Privacy policy

The purpose of the privacy policy is to provide a natural person ‒ data subject ‒ with the information regarding the purpose, extent, protection of the processing of personal data, and the processing period at the time when data are obtained and when processing personal data of the data subject. 

1. Controller:

  • The Controller for the processing of personal data shall be “TONUS ELAST” LLC (hereinafter referred to as TE ), unified registration No. 40003233170, legal address “Pilskalni”, Grinvalti, Nicas pagasts, Dienvidkurzemes novads, LV-3473, Latvia.
  • TE contact details in matters related to the processing of personal data shall be:
    email address: info @ tonuselast.com , address: “Pilskalni”, Grinvalti, Nicas pagasts, Dienvidkurzemes novads, LV-3473, Latvia, phone (+371) 63431547. You can ask questions about the processing of personal data by using this contact information or applying to the legal address. Application for the exercise of one’s rights may be submitted in accordance with the present Privacy Policy.
  • The tasks of the responsible person referred to in the preceding paragraph shall be as follow: to inform and advise employees of TE regarding issues related to the processing of personal data, to monitor compliance with the regulatory enactments related to the protection of personal data in TE, to cooperate with the supervisory authority and to provide advice to the persons addressing TE in matters related to the data processing.

2. Subjects of the Privacy Policy

  • Personal data shall mean any information relating to an identified or identifiable natural person.
  • The Privacy Policy shall apply to ensure the protection of privacy and personal data in respect of:
    • natural persons ‒ partners, employees and third parties who receive or transfer to TE any information (including contacts, payers, etc.) in relation to the provision of services;
    • the visitors of TE office and other premises and territories, including those for whom video surveillance is carried out;
    • users of the homepage maintained by TE; (hereinafter all of them collectively referred to as the Persons).
  • TE shall take care of the privacy of the Persons and the protection of personal data, respect the rights of the Persons to lawfulness of the processing of personal data in accordance with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as ‒ the Regulation) and other regulatory enactments in the field of privacy and data processing.
  • The Privacy Policy shall apply to data processing regardless in what form the data are provided and processed.
  • TE may, for certain types of data processing, lay down additional rules whereof the Person is informed at the time when he/she provides the relevant data.

3. TE shall process personal data for the following purposes:

  • Provision of services and enforcement of the contract. The purpose relates to the provision of services and to the implementation of contracts (transactions) concluded. Processing of personal data shall be carried out on the basis of law and contract (transaction);
  • Preparation, conclusion or amending of the contract. The purpose applies to new applications for an existing or new transaction, including services. The processing of personal data shall be carried out on the basis of law or contract (transaction);
  • Fulfilment of the contractual commitments and the provision of services;
  • Advertising and distribution of services for commercial purposes;
  • Examination and processing of applications, complaints and claims;
  • Settlement administration, recovery and enforcement of debts. The purpose relates to the activities carried out within the framework of settlements with the person. The processing of personal data shall be carried out on the basis of law and contract (transaction);
  • Maintenance and improvement of the homepage;
  • Provision of information to national regulatory authorities and the bodies performing operational activities in the cases and to the extent specified in external regulatory enactments;
  • Processing of personal data for internal administrative purposes within the framework of JSC “Olainfarm” Group. The purpose relates to the processing of personal data for intra-group administrative purposes, such as the prevention of conflict of interest and the prevention of illegal transactions. The processing of personal data shall be based on a legitimate interest;
  • Enforcement of binding regulatory enactments. The purpose relates to the basis for processing of personal data provided for in regulatory enactments, such as areas of accounting, taxes, levies, etc.;
  • Organisational management, planning and accounting of TE (including recording, ensuring processes, services, information systems, personal records, merchant succession, implementation of public relations and social responsibility). The purpose applies to measures for integrated management of an undertaking, including in accordance with national and internationally recognised corporate governance principles, by ensuring tracking, control and perfection of internal processes. The processing of personal data shall be carried out on the basis of law, legitimate interest and consent of the person.
  • Accounting/financial and tax management. The purpose relates to accounting, tax payments, settlements, etc. We process the personal data on the basis of law and contract (transaction);
  • Other specific purposes, whereof the Persons are informed prior to the data provision;
  • In any of these cases, TE shall process Personal Data only to the extent permitted by the specific purpose of the processing.

