1. Introduction

SIA "CNCart " hereinafter - the Owner), on the website   www.cncart.lv   (hereinafter - the Website) processes personal data obtained from the data subject – of the website user (hereinafter – the User).

The Manager takes care of the User's privacy and personal data protection, respects the User's right to the legality of personal data processing in accordance with the applicable legislation - Regulation 2016/679 of the European Parliament and the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and such data free circulation (Regulation) and other applicable laws in the field of privacy and data processing.
Taking into account the above, the Controller has developed this privacy policy with the aim of providing the User with the information provided for in the Regulation.
The privacy policy applies to data processing regardless of the form and/or medium in which the User provides personal data (on the Website, in paper format, in person or by telephone).
The manager reserves the right to change these terms at any time. It is the responsibility of the website visitor to independently check the content of the website in order to familiarize himself with the changes in the rules.

2. Identity and contact information of the controller

The manager is SIA "CNCart", Reg. No. 52103071251. The manager's address is Liepāja, Toma iela 12/20-47, LV-3401, website -  www.cncart.lv , e-mail - info@cncart.lv, phone (+371) 29 685 085

3. Purposes of personal data processing, as well as the legal basis of processing

If the User submits his/her personal data to the Controller by telephone, using the Website's contact forms, e-mail or other type of mail, we save and use this information to fulfill or conclude a relevant service provision agreement, including for customer identification; for the preparation and conclusion of the contract; for the provision of services (fulfillment of contractual obligations); for customer service; for consideration and processing of objections; to increase customer loyalty; for payment and settlement administration; for debt recovery and collection; for proving facts, maintaining the website and improving its operation; for business planning and analytics; for planning and accounting. Also, we will process this data for the provision of information to state administrative authorities and subjects of operational activity in the cases and to the extent specified in external regulatory acts.
The legal basis for data processing is the conclusion and execution of the contract, the fulfillment of regulatory acts, in accordance with the consent of the Client - the data subject, our legal (legitimate) interests (for example, to verify the identity of the Client before concluding the contract; to ensure the fulfillment of contractual obligations; to analyze the operation of website applications, to provide service delivery efficiency, etc.

4. Categories of personal data

Categories of personal data – name, surname, personal code, e-mail or postal address, IP address, phone number, message or letter content, etc.

5. Categories of recipients of personal data

The data is disclosed to those employees of the Manager who need it for the performance of their direct duties in order to fulfill or conclude a relevant service provision agreement.
When collecting and using personal data, we partly use the services of external service providers who, according to the contract, strictly follow our instructions and who we control before using the service and in the future.

6. Categories of data subjects

Categories of data subjects – current, former and potential customers of the Controller, as well as other persons who express a desire to communicate with the Controller.

7. Data transfer outside Latvia

The received data is not planned outside of Latvia, the European Union or the European Economic Area, nor will it be transferred to any international organization. At the same time, taking into account that the Website is connected to Google and Facebook services, the Manager cannot guarantee that the mentioned companies will not transfer the data outside the European Union or the European Economic Area.

8. Duration of data storage

We process and store the User's personal data as long as one of the parties has a legal obligation to store the data.
After the aforementioned circumstances cease, and unless otherwise stated in the data protection instructions, we delete personal data no later than three months after the original reason for retaining the data no longer applies, unless we are legally obliged to continue to retain this data (for example, but not limited to, accounting or legal proceedings).

9. Data subject access to personal data

The data subject has the right to receive access to the data subject's personal data within one month from the date of submission of the relevant request.
The user can submit a request for the exercise of his rights in written form in person, at the Controller's legal address (by presenting a personal identification document), by mail or e-mail, signing with a secure electronic signature;
Upon receiving the User's request for the exercise of his rights, the Controller verifies the User's identity, evaluates the request and fulfills it in accordance with the regulatory enactments.
The user has the right to receive the information stipulated in the regulatory acts in connection with the processing of his data, the right to request access to his personal data, as well as to request the Controller to supplement, correct or delete it, restrict processing or the right to object to processing, as long as these rights do not conflict with the purpose of data processing (conclusion or performance of contracts).
The data subject does not have the right to receive information if this information is prohibited to be disclosed in accordance with the law in the field of national security, state defense, public safety, criminal law, as well as for the purpose of ensuring the state's financial interests in tax matters or the supervision and macroeconomic analysis of financial market participants.

