PRIVACY POLICY
1 PURPOSE AND SCOPE OF THE PRIVACY POLICY
1.1. The purpose of SIA Ryabinin Camps' (hereinafter referred to as the Controller) privacy policy (hereinafter referred to as the Policy) is to inform the Controller's clients, potential clients, employees, potential employees, cooperation partners, and other persons about the Controller's activities related to the processing and protection of personal data of natural persons who can be directly or indirectly identified (hereinafter referred to as the Data Subject). The Policy specifies what personal data of the Data Subject may be processed, including collected, transferred, corrected, stored, erased, etc., the purposes and legal basis for such data processing in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the Regulation), as well as data retention periods and the rights of the Data Subject.
1.2. The Policy applies to the processing of personal data regardless of the form and/or medium in which the Data Subject provides or the Company obtains personal data (e.g., on the Controller's premises, website, in paper format, orally, electronically by e-mail or telephone, on the Controller's social media profiles, mobile application, etc.).
1.3. The Controller has the right to make changes to the Policy at its discretion. The Policy is available at the Controller's office, sports clubs, and website - https://ryabinincamps.com/ (hereinafter referred to as the Website) and is applicable from the date of approval of the Policy.
2 IDENTITY AND CONTACT INFORMATION OF THE CONTROLLER
2.1. The data controller is SIA Ryabinin Camps, registration number 40203433245, legal address LIELA IELA 19 - 2, MARUPE, LV-2167. The Controller's contact telephone number is +371 20237648, and the e-mail address is info@ryabinincamps.com.
3. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
3.1 The email address of the Data Protection Officer of the Controller is info@ryabinincamps.com.
4. CATEGORIES OF PERSONAL DATA, CATEGORIES OF DATA SUBJECTS, PURPOSES OF PROCESSING AND LEGAL BASIS
4.1 The Controller generally processes the personal data of the following data subjects:
4.1.1. the Controller's personnel, including employees and potential employees;
4.1.2;
4.1.3. potential customers;
4.1.4. Customer representatives, including legal representatives and authorised representatives;
4.1.5. business partners and their representatives;
4.1.6 Persons who have consented to receive marketing materials from the Manager;
4.1.7. Persons who communicate with the Manager via social networks;
4.1.8. Persons who use the Manager's application;
4.1.9. Persons who participate in the Manager's events.
4.2 The Controller processes the data of natural persons lawfully, fairly and in a manner that is transparent to the Data Subject in order to:
4.2.1. offer, provide and deliver goods and services to its customers and potential customers;
4.2.2. identify the Data Subject (customer);
4.2.3. ensure and improve the quality of the services provided by the Data Controller;
4.2.4. detect and prevent infringements of various kinds on the premises and in the territory of the Controller;
4.2.5. comply with any obligations to which the Controller is legally subject;
4.2.6. carry out the public relations and marketing activities of the Manager;
4.2.7. pursue its legitimate interests and those of the Data Subject. The legitimate interests of the Data Controller are: to carry out and administer its business activities, to provide services and sell goods, to verify the identity of the Data Subject before and during the conclusion of a contract and the provision of services, to receive payments, to improve the quality of services, to prevent infringements of various kinds on the premises and in the territory of the Data Controller, to establish service statistics, to ascertain customer satisfaction with the services received through surveys, to protect the rights and legal interests of the Data Controller and the Data Subject, etc.
4.3 The Controller generally processes the following categories of personal data:
4.3.1;
4.3.2 Surname;
4.3.3 Gender;
4.3.4;
4.3.5. Contact details - address, telephone number, e-mail address;
4.3.6. Bank details - account number, payment card number;
4.3.7 Health data;
4.3.8. Biometric data - fingerprint module data;
4.3.9;
4.3.10. Video recording;
4.3.11. Voice recording - audio recording of a telephone conversation.
4.4 The legal basis for the processing of data of natural persons by the Controller is:
4.4.1. point (a) of the first paragraph of Article 6 of the Regulation, which provides that processing is lawful if the Data Subject has given his or her consent to the processing of his or her personal data for one or more specified purposes. Sometimes the Data Subject's consent is required in order for the Controller to provide personalised offers and service or a better quality service experience. The Data Subject may always withdraw his or her consent.
