SIA CEMETY PRIVACY POLICY
OBJECTIVE OF THE PRIVACY POLICY
1. The CEMETY Privacy Policy seeks to provide information to natural persons / data subjects about the objective and scope of processing of personal data as well as the protection of such data and the duration of their processing.
2. Personal data is any information about an identified or an identifiable natural person. Definitions, explanations and information about types of data are included in the Data Categories annex.
SCOPE OF APPLICABILITY
3. The Privacy Policy ensures privacy and the protection of personal data of:
3.1. Natural persons / clients (including potential, former and current) as well as of third parties that receive or transfer any information to the CEMETY (including about contact persons, payers, etc.) in relation to the provision of services to natural persons;
3.2. Visitors of the CEMETY premises, including visitors subject to video surveillance;
3.3. Visitors of websites maintained by the CEMETY;
3.4. Persons subscribing to the CEMETY newsletters;
Hereinafter the entire above are referred to as Data Subjects.
4. The CEMETY shall protect Data Subjects’ privacy and personal data and shall respect Data Subjects’ right to legitimate processing of their personal data pursuant to the applicable law – the Personal Data Processing Law and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data – as well as other applicable privacy and data processing rules and regulations.
5. The Privacy Policy shall apply to the processing of data irrespective of how and/or in which environment the Data Subject has provided his/her personal data (on the CEMETY webpage www.cemety.lv, www.cemety.lt, by e-mail, on paper or by phone) or in which systems they are processed.
6. Specific types, environments and purposes of data processing (for example, processing of cookies, etc.) may be subject to additional requirements that will be disclosed to the Data Subject when he/she provides the respective data to the CEMETY.
7. The CEMETY shall have the right to amend the Privacy Policy by placing the most recent version thereof on the CEMETY website. The CEMETY shall keep previous versions of the Privacy Policy, which will also be available on its website.
DATA CONTROLLER
8. SIA “CEMETY”, registration no. 40103618951, registered at Straumēni 3-15, Zaķumuiža, Ropažu parish, Latvia, LV-2133, previously and hereinafter referred to as the CEMETY, acts as the personal data controller.
9. Any queries about the processing of personal data should be sent to info@cemety.lv or info@cemety.lt . Questions about the processing of personal data can be asked by sending an e-mail to this address or in person at the CEMETY office. Requests with regard to the enforcement of one’s rights can be lodged under Paragraph 24 of this document.
LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
10. The CEMETY shall process personal data of Data Subjects only on the basis of the following legal grounds:
10.1. Execution and performance of contracts – to enter into an agreement at the request of a Data Subject and to ensure its performance;
10.2. Compliance with applicable law – to ensure compliance with obligations laid down by applicable external rules and regulations;
10.3. Consent of a Data Subject;
10.4. Legitimate interests – to protect legitimate (lawful) interests of the CEMETY arising from mutual obligations or an executed agreement between the CEMETY and a Data Subject or from the applicable law.
CEMETY LEGITIMATE INTERESTS
11. The legitimate interests of the CEMETY include:
11.1. Engagement in business activity;
11.2. Provision of services;
11.3. Verification of Data Subjects’ identity before the concluding of an agreement;
11.4. Performance of contractual obligations;
11.5. Storage of Data Subjects’ applications and requests as well as notes on them, including applications and requests submitted verbally, by phone, online and in the self-service environment;
11.6. Performance analysis of the CEMETY websites and development and implementation of their improvements;
11.7. Administration of Data Subjects’ accounts on the CEMETY websites;
11.8. Segmentation of the Data Subject database for more efficient provision of services;
11.9. Development and improvement of services;
11.10. Promotion of services by means of commercial communications;
11.11. Sending other messages about the performance of agreements or other matters of significance thereto, Data Subject surveys about services and their experiences;
11.12. Prevention of criminal offences;
11.13. Implementation of proper corporate management, financial accounting and analytics;
11.14. Ensuring efficiency of the CEMETY management processes;
11.15. Improvement of the efficiency of sales services;
11.16. Improvement of the quality of sales services;
11.17. Management of payments;
11.18. Dealings with governmental and regulatory bodies and the court to protect its lawful interests;
11.19. Public information about the CEMETY’s activities.
CEMETY’S PURPOSES IN PROCESSING PERSONAL DATA
12. The CEMETY processes personal data for the following purposes:
12.1. Provision of services:
12.1.1. Identification of Data Subjects;
12.1.2. Drafting and concluding of agreements;
12.1.3. Handling and processing objections and conducting public opinion research;
12.1.4. Reporting purposes;
12.1.5. Risk management activities.
12.2. Video surveillance at the CEMETY trade areas and office premises;
12.3. Selection of personnel;
12.4. Provision of information to governmental bodies and subjects of regulatory activities in cases of and to the extent laid down by applicable external rules and regulations;
12.5. Other specific purposes that will be disclosed to the Data Subject when he/she provides the respective data to the CEMETY.
