Privacy policy

SIA JM GRUPA Privacy Policy

Effective from 29 February 2025
This Privacy Policy (hereinafter – the Policy) describes the procedure by which JM GRUPA processes personal data.

The Policy applies if:

• The Client uses, has used, or has expressed a desire to use the services provided by JM GRUPA, or is otherwise connected with the services provided by JM GRUPA, including relationships established with the Client before the effective date of this Policy;
• The Client visits the JM GRUPA office, warehouse, or other premises, including those where video surveillance is conducted.

1. GENERAL PROVISIONS
   1.1. A Client is any natural person who uses, has used, or has expressed a desire to use any services provided by JM GRUPA or is otherwise connected with them.

1.2. Personal data means any information relating to an identified or identifiable natural person, i.e., any information directly or indirectly associated with the Client.
1.3. Personal data processing means any operation performed with personal data (including collection, recording, storage, viewing, alteration, granting access, making requests, transfer, deletion, etc.).
1.4. The Controller is JM GRUPA (hereinafter – the Company), Reg. No. LV44103025140, legal address “Arāji”, Kolberģis, Jaunalūksnes parish, Alūksne municipality, LV-4350 – the company on whose behalf and in whose interests personal data is processed and which is responsible for the processing of data.

1.5. The Client may contact JM GRUPA regarding personal data processing questions, withdrawal of consent, requests, exercise of data subject rights, and complaints about the use of personal data using the contact information related to data processing: [email protected]. A request for the exercise of rights may be submitted:

• By email to [email protected], signed with a secure electronic signature.

1.6. JM GRUPA carries out the lawful processing and protection of client personal data. Information obtained from clients is protected in accordance with this Policy and legal requirements. More detailed information on personal data processing may also be described in contracts, other service-related documents, and on the JM GRUPA website: www.listeskrasotas.lv.

1.7. Within the framework of applicable laws, JM GRUPA ensures personal data confidentiality and has implemented appropriate technical and organizational measures to protect personal data from unauthorized access, unlawful processing or disclosure, accidental loss, alteration, or destruction.

1.9. Data subjects’ data are used in JM GRUPA operations to provide clients with quality services and improve them, send notifications, offers, and advertisements, protect the rights and interests of the company and third parties, and comply with legal requirements.

The purpose of the Privacy Policy is to provide the natural person – the data subject – with information about the purpose, scope, protection, and retention period of personal data processing at the time of data acquisition and when processing the data subject’s personal data, regardless of the form and medium in which the Client provides personal data (paper, orally, electronically, or by telephone) and in which systems or paper format they are processed.

2. PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING
   2.1. JM GRUPA processes personal data for the following purposes:

Service provision and goods sales

– Client identification;
– Drafting and concluding contracts;
– Delivery of goods and provision of services;
– Fulfilment of warranty obligations;
– Improvement of products and services, development of new products and services;
– Advertising and distribution of goods and services for commercial purposes;
– Customer service;
– Handling and processing of objections;
– Customer retention, loyalty building, satisfaction measurements;
– Administration of payments;
– Debt recovery and collection;
– Website maintenance and improvement.

Business planning and analytics

– Statistics and business analysis;
– Planning and accounting;
– Performance measurement;
– Ensuring data quality;
– Market and public opinion research;
– Preparation of reports;
– Customer surveys;
– Risk management activities.

Video surveillance

– Prevention and detection of criminal offences related to property protection.

Providing information to public authorities and law enforcement agencies in cases and scope specified in external regulatory enactments.

Use of data in any other lawful manner that complies with legal requirements.

2.2. Legal basis for personal data processing:

• For the conclusion and performance of a contract – to conclude a contract upon the Client’s request and ensure its performance;
• To comply with legal obligations applicable to JM GRUPA;
• Based on the Client’s consent;
• In legitimate interests – to exercise the legitimate interests arising from the obligations between JM GRUPA and the Client or from the concluded contract or the law.

2.3. JM GRUPA’s legitimate interests include:

– Conducting commercial activities;
– Providing trade services;
– Verifying Client identity before concluding a contract;
– Ensuring the performance of contractual obligations;
– Preventing unjustified financial risks to its commercial activities;
– Retaining Client applications and submissions regarding the purchase of goods and service provision, other applications and notes;
– Segmenting the client database for more efficient service provision;
– Developing and improving products and services;
– Advertising its products and services by sending commercial messages;
– Sending other notifications regarding contract performance and important events;
– Ensuring financial and business accounting and analytics;
– Ensuring effective company management processes;
– Ensuring efficient provision and sale/delivery of goods and services;
– Ensuring and improving service quality;
– Administering payments and debts;
– Addressing public authorities, law enforcement, and courts to protect its legal interests;
– Preventing and detecting criminal offences related to property protection;
– Informing the public about its activities.

3. PERSONAL DATA PROCESSING
   3.1. JM GRUPA processes and protects Client data using modern technological possibilities, taking into account existing privacy risks and reasonably available organizational, financial, and technical resources in line with technological development.

3.2. JM GRUPA does not perform automated decision-making regarding the Client. No profiling is carried out in data processing.

3.3. To ensure quality and efficient performance of contractual obligations, JM GRUPA may authorize cooperation partners to carry out certain goods delivery or service provision activities, e.g. transportation of goods, debt collection, etc. If partners, while performing such tasks, process personal data held by JM GRUPA, they are considered data processors, and JM GRUPA has the right to transfer the necessary personal data to them to the extent required to perform these tasks.

