Privacy Policy
In this Privacy Policy (hereinafter – “Privacy Policy“),, the limited liability company ” Itella Logistics “, registration number 40003567822 (hereinafter – “We“, “Us”), address: Dzirnieku iela 24, Mārupe, Mārupe district, Latvia, LV-2167, explains how We, as the controller of your personal data, process your personal data, as well as provide information about your rights as a data subject and how you can exercise these rights.
When processing your personal data, We observe and comply with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter – the General Data Protection Regulation or GDPR), the Personal Data Processing Law of the Republic of Latvia and other applicable laws and regulations , which regulates the protection of personal data.
This Privacy Policy will explain how We collect and use your personal data and what We do to ensure the protection of your personal data. The purpose of this Privacy Policy is to help you understand why and how We process your personal data and what your rights are regarding your personal data.
This Privacy Policy applies to you if you are Our customer, We have concluded a cooperation agreement, you use Our websites www.itella.lv and/or my.smartpost.lv, as well as if you are simply looking and interacting with information related to Us on the Internet.
1. PERSONAL DATA PROCESSING OFFICER
Limited Liability Company ” Itella logistics ” , registration number: 40003567822,address: Dzirnieku iela 24, Mārupe, Mārupe county, Latvia, LV-2167 email for communication: office.riga@itella.com.
2. WHICH PERSONAL DATA PROCESSING PRINCIPLES DO WE FOLLOW WHEN PROCESSING YOUR PERSONAL DATA?
2.1. We will comply with the requirements of applicable law in force, including the GDPR.
2.2. We will process your personal data in a legal, fair and transparent manner.
2.3. We will collect your personal data for specific, clearly defined and lawful purposes and will not process them in a way that is incompatible with these purposes, except in cases specified by law.
2.4. We will take all reasonable steps to ensure that inaccurate or incomplete personal data, taking into account the purposes for which it is processed, is corrected, supplemented, suspended or destroyed without delay.
2.5. We will store personal data in a format that allows your identification for no longer than is necessary for the purposes of its processing.
2.6. We will not provide or disclose personal data to third parties, except as provided in this Privacy Policy or applicable law.
2.7. We will ensure that your personal data is processed in such a way as to ensure its adequate protection, including against unauthorized or unlawful processing, as well as against the accidental risk of loss, destruction or damage, through appropriate technical or organizational measures.
3. WHAT PERSONAL DATA DO WE PROCESS?
3.1. Personal data – first and last name, personal identification number, birth data,
3.2. Contact information – phone number, e-mail address, residential address
3.3. Security Camera Recordings – Security camera recordings made for the protection of Our visitors and property
3.4. Audio recordings of incoming and outgoing telephone conversations – voice recordings obtained from audio recordings of telephone conversations with customers and prospects
3.5. Incoming and outgoing e-mail lists – lists with customers and potential customers
3.6. Service data – this is data that reflects your behavior in relation to the use of Our services, for example, about the services and products you have purchased, data about possible violations and about the contract concluded with you
3.7. Payment instrument data – We collect and store this data if you make a payment at the time of delivery of the package. If the payment is made using a terminal, then the specific personal data will include the following information in an incomplete, undecipherable form – the type of credit or debit card, the last four digits of the payment card number . If the payment is made using the link , then the specific personal data will include the following information – the name of your credit institution and IBAN number. If payment for Our services is made by transfer from your bank account, then the specific personal data will include the following information – payer’s name, surname, IBAN number, name of the payer’s payment institution.
3.8. Social network data – social network account name; personal photo; individual reactions to content created by Us (likes, comments, shares).
