1.1. As one of the largest leaders in providing high-quality electronics, operator services sales and after-sales services in Latvia, we, “LMT Retail & Logistics” SIA (hereinafter referred to as ‘Retail’ and/or ‘we’), are constantly providing new services that meet modern standards. We take great care not only of the convenience and functionality of our services, but also of the protection of privacy. In our everyday work, we invest resources and take care to ensure that personal data are protected.

1.2. The purpose of this Policy is to inform and explain how we protect and care for the personal data in our possession, namely, to help to understand how and for what purposes the data are processed, and to inform about the rights and obligations of data subjects.

1.3. When processing personal data, we comply with the laws and regulations in force in the Republic of Latvia, the binding instructions and regulations issued by the responsible authorities, as well as keep track of good practice.

1.4. This Privacy Policy applies to any data subject – an identified or identifiable natural person, whose personal data we process, inter alia, it applies to customers and potential customers, their representatives, business partners and their representatives, interested parties and visitors. For matters relating to employment relationship and device repair services, we have developed separately binding information that can be consulted at the relevant stages.

1.5. This Privacy Policy does not apply to data processing measures carried out by other economic operators, including when visiting their websites or using their services. In such cases, we recommend reading the personal data protection guarantees provided by the respective economic operators.

1.6. VDuring the collection of personal data, we may separately provide additional information about the processing of personal data, e.g., in connection with a specific service.

1.7. We have created this Privacy Policy as simple as possible, however, we would like to draw attention to the following definitions:

1.7.1. Personal data: any information relating to an identified or identifiable natural person.

1.7.2. Anonymised data: information that can no longer be attributed to a natural person as all elements identifying the relevant person have been removed from the dataset.

1.7.3. Profiling: any form of automated processing of personal data, namely, use of personal data in an aggregated or individualised form, for the purpose of evaluating certain personal aspects relating to a natural person.

1.7.4. Services: any services or goods that we offer online, remotely or face-to-face.

1.7.5. E-store: a remote shopping system website https://lmt.lv/veikals, which provides the opportunity to browse and transact with the products and services of Retail and its partners.

2.1. Information that we obtain about a person depends on the content of a transaction, including the service requested or received. We also obtain information provided to us within the framework of any form of cooperation.

2.2 We can obtain personal data in several ways, e.g.:

2.2.1. A data subject provided his/her personal data to us himself/herself, namely, the data subject or his/her authorised representative has contacted or cooperated with us, e.g., by signing a contract, using our service, subscribing for newsletters, requesting information or submitting a specific question or request, visiting our Customer Centres, contacting us via information channels (e.g., in connection with the e-store), or participating in surveys;

2.2.2. Data are generated when using our services or network, e.g., when making calls, visiting or using our website, visiting Customer Centres where video is recorded.

We may also obtain data from other sources, such as other service providers or business partners, institutions or publicly available registers, such as credit institutions, payment service providers, the Enterprise Register of the Republic of Latvia, authentication service providers, external databases that maintain information about lost or stolen terminal equipment, manufacturers’ databases that contain information about individual functions of the equipment.

E.g., we can receive data from business partners if you participate in an event that we organise, during which photographs may be taken or video images may be recorded, as previously disclosed. We can also receive data from business partners about authorised persons or contact persons performing a specific task.

Categories of personal data may vary depending on services used or cooperation established. Generally, we categorise personal data as follows:

3.1. Basic personal data. This category of personal data includes data that do not correspond to other types of data, e.g.:

• Personal identification data (e.g., first name, last name, personal identity number, personal identification document number, expiration date).
• Contact details (e.g., e-mail address, residential address, delivery address, contact phone number, contact person).
• Representation data (e.g., representation data of legal entities, data of authorised persons, authorisation data).
• Communication data (e.g., information about contacting Retail, submission, application, survey information, data of audio recordings made during customer service).
• Consent data (e.g., information on consents given, consent withdrawals).
• Service data (e.g., information about the services provided, service application data).
• Device technical data (e.g., IMEI, model, series, manufacturer, assembly, fault description, visual image —assessment, security code if any; information on how to disable certain functions of the terminal equipment — Find My Device, etc.).
• Billing data (e.g., billing information, payment information, invoice delivery information, payment method).
• Credit history and debt recovery data (e.g., credit history data, debt data, debt recovery data).
• Personal visual data (e.g., video surveillance data, video recording data, photo).
• Transaction data (e.g., information about signed contracts, transactions, applications).