4.4.2 Article 6(1)(b) of the Regulation, states that processing is lawful if the processing is necessary for the performance of a contract to which the Data Subject is a party or for taking measures at the request of the Data Subject prior to entering into the contract. On the basis of this right, the Controller shall process the Data Subject's personal data if necessary for the performance of a contract concluded with the Data Subject or prior processes necessary for entering into a contract, based on the Data Subject's request. In such case, the Data Controller shall use the Data for the purpose of ensuring the performance of the obligations under the contract concluded with the Data Subject.
4.4.3 Article 6(1)(c) of the Regulation, states that processing is lawful if the processing is necessary for compliance with a legal obligation to which the Controller is subject. In such cases, the Controller must process the Data Subject's personal data as required by law. If the processing is required by law, neither the Controller nor the Data Subject can influence the processing.
4.4.4 Article 6(1)(d) of the Regulation, states that processing is lawful if the processing is necessary to protect the vital interests of the Data Subject or of another natural person. In such cases, the Controller may carry out the processing in order, for example, to detect offences or criminal offences committed in the sports club by means of video surveillance camera recordings and thereby to ensure prevention.
4.4.5 Article 6(1)(f) of the Regulation, provides that processing is lawful if the processing is necessary for the pursuit of the legitimate interests of the Controller or of a third party, except where the interests or fundamental rights and freedoms of the Data Subject which require the protection of personal data override such interests, in particular where the Data Subject is a child. In such cases, the Controller shall be entitled to carry out the processing for the purposes of pursuing one of its legitimate interests, such as, but not limited to, for the purposes of improving the quality of service of audio recordings of telephone conversations or for the purposes of providing evidence.
4.4.6 Article 9(2)(a) of the Regulation, which states that the processing of biometric or health data is lawful if the Data Subject has given his or her explicit consent to the processing of those personal data for one or more specified purposes. For the Controller to provide the Data Subject with a better service experience
and to assess the acceptability of providing the service to the Data Subject, it may be necessary to obtain the Data Subject's
consent of the Data Subject for the screening and/or use of his/her fingerprint data. The Data Subject has the right not to consent to the processing of his/her biometric data and/or health data, but should then be aware that the availability of the Service may be limited as a direct result of the necessary prohibition of data processing.
4.4.7 Article 9(2)(b) of the Regulation, states that processing of health data is lawful if the processing is necessary for the performance of the controller's duties and the exercise of the controller's or the data subject's specific rights in the field of employment, social security and social protection law, to the extent permitted by Union or Member State law or by a collective agreement pursuant to Member State law, providing for appropriate safeguards for the fundamental rights and interests of the data subject.
4.5 The controller may process personal data primarily for the following purposes:
4.5.1. for the preparation and conclusion of a contract with a customer - the Data Controller may process name, surname, birth data, contact details, gender details, voice recordings, as well as other information that the Data Subject wishes to provide to the Data Controller. (Article 6, first paragraph, point (b))
4.5.2 For the preparation and conclusion of an employment or company contract - the Data Controller may process the name, surname, birth data, contact details, as well as other information that the Data Subject wishes to provide to the Data Controller. (Article 6, first paragraph, point (b))
4.5.3 For the purpose of identifying the customer in connection with the provision of access to a sports club or for the purposes of detecting offences or criminal offences occurring at the premises of a sports club - the Controller may process name, surname, birth date, gender details, address, photograph, fingerprint module data provided by the customer, customer ID or driving licence data, NFC type card data issued to the customer, as well as other information which the Data Subject wishes to provide and which the Controller needs for the purpose of identifying the customer. (Article 6, first paragraph, point (b) and Article 9, second paragraph, point (a) of the Regulation)
4.5.4. recording of telephone conversations for quality control purposes - voice recording, information that the Data Subject wishes to provide to the Controller, including name, surname, date of birth, and contact details. (Article 6, first paragraph, point (f))
4.5.5 To inform the Data Subject (by SMS, email, call) about personalised offers and other news related to the Manager, including preparing personalised offers for which the Data Subject has opted-in - name, surname, email address, telephone number, gender, birth data (age). (Article 6, first paragraph, point (a))
4.5.6. for the purposes of creating and publishing marketing (advertising) material - name, surname, photograph, video recording, as well as other information that the Data Subject has agreed to provide. (Article 6, first paragraph, point a))
4.5.7 For the purpose of assessing the fitness for work of employees (Mandatory Health Check) - name, date of birth, health data. (Article 6, first paragraph, point (c) and Article 9, second paragraph, point (h) of the Regulation)