3.9. Qualification information – CV; letter of motivation; other information related to your professional competence and which you voluntarily provide when applying for a job
3.10. Website information – Internet address (IP); the type of web browser used; number of visits; viewed website pages; time spent on the site; the specified internet source; information about the device used; language; country; internet service provider, etc
4. LEGAL BASIS OF PERSONAL DATA PROCESSING
4.1. The processing of your personal data is based on the following legal grounds:
4.1.1. Conclusion, performance, amendment and management of the contract (Article 6(1)(b) GDPR);
4.1.2. Fulfilling Our legal obligations and legal requirements (Article 6(1)(c) GDPR);
4.1.3. Pursuance of Our legitimate interests (Article 6(1)(f) GDPR);
4.1.4 Implementation of your consent (Article 6(1)(a) GDPR).
4.2. To the extent and under the conditions provided by the applicable legislation, the processing of your personal data may be subject to one or more of the aforementioned legal bases.
5. HOW DO WE COLLECT YOUR PERSONAL DATA?
5.1. We process your personal data obtained in the following ways:
5.1.1. when you provide Us with personal data. You provide Us with your personal data and other information using the itella.lv and/or my.smartpost.lv websites , by concluding a contract with Us, registering in Our self-service systems, writing to Us or contacting our customer service team by phone, e-mail or using other means of communication, submitting your complaints and/or questions, etc.;
5.1.2. when you use Our itella.lv and/or my.smartpost.lv websites . When using these websites, certain information (such as the type of web browser used, number of website visits, website pages viewed, etc.) is collected automatically;
5.1.3. when We receive your personal data from other persons in accordance with the regulations and/or the procedure established by this Privacy Policy.
6. FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
Personal data is processed for different purposes, and each data processing for each purpose must take place in compliance with the rule of law. In the processing of your personal data, We are based on the purposes mentioned in point 5 of this policy, which are presented in more detail below.
6.1. Data processing necessary for the performance of the contract
Based on this right, We process your data if it is necessary for the performance of the contract concluded with you or for the processes necessary for its conclusion based on your request. We use the data mentioned below for the mentioned purposes in order to make possible and guarantee the performance of the services included in the contract concluded with you.
Purpose of processing | Categories of personal data |
Pre-contractual communication (inquiry about services and providing answers) | Personal data, contact information |
Invoicing (invoicing, issuing and collecting payments) | Personal data, contact information |
For registration purposes for Our self-service accounts My For using Smartpost and Smartship , as well as these self-service accounts: | Personal data, contact information, service data |
Maintaining communication with clients, developing relationships (submission of information related to the conclusion of the contract and the execution of the contract) | Personal data, contact information, service data |
Calculation and management of costs related to the use of services | Personal data, service data |
Management of circumstances and events that influence the customer’s decision to choose a service (informing, handling complaints) | Personal data, contact information |
Customer identification | Personal data |
6.2. Data processing necessary for the fulfillment of Our legal obligations
In the cases indicated below, We must process your personal data, as this is required by law. If data processing is required by law, neither We nor You can influence this data processing. On the basis of legality, We process data for the following purposes:
Purpose of processing | Categories of personal data |
Accounting (including keeping original accounting documents) | Personal data, contact information |
Informing the Data State Inspectorate and the data subject about violations related to personal data | Personal data, contact information, service data |
Responding to requests for information from state administration institutions and state institutions | Personal data, contact information |
6.3. Data processing based on Our legitimate interests
Legitimate interest means that We do not have a direct need to process your data at the time of the conclusion of the contract, nor are We legally obliged to do so, but data processing is necessary for other important reasons. This processing helps Us improve the services and products offered, making them more convenient for you, and this processing also helps Us ensure the security of property, customers and employees through video surveillance; as well as make decisions about the company’s operation based on statistical data. Since the processing of data based on legitimate interest is not related to the requirements of the law or your consent, you have the right to ask for explanations or submit objections and claims if you believe that this processing violates your rights.
