Personal Data Processing Rules
SIA "Stratēģija 2020" | Effective from 25.05.2018, updated 12.01.2026
1. Introduction
These Personal Data Processing Rules (hereinafter — Rules) establish the procedures by which SIA "Stratēģija 2020" (hereinafter — Company) processes personal data. The Rules comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR) and the Personal Data Processing Law of the Republic of Latvia. The Rules apply to all Company services provided through the website www.rigasziedi.lv.
2. Data Controller and Contact Information
Data Controller: SIA "Stratēģija 2020"
Reg. No.: 44103145307
Legal address: Tallinas iela 83, Riga, LV-1009, Latvia
Phone: +371 22022229
Email: birojs@rigasziedi.lv
Responsible person for data protection matters:
Chairman of the Board Ilgvars Dūmkalns
Phone: +371 20018499
Email: birojs@rigasziedi.lv
3. Personal Data Definitions and Categories
Customer: any natural person who uses or has used the Company's services, or has expressed a desire to use them.
Personal data: any information directly or indirectly related to an identifiable natural person.
We process the following categories of personal data:
- Identification data — name, surname
- Contact information — phone number, email address, delivery address
- Order data — order content, comments, greeting card text
- Payment data — payment information (card data is not stored — it is processed by the payment service provider)
- Technical data — IP address, cookie information, browser type
4. Purposes and Legal Basis for Personal Data Processing
We process personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Order fulfillment and delivery | Contract performance (Art. 6.1.b) |
| Payment processing | Contract performance (Art. 6.1.b) |
| Customer support and communication | Legitimate interests (Art. 6.1.f) |
| Accounting and tax requirements | Legal obligation (Art. 6.1.c) |
| Marketing communications | Consent (Art. 6.1.a) |
| Website analytics (Google Analytics) | Consent (Art. 6.1.a) |
| Debt collection (if necessary) | Legitimate interests (Art. 6.1.f) |
5. Personal Data Retention Period
We retain personal data for as long as necessary to achieve the processing purpose or to comply with legal requirements:
- Order data: 5 years in accordance with the Accounting Law
- Accounting documents: 5 years in accordance with the Accounting Law
- Marketing consents: until consent is withdrawn
- Analytics data: according to Google Analytics settings (14 months)
6. Personal Data Recipients
We may transfer personal data to the following recipients:
- Payment service providers: Montonio, banks — for payment processing
- Delivery partners: couriers — for delivery outside Riga
- IT service providers: hosting, email services — for technical support
- Analytics services: Google Analytics — for website improvement
- Debt collection companies: only in case of unpaid debts
- Government authorities: if required by law or court order
Personal data is not transferred outside the European Economic Area (EEA), except for Google Analytics, which uses standard contractual clauses for data protection.
7. Personal Data Security
We implement appropriate technical and organizational measures to protect personal data:
- Data is stored in a secure environment with password protection
- SSL/TLS encryption for all data transfers
- Access to data is restricted and permitted only to authorized employees
- Regular security audits and updates
8. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15) — to receive information about what personal data we process and to request a copy of your data
- Right to rectification (Art. 16) — to request correction or completion of inaccurate or incomplete data
- Right to erasure (Art. 17) — to request deletion of data ("right to be forgotten") when there is no longer a legal basis for processing
- Right to restriction (Art. 18) — to request restriction of data processing in certain cases
- Right to data portability (Art. 20) — to receive your data in a structured, machine-readable format and transfer it to another controller
- Right to object (Art. 21) — to object to data processing based on legitimate interests or direct marketing
- Right to withdraw consent — to withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal
How to exercise your rights:
Please write to: birojs@rigasziedi.lv or call: +371 20018499.
We will respond within 30 days of receiving your request.
Filing a complaint:
If you believe your rights have been violated, you have the right to file a complaint with the Data State Inspectorate (Elijas iela 17, Riga, LV-1050, info@dvi.gov.lv).
9. Cookie Policy
Our website uses cookies to ensure website functionality and improve user experience.
9.1. Types of Cookies
- Necessary cookies: ensure basic website functions (sessions, cart). Used without consent.
- Analytical cookies: Google Analytics — help understand how visitors use the website. Used only with your consent.
- Marketing cookies: Google Ads, Facebook Pixel — for personalized advertising. Used only with your consent.
9.2. Cookie Management
You can change cookie settings at any time:
- By clicking the cookie icon at the bottom of the page
- By deleting cookies in your browser
- By using your browser's private browsing mode
Disabling cookies may affect website functionality.
Google Analytics: Information about Google's privacy policy is available here. To opt out of Google Analytics tracking, you can install the Google Analytics opt-out browser add-on.
10. Data Breach Notification
In the event of a personal data breach, the Company acts in accordance with GDPR Articles 33 and 34:
- Notifies the Data State Inspectorate within 72 hours (if the breach may pose a risk)
- Informs affected individuals without undue delay (if the breach may pose a high risk)
- Documents all breaches and measures taken
11. Changes to These Rules
We may update these Rules to reflect changes in our practices or legal requirements. We will inform about significant changes on the website. We recommend regularly reviewing these Rules.
Full terms of use are available at: Terms of Use
Last updated: January 12, 2026