Privacy policy

Your privacy is important to us. The purpose of the privacy policy of SIA "KMR Business" is to inform customers and other data subjects about the procedure for processing their personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and free circulation.

Manager and its contact information:

Manager: SIA "KMR Business"

Reg. no.: 53603071411

Legal address: Jelgava, Sudrabu Edžus iela 15 - 64, LV-3001

Website address: www.sarmaspa.lv

e-mail: info@sarmaspa.lv

Classification of personal data and purpose of processing

Personal data is any information about an identified or identifiable natural person: SIA "KMR Business" client (including potential, former and existing), service recipient, guest, website visitor, cooperation partner, employee or candidate for a vacancy (all together hereinafter – the data subject), including:

Personal identification data (name, surname, date of birth and/or personal identification number),
Contact information (phone number, email address, contact address),
Professional experience and education data (occupation, professional competences),
Personal communication and behavioral data (insights gained in the process of telephone and electronic communication and face-to-face contact, feedback in the employee selection process),
Information about received or planned services,
Billing information (bank account number, etc.),
Physical, physiological, genetic, mental, economic, cultural or social identity factors characteristic of the data subject (citizenship, etc.),
Other information that can be attributed to a natural person (biometric data: face, image, car registration number, etc.) and which the person provided at his discretion during the communication process (marital status, etc.).

We process personal data for the following legitimate purposes:

For the provision of services (identification of customers, preparation of contracts, provision of services, promotion of services, distribution, development of new services, examination and processing of claims),
For business planning and analytics (statistics, market research, customer satisfaction measurements),
For the prevention or detection of criminal transactions in connection with the protection of property and the protection of vital interests of persons, including life and health,
For the provision of information to state administrative authorities in the cases and to the extent specified in external regulatory acts,
To ensure the selection process of potential employees and to establish employment legal relations,
For document archiving in the cases and to the extent specified in external regulatory acts,
For other specific purposes, of which the customer is informed at the time the relevant personal data is requested.

Legal basis for personal data processing

The legitimate interests of SIA "KMR Business" are: to conduct commercial activities, verify the identity of the client before concluding the contract, ensure the fulfillment of contractual obligations, prevent unreasonable risks for its commercial activities, perform service quality analysis and implement improvements, advertise its services, analyze the company's website and implement improvements, perform actions to retain customers and expand the customer segment, prevent fraud, administer payments, ensure effective company management processes, apply to state administration and operational institutions for the protection of their legal interests, inform the public about their activities.

Personal data can be accessed

Personal data can be accessed by: employees of the Controller to the extent necessary for the performance of their duties, personal data processors – outsourcing providers to perform a function necessary for the performance of the contract or delegated by law (for example, bank settlement procedure), state and local government institutions upon their justified request, as well as in the cases specified in the regulatory acts of the law enforcement authorities.

Data subject rights

The data subject has the right to receive the information specified in the regulatory acts about his personal data, which is in the Controller's information systems, and to make sure of the correctness of his data, correct them, supplement them, request their deletion or stop processing if they are incomplete, outdated or illegally processed, as also the right to data portability. The data subject can submit a request for the exercise of his rights:

In written form in person at the legal address of SIA "KMR Business": Jelgava, Sudrabu Edžus 15-64, LV-3001, presenting an identity document,
Electronically, by sending a submission signed with a secure electronic signature to the e-mail address: info@sarmaspa.lv

The request of the data subject is evaluated in accordance with the regulatory enactments, and the answer is sent to the contact address specified by the customer in accordance with the procedures and deadlines specified in the regulatory enactments. If the data subject believes that the Controller has acted unlawfully, he has the right to file a complaint with the Data State Inspectorate at Blaumaņa street 11/13, Riga, LV–1011. Providing the information we request is not mandatory, but it is a prerequisite for receiving the services we provide. We do not use personal data for automated decision-making and we do not perform profiling. The personal data of SIA "KMR Business" data subjects is not sent outside the European Union or European Economic Area countries.

Duration of data storage

Personal data is stored as long as at least one of the following criteria is met:

Current regulatory acts on data storage terms (Accounting Act, Archives Act),
There is a legal obligation to store data,
The data subject's consent to the relevant processing of personal data is valid,
The procedure set forth in external regulatory enactments, in which the Controller or the data subject can realize their legitimate interests (for example, submit objections or file a claim in court), is valid.

After the aforementioned circumstances cease, the personal data of the data subject are deleted or made unavailable or unidentifiable.

Data security

The manager ensures that the personal data of the data subject is processed in accordance with the following principles:

Legal and fair processing of personal data,
Data minimization, i.e. processing only to the extent necessary,
Data accuracy,
Data storage no longer than necessary for processing purposes,
Data security and confidentiality.

We provide, constantly review and improve security measures to protect personal data from unauthorized access, accidental loss, disclosure or destruction. To implement this, we apply the necessary technical and organizational requirements, including anti-virus programs and firewalls. However, we also invite our customers to observe the general security rules for computer and Internet use, as well as the requirements for storing personal data.

Video surveillance

The Controller conducts video surveillance and processes personal data when the data subject visits the Controller's service provision locations. Video surveillance is carried out in real-time mode and is necessary to protect the vital interests of employees, customers and other data subjects, including health and life. The video cameras are placed in such a way as to provide only security functions and not to process such personal data that does not require processing. The administrator ensures complete deletion of data if they have not been previously requested or criminal transactions or other security violations have not been detected.

Communication with the data subject

For communication with the data subject, we use the telephone number, e-mail address or postal address provided by the data subject.

Cookies are small text files that are created and saved on the Internet user's device (computer, tablet, mobile phone, etc.) when visiting a website. Cookies help the user to remember the login name and settings (for example, language, font size, etc. additional information) so that they do not have to be specified every time, thus improving the ease of use of the website.

Analytical cookies (such as Google Analytics and Microsoft Clarity) collect information about the behavior of the website visitor, such as which sections are visited most often. This information helps us develop and improve our website, make it more convenient. These cookies are stored on the user's device for a maximum of two years.

Technical or mandatory cookies (Google Chrome, Internet Explorer, etc.) help to remember the user's requests and which cookies the user has agreed to. These cookies are stored on the user's device until the browser is closed, but for a maximum of two years.

Targeting or advertising cookies (such as Google Adwords) provide advertising tailored to the user's preferences. These cookies are stored permanently on visitors' devices.

In addition, services such as YouTube may be used on the website to provide video content or links to other websites, Facebook, Instagram, TripAdvisor to offer the possibility to view content from these social accounts or to share website content on them. All these services use cookies to obtain statistical data and find out what the most popular search trends are. These third-party cookies are outside our control.

When visiting our website, the user is informed that we use cookies. By closing this notice, the user confirms that he has read and agrees to the information on cookies. If the user does not want cookies to be used on his device, he can disable the use of cookies in his browser settings, but it should be noted that some services and website functions may not work, and it is not possible to refuse the use of mandatory and functional cookies, because without them the full functionality of the website is not possible use of.

Information related to cookies is not used to personally identify the user.

Changes to the Privacy Policy

The privacy policy of SIA "KMR Business" may be changed or corrected in accordance with the requirements of the applicable regulatory acts. Our current and potential customers can familiarize themselves with changes in the privacy policy by regularly visiting our website.