Purpose of processing | Categories of personal data |
Developing Our services | Personal data, contact information, audio recordings of incoming and outgoing telephone conversations |
Internal data exchange within Our group | Personal data, contact information, service data |
Creating a marketing profile ( see explanation below the table ) | Personal data, contact information, service data |
Protection of Our property, employees and customers and data – prevention or detection of criminal offenses in connection with the protection of property and the protection of vital interests of persons, including life and health | Security camera footage |
Marketing activities | Personal data, contact information |
Maintaining communication with customers, developing relationships (answering requests, general customer service, information exchange) | Personal data, contact information, service data |
General service statistics | Personal data, service data |
Provision of evidence against claims for non-compliance of the service and/or fulfillment of contractual obligations, as well as provision of evidence against a possible claim arising from tort; quality control and improvement of customer service | Voice recordings obtained from audio recordings of incoming and outgoing telephone conversations, security camera recordings; inbound and outbound email correspondence with clients and potential clients; payment instrument data (incomplete) |
Creating a marketing profile – For marketing purposes, We process your data using various technologies that allow, by applying mathematical analysis, statistics or other methods, to create marketing profiles, analyze matches and predict trends. This gives Us the opportunity to better understand and anticipate the wishes of Our customers regarding the services We offer in order to develop them accordingly. You give us the opportunity to create personalized offers that are tailored exactly to your needs, as well as to make Our services even more user-friendly.
6.4. Data processing based on your consent
In order to be able to create services that are specifically tailored to your needs and provide personal service, sometimes We need your consent to process personal data. If you give Us your consent, We will be able to send you the latest news, as well as information about the offers of Our cooperation partners.
You can always withdraw your consent (individually or all at the same time). If consent was given online, it can be withdrawn using the relevant consent box in Our Self-Service Environment. If the consent was given in another way, you can withdraw it by sending a notification to Us by e-mail: office.riga@itella.com . By withdrawing consent, We will stop processing your data for the relevant purpose for which you had consented.
Purpose of processing | Categories of personal data |
For management and administration of Our social media accounts ( Facebook , LinkedIn , Youtube ). | Social network data |
For the purposes of organizing and conducting lotteries and contests | Personal data, contact information, social network data |
Direct marketing (e-mails, SMS) | Personal data, contact information |
For the purpose of selection of candidates for vacant positions | Personal data, contact information, qualification information |
For the purposes of ensuring the functionality of the website, administering the website, diagnosing possible malfunctions, performing statistical analysis to ascertain your needs related to certain features and to analyze how and where We can use the available resources most effectively. | Website information |
7. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
7.1. Access to your personal data Our company has only those employees who need it to perform their duties. Outside the company, access to your data is strictly limited, except in the cases described below, or when the processing of personal data is necessary.
7.2. Please note that We do not transfer or otherwise disclose Your personal data to third parties, except in the following cases:
7.2.1. if We have your request and/or consent;
7.2.2. data processors who process your personal data on Our behalf and for the purposes set out by Us in this Privacy Policy (eg IT, server service providers, marketing service providers);
7.2.3. law enforcement authorities and/or law enforcement institutions, institutions and/or other data recipients to whom the data must be transferred in accordance with the requirements of regulatory acts;
7.3. In cases where we transfer data as mentioned in paragraph 7.2.2.of this Privacy Policy, We request that the data processors process the transferred data only in accordance with Our instructions, the purposes determined by Us and in accordance with this Privacy Policy, the laws on the legal protection of personal data and the data processing agreements concluded between Us and the data processors.
7.4. In order to fulfill a legitimate purpose and on a legal basis, We may transfer your personal data to entities outside the European Economic Area (EEA) (for example, if Our data processors or data recipients are located outside the EEA). In cases where personal data is transferred from the EEA to countries that have not been recognized by the European Commission as countries with an adequate level of personal data protection, We take all appropriate measures to protect your personal data (for example, We base the transfer of personal data on standards approved by the European Commission contractual clauses on data transfer).
7.5. We may transfer your data within the framework of other Posti group companies – We share your personal data with other group companies (only those located in the European Union) when it is necessary for management decision-making, business development of group companies and use of shared data systems.
