English Language
Xvibe.lv
Wish List

Privacy Policy

I. PRIVACY POLICY

  1. The purpose of the privacy policy (hereinafter - Privacy Policy) of IK “MiniBRO”, unified registration No. 40002228914 (hereinafter - the Company or the Controller) is to provide a natural person — the data subject — with information regarding the purpose, legal basis, scope of processing, protection, and duration of personal data processing at the time of data acquisition, while processing the data subject's personal data.

II. CONTROLLER AND CONTACT INFORMATION

  1. The controller of personal data processing is IK “MiniBRO”.

  2. The Company's contact information for matters related to personal data processing, as well as for submitting data subject requests and reporting potential data protection breaches, is: info@xvibe.lv.

III. GENERAL TERMS

  1. Personal data is any information relating to an identified or identifiable natural person.

  2. The Privacy Policy applies to ensuring privacy and personal data protection for all data subjects, including the following groups (hereinafter collectively - Clients):

    • 5.1. Natural persons — Clients of the Company (including potential, former, and existing), their representatives, real estate owners, and other related persons;

    • 5.2. Natural persons — representatives and contact persons of the Company's Clients (legal entities);

    • 5.3. Visitors to the Company's premises, including those subject to video surveillance;

    • 5.4. Visitors to the websites maintained by the Company;

    • 5.5. Persons whose personal data are processed on social networks in connection with activities organized by the Company.

  3. The Company cares for the privacy and protection of Clients' personal data, respecting the Clients' right to the lawfulness of personal data processing in accordance with applicable legislation: the Law on the Protection of Personal Data of Natural Persons, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter - the Regulation), and other applicable laws in the field of privacy and data processing.

  4. The Privacy Policy applies to data processing regardless of the form and/or environment in which the Client provides personal data (in person, on the Company’s website, electronically, in paper format, or by telephone).

  5. In the processing of personal data, the Company observes the following basic principles:

    • 8.1. Lawfulness and fairness;

    • 8.2. Transparency;

    • 8.3. Purpose limitation;

    • 8.4. Adequacy (data minimization);

    • 8.5. Accuracy;

    • 8.6. Storage limitation;

    • 8.7. Integrity and confidentiality;

    • 8.8. Accountability.

IV. PURPOSES OF PERSONAL DATA PROCESSING

  1. The Company processes personal data for the following purposes:

    • 9.1. Provision and sale of services;

    • 9.2. Identification of the client;

    • 9.3. Preparation and conclusion of the contract;

    • 9.4. Fulfillment of contractual obligations;

    • 9.5. Development of new services;

    • 9.6. Advertising and distribution of services for commercial purposes;

    • 9.7. Customer service;

    • 9.8. Review of objections or claims;

    • 9.9. Administration of settlements;

    • 9.10. Debt recovery and collection;

    • 9.11. Maintenance and improvement of websites and mobile applications;

    • 9.12. Business planning and analytics;

    • 9.13. Client safety and protection of company property;

    • 9.14. Other specific purposes.

  2. The Company may also process data for other purposes compatible with the original purpose, ensuring the appropriate rights of the data subject.

V. LEGAL BASIS FOR PERSONAL DATA PROCESSING

  1. The Company processes the Client's personal data primarily based on the following legal grounds:

    • 11.1. Conclusion and performance of a contract – to conclude a contract upon the Client's application and ensure its execution (a contract also includes an oral agreement for the purchase of a service);

    • 11.2. Compliance with legal obligations – to fulfill obligations specified in external regulatory enactments binding upon the Company;

    • 11.3. Consent of the data subject;

    • 11.4. Legitimate interests – to realize the legitimate interests of the Company or a third party arising from the existing obligations between the Company and the Client, a concluded contract, or other legal grounds.