4.5.8. For the purpose of the administration and settlement of contracts with customers - name, date of birth, contact details, and bank details. (Article 6, first paragraph, point (b) of the Regulation)
4.5.9. for the performance of legal obligations (including accounting) attributable to the Controller - name, surname, date of birth, contact data, bank details, and video recording (for submission to law enforcement authorities). (Article 6, first paragraph, point (c))
4.5.10. For the purposes of protection of property and prevention and detection of offences (criminal offences) - video recording. (Article 6, first paragraph, point (f))4.5.11. for the purposes of providing evidence against claims of non-compliance and/or breach of contractual obligations, as well as for the purposes of providing evidence against potential claims arising in tort and for the purposes of monitoring and improving the quality of customer service - voice recordings, video recordings, personal data contained in email correspondence, bank details. (Article 6, first paragraph, point (f))
4.5.12. for management decision-making and business development of the Manager's group of companies - name, surname, date of birth (age), gender, history of purchase of services or goods (Article 6, first paragraph, point (f) of the Regulation)
4.5.13 To carry out customer surveys to ascertain customer satisfaction with the quality of service received and to make recommendations for improving the service. (Article 6(1)(f))
4.5.14. to terminate a service contract with a client early without penalty - name, surname, date of birth, contact details, health details (medical certificate). (Article 6, first paragraph, point (b) and Article 9, second paragraph, point (a))
5. STORAGE PERIOD OF PERSONAL DATA
5.1 The duration of storage of the personal data of the data subject depends on the purpose and basis of the processing. The Data Subject's personal data will be stored by the Data Controller for as long as required by the laws of the Republic of Latvia, or until the consent provided by the Data Subject is withdrawn (if consent is the basis for data processing), or for the duration of the concluded contract and for 3 years after the expiry of the contract (commercial statute of limitations), or in accordance with the legitimate interests of the Data Controller, or if there is another legal basis for this.
5.2 Video surveillance recordings (after recording) are kept for up to 1 month or longer if there is a legal basis for this. This period depends on the intensity of the video recording (motion capture) and the memory capacity of the video recorder.
6. TRANSFER OF PERSONAL DATA OUTSIDE LATVIA
6.1 The Data Controller will not transfer the Data Subject's personal data outside the EU, EEA or to any international organisation unless the Data Subject has given his/her consent.
7. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
7.1 Video surveillance data may be disclosed upon reasonable request to pre-trial investigation authorities, subjects of operational activities, security officers, public security authorities, public prosecutors and courts, as well as to a data processor hired by the Data Controller.
7.2 The personal data of the Data Subject may, where there is a legal basis to do so, be transferred to companies within Manager's group of companies for the purposes of providing and improving management services and for statistical purposes, to public authorities, insurance companies, banks, marketing service providers, social network operators, the Website and email server service provider, collection companies, payment processors, legal representatives or proxies of the Data Subject, personal data processors engaged by the Manager, Manager's software maintainers, IT and telecommunications service providers. The list is not exhaustive, as the Data Controller may change or add to the list of potential recipients from time to time. The Data Controller shall carefully check all service providers that process the Data Subject's personal data on the Data Controller's behalf and on its behalf. The Controller shall assess whether the business partners (personal data processors) apply appropriate security measures to ensure that the processing of the Data Subject's personal data is in accordance with the Controller's tasks, instructions, instructions and regulatory requirements. These business partners shall not be entitled to use the Data Subject's personal data for other purposes.
8. SECURITY OF PROCESSING OF PERSONAL DATA
8.1 The Controller shall ensure that personal data are processed in such a way as to ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate physical and logical safeguards and preventive measures.
9. RIGHTS OF THE DATA SUBJECT
9.1 The Data Subject has the right to obtain confirmation from the Controller as to whether or not personal data is being processed in relation to the Data Subject and, if so, the Data Subject has the right to access the relevant data and obtain the information specified in the first subparagraph of Article 15(1) of the Regulation.
9.2 The Data Subject shall have the right to request, on reasonable grounds, that the Controller rectifies inaccurate personal data of the Data Subject without undue delay. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by providing a supplementary statement.
9.3 The Data Subject shall have the right, in accordance with the provisions of Article 17 of the Regulation, to obtain from the Controller the erasure of the Data Subject's personal data without undue delay where one of the circumstances specified in that Article exists.
9.4 The data subject shall have the right to obtain from the controller the restriction of the processing of personal data where one of the circumstances specified in Article 18 of the Regulation applies.
9.5 The data subject shall have the right to freely withdraw his or her consent to the processing of his or her personal data, where such consent has been given, at any time.