3.2. System access and usage data. Data that are used and generated in connection with registration, authentication and login of services, service channels and systems such as e-store, TSC, or are generated when visiting Retail websites, and which characterise the use of services. For example, this category includes various access parameters such as passwords, codes, login transactions and system usage data such as Internet Protocol address, audit logs, etc.

3.3. Other data that describe the use of services, including personal data collected by cookies or similar technologies, in connection with visiting the website and using services of Retail. For more information about cookies, see Clause 9 of this Policy.

4.1. We process personal data to provide services, ensure effective customer service, cooperation, organisation of events and other social and business activities related to our operations.

4.2. For security reasons, to avoid repeated identification, we prefer the processing of anonymised data. However, due to the nature of the provided service, cooperation or event, quite often we need to process the personal data of an identifiable person.

4.3. We perform automated processing of personal data. It allows providing an answer quickly, which otherwise would have to be done manually and require much more time.

 4.4. We can perform profiling to better understand the person’s needs and develop services that meet the person’s expectations and interests, we may consider, e.g., previous cooperation, including the duration, scope and content of transactions, payments made by the person, expressed expectations, needs, etc. It allows preparing customised solutions to each situation individually, including in cases, when the cooperation with the person has been long-lasting, and it is necessary to reach a compromise in exceptional cases to solve a non-standard situation. Profiling used for the purposes of direct marketing allows us to make the most suitable offers to the person. However, we respect each data subject’s right to discontinue such processing of personal data by withdrawing his/her consent or to object to the processing of personal data for the above purpose when it is done on the basis of the legitimate interest.

 4.5. The profiling is carried out pursuant to statutory requirements. The legal basis for such data processing may be a consent given by a natural person or in some cases the legitimate interest of Retail, or other legal basis provided for in applicable laws and regulations.

4.6. To facilitate the development of services or perform other assessments, Retail compiles statistical data.

Retail processes personal data only for specific and legitimate purposes and only if it is necessary to fulfil the purpose. We primarily process personal data based on four legal basis, including contract performance, legitimate interests, statutory legal obligation and consent. In certain cases, we can perform processing also on other legal basis.

5.1. Processing purposes based on the legal basis of contract performance.

5.1.1. Provision of services and performance of contracts. We process basic personal data, such as personal identification data, customer data, contact data and service data, to ensure the provision of services. The purpose of providing services also includes the processing of basic personal data for managing the customer’s contractual relationship, identifying the customer, authorised person or representative, processing and delivering orders, communicating with the customer in connection with the provision of the service and the performance of the contract, e.g., by sending an informational message to the customer via text message or e-mail, making a service call voice, etc., evaluating the most suitable form of communication in each case. To ensure better customer experience, redemption, delivery of the requested order and a more complete use of our services, we may contact the customer (e.g. make a service call).

5.1.2. Entry into contracts or amendments thereto. We process basic personal data, such as personal identification data, customer data, contact data, representation data, where applicable, service data, communication data and system usage and access data at the request of the data subject before entering into the contract, amending or terminating the contractual relationship, as well as examining the related submissions, applications and answering related questions. The target also applies to new applications for an existing or new transaction, including services such as equipment sales, repairs, diagnostics, buybacks, e.g., in the e-store, customer centres, any form of application.

5.1.3. Quality control of services and customer surveys. We process basic personal data, such as personal identification data, contact data, service data, communication data, to perform various actions in order to ensure the quality of the service in accordance with the terms and conditions of the valid contract, to find out the opinion about the quality of the service, e.g., by making a service call, etc.

