Privacy Policy

1. General rules

This Privacy Policy describes how gpleco SIA, registration No. 40203680152 (the Data Controller), collects, processes, and stores personal data obtained from customers and visitors of https://gpleco.com.

Personal data means any information relating to an identified or identifiable natural person (Data Subject). Processing means any operation performed with personal data, including collection, recording, modification, use, viewing, deletion, or destruction.

The Data Controller complies with applicable data processing principles and legal requirements.

2. Collection, processing, and storage of personal data

Personally identifiable information is primarily collected, processed, and stored through the website and email communication.

By visiting and using the website services, you agree that provided information is used according to this Privacy Policy.

The Data Subject is responsible for providing correct, accurate, and complete personal data and for notifying the Data Controller about changes.

The Data Controller is not liable for damages caused by incorrect personal data submitted by the Data Subject.

3. Processing of customer personal data

The Data Controller may process the following personal data:

Name and surname.
Date of birth.
Contact details (email address and/or phone number).
Transaction details (purchased goods/services, delivery address, price, payment details, etc.).
Any other information submitted while purchasing services/goods or contacting us.

The Data Controller may verify submitted data using publicly available registers where applicable.

Legal basis for processing under GDPR Article 6(1) includes:

(a) the Data Subject has given consent for one or more specific purposes;
(b) processing is necessary for performance of a contract or pre-contract measures at the Data Subject's request;
(c) processing is necessary to comply with a legal obligation;
(f) processing is necessary for legitimate interests of the controller or a third party, except where overridden by the Data Subject's rights and freedoms.

Personal data is stored while at least one of the following applies:

data is necessary for the purpose for which it was received;
the controller or Data Subject can exercise legitimate interests under applicable laws;
a legal obligation to store data exists (for example, accounting requirements);
the Data Subject's consent is valid, unless another lawful basis applies.

When the above circumstances end, personal data is permanently deleted or anonymized.

To fulfill obligations, the Data Controller may transfer personal data to processors and partners (for example accountants, couriers, hosting, IT, and payment service providers). Personal data may also be provided to public authorities and law enforcement when legally required or necessary to protect legal interests.

The Data Controller implements organizational and technical security measures to protect personal data against accidental or unlawful destruction, alteration, disclosure, or other unlawful processing.

4. Rights of the Data Subject

Under the GDPR and laws of the Republic of Latvia, you have the right to:

access your personal data, receive information about processing, obtain an electronic copy, and request data portability;
request correction of incorrect, inaccurate, or incomplete data;
request deletion of personal data (right to be forgotten), except where retention is required by law;
withdraw previously given consent;
request restriction of processing;
contact the Data State Inspectorate.

You can submit a request regarding your rights by contacting us at [email protected] or by post to Skerstes str 13, Riga, Latvia.

5. Final provisions

This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) and applicable laws of the Republic of Latvia and the European Union.

The Data Controller may update this Privacy Policy at any time without prior notice. Changes become effective upon publication on https://gpleco.com.