Pursuant to art. 13 of the European Regulation 2016/679 (hereinafter GDPR) as well as the applicable regulations in force, in relation to the personal data of which the company GRIMEX SIA will become available with the online sale of electronic cigarettes and liquids bearing the KIWI brand, we inform you about as follows:
The data controller is the company GRIMEX SIA (VAT number LV54103105541), with registered office in Mehanizācijas 4A, Limbaži, LV-4001, in the person of the pro tempore legal representative, who can be contacted at the following email address info@grimex.lv (“Owner”).
The treatment is aimed at fulfilling the pre-contractual and contractual obligations following a request for information, distribution and sale of the products offered by the Data Controller; to the realization of marketing purposes, in accordance with art. 7 of the GDPR, for communications with commercial, promotional or informative content in relation to the KIWI branded product, as well as statistical analysis and market research strictly related to the services and products offered through the website www.vapebaltic.com or following the spontaneous release of your data, even during promotional events organized by the Data Controller; for carrying out profiling activities, such as the analysis of customer consumption habits or choices, mainly processing: (a) data relating to the date and time of display by you of the e-mail messages containing information, including commercial and promotional information relating to the site www.vapebaltic.com, as well as the interaction with them and information on clicks on the links inserted in the messages; (b) the data acquired during the purchase of products on the site, therefore, also through the detection of the type and frequency of purchases. We declare that the interested party is of age, freeing the Owner from any responsibility. Furthermore, your personal data will also be processed for the purpose of i) fulfilling the obligations envisaged in the tax and accounting fields and ii) complying with any legal obligation incumbent on the Data Controller or by an order of the Authority.
The legal basis of the processing is the consent of the interested party to the processing of data expressed by completing this form or returned during the participation in promotional events organized by the Data Controller, or at which you were present or in any case made spontaneously on the website www.vapebaltic.com also to send requests for information, to register, consult / modify your profile, to manage online purchases and to subscribe to newsletters or mailing lists. In any case, the Data Controller will process your data lawfully as the processing is finalized and necessary i) for the correct and complete execution of the existing contracts and the sale ii) for the pursuit of the legitimate interest of the data controller.
The provision of data is optional. You assume responsibility for your own data or those of third parties published or shared through the site and guarantee that you have the right to communicate or disseminate them to the Data Controller. Failure to communicate personal data prevents the correct functionality of the site and the related sale of products, therefore the completion of the contract as well as any relationship based on it, with the impossibility of proceeding with the provision of products and services, also offered through the site.
The data will be processed in full compliance with the principles of lawfulness, correctness, transparency, purpose limitation and data minimization and in any case with all the principles set out in art. 5 of the GDPR. In relation to the aforementioned purposes, your personal data are subject to computer and / or paper processing, in order to guarantee confidentiality and security. The processing of personal data takes place, under the authority of the Data Controller, by persons specifically appointed, authorized and instructed in the processing pursuant to art. 29 GDPR and 30 of the privacy code. No automated decision-making processes are carried out.
Your personal data will be kept for the entire contractual duration and validity of the Controller’s commercial, promotional, information and / or advertising offers and in any case, even subsequently, only for the time in which the Controller will be subject to the legal obligations of conservation of accounting records and for fiscal and / or other purposes always provided for by law, and in any case until the definition of any tax assessments. In any case, for marketing purposes, the data will not be processed for a period exceeding 24 months while for profiling purposes, the data assumed for this purpose is kept for a period of 12 months from the last operation on the site and then deleted.
Your personal data may be communicated in a manner capable of guaranteeing security and confidentiality and for the performance of the functions entrusted to them i) to employees, collaborators and / or consultants, IT technicians and / or payment service providers, cloud services, hosting services, website management, email marketing system, profiling services, third parties producing cookies as per cookies policy ii) to accountants, lawyers, consultants or other professionals who provide services and / or functional services for the registration and execution of the contract and in any case for tax purposes and for other purposes in accordance with the law; iii) to banking and insurance institutions that provide functional services for the aforementioned purposes.
Your personal data are not subject to disclosure. Your personal data provided, at present, are managed and stored on servers located in the territory of the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Switzerland or to non-EU countries. In this case, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the European Commission.
Your rights under the GDPR, to be exercised by communicating the Data Controller’s email, are to:
– request and obtain from the data controller i) access to your personal data, ii) rectification of inaccurate data or integration of any incomplete ones, iii) the cancellation of personal data if one of the conditions referred to in art. 17, paragraph 1 of the GDPR or iiii) the limitation of the processing of your personal data to the occurrence of one of the hypotheses referred to in art. 18, paragraph 1 of the GDPR;
– oppose the processing of your personal data at any time in the event of particular situations concerning you. It is understood that the treatment based on consent and carried out previously retains the character of lawfulness;
– withdraw the consent at any time if it has been given for one or more specific purposes and concerns so-called common personal data (date and place of birth, place of residence or domicile, etc.), or it concerns particular categories of data (racial origin, political opinions, religious beliefs, etc …). It is understood that the treatment based on consent and carried out previously retains the character of lawfulness;
– propose a complaint to the competent Data Protection Authority.