5.1.4. Resolving the reported issues. We process basic personal data, such as personal identification data, customer data, contact data, service data, communication data, within the framework of mutual communication between the data subject and Retail, including resolving service incidents, examining applications, submissions, claims or any question submitted by a person (incl. by mail, e-mail, etc.) within the framework of an existing contractual relationship or a requested transaction.

5.1.5. Payment management. We process basic personal data, including personal identification data, customer data, billing data, service data, to ensure payments for services, inter alia, to prepare and issue invoices and to process payments.

5.2. Processing purposes based on the legal basis of legitimate interest.

5.2.1. Debt recovery. Retail has a legitimate interest in defending its rights and interests and ensuring the fulfilment of obligations by recovering the debt. Based on this legitimate interest, Retail performs activities related to debt recovery, including receiving, storing and processing basic personal data necessary for debt recovery, such as personal identification data, contact data, service data, billing data, credit history and debt recovery data, and may provide and post information about the debt and the person in the debt history databases registered pursuant to the statutory procedures, as well as save and transfer to third parties the information submitted and sent to us, including personal data and information related to the transaction, in order to ensure the execution of the transaction, as well as in cases where the person has not properly fulfilled the terms of the transaction.

5.2.2. Fraud prevention and/or credit risk assessment. We process basic personal data, such as personal identification data, contact data and service data, to analyse transaction patterns and information about the signs of potential fraud in order to detect or prevent fraud related to the use of our services. E.g., before entering into a repurchase service agreement, we will process certain data about the equipment, including, e.g., the IMEI code of the equipment, to check external databases to ensure that the equipment has not been reported as lost or stolen from its owner.

5.2.3. Security of the economic operator’s infrastructure, services, information, employees, customers and visitors, prevention of illegal or other threats, promotion of detection of criminal offences in objects and the territory adjacent to them, including in the network and information systems. We process basic personal data, such as personal identification data, personal visual data, contact data, communication data, system access and usage data, for the performance of measures that are carried out with physical and logical means of protection, including for the performance of video surveillance and for the performance of other technical and organisational measures to ensure protection against threats caused by physical exposure and protection implemented by means of logical protection.

5.2.4. Organisational management of the economic operator (including record keeping, accounting of processes, services, information systems, persons, ensuring the succession of the economic operator, implementation of public relations and social responsibility). We process basic personal data, such as personal identification data, contact data, communication data, transaction data, for the purpose of ensuring the integrated management of the company, in accordance with national and internationally recognised principles of corporate governance, ensuring the traceability, control, improvement and risk management of internal processes.

5.2.5. Statistics and analytics of processes, services, information systems and network data to identify correlations and trends for development and improvement. We process basic personal data, such as service data, billing data, consent data, credit history and debt data, system usage data, in order to collect statistics and perform analysis, e.g., to evaluate the results of service sales, in order to develop and improve services, processes, systems and networks and to determine the company’s goals and development directions.

5.2.6. Providing customer service within the ‘life cycle’, including improving satisfaction and loyalty. We process basic personal data, including service data and contact data, to improve cooperation, promote loyalty and maintain satisfaction, e.g., we conduct surveys, loyalty calls, service calls or communication with a person via another service channel with the aim of improving the experience, clarifying wishes and needs, identifying the person’s satisfaction or informing about services.

5.2.7. Conducting video surveillance and video recording, including with audio recording. We conduct video surveillance and video recordings, including audio recordings, to monitor the order in the premises and territory subject to video surveillance, including customer centres, to prevent or detect criminal offences and other incidents related to the safety of persons and property protection, to perform service quality control, including handling related customer complaints, as well as to protect Retail rights and interests in the event of potential investigation or legal proceedings. Within the scope of this purpose, we process basic personal data, such as personal visual information, data related to video surveillance and video recordings, such as time and place of visit, communication data.

5.2.8. Processing of personal data for internal administrative purposes within the LMT group. We process basic personal data for internal administrative purposes of group companies, e.g., to prevent conflicts of interest and prevent illegal transactions.

