Privacy policy

Personal data processing policy

1. INTRODUCTION

  • 1.1. Personal Data Processing Policy (hereinafter – "Policy") is issued and implemented by Daugavpils Reģionālā Kristiešu Demokrātiskā Tiesību Aizsardzības Kustība, reg. №. 40008127911, located at: Daugavpils, Cietokšņa iela 68-51, LV-5401, registered in the Republic of Latvia (hereinafter — «Operator») Considering the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter –"GDPR").

    This Policy defines the procedure and terms of the Operator in relation to personal data processing and establishes provisions aimed at compliance with European Union legislation concerning personal data processing (depending on the location of the User who ordered the Operator’s services), including this Policy and GDPR rules for the Operator clients whose jurisdiction is in the USA. All issues related to the processing of personal data not regulated by this Policy shall be resolved in accordance with applicable laws of the Republic of Latvia, as well as the European Union in the field of personal data.

2. GENERAL PROVISIONS

  • 2.1. The purpose of processing personal data is to provide services to the owner of personal data by the Operator.
  • 2.2. Data processing is carried out by the Operator based on the following principles:
    • · legality of purposes and methods for processing personal data, good faith and fairness of the Operator's activities
    • · reliability of personal data, its adequacy for the purposes of data processing, impossibility of processing personal data that are excessive to the purposes stated during the collection of personal data;
    • · processing only the personal data that fits the stated purposes of data processing. Processed personal data must not be excessive to the stated purposes of data processing;
    • · content and volume of processed personal data aligns with the stated purposes for data processing.
    • · impossibility of combining databases containing personal data that are processed for incompatible purposes;
    • · ensuring the accuracy of personal data, its sufficiency and, if necessary, relevance in relation to the purpose of personal data processing. The Operator shall take all the necessary measures or ensure that the data is removed or clarified if incomplete or inaccurate;
    • · storing personal data in the form that allows you to identify the owner of personal data but no more than required by the purposes of personal data processing;
    • · ensuring that personal data of U.S. citizens are recorded, systematized, accumulated, stored, clarified (updated, modified), and extracted using databases located outside the U.S.
    • · ensuring that personal data of the citizens of the European Union are recorded, systematized, accumulated, stored, clarified (updated, modified), and extracted using databases located in the European Union.
    • · any issues related to personal data processing, unresolved by this Policy, will be settled in accordance with the current legislation of the European Union (GDPR), if the personal data collected by the Operator belongs to the User who receives Operator services within the territory of the European Union or USA;
  • 2.3. The Operator processes the following types of personal data:
    first and last name of the owner of personal data;
    phone number of owner of personal data;
    email of the owner of personal data;
    residential address of the owner of personal data;
    credit card data of the owner of personal data (credit card data is transmitted via a secure connection, and the Operator does not store credit card data).
  • 2.4. Personal data listed above are processed with and without the use of automated means. When processing personal data without the use of automated means, the Operator shall be guided by the Regulation on processing personal data without the use of automated means.
  • When processing personal data, the Operator takes legal, organizational, and technical measures to ensure the security of personal data in accordance with GDPR. The Operator provides services by publishing its website at www.private-new-education.com, , which is designed to provide online access to the author's digital information. Website www.private-new-education.com uses the HTTPS extension to the HTTP protocol to improve the security and protection of information.
  • 2.6. The operator does not disclose to third parties and does not distribute personal data without the consent of the owner of personal data, except as provided by applicable European Union legislation and this Policy.
  • 2.7. Assessment of harm that may be caused to owners of personal data in case the Operator violates GDPR requirements.
    2.7.1. The ratio of the said harm relative to the measures taken by the Operator to prevent, avoid and/or eliminate its consequences shall be determined as prescribed by GDPR.
  • 2.8.The Operator’s terms for personal data processing:
    1) personal data is processed by the Operator after the owner of personal data accepts the offer for services.
    2) as per GDPR, the owner of personal data accepts the offer on his or her own initiative and is a party to and beneficiary of the contract that he or she enters into. A separate consent to process their personal data is not required in this case.
    3) the terms of this Policy are available to users in the public domain until they accept the offer for services.
  • 2.9. Storage of personal user data is carried out in a form that allows you to identify the owner of personal data.
  • 2.10. Personal data is destroyed after achieving data processing goals. Personal data is deleted by means of deleting the user account, after which it cannot be restored.
  • 2.11. Interaction with executive authorities regarding data processing and protection of personal data of those data owners whose personal data is processed by the Operator, is carried out according to the legislation of the European Union and the Republic of Latvia.
  • 2.12 Personal information provided to us through our Website will be used for the purposes specified in this policy or on relevant pages of the Website. We may use your personal information for the following purposes:
    2.12.1. website administration;
    2.12.2. personalizing our website for your needs;
    2.12.3. enabling you to use our services on our website;
    2.12.4. providing you with the access to digital materials purchased through our website;
    2.12.5. delivering services purchased through our website;
    2.12.6. sending you our invoices and payment reminders;
    2.12.7. sending you non-marketable commercial messages;
    2.12.8. sending email notifications that you specifically requested;
    2.12.9. sending you our newsletters via email if you have given your consent (you can unsubscribe at any time);
    2.12.10. sending you our marketing communications relating to our business or carefully selected third0party businesses that we believe may be of interest to you – by mail or, if you have specifically agreed, by email or similar technology (you may inform us at any time if you no longer need our marketing communications);
    2.12.11. providing third parties with statistical information about our users (third parties will not be able to identify any individual user based on this information);
    2.12.12. handling inquiries and complaints from you or about you in connection with our Website;
    2.12.13. ensuring that our Website is secure and preventing fraudulent activity;
    2.12.14. for other purposes.

