Privacy Policy

1. General provisions

1.1. This privacy policy regulates the principles of collection, processing, and storage of personal data. Personal data is processed and stored by SIA "4SPA", who is the controller of the personal data (hereinafter the controller).

1.2. For the purposes of this privacy policy, a data subject means the customer or another natural person whose personal data is processed by the controller.

1.3. For the purposes of this privacy policy, a customer means anyone who purchases goods or services on the controller’s website.

1.4. The controller observes the principles relating to personal data processing provided by legislation and, among other things, processes personal data in a lawful, fair, and secure manner. The controller is able to declare that personal data has been processed in accordance with the provisions of the legislation.

2. Collection, processing, and storage of personal data

2.1. The personal data collected, processed, and stored by the controller has been collected electronically, mainly via the website and e-mail.

2.2. By sharing their personal data, the data subject grants the controller the right to collect, arrange, use and administer, for the purpose defined in the privacy policy, the personal data that the data subject shares with the controller either directly or indirectly when purchasing goods or services on the website.

2.3. The data subject is liable for the accuracy, correctness, and integrity of the data submitted by them. The submission of knowingly false data is regarded as a breach of the privacy policy. The data subject is required to immediately notify the controller of any changes in the data submitted.

2.4. The controller is not liable for any damage or loss caused to the data subject or a third party as a result of the submission of false data by the data subject.

3. Processing of personal data of customers

3.1. The controller may process the following personal data of the data subject:

3.1.1. Given name and surname;

3.1.2. Date of birth;

3.1.3. Telephone number;

3.1.4. E-mail address;

3.1.5. Delivery address;

3.1.6. Bank account number;

3.1.7. Payment card details;

3.2. In addition to the foregoing, the controller has the right to collect data about the customer that are available in public registers.

3.3. The legal basis for the processing of personal data points (a), (b), (c) and (f) of Article 6(1) of the General Data Protection Regulation:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

3.4. The Data Controller stores and processes the Personal Data of the Data Subject for next purposes:

  • security and safety;
  • the processing of orders
  • ensuring the functioning of online store services
  • customer management
  • financial activities, accounting
  • marketing

3.4.1. The Data Controller stores and processes the Personal Data of the Data Subject according to the terms specified by law and as long as at least one of the following criteria is met:

  • personal data are necessary for the purposes for which they were received;
  • as long as the Data Manager and/or the Data Subject can realize their legitimate interests, such as submitting objections or bringing or bringing a lawsuit to court, in accordance with the procedures set forth in external regulatory acts;
  • as long as there is a legal obligation to store data, such as under the Accounting Act;
  • as long as the Data Subject's consent to the relevant personal data processing is valid, if there is no other legal basis for personal data processing;
  • upon termination of the circumstances mentioned in this paragraph, the term of storage of the personal data of the Data Subject also expires and all relevant personal data are permanently deleted from computer systems and electronic and/or paper documents that contained the relevant personal data or these documents are anonymized.

 3.5. The controller has the right to share personal data of customers with third parties such as processors, accountants, transport and courier companies, companies providing transfer services. The controller is in charge of the processing of personal data. Payment processing is provided by the payment platform makecommerce.lv, therefore controller transfers the personal data necessary for making payments to the owner of the platform Maksekeskus AS.

3.6. The controller processes and stores personal data of the data subject implementing the organizational and technical measures to ensure that the personal data is protected against any accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing.

4. Rights of the data subject

4.1. The data subject has the right to gain access to and examine their personal data.

4.2. The data subject has the right to obtain information on the processing of their personal data.

4.3. The data subject has the right to modify or rectify inaccurate data.

4.4. If the controller processes personal data of the data subject based on the consent granted by the latter, the data subject has the right to withdraw their consent at any time.

4.5. To exercise their rights, the data subject can contact the customer support of the online store at info@4spa.lv.
.

4.6. To protect their rights, the data subject can file a complaint with the Data Protection Inspectorate.

5. Final provisions

5.1. These data protection terms and conditions have been prepared in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the valid laws of the Republic of Latvia and the European Union.

5.2. The controller has the right to amend the data protection terms and conditions in part or in full, notifying the data subjects of the amendments via info@4spa.lv.

 

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimize your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

Name Function Duration
_ab Used in connection with access to admin. 2y
_secure_session_id Used in connection with navigation through a storefront. 24h
_shopify_country Used in connection with checkout. session
_shopify_m Used for managing customer privacy settings. 1y
_shopify_tm Used for managing customer privacy settings. 30min
_shopify_tw Used for managing customer privacy settings. 2w
_storefront_u Used to facilitate updating customer account information. 1min
_tracking_consent Tracking preferences. 1y
c Used in connection with checkout. 1y
cart Used in connection with shopping cart. 2w
cart_currency Used in connection with shopping cart. 2w
cart_sig Used in connection with checkout. 2w
cart_ts Used in connection with checkout. 2w
cart_ver Used in connection with shopping cart. 2w
checkout Used in connection with checkout. 4w
checkout_token Used in connection with checkout. 1y
dynamic_checkout_shown_on_cart Used in connection with checkout. 30min
hide_shopify_pay_for_checkout Used in connection with checkout. session
keep_alive Used in connection with buyer localization. 2w
master_device_id Used in connection with merchant login. 2y
previous_step Used in connection with checkout. 1y
remember_me Used in connection with checkout. 1y
secure_customer_sig Used in connection with customer login. 20y
shopify_pay Used in connection with checkout. 1y
shopify_pay_redirect Used in connection with checkout. 30 minutes, 3w or 1y depending on value
storefront_digest Used in connection with customer login. 2y
tracked_start_checkout Used in connection with checkout. 1y
checkout_one_experiment Used in connection with checkout. session
checkout_session_lookup Used in connection with checkout. 3w
checkout_session_token_<<token>> Used in connection with checkout. 3w
identity-state Used in connection with customer authentication. 24h
identity-state-<<token>> Used in connection with customer authentication. 24h
identity_customer_account_number Used in connection with customer authentication. 12w

Reporting and Analytics

Name Function Duration
_landing_page Track landing pages. 2w
_orig_referrer Track landing pages. 2w
_s Shopify analytics. 30min
_shopify_d Shopify analytics. session
_shopify_s Shopify analytics. 30min
_shopify_sa_p Shopify analytics relating to marketing & referrals. 30min
_shopify_sa_t Shopify analytics relating to marketing & referrals. 30min
_shopify_y Shopify analytics. 1y
_y Shopify analytics. 1y
_shopify_evids Shopify analytics. session
_shopify_ga Shopify and Google Analytics. session
customer_auth_provider Shopify analytics. session
customer_auth_session_created_at Shopify analytics. session

 

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Complaints

As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact Us” above.

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority or contact your local data protection authority.

Last updated: 30/08/2023