5.3. Processing purposes based on a legal obligation as a legal basis.

Enforcement of binding laws and regulations. We process personal data in order to fulfil the obligations provided in the laws and regulations for such purposes as, e.g., accounting, financial and tax management, fulfilment of requests from competent institutions, execution of the laws and regulations governing sanctions, investigation of personal data protection breaches, as well as for the fulfilment of other statutory obligations.

5.4. Processing purposes based on consent as a legal basis.

5.4.1. Management of the offers of the economic operator and third parties (business partners). We process personal data in order to provide customers and other persons who have given consent with direct marketing messages, such as information about offers, campaigns, news or other events, and to perform data selection for the preparation of personalised offers in accordance with the purpose of the given consent, if provided by the purpose of consent. If the customer’s consent refers to the receipt of information from the business partner, e.g., to ensure that the manufacturer can contact the costumer and to find out if the customer is satisfied with the products of the particular brand of the manufacturer and to be able to assess equipment repair quality in case of repairs, customer’s data, such as name, surname, contact phone number and e-mail address may be submitted to the particular manufacturer in the context of the customer’s consent.

5.4.2. Before receiving consent, we inform you about the purposes of personal data processing and the right to withdraw consent. For more information on the right to withdraw consent, see Clause 10.1.4.

6.1. In order to protect the interests of natural persons, we continuously develop our security processes and measures. Such security measures include the protection of personnel, information and technical resources, IT infrastructure, as well as the office building. As part of these measures, we ensure an appropriate level of information protection to prevent unauthorised access to personal data.

6.2. We protect personal data using modern technologies, taking into account the risks posed by processing for natural persons, as well as the technical and organisational measures available to us, including closed rooms and denial of access to unauthorised persons, use of firewall programmes, data encryption when transmitting data (SSL encryption), use of intrusion protection and detection programmes. Regular trainings are organised for our employees on information security and personal data protection issues.

7.1. Exchange of personal data may be needed in some cases, when there is a specific purpose, e.g., Retail may need to provide personal data to the following categories of data recipients:

7.1.1. LMT Group companies. We provide personal data if it is necessary for the purposes of personal data processing defined in this Policy. Security of personal data is a priority for LMT group companies and, therefore, when providing personal data, we take great care to ensure that the data processing takes place according to the statutory requirements.

7.1.2. Business partners. Economic operators with whom the companies of the LMT group have entered into cooperation agreements and established mutual obligations (e.g., for device insurance). Likewise, for the provision of services (including face-to-face and remote sales sellers, device set-up, device repair, etc.), for the provision of delivery (including the delivery of parcels and contracts, etc., including couriers, postal service providers, etc.), for service quality control (including survey providers, etc.), for security and protection (business partners who provide support for the safety and protection of LMT group employees, customers, visitors, objects and infrastructure, as well as for the prevention of fraudulent, illegal or other threats and infringements to the interests of LMT group, including security, legal assistance providers, etc.) and for ensuring management (business partners for managing and ensuring the organisational, financial management and accounting processes of the LMT group, including auditors, event organisers, etc.), service providers that ensure the checking of lost or stolen terminal equipment in databases, equipment manufacturers’ databases, within the scope of the authorisation issued to the authorised person.

7.1.3. Debt recovery institutions/companies. Including debt recovery companies, credit information bureaus and credit rating companies, bailiffs, administrators and other persons in the debt recovery process.

7.1.4. Supervisory authorities. E.g., market surveillance authorities, law enforcement institutions, including Retail for the protection of legal rights, e.g., to file a claim, and the rescue services as determined by the laws and regulations.

7.1.5. Third parties. E.g., natural or legal persons, public authorities, agencies or structures other than data subjects, controllers or processors.

7.2. In addition to the above, there may be cases when we transfer personal data to another person due to the transfer, merger, acquisition of companies, transfer of service provision to another economic operator, etc.

7.3. We also process anonymised data that are not attributed to a specific natural person and do not allow identifying a data subject. These data may be used for other purposes and transferred to other persons.

7.4. Retail ensures the confidentiality of personal data by implementing security measures according to the statutory requirements.