9.6 If the Data Subject considers that his or her rights have been or may be infringed, he or she should immediately contact the Data Controller without delay to complain. The Data Controller will ensure that upon receipt of the complaint, it will contact the Data Subject within a specified timeframe and inform the Data Subject of the progress and outcome of the complaint. If the results of the investigation are not satisfactory to the Data Subject, the Data Subject has the right to lodge a complaint with the supervisory authority, which in Latvia is the Data State Inspectorate.
9.7 The Data Subject shall have the right to lodge a complaint with the Data Inspectorate if the Data Subject considers that the Controller infringes the Data Subject's rights and legal interests in the area of data protection of natural persons. The complaint may be lodged
by post, electronic mail (sending documents signed with a secure electronic signature to: info@dvi.gov.lv), or by delivering it to Elijas iela 17, Riga, LV-1050.
10. CONTACT
What are cookies?
Cookies are small text files that a web browser (such as Internet Explorer, Mozilla Firefox, Safari, etc.) stores on a user's terminal device (computer, mobile phone, tablet) when the user visits a website in order to identify the browser or the information or settings stored in the browser. Cookies thus enable the website to store the user's individual settings, recognise them and respond accordingly, with the aim of improving the user experience. The user can disable or limit the use of cookies, but without cookies, it will not be possible to make full use of all the site's features. Depending on the functions to be performed and the purpose of use, the Manager uses mandatory, functional, analytical and targeting (advertising) cookies.
Mandatory cookies
These cookies are necessary to allow the user to freely visit and browse the website and use the facilities offered by it, including obtaining information about and purchasing services. These cookies identify the user's device, but do not reveal the user's identity, nor do they collect or aggregate information. Without these cookies, the website will not be able to function fully, for example, to provide the information the user needs, to apply for a service. These cookies are stored on the user's device until the web browser is closed.
Functional cookies
With functional cookies, the website remembers the settings and choices made by the user in order to allow the user to use the website more easily. These cookies are stored permanently on the user's device.
Analytical cookies
Analytical cookies collect information about how the user uses the website, identifying the most frequently visited sections, including the content that the user selects when browsing the website. The information is used for analytical purposes to find out what is of interest to users of the website and to improve the functionality of the website to make it more user-friendly. Analytical cookies only identify the user's device and do not reveal the user's identity. In some cases, some of the analytical cookies are managed by data processors (operators), such as Google Ads, on behalf of the website owner, in accordance with its instructions and only for the purposes indicated.
Targeting (advertising) cookiesTargeting (advertising) cookies are used to collect information about the websites visited by the user and to offer the Manager's services of direct interest to a specific user or to target offers relevant to the interest expressed by a specific user. These cookies are usually placed by third parties, such as Google Ads, with the permission of the website owner, for the purposes indicated. Targeting cookies are stored permanently on the user's terminal equipment.
For what purpose(s) does the Controller use cookies
The Controller uses cookies to improve the user experience on the website:
- to ensure the functionality of the website;- adapt the functionality of the website to the user's usage habits - including language, search requests, and previously viewed content;
- to obtain statistical data on the site's visitor traffic - number of visitors, time spent on the site, etc;
- user authentication;
- in case the user is a customer of the Manager's services, to display services tailored to the user's needs and to offer other content and offers created or distributed by the Manager when visiting the website. How long cookies are stored unless otherwise stated, cookies are stored until the action for which they were collected is performed, after which they are deleted. Cookie information is not transferred for processing outside the European Union and EEA. Accepting and disabling cookiesWhen visiting the website, the user is presented with a window with a message that the website uses cookies. If users accept the acceptance of cookies by clicking "I agree", the legal basis for the use of cookies is the consent of the user and they confirm that they have read the information about cookies, the purposes of their use, the cases in which the information is transferred to a third party.If the user enters into a contract through the website, the processing of cookies is necessary for the performance of the contract concluded with the user or for the Controller to comply with its legal obligation or to pursue a legitimate interest.The security settings of each web browser allow the restriction and deletion of cookies. However, it should be noted that the use of mandatory and functional cookies cannot be refused, as without them the full use of the website and the website cannot be ensured.
11. THIRD PARTY SERVICES
(a) Each time a person visits the Site, a third-party software called "Google Analytics" is used on behalf and in the legitimate interests of the Manager to collect information about how persons use the Site, for example, to record persons' activities on the Site and to identify patterns of personal behaviour. This service is used for the purpose of determining how many visitors visit the Site and which sections of the Site. The information collected helps us to understand how the Site works and how the Manager can improve it. The Manager does not identify visitors to the Site and does not allow Google Analytics to do so.