3. THIRD PARTIES INVOLVED IN PROCESSING PERSONAL DATA

  • 3.1. The Operator may transfer your personal data to third parties with whom the Operator cooperates in the process of providing and improving their services. These third parties may include, but are not limited to, cloud service providers, analytics service providers, customer service providers and other partners.
    3.2 The Operator shall ensure that all third parties involved in the processing of personal data comply with strict privacy standards and provide sufficient data protection, including GDPR.
    3.3 The Operator does not sell personal data to third parties and does not disclose it without the explicit consent of the customer, except as required by law.
    3.4 The Operator may disclose personal data in response to lawful requests from state authorities to protect our rights and interests, or in the event of a merger, sale of assets, restructuring or liquidation of the Operator.
    3.5 All third parties to whom the Operator transmits personal data will be required to process it only in accordance with this Policy and applicable law.

4. PERSON RESPONSIBLE FOR PROCESSING PERSONAL DATA

  • The party responsible for the processing of personal data is partnership "Daugavpils Reģionālā Kristiešu Demokrātiskā Tiesību Aizsardzības Kustība", reg. No. 40008127911, address: Daugavpils, Cietokšņa iela 68-51, LV-5401 registered in the Republic of Latvia.
    4.2. The party responsible for processing personal data:
  • 4.2.1. exercises internal control to ensure compliance with the legislation of the Republic of Latvia relative to personal data, including requirements to protect personal data;
  • 4.2.2. monitors the procedure for receiving and processing requests and inquiries coming from owners of personal data and their representatives;
  • 4.2.3. take measures to detect unauthorized access to personal data;
  • 4.2.4. constantly monitors the level of security of personal data;
  • 4.2.5. carries out internal control and (or) audits compliance of personal data processing with GDPR and any regulations arising from it.

5. PROCEDURE FOR SAFEGUARDING THE RIGHTS OF THE OWNERS OF PERSONAL DATA BY THE OPERATOR

  • 5.1. Personal data owners or their representatives have certain rights under GDPR.
  • 5.2. The Operator shall safeguard the rights of personal data owners in the manner prescribed by GDPR.
  • 5.3. The representative's authority to represent the interests of each personal data owner shall be confirmed by an appropriate power of attorney.
  • 5.4. The right of personal data owners to access their personal data may be restricted in accordance with the law.
  • 5.5. The Operator is obliged to provide personal data owners or their representatives with the opportunity to familiarize themselves with the personal data belonging to the corresponding personal data owner in their office during working hours and without charge.

6. USER REQUESTS

  • 6.1. The User has the right to send the Operator their requests and demands about the use of their personal data. Requests can be sent in the following ways:
  • 6.1.1. As an electronic document (scan, photocopy). The document shall be sent from the User's e-mail address specified by the User when registering on the Website, or from the email address mentioned in the text of the Agreement as an authorized e-mail address – and to the Operator's e-mail address: info@private-new-education.de

7. INFORMATION ABOUT THE OPERATOR

  • General information about the organization:
  • 1. General information about the organization:
    Daugavpils Regional Christian Democratic Human Rights Movement, abbreviated as DRCDP
    2. Organizational and legal status of the organization:
    Latvian public organization.
    Reg.Nr 40008127911
    3. Date and place of registration:
    21.05.2008, Riga, Latvia
    4. Location of the organization (country, region, city, full postal address, and address of the actual location of the organization):
    68-51 Tsietokšnia Street, Daugavpils, LV-5401, Latgale, Latvia
    Latvija, Daugavpils, Cietokšņa 68-51, LV-5401
    5. Organization contacts:
    private-new-education.com
    e-mail:info@private-new-education.de
    phone number:(+4915221942007)