10. Processing of cookies

The Website collects data about the Website visitors, thus enabling the Website maintainer to evaluate how useful the Website is and how it could be improved.
The Manager is constantly improving the Website with the aim of improving its use, so the Manager needs to know what information is important to the Website visitors, how often they visit the Website, what devices and browsers they use, what region the visitors come from, and what content they like to read the most.
The Manager uses the Google Analytics system, which allows the Manager to analyze how visitors use the Website. You can learn about how the basic principles of Google Analytics work on the Google website https://support.google.com/analytics/answer/1012034?hl=lten&ref_topic=6157800 . The Manager uses the collected data in his legal interests to improve the understanding of the needs of the Website visitors and to improve the accessibility of the information published by the Manager. The visitor can opt-out of data collection by Google Analytics at any time, as described here: https://tools.google.com/dlpage/gaoptout/ .
The server hosting the Website can record the requests sent by the visitor (used device, browser, IP address, date and time of access). The data mentioned in this paragraph is used for technical purposes: to ensure the proper functioning and security of the Website and to investigate possible security incidents. The basis for collecting the data referred to in this paragraph is the Controller's legal interest in ensuring the technical availability and integrity of the Website.
Cookies are small files that, each time a visitor visits the Website, the browser saves on the visitor's computer in the amount specified in the browser settings of the visitor's computer. Individual cookies are used to select and apply the information and advertisements offered to the visitor, based on the content that the visitor has viewed previously, and thus make the use of the Website simple, convenient and individually suitable for visitors. Additional information about cookies, as well as their deletion and management, can be obtained from the website www.aboutcookies.org.
The Site uses cookies to collect user IP addresses and browsing information and to allow the Site to remember the visitor's choices. Cookies allow the Controller to keep track of the data flow of the Website and user interaction with the Website - the Controller uses this data to analyze visitor behavior and improve the Website. The legal basis for the use of cookies is the Manager's legitimate interest in ensuring the functionality, availability and integrity of the Website.
The visitor can control and/or delete the cookies according to his choice. More information about this process is available here at www.aboutcookies.org. The visitor can delete any cookies that are on his computer, and most browsers can be set to block the placement of cookies on the computer. The visitor can refuse cookies in the browser menu or https://tools.google.com/dlpage/gaoptout. To make the necessary settings, the visitor needs to familiarize himself with the terms of his browser. If cookies are blocked, the visitor will have to manually adjust the settings each time the Website is visited, and there is a possibility that some services and functions will not work.
Statistical data on Website visitors can only be accessed by the Manager's employees who are responsible for analyzing such data.
Unless otherwise specified, cookies are stored until the activity for which they were collected is performed and then deleted.
In the event that the possibility of a forum or comments has been expanded on the Website of the Controller, in such a case, the IP address and data provided by the visitor are stored on the Website. Cookies containing this data can be stored for one year for your convenience (so that you don't have to write a new one the next time).

11. Third Party Websites

We may work with third parties that are authorized to place third-party cookies on our websites or our services, apps and tools with your consent. These service providers enable us to provide you with a better, faster and more secure website experience. Please note that third-party cookies are subject to third-party privacy policies, so we are not responsible for those privacy policies.
The "Facebook pixel" tool is installed on the site. The purpose of using this tool is to tailor content and ads to Facebook users. To learn more about Facebook's privacy policy, click here https://www.facebook.com/about/privacy/ . You can also change your ad settings in your Facebook profile.

12. The right to submit a complaint to the supervisory authority

The data subject has the right to submit a complaint to the supervisory authority (National Data Inspectorate). Documents are accepted at the Data State Inspectorate using mail, electronic mail (documents signed with a secure electronic signature), and they can also be left in the mailbox on the 1st floor at Blaumaņa street 11/13, Riga. The Data State Inspectorate accepts electronic mail sent to the electronic mail address info@dvi.gov.lv.

13. Validity of Privacy Policy

We reserve the right to change and supplement the content of this privacy policy from time to time to clarify the description of how we process your data.
Taking into account the above, we invite you to regularly review this privacy policy so that you are informed about the processing of your personal data on the Website.