  2. The Company's legitimate interests include:

    • 12.1. Conducting commercial activities;

    • 12.2. Verifying the Client's identity before providing specific services;

    • 12.3. Ensuring the fulfillment of contractual obligations;

    • 12.4. Saving Client applications and submissions regarding the provision of services;

    • 12.5. Designing and developing services;

    • 12.6. Advertising its services by sending commercial communications;

    • 12.7. Sending other notifications regarding the progress of contract execution and events significant to the performance of the contract, as well as conducting Client surveys about services and user experience;

    • 12.8. Preventing fraudulent activities against the company;

    • 12.9. Ensuring corporate governance, financial and business accounting, and analytics;

    • 12.10. Ensuring effective company management processes;

    • 12.11. Ensuring and improving service quality;

    • 12.12. Administering payments;

    • 12.13. Performing video surveillance for business security;

    • 12.14. Informing the public about its activities;

    • 12.15. Other legitimate interests determined by the Company.

VI. PERSONAL DATA PROTECTION

  1. The Company protects Client data using modern technology capabilities, taking into account existing privacy risks and the organizational, financial, and technical resources reasonably available to the Company, including the use of following security measures:

    • 13.1. Firewalls;

    • 13.2. Intrusion protection and detection programs;

    • 13.3. Other protection measures in accordance with current technical development possibilities.

  2. Technological and organizational measures for information protection (including personal data) are provided for in the Company's internal regulations governing information security and information systems.

VII. CATEGORIES OF PERSONAL DATA RECIPIENTS

  1. The Company does not disclose the Client's personal data or any information obtained during the provision of services and the term of the contract to third parties, including information about the goods and services received, except:

    • 15.1. In accordance with the Client's clear and unambiguous consent;

    • 15.2. By involving a personal data processor in the processing of personal data according to a concluded agreement;

    • 15.3. In accordance with the legitimate interests of the Company or a third party (to whom the data will be transferred), ensuring a balance with the rights and interests of the data subject, to persons provided for in external regulatory enactments upon their justified request, in the manner and scope specified by law;

    • 15.4. In cases specified by external regulatory enactments for the protection of the Company's legitimate interests, for example, by appealing to a court or other state institutions against a person who has infringed upon the Company's legitimate interests.

VIII. TRANSFER OF PERSONAL DATA

  1. The Company does not transfer personal data to third parties, except as necessary for the reasonable implementation of commercial activities, ensuring that the respective third parties maintain the confidentiality of personal data and provide appropriate protection.

  2. The Company is entitled to transfer personal data to the Company's suppliers, subcontractors, strategic partners, and others who assist the Company and its Clients in conducting commercial activities to implement the respective cooperation. However, in such cases, the Company requires from the data recipients a commitment to use the received information only for the purposes for which the data were transferred and in accordance with the requirements of applicable regulatory enactments.

IX. TERRITORY OF PERSONAL DATA PROCESSING

  1. Personal data are processed within the European Union/European Economic Area (EU/EEA); however, in certain cases, they may be transferred to and processed in countries outside the EU/EEA.

  2. The transfer and processing of personal data outside the EU/EEA may occur if there is a legal basis for it—namely, to fulfill a legal obligation, conclude or perform a contract, or in accordance with the data subject's consent—and appropriate security measures have been taken. Appropriate security measures include, for example:

    • 19.1. An agreement has been concluded, including EU standard contractual clauses or other approved terms, codes of conduct, certifications, etc., approved in accordance with the Regulation;

    • 19.2. The country outside the EU/EEA where the recipient is located provides an adequate level of data protection according to the decision of the EU Commission.

X. DURATION OF PERSONAL DATA STORAGE

  1. The Company determines the storage periods for personal data based on the following criteria:

    • 20.1. Personal data are stored at least as long as necessary to achieve the purpose of their processing;

    • 20.2. Personal data are stored at least for the storage periods specified in regulatory enactments;

    • 20.3. Personal data are stored at least as long as someone can bring legal claims and/or initiate litigation against the Company, to ensure the preservation of evidence.

  2. After the aforementioned circumstances end, the Client's personal data are deleted or anonymized.

XI. RIGHTS OF DATA SUBJECTS

  1. The Client has the right to receive the information specified in regulatory enactments regarding the processing of their data.