8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will store your personal data for as long as it is necessary in accordance with the requirements of regulatory acts or for as long as it is necessary to implement the purposes set out in this Privacy Policy. Below are the terms of personal data storage:
Retention period | Examples |
3 months (after recording) | Security camera recordings |
Until recalled | The electronic mail address of the person who has agreed to receive news and information about Us |
10 years (after the end of the contract, execution) | Data about customer contracts and services that help protect Us and You in case of possible disagreements or filing a claim for the protection of legal interests |
10 years (after the end of the contract, execution) | Accounting source documents (such as customer membership agreement and invoices) |
Until withdrawal of consent | Data for which you have given your consent to be processed |
7 months (after the day of completion of the audio recording) in the standard case, however, in certain cases, when it is necessary to ensure and prove contractual obligations, the term can be extended up to 10 years | Voice recordings obtained from audio recordings of incoming and outgoing telephone conversations |
10 years (after the date of completion of email correspondence) | Incoming and outgoing email correspondence with customers |
6 months after the termination of the contractual relationship | Payment instrument data in incomplete, undecipherable form |
9. YOUR RIGHTS AND EXERCISES
9.1. As a data subject, you have the following rights:
9.1.1. the right to be informed about Our processing of your personal data . You have the right to receive information about your personal data processed, personal data sources, processing purposes, legal basis, storage terms, persons, recipients or data processors, data subject rights, etc.;
9.1.2. the right to access your processed personal data . You have the right to access and receive a processed copy of your personal data;
9.1.3. the right to request correction of your personal data processed . You have the right to request the correction of your inaccurate personal data;
9.1.4. the right to request data deletion. You have the right to request the deletion of your personal data if they are no longer necessary for the purpose of their collection , if you withdraw your consent to data processing that was carried out based on your consent, if We process your data based on legitimate interests, and you object to such processing if We are required to delete your personal data in accordance with legal obligations or if Your data was processed unlawfully;
9.1.5. the right to restrict processing . You have the right to restrict the processing of your personal data by Us, if you dispute the accuracy of the data and We carry out a relevant check, if your data has been processed illegally, but you do not want it deleted, if your data is no longer necessary for the purpose of collection, but you need it to bring, exercise or defend legal claims, or if you have objected to data processing as set out below, until it is verified that Our legitimate interests outweigh your reasons;
9.1.6. the right to object to data processing. You have the right to object to the processing of your data for direct marketing purposes, as well as to object to the processing of personal data in the public interest or Our legitimate interests, unless these interests exceed your reasons;
9.1.7. the right to portability of your personal data. You have the right to receive the personal data provided by you or to request their transfer to another controller in a structured, widely used and machine-readable format, if the processing of your data is based on your consent or a mutual agreement, and your data is processed automatically;
9.1.8. the right to submit a complaint to the State Data Protection Inspectorate . If you believe that your rights have been violated, you have the right to contact the State Data Protection Inspectorate.
9.2. To exercise your rights, you can contact Us at any time by email at office.riga@itella.com. Before ensuring the exercise of your rights, We have the right to request proof of your identity.
9.3. Please note that the exercise of your rights may depend on the specific conditions set out in the laws and regulations, and We may reasonably refuse to comply with your request to exercise certain rights if there are legally valid reasons for doing so.
9.4. Responses to your requests for the exercise of rights will be provided immediately, but no later than within 30 calendar days from the receipt of the request. This deadline can be extended by another two months, taking into account the complexity and volume of the request. You will be informed about the extension within one month after receiving the request, stating the reasons. Fulfilling requests is free of charge, however We may charge a reasonable fee if requests are manifestly unreasonable, repetitive or excessive.
10. DIRECT MARKETING NOTICES
10.1. We will send you direct marketing messages only after you have given your prior consent to such processing of personal data. You may withdraw your consent at any time by sending an appropriate notice to office.riga@itella.com and/or following the instructions provided in each message.
