Our privacy policy

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY

We care about your privacy and the security of your personal data. Implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) ), we provide you with a particularly transparent and fair processing of your personal data. In this information security policy, you can find out about your rights and receive information about the processing of your personal data.

Your personal data controller is SIA "Open Space Jurmala",

legal entity code 40103999029,

address: Jurmala, Dubultu prospekts 4 - 1, LV-2015,

contact phone: +371 67398098,

e-mail address: latvia@miacosmetics.it

I. TERMS AND DEFINITIONS 1. Company - SIA "Open Space Jurmala".

2. Personal data - any information relating to an identified or identifiable natural person.

3. Processing of personal data - any activity carried out with personal data, including the collection, recording, input, storage, arrangement, modification, use, transfer, transmission and disclosure, blocking or erasure of data.

4. Data subject - a natural person who can be directly or indirectly identified.

5. Controller - a natural or legal person, a state or local government institution which, alone or together with others, determines the purposes and means of processing personal data, as well as is responsible for the processing of personal data in accordance with this Law.

6. Personal data processing system - a fixed structured set of personal data in any form, which is accessible in compliance with relevant personal identification criteria.

II. GENERAL TERMS

1. These Regulations govern the processing of the Company's personal data. The Regulations set out the principles and methods for the processing of personal data both electronically and manually. The Regulations determine the rights of the Data Subject, the permissible scope of personal data processing, the obligations of the Controller, as well as other issues related to the processing of personal data.

2. The purpose of the personal data protection regulations is to determine the procedure for personal data processing in the Company, ensuring compliance with the “Personal Data Protection Law” and other regulatory enactments that regulate personal data protection.

3. The purpose of the Regulations is to ensure the implementation of the main technical and organizational measures that would ensure the observance of the data subject's rights and data security.

4. These terms and conditions are binding on the Company.

5. The Regulations have been developed in accordance with the regulatory enactments that regulate the protection of personal data in Latvia.

III. BASIC PRINCIPLES AND PROTECTION OF PERSONAL DATA PROCESSING

1. The company shall observe the following principles of personal data security:

1.1. Every natural person has the right to the protection of his or her personal data.

1.2. Personal data may be obtained only in the cases specified in regulatory enactments.

1.3. When collecting and processing personal data, the Controller ensures the fair and lawful processing of personal data.

1.4. Timely and regular updating of personal data must be ensured. Inaccurate or incomplete data must be corrected, supplemented, destroyed or their use prohibited.

1.5. It is necessary to provide for the storage of personal data in such a way that the data subject can be identified for an appropriate period of time, which shall not exceed the period specified for the intended purpose of the processing.

2. Personal data may be obtained only in accordance with regulatory enactments by obtaining them directly from the Data Subject, formally requesting information from its holder, if such rights exist, or the processing of data arises from the data subject's contractual obligations.

3. Personal data shall be used only for the specified purpose. The processing of personal data for purposes not originally intended is not permitted.

4. Personal data may not be stored longer than the purpose for which the personal data are processed. Personal data must be destroyed when they are no longer needed for the first purpose.

5. The controller shall ensure that all relevant information on the processing of personal data is explained to the Data Subject in clear and comprehensible language.

6. The controller may transfer personal data to third parties only in accordance with the requirements of regulatory enactments.

7. The controller must ensure the protection of information, security against accidental or unlawful destruction, rectification, disclosure or other unlawful acts.

8. The company shall ensure the observance of the principles of protection and security of personal data by implementing the relevant organizational methods.

IV. PROCESSING OF PERSONAL DATA

1. Personal data are processed by storing information both in electronic form and in paper document format.

2. Only certain persons / employees authorized by the head of the undertaking may process personal data.

3. Any staff member whose duties include the processing of personal data:

(i) not disclose personal data to any other person;

(ii) processes personal data in accordance with the regulatory framework, complies with the provisions of this Instruction;

(iii) complies with the prohibition on the disclosure and transfer of personal data to third parties who have no legal basis and no legitimate purpose for the processing of personal data;