  2. In accordance with regulatory enactments, the Client has the right to request access to their personal data from the Company, to request the Company to perform supplementation, correction, deletion, or restriction of processing concerning the Client, to object to processing (including processing based on the Company's legitimate interests), as well as the right to data portability. These rights are exercised subject to the restrictions set out in regulatory enactments.

  3. The Client can submit a request for the exercise of their rights in the following ways:

    • 24.1. In writing at the Company's physical address: Puķu iela 5 - 94, Jelgava, LV - 3001 or by using postal services;

    • 24.2. Via electronic mail, signing with a secure electronic signature and sending to the e-mail address: info@xvibe.lv.

  4. Upon receiving the Client's request for the exercise of their rights, the Company verifies the Client's identity, evaluates the request, and executes it in accordance with regulatory enactments.

  5. The Company provides the response to the Client in a secure manner, after verifying their identity.

  6. The volume of information provided to data subjects may be limited for the purpose of preventing an adverse impact on the rights and freedoms of other persons (including Company employees and other data subjects).

  7. The Company undertakes to ensure the accuracy of personal data and relies on its Clients, suppliers, and other third parties who transfer personal data to ensure the completeness and correctness of the transferred personal data.

XII. CLIENT'S CONSENT TO DATA PROCESSING AND THE RIGHT TO WITHDRAW IT

  1. The Client has the right to withdraw the consent given for data processing at any time in the same way it was given and/or by submitting a separate application. In this case, further data processing based on the previously given consent for the specific purpose will no longer be performed.

  2. Withdrawal of consent does not affect data processing carried out during the time the Client's consent was in force.

  3. By withdrawing consent, data processing performed on other legal grounds cannot be terminated.

  4. The use of students' photographs in informative materials, on the website, their public use on the institution's premises, or otherwise is permitted after the student's representative has been informed in accordance with Article 13 of the General Data Protection Regulation and no objections have been received regarding the use of photographs for the specified purpose.

XIII. COMMERCIAL COMMUNICATIONS

  1. Communication regarding commercial announcements about the Company's and/or third-party services and other announcements not related to the provision of the directly contracted services (e.g., customer surveys) is carried out by the Company in accordance with external regulatory enactments or the Client's consent.

  2. Communication, including commercial announcements, may be carried out by the Company using automated calling or electronic communication equipment.

  3. The Client gives consent to receive commercial communications from the Company and/or its partners in writing in person at the Company's physical address, on the Company's website, in mobile applications, or at other locations where the Company organizes marketing activities.

  4. The Client's consent to receive commercial communications is valid until its withdrawal (even after the termination of the service contract). The Client may opt-out of receiving further commercial communications at any time in one of the following ways:

    • 36.1. By sending an e-mail to: info@xvibe.lv;

    • 36.2. By calling the phone number: 26377161;

    • 36.3. By submitting a written application to the Company;

    • 36.4. By using the automated opt-out option provided in the commercial communication by clicking on the unsubscribe link at the end of the respective commercial communication (e-mail).

  5. The Company stops sending commercial communications as soon as the Client's request is processed.

  6. By expressing an opinion in surveys and leaving contact information (e-mail, phone), the Client agrees that the Company may contact them using the provided contact information in connection with the assessment provided by the Client.

XIV. WEBSITE VISITS AND COOKIE PROCESSING

  1. The Company's websites may use cookies, for which a notice shall be placed on the website.

  2. Cookies are files that websites place on users' computers to recognize the user and facilitate the use of the site. Internet browsers can be configured to warn the Client about the use of cookies and allow the Client to choose whether to accept them. Not accepting cookies will not prevent the Client from using the website, but it may limit the Client's ability to use the website's features.

  3. Links to third-party websites may be placed on the Company's website, which have their own terms of use and personal data protection, for the completeness of which the Company is not responsible.

XV. FINAL PROVISIONS

  1. This Privacy Policy may be revised and amended, about which the Company undertakes to inform data subjects in an as understandable and accessible manner as possible.