7.5. Retail processes personal data within the European Union and the European Economic Area, however, in certain cases, Retail may transfer them for processing in third countries. In such cases, the transfer of personal data may take place based on a certain legal basis, only for specific and necessary purposes (e.g., if it is necessary for the provision of a service and to ensure the performance of a contract) and by taking appropriate measures to ensure an adequate level of protection of natural persons. E.g., the third country where the partner is located provides a sufficient level of protection in accordance with the decision of the EU Commission, the partner has provided adequate guarantees with binding corporate rules, corresponding standard data protection clauses or other approved regulations, codes of conduct, certification mechanisms or in other cases. The data subject can receive more detailed information about the transfer of personal data to third countries by contacting us.

8.1. We store personal data only as long as they are needed to achieve a specific purpose, to fulfil obligations and observe statutory data processing requirements.

8.2. E.g., the customer’s personal data are stored during the contractual relationship or as long as it is necessary to provide the service. Even after the termination of the contractual relationship, personal data are stored until the obligations of the parties are fully fulfilled, the accounting or other requirements specified in the laws and regulations are fulfilled, as well as during the period until the customer or Retail can implement the protection of their legal interests in accordance with the procedures specified in the laws and regulations (including submitting objections and complaints or raising legal action until the statute of limitations has expired). The retention time of individual data sets may also be shorter.

8.3. If personal data are stored on the basis of consent, then we store them until the withdrawal of consent, unless another legal basis for their storage is applicable.

8.4. Several laws and regulations impose a legal obligation on us to store personal data for a certain period of time. E.g., the storage period for service invoices is 5 years, as determined by the Accounting Law.

8.5. In order to protect Retail legitimate interests in the event of a civil claim, Retail may store personal data for up to 10 years after the termination of the contract. In case of legal proceedings or investigation, in order to protect Retail legitimate interests, Retail may store personal data until the end of the legal proceedings or investigation.

8.6. Data obtained as a result of video surveillance (with or without audio recording) needed to achieve a specific purpose and to protect the legitimate interests of Retail, depending on the object where video surveillance takes place, are stored for up to 3 months.

8.7. At the end of the storage period (on expiry), the customer’s personal data are permanently deleted if they are stored electronically, or destroyed if they are stored in paper form, or anonymised.

8.8. No restrictions apply directly to the storage of anonymised data, but we also store them only to the necessary extent and duration.

9.1. Similar to other websites, the Retail website may also use cookie technology.

9.2. Cookies make it possible to adapt the website to the needs and convenience of the visitor (including based on statistical data collected in an aggregated form, without directly identifying the user of the end device). Cookies also allow you to individually address the website visitor, if the visitor has given his/her optional consent. Find out more about cookies in the Cookies Policy available on the TSC website https://www.tsc.lv.

9.3. Unless otherwise provided by laws and regulations, a person has the right to refuse further processing of their data at any time, but in this case, especially if the said data are technically essential, there is a possibility that we will not be able to provide this service to the same extent as before.

10.1. A data subject has the following rights:

10.1.1. To familiarise him-/herself with the information stored about him/her by Retail, insofar it does not contravene the laws and regulations and does not adversely affect the rights of other persons. Information can be received through any channel supported by Retail that allows the identification of a person, including, e.g., visiting a customer centre.

10.1.2. To request access to his/her personal data, obtain rectification or, if necessary, supplementing, or erasure (right to be forgotten); restrict the processing of personal data or object to such processing pursuant to the laws and regulations; as well as enjoy the right to data portability. Please note that in case of data rectification, erasure, restriction, termination or portability, services/processes can be partially or fully suspended, and it can be irreversible. When choosing to receive information about himself/herself remotely, e.g., by mail, e-mail, other addressee, etc., the requester is responsible for the security of the chosen method of receipt and for the conduct of persons acting on behalf of the requester.

10.1.3. To request a copy of the personal data being processed, if it does not adversely affect the rights and freedoms of other persons. Please note that Retail may collect a reasonable fee based on administrative costs for all additional copies requested by the data subject.