PERSONAL DATA PROCESSING PRINCIPLES
13. The CEMETY shall process Data Subjects’ data by means of advanced technologies, considering the current risks to privacy, as well as organisational, financial and technical resources reasonably available to it.
14. The CEMETY does not make automated decisions regarding Data Subjects.
15. To promptly ensure quality performance of an agreement with a Data Subject, the CEMETY may authorise its cooperation partners to carry out certain service-related activities. Should the cooperation partners process personal data of Data Subjects at the disposal of the CEMETY during the performance of such services, the cooperation partners shall be considered data processing operators (data processors) of the CEMETY. The latter shall have the right to transfer personal data of Data Subjects to these cooperation partners to the extent needed for the performance of the services.
16. The CEMETY cooperation partners (who act as personal data processors) shall ensure compliance with personal data processing and protection requirements as required by the CEMETY and the applicable law and shall not use personal data for purposes other than the performance of the agreement with the Data Subject (on behalf of the CEMETY).
CATEGORIES OF RECIPIENTS OF PERSONAL DATA
17. The CEMETY shall not disclose personal data of the Data Subject or any information received during the provision of services or term of the agreement to any third parties, including information about any electronic communications, content or other services, unless:
17.1. The data has to be transferred to the respective third party under a contract to carry out a function needed for the performance of the contract or a function delegated by the law (for example, to a bank to make a payment or to provide IT system maintenance services, cloud computing services, legal services, accounting and auditing services; debt collection service; document copying, scanning and destruction services, etc.);
17.2. to perform any function required for performance of the contract or delegated by law;
17.3. The Data Subject has given clear and unambiguous consent;
17.4. The data has to be provided to individuals as laid down in external rules and regulations, should they make a reasonable request, and pursuant to the said rules and regulations;
17.5. The data has to be provided pursuant to external rules and regulations to protect the lawful interests of the CEMETY, for example, by lodging a claim in a court or other governmental body against a person who has infringed on the lawful interests of the CEMETY.
18. CEMETY personal data shall not be transferred to third countries (that is, countries outside the European Union and the European Economic Area). In special cases, personal data may only be transferred to third countries or international organisations if the data controller and the processor have complied with the conditions laid down in the Regulation (EU) 2016/679.
PROTECTION OF PERSONAL DATA
19. The CEMETY shall protect Data Subjects’ personal data with physical and logical means of protection, relying on advanced technologies and considering current risks to privacy, as well as organisational, financial and technical resources reasonably available to the CEMETY, including:
19.1. Data encryption during data transfer (SSL encryption);
19.2. Firewalls;
19.3. Intrusion detection and protection software;
19.4. Other means of protection depending on the current technological progress.
20. The CEMETY shall protect Data Subjects’ personal data using the following physical security measures:
20.1. Protection of technical resources against the risk of physical impact on information systems;
20.2. Storage of paper documents in lockable cabinets;
20.3. Protection of the stored data from fire, flooding, voltage loss or overvoltage in the mains, theft of technical resources, non-compliant humidity and ambient temperature.
DURATION OF PERSONAL DATA STORAGE
21. The CEMETY shall keep and process personal data of Data Subjects insofar as at least one of the following criteria exists:
21.1. An agreement with a Data Subject is in force;
21.2. The CEMETY or the Data Subject may protect its legitimate interests under external rules and regulations (for example, bring claims or initiate/proceed with an action at the respective court);
21.3. One of the parties has a legal obligation to keep the data;
21.4. The Data Subject’s consent to the respective processing of personal data is in effect, unless another legal basis for the processing is in place.
22. After the circumstances referred to in Paragraph 21 expire, the Data Subject's personal data is deleted.
THE DATA SUBJECT’S ACCESS TO PERSONAL DATA
23. The Data Subject shall have the right to receive information laid down by the law in relation to the processing of his/her data.
24. Pursuant to the law, the Data Subject shall also have the right to ask the CEMETY to provide access to his/her personal data as well as to amend, delete or supplement such data or to limit the processing of the said data; the Data Subject shall also have the right to object to the processing of data (including the processing of personal data carried out on the basis of legitimate (lawful) interests of the CEMETY) as well as the right to the portability of data. This right can be enforced insofar as the processing of data does not derive from statutory obligations of the CEMETY that are discharged for the public benefit.