10.2. Please note that the withdrawal of your consent does not affect the lawfulness of processing based on your previous consent before its withdrawal.
10.3. In accordance with the conditions set out in the regulatory acts, We may use your personal data to carry out marketing of Our similar services based on Our legitimate interests. You have the right to object in advance by contacting Us at office.riga@itella.com . You may also later object or opt-out of such use of your personal data by contacting Us at office.riga@itella.com and/or following the instructions provided in each message.
11. PROFILING
11.1. We may use your personal data for profiling only with your prior written consent.
11.2. With your consent, We may perform profiling activities in order to assign you to an appropriate customer category and provide you with individual commercial offers that meet your needs.
11.3. When processing your personal data for the purposes mentioned above, We do not use automated decision-making processes, including profiling, which could create legal consequences for you or significantly affect you. In any case, you have the right to request human intervention to express your opinion or object to such assignment. You can do this by sending Us a notification at office.riga@itella.com.
12. SECURITY OF PERSONAL DATA
12.1. You undertake to provide Us with only your own and correct data, to protect your data and not to share it, including your login data (for example on a self-service website), with third parties.
12.2. We will process your personal data responsibly and securely, taking into account the personal data security requirements set forth in the regulatory acts. We will implement appropriate technical and organizational data protection measures, as required by law, to protect your processed personal data against accidental or unlawful destruction, damage, alteration, loss, disclosure, as well as against any other unlawful processing, both during the determination of data processing means and during the processing itself. Personal data security measures and their level are determined taking into account the risks arising from the processing of personal data.
12.3. We provide legal, organizational, physical and technical security measures to protect your personal information.
Physical measures – documents that contain personal data and are in paper format are stored in closed rooms and cabinets, to which only certain employees who need it to perform their work duties have access. Equipment used for data processing and IT systems are adequately protected against fire, overheating, water damage, and power fluctuations and interruptions.
Technical measures – video surveillance is carried out; work computers are protected with passwords on screensavers when employees leave the workplace; it is ensured that IT systems do not allow multiple unsuccessful attempts to enter user data by blocking access after a certain number of attempts; particularly vulnerable devices such as laptops and smartphones are equipped with additional protection such as encryption.
Organizational measures – specific roles and access levels are assigned to each user of the IT system; it is ensured that the right of access is closed when the employee terminates the employment relationship; it is guaranteed that only persons with appropriate authorization for data processing can enter publicly accessible premises.
If external service providers are used to process your personal data, they are contracted to: a) ensure the confidentiality and security of personal data, and b) process the data in accordance with applicable law.
13. COOKIES
13.1. Please note that Our websites www.itella.lv and/or my.smartpost.lv use cookies. You can find more information about cookies in the Cookie Policy, which is an integral part of the Privacy Policy.
14. RIGHT TO COMPLAINT
14.1. If you believe that your rights have been violated, you can always contact Us by e-mail office.riga@itella.com and/or submit a complaint to the State Data Inspectorate ( Elijas iela 17, Riga, LV-1050 , e-mail, post @vdi.gov.lv ).
15. CONTACT INFORMATION
15.1. The personal data controller who processes the personal data specified in this Privacy Policy is: Limited Liability Company ” Itella logistics ” , registration number: 40003567822, address: Dzirnieku iela 24, Mārupe, Mārupe county, Latvia, LV-2167, email for communication: office.riga@itella.com
15.2. If you have any questions or would like to receive additional information related to this Privacy Policy, you can contact Us using the following contact information: office.riga@itella.com.
16. EFFECTIVENESS AND AMENDMENTS TO THE PRIVACY POLICY
16.1. We reserve the right to amend the Privacy Policy at any time. We will notify you of any amendments to the Privacy Policy and publish the new version of the Privacy Policy on the website, so please review the Privacy Policy regularly.