(b) The Website offers YouTube videos on the Website. The provider "YouTube" controls all information collected from persons viewing such content. YouTube's privacy policy is available at: https://www.google.co.uk/intl/en-GB/policies/privacy/.
12. PARTICIPATION IN THE ACTIVITIES OF THE CONTROLLER
With your consent, the fact of your participation, your name and your photograph will be used to communicate to the general public the events organised by the Manager. We assure you that the use of the above photographs will not violate your dignity and honour. Your photographs may be published on the Manager's social media accounts, on the Website with your consent. Media representatives may publish your photographs only in compliance with the legal requirements imposed on them, however, the Manager does not accept any liability for the actions of media representatives. In general, photographs will be published and stored for 3 years after the event, except for exceptions provided by law.
13. PARTICIPATION IN THE SELECTION
We collect and process your curriculum vitae (CV) and/or cover letter and/or other information you provide to us for the purposes of recruitment on the basis of the consent you provide to us or to the company providing the recruitment services. If you do not send us your curriculum vitae and/or cover letter, we will not be able to assess your suitability for the position offered. In the event that you do not provide your separate consent to the processing of your personal data after the recruitment process has ended, we undertake to delete and/or destroy your personal data within 5 (five) working days after the conclusion of the employment contract with the selected candidate.
14. SOCIAL NETWORKS
All information that you provide to us through social networks (including notifications, the use of "Like" and "Follow" and other communications) is controlled by the social network manager. The website provides links to our social network accounts. We currently have accounts on the following networks:
(a) Facebook, whose privacy notice is provided at the following Internet address: https://www.facebook.com/privacy/explanation;
(b) Instagram, whose privacy statement is available at the following Internet address: https://help.instagram.com/155833707900388;
(c) LinkedIn, whose privacy notice is provided at the following Internet address: https://www.linkedin.com/legal/privacy-policy.
(d) YouTube, whose privacy notice is provided at the following Internet address: https://policies.google.com/privacy?hl=en.
We recommend that you read the privacy statements of the third parties listed above and contact the providers directly if you have any questions about their use of your personal data.
15. RESPONSIBILITY
You are responsible for the confidentiality of your password and the data you provide, and for any actions (data transfers, submissions, etc.) that are performed on our Site and/or Application using your login credentials. You must not disclose your password to any third party. If the services provided on our Site and/or Application are used by a third party who has logged into the Site and/or Application using your login credentials, we will consider that you have logged in. If you lose your login details, you must notify us immediately in the most convenient way for you (by post, telephone, fax or email). You are responsible for ensuring that the data you provide to us is accurate, correct and complete. If the data you provide changes, you must notify us immediately by changing the relevant data on the registration form or, if the data is not provided on the registration form, by informing us by e-mail. In no event shall we be liable for any loss incurred by you as a result of the provision of incorrect or incomplete personal data or your failure to inform us of changes to such data.
16. CHANGES TO THE PRIVACY POLICY
We may update or change this Policy at any time. Such updated modified Policy will be effective from the time of its posting on our Site and/or App unless a different effective time is provided for in other terms of the Policy. You should check from time to time to ensure that you are happy with the current version of the Policy.
Subscribe to the camp news
Contacts
Contacts
Dear friends! If you have any question, please contact us by phone or e-mail:
SIA RYABININ CAMPS , Reg.Nr. 40103994233
Requisites
Company name: MARUPES LEDUS SKOLA SIA
Address: LIELĀ IELA 19 - 2, MĀRUPE, LV-2167
Registration No.: 40103994233
Bank name: SWEDBANK AS
BIC/SWIFT code: HABALV22
Bank account: LV28HABA0551041782360 (EUR)
Purpose of payment: Name, a surname of the skater
Requisites
Company name: RYABININ CAMPS SIA
Address: LIELA IELA 19 - 2, MARUPE, LV-2167
Registration No.: 40203433245
Bank name: SWEDBANK AS
BIC/SWIFT code: HABALV22
Bank account: LV58HABA0551053540451 (EUR)
Purpose of payment: Name, a surname of the skater
Requisites
Company name: IFSA SIA
Address: LIELĀ IELA 19 - 2, MĀRUPE, LV-2167
Registration No.: 40203592502
Bank name: SWEDBANK AS
BIC/SWIFT code: HABALV22
Bank account: LV31HABA0551059053641 (EUR)
Purpose of payment: Name, a surname of the skater