Privacy Policy

Privacy Policy

In force from May 25, 2018

This Privacy Policy (hereinafter to as Policy) describes the order in which SIA "AFY TRAVEL", reg. No. 40103498264 (hereinafter referred to as AFY TRAVEL), processes Personal data of a natural person (data subject).

The purpose of this Policy is to provide the natural person (the data subject) with information about types of Personal data, processing procedure, purposes and grounds, as well as the rights of a natural person as a data subject.

1. General data protection regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

AFY TRAVEL processes Personal data in accordance with the provisions of the General Data Protection Regulation (or GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which entered into force on May 25, 2018. The Regulation establishes the principles of processing of Personal data (including the acquisition, use, storage and disposal) and determines the rights of a natural person as a data subject, that is, the ability to control the use of their data.

2. What is personal data

Personal data is any information (written, audio, video, electronic, biometric) directly or indirectly related to a natural person (the data subject) that refers to an identified or identifiable natural person, for example, name, surname, identification number, date of birth, phone number, postal address and e-mail address, photograph, one or more economic factors specific to a natural person, as well as other information that allows to identify a natural person.

3. What is the processing of personal data?

Processing of personal data is any action or set of actions accomplished with Personal data or a set of Personal data, performed with or without automatic means, such as collection, registration, organization, structuring, storage, adaption or modification, restoring, viewing, usage, transfer, distribution or otherwise making them available, coordination or integration, limitation, removal or destruction.

4. What is the subject of personal data whose data is processed by AFY TRAVEL?

The subject of personal data is any natural person who:

  • requested a commercial offer from AFY TRAVEL for a particular service provided by AFY TRAVEL, or;
  • expressed the desire of AFY TRAVEL to use, uses or used the services provided by AFY TRAVEL, or;
  • has given his or her consent to receive AFY TRAVEL commercial announcements, including news, advertising campaigns, events, discounts, competitions, lotteries and giveaways, as well as track (profile) their buying habits to receive personalized offers, or;
  • has expressed his or her consent to participate in the AFY TRAVEL loyalty (client) program, (hereinafter referred to as client).

5. What personal data is processed by AFY TRAVEL?

AFY TRAVEL receives the client's personal data from the client, the sources used by the AFY TRAVEL website, as well as from third parties. AFY TRAVEL processes the following personal data:

  • Identification data, such as name, surname, personal code, date of birth, identity document (for example, passport, ID card, photograph) and the data contained therein, or other document containing the client's personal data;
  • Contact information, such as phone number, e-mail address, postal address, language of communication with the client;
  • Professional data, such as education or professional careers;
  • Family data, such as information about the client's family and other client-related persons whom the client has stated with him or her to receive the AFY TRAVEL services;
  • Data obtained in the performance of duties specified in normative acts, such as data obtained as a result of requests for information from state bodies, courts, sworn notaries and bailiffs;
  • Data received during business relations with the client, such as agreements concluded with the client (including current and past), the history of the requested and used services by the client, signed and submitted by the client applications, claims, requests and complaints;
  • Communication data received when the client visits AFY TRAVEL in the office premises, participates in events organized by AFY TRAVEL, contacts AFY TRAVEL by phone, e-mail or other means of communication, as well as data obtained when the client uses the home page of AFY TRAVEL.

6. What are the purposes and fundamentals of personal data processing by AFY TRAVEL?

AFY TRAVEL performs processing of client’s data for one or more of the following purposes:

 

  • it is necessary to fulfil or conclude an agreement on the provision of AFY TRAVEL services;
  • it is necessary to provide the services chosen by the client, including the processing and provision of services requested by the client;
  • it is necessary for the requested by the client commercial offer of AFY TRAVEL about the specific service provided by AFY TRAVEL;
  • it is necessary for the implementation of normative acts;
  • it is necessary to send AFY TRAVEL commercial announcements, including news, offers, events, discounts, contests, lotteries and giveaways, or to track (profile) client's customer habits, if previously received a separate and obvious consent of the client;
  • it is necessary for the client to participate in the AFY TRAVEL loyalty (client) program;
  • it is necessary to register a client on the AFY TRAVEL website;
  • it is necessary to implement or protect the legitimate (legal or contractual) interests of AFY TRAVEL.