4. How does TE obtain personal data

  • Information, which is obtained by TE regarding the Person, depends on the content of transaction. Information provided within the framework of any kind of cooperation is obtained in a similar way.
  • Information provided to TE by the data subject (Person) regarding himself or herself, i.e. the data subject or its authorized person, through communication or cooperation with TE, such as conclusion of a contract, requesting information or submitting application for examination of a particular question or request, communication through information channels, including social networks, visiting the events organized or the activities supported by TE, during which photos or video images may be taken provided it has been notified of in advance.
  • In order to comply with the requirements specified in regulatory enactments, to ensure long-term cooperation and credit risk management, TE may need to request data also from publicly available registers, including databases maintained by LURSOFT – Commercial Register, the Land Register, Insolvency Register, Commercial Pledge Register etc.
  • Cookies can be used on TE homepage, which we will inform of during the visit to the homepage.

5. Legal basis for the processing of personal data

  • conclusion and execution of the contract ‒ to enter into a contract basing on application and to ensure the fulfilment of such contract;
  • enforcement of regulatory enactments ‒ in order to comply with the obligation or the rights specified in regulatory enactments;
  • consent of the data subject;
  • in lawful (legitimate) interests ‒ for the purpose of implementing the lawful (legitimate) interests of TE arising from the existing obligations or from the concluded contract, or from the law:
    • to engage in commercial activities;
    • to ensure fulfilment of the contractual liabilities;
    • to maintain applications and submissions regarding the provision of services, other applications and submissions, comments regarding the same, including those made verbally and at the homepages;
    • to develop and improve the products and services;
    • to advertise products and services;
    • to send other reports regarding the progress of the contract performance and relevant events for the contract performance;
    • to ensure and improve the quality of services;
    • to administer payments;
    • to administer outstanding payments;
    • to apply to the state administration authorities, to the bodies performing operational activities, and to the courts for protection of its legal interests;
    • to inform the public regarding their activities.

6. The processing and protection of personal data

  • TE shall process and protect the Personal Data by means of modern technology capabilities, taking into account the existing privacy risks and reasonably available organizational, financial and technical resources.
  • In order to ensure high quality and operational performance of contractual commitments, TE may authorize its co-operation partners to provide specific services, such as the staff health insurance services, invoicing and the like. Where, in carrying out such tasks, the co-operation partners are processing personal data at disposal of TE, the cooperation partners concerned shall be deemed to be the processors of personal data and TE shall be entitled to transfer the personal data necessary for performance of such activities to the cooperation partners to the extent necessary for the performance of these activities.
  • The co-operation partners of TE in their capacity of the processor of personal data will ensure compliance with the personal data processing and protection requirements in accordance with regulatory enactments and will not use personal data for other purposes, save for the fulfilment of concluded contractual obligations on behalf of TE.

7. Categories of the recipients of personal data, or to whom the data are disclosed

  • TE shall not disclose personal data or any information obtained during the provision of services and during validity of the contract to third parties including the information regarding nature, substance, etc. of the services, except:
    • if the third party has to transfer the data within the framework of the contract concluded for the purpose of performing any function required for fulfilment of the contract or any function delegated by law (for example, to a bank within the framework of settlements or for the provision of service);
    • if clear and explicit consent of the data subject has been given;
    • to the parties provided for in regulatory enactments upon their reasonable request, in accordance with the procedures and to the extent specified therein;
    • in the cases specified in regulatory enactments, for the protection of legitimate interests of TE, by application to the courts or other public authorities.
  • Personal data may be disclosed to the companies of JSC “Olainfarm” Group. The safety of personal data constitutes a priority in companies of JSC “Olainfarm” Group, and the business processes are carried out in accordance with the requirements laid down in regulatory enactments.
  • Personal data may be disclosed to the cooperation partners ‒ merchants wherewith the companies of JSC “Olainfarm” Group have concluded cooperation agreements and there are mutual obligations. Such as for provision of services, provision of delivery (including delivery of parcels and contracts etc., including couriers, mail etc.), quality control (including surveyors), security and protection of the services (cooperation partners providing support for the safety and the protection of employees, customers, visitors, facilities and infrastructure, including security, legal assistance providers etc.) and provision of management (cooperation partners for the management and the provision of organizational, financial management and accounting processes, including auditors, revisers, event organizers etc.).
  • Supervisory authorities. For example, market surveillance authorities, law enforcement bodies and rescue services in accordance with regulatory enactments.
  • Third parties. For example, natural or legal persons, public authorities, agencies or bodies other than data subjects, managers or processors.
  • Personal data may be disclosed (transferred) to another person in connection with business transition, any merger, acquisition, sale of assets, transfer of the provision of service to another merchant, etc.

8. Disclosure of personal data outside the European Union

  • TE does not transfer personal data outside the European Union.
  • In case of necessity TE will ensure the procedures laid down in regulatory enactments for the purpose to ensure the level of processing and the protection of personal data equivalent to the one laid down in the Regulation.