10.1.4. To withdraw any previous consent at any time in an easy manner. Giving or withdrawing consent is a person’s free choice and does not impose any additional obligations. However, if a person decides to withdraw any previous consent, it should be considered that the processing of personal data related to the respective consent will be suspended and the previous functionality may not be fully available. E.g., the unsubscribing from newsletters means that news or other information on offers will no longer be sent. It is important to remember that such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent or ask related questions, you can contact us at any time by calling the phone number specified in this Policy, visiting the LMT Customer Centre or contacting us through any other communication channel using the contact information below.

10.1.5. To object at any time and free of charge to processing of his/her data for direct marketing purposes to the extent such processing is related to direct marketing, irrespective if such processing is initial or further processing.

10.1.6. To contact Retail and market supervisory authorities on data processing issues. If assistance is required to receive more information about this Privacy Policy, aspects of personal data processing or the applicable data protection laws and regulations, please contact Retail to enable us to carefully examine any request and provide answers. In any case, any natural person always has the right to submit a complaint to the Data State Inspectorate (data protection supervisory authority of Latvia).

10.2. Retail examines data subjects’ requests related to the above-mentioned rights free of charge. The examination of a request may be refused, or a reasonable fee may be charged, if the request is manifestly unfounded or excessive, or in other cases provided for by the laws and regulations. A request may be submitted at any customer centre or remotely, providing the possibility to identify the requester as the data subject and to verify the nature and the grounds of the submitted request.

 10.3. A data subject has the following obligations:

10.3.1. To provide Retail with information about changes in the provided data within a reasonable period. It is important for Retail to hold true and up-to-date information.

10.3.2. To provide additional information, if needed. Within the framework of communication or cooperation, we may ask for additional information to verify that we communicate or cooperate with a particular natural person. This is necessary to protect the personal data of the relevant natural person and other persons for ensuring that the said person is the data subject and that any information disclosed during such communication and/or cooperation is made available only to this specific person and does not interfere with the rights of other persons. E.g., when a person wants to find out information about him/her by sending a request to Retail. In this case it is important for Retail to make sure that this person has signed and submitted the request. Accordingly, we may ask to provide additional identifying information. However, if the person has not provided additional information and/or Retail has any doubts about the identity of the requester, in order to protect personal data (not to disclose data to any third parties) we may stop the consideration of the request until we are sure that it is this person who requested the mentioned information.

10.3.3. To read this Privacy Policy before starting cooperation and provide it to any person who associate with the data subject and whose interests may be consequently affected by the processing of personal data of this person. This Privacy Policy is an integral part of the services provided by Retail. Retail expects that data provided to Retail do not adversely affect the interests of other persons. In cases where, under appropriate terms and conditions, a person can access or share his/her services with other person, the person is responsible for informing such other person about the processing of data during such processes and the obligations arising therefrom. In cases where data directly relate to other person (in cases where the data subject is other person), the relevant natural person is obliged to inform Retail without delay. Until the full identification of the persons, the data are attributed to the relevant natural person as the data subject.

As we continue to improve and develop our activities constantly, we may periodically amend and supplement this Privacy Policy. Therefore, we encourage to keep up to date with this Privacy Policy. It is available via Retail communication channels, including at our customer centres and on our website. Once we amend this Policy, we will inform about them by publishing a notification on the website. In case of significant changes, information may be provided via additional channels, e.g., on the self-service portal.

In case of any questions or concerns regarding this Privacy Policy or the processing of personal data, please contact LRetail using the contact information below or contacting our Data Protection Officer.

LMT Retail & Logistics SIA, Ropažu 6, Riga, LV-1039.

• Our toll-free Infoline +371 67773888
• e-mail: [email protected]
• Data Protection Officer: [email protected]

We ensure the fulfilment of data processing and protection requirements in accordance with the highest standards of laws and regulations, and in case of any objection, Retail will take all appropriate actions to find a solution. However, if this fails in the opinion of the data subject, the data subject has the right to contact the Data State Inspectorate at 17 Elijas Street, Riga, LV-1050. More information is available on the website: www.dvi.gov.lv. 

If this Privacy Policy is translated into other languages, the Latvian language text shall prevail in the event of contradictions.