Controller is entitled to collect data about a user of the Website by using cookies. Information on the use of cookies on the Website is provided in the Cookie Policy.
16 IF A USER CHOOSES NOT TO GIVE PERSONAL DATA
1.36 If a user chooses not to disclose his or her personal data to the Controller or uses any of the rights granted to him or her as a data subject, it may limit the Controller’s ability to ensure the functionality of the Website, deliver goods or provide other services (including, but not limited to provide warranty service and/or after-sale services) as the Controller initially was intended. In individual cases, if the personal data is not provided by the user to the Controller, the Controller may not be able to sell goods, deliver goods or to provide other services (including, but not limited to provide warranty service and/or after-sale services) to the user (or to a company on behalf of which the user acts).
17 CHANGES THE PRIVACY POLICY
1.37 The Controller shall be entitled to change the present privacy policy at its sole discretion, by informing users about it via the Website.
18 THIRD PARTY WEBSITES
1.38 This privacy policy is not applicable to third party practices on processing of personal data, including websites of or services provided by third parties. Please review a privacy policy of the respective third party and its guarantees regarding processing of personal data.
19 CONTACT DETAILS
1.39 Regarding all issues and problems related to this privacy policy or personal data processing, as well as in cases when a user wishes (i) to refuse to receive the Controller’s marketing information, (ii) to completely delete his or her data from the user account created on the Website, or (ii) to exercise rights of a data subject, please contact the Controller by using its:
• e-mail address: office@bajtel.lv or
• registered address: 214M – 2 Brīvības gatve, Riga, LV-1039, Latvia.