1. Terms 

1.1. This Privacy Policy describes how SIA Vandziņa Restorāns, reg. No. 44103116717 (hereinafter also referred to as “Data Controller”), collects, processes, and stores personal data obtained from www.vanadzinarestorans.lv from its clients and individuals visiting the website (hereinafter also called “Data Subject” or “You”).

1.2. Personal data means any information related to an identified or identifiable natural person, i.e., the Data Subject. Processing refers to any operation performed on personal data, such as collection, recording, alteration, use, viewing, deletion, or destruction. 

1.3. The Data Controller complies with the principles of data processing laid down in legislation and affirms that personal data are processed in accordance with applicable laws.

2. Collection, Processing, and Storage of Personal Data

 2.1. The Data Controller primarily collects, processes, and stores identifiable information through the website www.vanadzinarestorans.lv and email. 

2.2. By visiting and using the services provided on the website, you agree that any information provided is used and managed in accordance with the purposes specified in this Privacy Policy. 

2.3. The Data Subject is responsible for ensuring that the personal data submitted are correct, accurate, and complete. Intentionally providing false information is considered a breach of this Privacy Policy. The Data Subject is obliged to immediately notify the Data Controller of any changes to the submitted personal data. 

2.4. The Data Controller is not responsible for any damages caused to the Data Subject or third parties due to incorrect personal data provided.

3. Processing of Customer Personal Data 

3.1. The Data Controller may process the following personal data: 3.1.1. Name and surname 

3.1.2. Contact information (email address and phone number)

3.1.3. Transaction data (service, date of service, delivery address, price, payment information, legal data for invoicing, etc.) 

3.1.4. Any other information provided during the purchase of services offered on the website or when contacting us. 

3.2. In addition to the above, the Data Controller has the right to verify the accuracy of the submitted data using publicly available registers. 

3.3. The legal basis for processing personal data is Articles 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):

1. a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
2. b) The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract;
3. c) The processing is necessary to fulfill a legal obligation to the data controller;
4. f) The processing is necessary for the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring personal data protection override these interests, especially if the data subject is a child. 

3.4. The Data Controller stores and processes the Data Subject’s personal data as long as at least one of the following criteria exists: 

3.4.1. The data are necessary for the purposes for which they were collected; 

3.4.2. As long as the Data Controller and/or Data Subject can exercise their legitimate interests, such as raising objections or filing or defending legal claims; 

3.4.3. As long as there is a legal obligation to retain the data, e.g., under the Accounting Law; 3.4.4. As long as the Data Subject’s consent for the relevant data processing remains valid, unless another lawful basis for data processing exists. When any of the conditions listed in this section cease to exist, the retention period ends, and all relevant personal data are irreversibly deleted from computer systems and electronic or paper documents containing such data, or these documents are anonymized. 

3.5. To fulfill its obligations towards you, the Data Controller has the right to share your personal data with cooperation partners and data processors performing necessary data processing on our behalf, such as accountants. Data processors are data controllers themselves. Reservation processing is handled by the reservation platform http://www.bouk.io, therefore, contact data for reservations is transferred to the platform’s Data ControllerOpenHotels OÜ.

Payment processing is handled by the payment platform makecommerce.lv, so our company shares necessary personal data for payment with the platform owner – licensed payment institution Maksekeskus AS. Upon request, we may disclose your personal data to state and law enforcement authorities to defend our legal interests, including drafting, submitting, and defending legal claims.

3.6. When processing and storing personal data, the Data Controller implements organizational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.

4. Data Subject Rights

4.1. In accordance with the General Data Protection Regulation (GDPR) and the laws of the Republic of Latvia, you have the right to:

4.1.1. Access your personal data, receive information about its processing, and request a copy of your personal data in electronic form and the right to transfer this data to another controller (data portability);
4.1.2. Request correction of incorrect, inaccurate, or incomplete personal data;
4.1.3. Delete your personal data (“the right to be forgotten”), except where the law requires data to be retained;
4.1.4. Withdraw your previously given consent to the processing of personal data;
4.1.5. Restrict the processing of your data — the right to request that we temporarily cease processing all your personal data;
4.1.6. File a complaint with the Data State Inspectorate.

You can submit a request to exercise your rights by sending it electronically or writing to info@vanadzinarestorans.lv. 

5. Conclusion

5.1. This Privacy Policy has been drafted in accordance with the European Parliament and Council Regulation (EU) 2016/679 (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), as well as the laws in force in the Republic of Latvia and the European Union.

5.2. The Data Controller has the right to make changes or additions to this Privacy Policy at any time and without prior notice. Amendments take effect after their publication on the website www.vanadzinarestorans.lv.