25. The Data Subject may submit a request for the exercise of his/her rights:
25.1. In person in writing to the administration of the CEMETY by producing an identity document;
25.2. By an e-mail signed with a secure electronic signature.
26. Having received a request from the Data Subject regarding the enforcement of his/her rights, the CEMETY shall verify the Data Subject’s identity, review the request and satisfy it pursuant to the law.
27. The CEMETY shall send a registered reply to the postal address indicated by the Data Subject or an e-mail signed with a secure electronic signature, taking into account, as far as possible, the Data Subject’s preferred means of communication.
28. The CEMETY shall ensure compliance with data processing and protection requirements laid down by the law, and should a Data Subject raise an objection, the CEMETY shall take reasonable action to resolve it. If the CEMETY fails to resolve the objection, the Data Subject shall have the right to approach a supervisory body, namely, the Data State Inspectorate.
PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
29. Special categories of personal data are data revealing racial or ethnic origin, political opinion, religious or philosophical belief, party or trade union membership, genetic data, biometric data for unique identification of a natural person, data on health or sex life or sexual orientation of a natural person.
30. As data controller, the CEMETY does not process data of special categories of its customers. The only exception may be allowed solely in case, if the processing is required to protect vital customer's interests (for example, calling of emergency medical service is required due to sudden deterioration of the customer's health condition and in similar emergency situations).
THE DATA SUBJECT’S CONSENT TO PROCESSING AND RIGHT OF WITHDRAWAL
31. The Data Subject may provide his/her consent to the processing of personal data on the basis of consent (for example, publishing of an image, advertisement, etc.) in the CEMETY application forms, in the CEMETY service portals/apps, on the CEMETY and other websites (for example, newsletter subscription forms), or in person at the CEMETY.
32. A list of categories of personal data that can be processed according to the Data Subject's consent and other legal bases is available in the Data Categories annex.
33. The Data Subject shall have the right to withdraw his/her content at any time by means of the same method in which it was given or in person at the CEMETY. In this case the processing of data on the basis of consent to the respective purpose shall not be continued.
34. Withdrawal of consent shall not affect processing activities that were completed when the consent was still valid.
35. By withdrawing consent, it is not possible to terminate the processing of data performed on the basis of other legal grounds.
COMMERCIAL COMMUNICATIONS AND COMMUNICATION IN GENERAL
36. The CEMETY shall communicate with the Data Subject using the contact details provided by him/her (telephone number, e-mail address, mailing address).
37. The CEMETY shall communicate about performance of contractual obligations pursuant to the respective agreement (for example, to provide information about payments or changes in services, etc.).
38. The CEMETY shall maintain commercial communication regarding the CEMETY and/or third-party services as well as other communication that is not related to direct provision of contracted services (for example, surveys) pursuant to the external rules and regulations or the Data Subject’s consent.
39. The Data Subject may consent to commercial communication with the CEMETY in application forms and on the CEMETY and other websites (for example, in news subscription forms).
40. The Data Subject’s consent to commercial communication shall be valid until its withdrawal (even after the expiry of the service contract). The Data Subject may withdraw his/her consent to further commercial communication by:
40.1. Sending an e-mail to info@cemety.lv or info@cemety.lt ;
40.2. Expressing it in person at the CEMETY;
40.3. Using the automated opportunity provided for opting out of receiving commercial communication and further notices by clicking on the opt-out link at the end of the relevant commercial communication (e-mail).
41. The CEMETY shall cease sending commercial messages as soon as the Data Subject’s request is processed. Processing requests depends on technological capacity and may take up to three days.
42. By providing an opinion during surveys and by leaving his/her contact details (e-mail, telephone), the Data Subject agrees that the CEMETY may contact him/her, relying on the contact details provided in the context of the Data Subject’s evaluation.
USE OF WEBSITES AND PROCESSING OF COOKIES
43. The CEMETY websites may use cookies. The terms and conditions that apply to the processing of cookies are described in the annex “Cookie Policy”.
44. The CEMETY websites may contain links to websites of third parties that have their own personal data protection requirements and terms and conditions of use; the CEMETY may not be held liable for any such requirements or terms and conditions.
Annex to the Privacy Policy of
SIA “CEMETY”
COOKIE POLICY
1. The Terms of Use of Cookies on the CEMETY website www.cemety.lv , www.cemety.lt describe the use of cookies at SIA “CEMETY”, registration no. 40103618951, registered at Straumēni 3-15, Zaķumuiža, Ropažu parish, Latvia, LV-2133, e-mail address: info@cemety.lv or info@cemety.lt, stating the purpose of the use of cookies as well as the right of users to change and choose the use of cookies according to their needs.