3.4. JM GRUPA’s cooperation partners acting as data processors shall ensure compliance with personal data protection requirements according to JM GRUPA’s rules and legal acts and shall not use personal data for purposes other than the performance of contractual obligations on behalf of JM GRUPA.

3.5. JM GRUPA stores and processes Client personal data as long as at least one of the following criteria exists:

• Only as long as the contract concluded with the Client is valid;
• As long as JM GRUPA or the Client may exercise legitimate interests according to law (e.g., submit objections or file a claim in court);
• As long as either party has a legal obligation to retain the data;
• As long as the Client’s consent remains valid if there is no other legal basis for data processing.

3.6. After the circumstances mentioned in section 3.5 cease to exist, Client personal data is deleted.

4. CATEGORIES OF PERSONAL DATA RECIPIENTS
   4.1. Client personal data is processed at JM GRUPA offices or company units and may be transferred to other recipients (third parties and processors).

4.2. Personal data may be transferred to institutions and organizations, such as:

• JM GRUPA cooperation partners for preparation and execution of credit agreements;
• Accounting service providers, auditors, lawyers, financial consultants;
• Debt collection service providers, courts, out-of-court dispute resolution institutions, insolvency administrators, bailiffs;
• Service providers such as archiving, postal or courier services, website maintenance services, call centers, marketing services, and others.

4.3. Transfer of data may occur without Client consent if required by law or if failure to transfer data may harm or endanger public interest, JM GRUPA, the Client, or other persons’ legitimate interests and safety.

4.4. When transferring or processing data further, the same level of security measures is ensured as by JM GRUPA, following this Policy and internal documents.

4.5. Client data is transferred in accordance with legal grounds, JM GRUPA’s legitimate interests, and Client consent.

4.6. Client data is not transferred outside the European Union or the European Economic Area. If such transfer occurs, legal requirements on data transfers outside the EU/EEA will be followed, including having a legal basis such as contract fulfilment or obtaining Client consent along with necessary security measures.

5. CLIENT RIGHTS AND OBLIGATIONS
   5.1. The Client, as a data subject, has the right:

• To request correction of their personal data if it is inaccurate, incomplete, or incorrect;
• To object to personal data processing if the data use is based on JM GRUPA’s legitimate interests, including for direct marketing;
• To request deletion of personal data, for example, if data is processed based on consent and the Client withdraws consent (except where data is also processed on another legal basis such as contract or legal obligations);
• To receive information on whether JM GRUPA collects and processes the Client's data. If yes, to receive information about personal data provided by the Client that is processed based on consent or contract performance, in written or commonly used electronic format. The Client has the right to transfer this data to another service provider (data portability). JM GRUPA provides information only to the extent that does not infringe the privacy of others;
• To withdraw consent for personal data processing in the same manner it was given. After withdrawal, further data processing based on the withdrawn consent will not be performed. Withdrawal does not affect processing based on other legal grounds;
• To receive information from JM GRUPA about the purposes of personal data processing;
• To know the third parties to whom personal data has been transferred unless prohibited by law;
• To submit complaints to the Data State Inspectorate if the Client believes their data processing violates their rights and interests according to applicable laws.

5.2. The Client must timely and adequately provide JM GRUPA with information about changes in personal data that may affect further contractual relations.

5.3. If the Client exercises their rights and requests information about personal data being processed, the Company verifies the Client's identity, evaluates the request, and responds in accordance with legal requirements.

6. COMMERCIAL MESSAGES
   6.1. Communication regarding commercial messages about JM GRUPA and/or third-party services and other notifications unrelated to direct agreed-upon services (e.g., customer surveys) is carried out according to legal requirements or based on Client consent.

6.2. The Client may give consent to receive commercial messages from JM GRUPA and/or cooperation partners in application forms in person or electronically.

6.3. Consent for receiving commercial messages remains valid until withdrawn (even after contract termination). The Client may unsubscribe at any time by:

• Sending an email to [email protected];
• In person at the JM GRUPA office;
• Using the automated unsubscribe option included in the commercial message (e.g., at the end of an email).

6.4. JM GRUPA stops sending commercial messages as soon as the request is processed, depending on technical possibilities.

7. USE OF COOKIES
   7.1. Cookies are small files loaded onto the user's device when using the website.
   7.2. To provide clients with an innovative and user-friendly website, JM GRUPA uses technical cookies that allow the use and ensure the functionality of the website.

7.3. Other analytical or functional cookies are not used, and data about user behaviour is not analyzed or used.

8. CONTACT INFORMATION
   8.1. The Client may contact JM GRUPA regarding consent withdrawal, requests, exercise of data subject rights, and complaints about personal data use.

8.2. Contact details: JM GRUPA SIA, Reg. No. LV44103025140, legal address “Arāji”, Kolberģis, Jaunalūksnes parish, Alūksne municipality, LV-4350, email: [email protected].

8.3. Additional information on the website: www.listeskrasotas.lv
8.4. To contact the data protection specialist, use the email address [email protected] with the reference “To the Data Protection Specialist”.

The Company’s Privacy Policy enters into force on 29 February 2025. The Company reserves the right to unilaterally amend this Policy. The current version will be available on the Company’s website www.listeskrasotas.lv.