7. Automated processing of personal data

Personal data of the client can be automated processed to develop the business activities of AFY TRAVEL, promote products and services and marketing activities, including adjusting the functioning of the website and commercial ads for the client's customer habits. Namely, AFY TRAVEL can analyze the data of visiting and using the website to offer advertising, products, services, discounts or participation in certain promotions in accordance with the habits and interests of each client.

8. To whom AFY TRAVEL can send personal data?

AFY TRAVEL can transmit client’s personal data to other recipients of personal data:

  • in cases specified by normative acts, if required by one of the state institutions and authorized institutions, by courts, sworn notaries and bailiffs;
  • if this is required for the provision of AFY TRAVEL service, the performance of a service agreement, and for the implementation or protection of the legitimate or contractual interests of AFY TRAVEL, for example:
  • to other persons who are a party or otherwise involved in the provision and performance of the service requested by the client. In such cases, AFY TRAVEL grants or receives from such third parties the personal data of the client to the extent necessary to ensure the appropriate action;
  • to third parties to whom AFY TRAVEL with the agreement has instructed to perform certain functions or provide the services necessary to provide AFY TRAVEL services and activities related to the provision or performance of AFY TRAVEL services or who have entered into an appropriate agreement with AFY TRAVEL (including, but not limited to: legal advisers, financial advisors and auditors, account management, communication (messages) providers, postal and information technology service providers, service providers that provide AFY TRAVEL services in connection with the information lending and providing a client management program). In such cases, AFY TRAVEL grants or receives from third parties the personal data of the client to the extent necessary to provide the relevant service or action;
  • third parties that support registers, such as population registers, business registers and other registers that contain or through which personal data can be transferred;
  • debt collectors, administrators of bankruptcy or insolvency processes.
  • if this is required to send AFY TRAVEL commercial announcement and the client's participation in the AFY TRAVEL loyalty (client) program, for example, to third parties to whom AFY TRAVEL with an agreement has instructed to perform certain functions or provide the services necessary to sell AFY TRAVEL products, send commercial announcements. In such cases, AFY TRAVEL grants or receives from third parties the personal data of the client to the extent necessary to provide the appropriate service or action.

9. Transfer of personal data outside the European Union

In some cases, AFY TRAVEL can transmit personal data outside the European Union, for example, when using storage solutions that provide data storage services outside the European Union.

Depending on the circumstances, AFY TRAVEL may choose the special guarantees for the protection of personal data specified in the Regulation.

The client has the right to access or obtain information from AFY TRAVEL about the transfer of his or her personal data outside the European Union.

10. How long does AFY TRAVEL store data?

AFY TRAVEL processes the client's personal data as long as it is necessary for a specific purpose to ensure the fulfillment of its obligations to the client and compliance with the requirements of normative acts. Personal data is not stored longer than necessary or required by existing normative acts.

11. What are the rights of the AFY TRAVEL client as a data subject?

The client as the data subject has the following rights to process his or her personal data:

  • the right to access his or her personal data - the client has the right to be informed about whether AFY TRAVEL processes his or her personal data, and, if processed, the client can request access to his or her personal data, and ask for full information about where, how and why his or her personal data is stored and used, as well as to receive his or her personal data, which he or she provided and which are processed;
  • the right to correct his or her personal data - the client has the right to request correction of his or her personal data if they are insufficient, incomplete or incorrect;
  • the right to object to the processing of personal data - the client has the right to file objections in connection with the processing of his or her personal data if the use of personal data is based on marketing purposes, for example, to obtain marketing proposals;
  • the right to withdraw consent - the client has the right to withdraw his or her consent to the processing of personal data;
  • the right to be forgotten - the client has the right to request the removal of his or her personal data, if it does not contradict the requirements of the law, for example, if personal data is processed on the basis of the client's prior consent and the client withdrew his or her consent. This right is invalid if the personal data, the removal of which is requested and processed in accordance with the requirements of normative acts;
  • the right to file complaints - the client has the right to file complaints about the processing of his or her personal data in AFY TRAVEL and the State Data Inspection, if the client believes that the processing of his or her personal data violates the rights of the client that are specified in normative acts;
  • other rights established in accordance with the GDPR.

12. Where the AFY TRAVEL client can turn in connection with the processing of personal data

The client can apply to AFY TRAVEL in connection with the processing of personal data (in connection with issues, the provision or withdrawal of consent, the use of his or her rights and complaints about the use of personal data), sending his or her requests to the postal address Rupniecibas str. 19-18, LV-1010, Riga or to the e-mail address: Turn on Javascript! with the subject notice "Processing of personal data."