2. Cookies are small text files that website browsers (such as Internet Explorer, Firefox, Safari, etc.) save on a user’s end device (computer, mobile phone, or tablet), when the user opens a site, to identify the browser or information or settings kept in the browser. Thus, the website is able to save individual user settings and recognise and respond to this user later to improve overall user experience. The user may disable or restrict cookies; however, without cookies it is not possible to fully enjoy the functionality of various websites.
3. Depending on their functions and purpose, the CEMETY uses strictly necessary cookies, functionality cookies, analytics cookies and targeting (advertising) cookies.
4. Strictly necessary cookies are needed for the user to freely visit and browse websites and enjoy full functionality, including the ability to receive information about services and purchase them. These cookies identify a device, but do not disclose the user’s identity; they do not collect or compile information either. A site cannot function smoothly without these cookies; for example, it cannot provide the information that a user needs or the services that he/she wishes to purchase from an online store or allow him/her to log in to a profile or request a service. These cookies are kept on a user’s device until the respective browser is closed.
5. A website uses functionality cookies to remember user settings and choices so that the site becomes more user-friendly. These cookies are permanently kept on the user’s device.
6. Analytics cookies compile information about the use of websites and their most popular sections, including the content that a user opens when he/she browses a site. This information is used for analytical purposes to determine what the users are interested in to improve the functionality of sites and make them more user-friendly. Analytics cookies identify a device, but do not disclose the user’s identity.
7. In some cases analytics cookies may be managed by third-party data processors (operators), for example, Google Adwords, on behalf of the site owner and according to the objectives indicated by him/her.
8. Targeting (advertising) cookies are used to compile information about the websites that a user has opened or to offer services that are of interest to a particular user or to send offers that are tailored to a user’s interests. These cookies are usually inserted by third parties like Google Adwords with the consent of the site owner and according to the objectives indicated by him/her. Targeting cookies are permanently stored on a user’s end device.
9. The CEMETY uses cookies to improve user experience on its websites. This includes:
9.1. Ensuring website functionality;
9.2. Adjusting website functionality to user habits, including language, search requests, viewed content;
9.3. Gathering statistics about user flows in relation to the site – number, time spent viewing the page, etc.;
9.4. Authentication of users.
10. Unless specifically indicated otherwise, cookies are stored until they have fulfilled their purpose; they are deleted later.
11. Cookie data is not transferred for processing to non-EU or non-EEA states.
12. When the CEMETY websites are visited, a window with a message that cookies are used on the website is displayed to the user.
13. By closing the window, the user confirms that he/she has read the information about cookies, their purpose, and cases when their data are transferred to third parties, and consents to them. Thus, cookies are used on the basis of user consent. If the user enters into an agreement on the website, cookies are needed to perform the agreement or for the CEMETY to carry out its statutory duties or safeguard its lawful interests.
14. It is possible to disable or restrict cookies in the security settings of all browsers. But it should be noted that strictly necessary and functionality cookies cannot be disabled, as it is not possible to ensure full functionality of websites without them.
15. If the user has a question about the use of cookies, he/she can contact the CEMETY at the following e-mail address: info@cemety.lv or info@cemety.lt.
Annex to the Privacy Policy of
SIA “CEMETY”
DATA CATEGORIES
No. Data category Examples
1. Personal identification data Name, surname, identity code/ID, DOB, passport no./ID number
2. Personal contact details Address, telephone, e-mail address
3. Special categories of data (sensitive data) Disability certificate, employees’ compulsory medical examination data
4. Information about the Data Subject’s contact persons Name, e-mail address, telephone number of the contact person
5. Data Subject data Contract number, registration date, status
6. Information about services Contract number, price, discount
7. Sales contract data Contract number, execution/approval date, type, annex number, annex date
8. Communication data Incoming/outgoing communications, number, date, registrant, content, channel, delivery status
9. Payment data Payment agreement number, decision, payment schedule
10. Data on settlement of payments Payment system account number, bank account number, invoice number, date, amount, type of delivery, payment date, amount due, debt recovery information
11. Complaint data Complaint number, registration/resolution date, type, description
12. Data Subject survey data Name of survey, mailing date, response date, questions and answers
13. Activity on the CEMETY websites IP address, description of the activity, section of the website, date and time
14. Video data Video recordings of events, video surveillance at the CEMETY, recording date
15. System access data Usernames and passwords assigned to Data Subjects
16. Consent information Data Subject consent, by topic, date, time and source of consent