9. Personal data storage period

  • Personal data shall be stored to the extent necessary for attainment of the purposes set out in the Privacy Policy, provided that longer storage is not established by regulatory enactments. For determination of the data storage period, the criteria are used in compliance with the provisions of regulatory enactments, such as examination of claims, protection of rights, solving issues, compliance with limitation period etc., as well as with respect to the rights of natural persons, such as determination of the data storage for the period, in which the claims related to the transaction may be applied, if any.
  • TE shall store and process personal data until at least one of the following criteria exists:
    • validity of the concluded contract;
    • in the case specified in regulatory enactments, to the extent and within the time limit provided for therein;
    • while any party has a legal obligation to store the data;
    • until the consent of the data subject to the relevant processing of personal data is effective, if there is no other legal basis for the processing of data.
  • Upon expiry of the data storage period, personal data shall be deleted or destroyed.

10. Rights and obligations of the person (data subject)

  • The person (data subject) shall be entitled to obtain all the information collected regarding him or her in any personal data processing system.
  • The person shall be entitled to obtain information about those natural or legal persons who have received information about the person from the Controller within a specified period of time. The information to be provided to the person must not include the public authorities, which are directing criminal proceedings, the bodies performing operational activities, or other institutions, for which the law prohibits such information from being disclosed.
  • The person shall also be entitled to the following information if, in the case concerned, it is applicable:
    • company name or given name and surname and address of the Controller;
    • contact information of the data specialist or the person responsible for the data processing of TE;
    • purpose, legal basis and type of the processing of personal data;
    • the recipients of personal data or the categories of recipients, if any;
    • information that the controller intends to send personal data to a third country or international organization;
    • date when the most recent modification to the personal data of the data subject has been made, the data have been deleted or blocked;
    • source for obtaining the personal data, unless the law prohibits disclosure of such information;
    • period of time, for which the personal data will be stored, or, if this is not possible, the criteria used for determination of that period;
    • that there is a right to require the Controller to access the personal data of the data subject and to rectify or erase the same, or to restrict the processing in respect of the data subject, or the right to object to the processing, as well as the right to the data portability;
    • the right to withdraw his or her consent at any time without affecting the lawfulness of such processing, which is based on the consent provided prior to the withdrawal;
    • the right to submit a complaint to the supervisory authority;
    • information regarding whether the provision of personal data is determined in accordance with law or contract, or it constitutes a prerequisite for conclusion of the contract, as well as information regarding whether the data subject is subject to any obligation to provide personal data and what consequences may be in cases where such data are not provided;
    • that there exists automated decision making, including mentioned profiling.
  • The person shall be entitled, in accordance with regulatory enactments, to request access to his or her personal data and to request supplementing, rectification or erasure of the processed data, or the restriction of processing, as well as to object to the processing, including to the processing of personal data carried out on the basis of lawful (legitimate) interests of TE, as well as the right to the data portability. Such rights shall be exercised in so far as the processing of data is not derived from the obligations of TE which are imposed by the effective regulatory enactments and complied with in the public interest.
  • The person may submit a request for exercising his or her rights:
    • in a written form by serving at the address “Pilskalni”, Grinvalti, Nicas pagasts, Dienvidkurzemes novads, LV-3473, Latvia, by presenting a personal identity document;
    • via electronic mail, by signing with a secure electronic signature sending to the email address info @ tonuselast.com;
  • Upon receipt of a request from the Person regarding exercising his or her rights, TE shall verify the identity of the Person, assess the request and execute it in accordance with regulatory enactments.
  • TE shall send a reply to the received request by mail to the designated contact address in a registered letter or shall serve it in person, taking into consideration, as far as possible, the manner of receiving the response specified by the Person.
  • TE shall ensure enforcement of the data processing and protection requirements in accordance with regulatory enactments and, in the event of objections, shall take appropriate measures to resolve the objection. However, in the case of failure to do so, the Person shall be entitled to apply to the supervisory authority ‑ the Data State Inspectorate.
  • The Person must provide TE with information regarding modifications to the personal data at disposal of the TE within a reasonable period of time.
  • The Person shall be obliged to become cognizant of the Privacy Policy of TE prior to the commencement of the cooperation.

11. Consent to the processing of data and the right to withdraw it

  • Where the processing of Personal Data takes place on the basis of consent to the processing of personal data, the Person shall be entitled to withdraw his or her consent to the processing of data at any time in the same manner as it was given, and in that case, further processing of the data based on the previously given consent for that purpose shall not be carried out in the future.
  • The withdrawal of the consent shall not affect the processing of data carried out at the time when the consent of the Person was effective.
  • The withdrawal of the consent shall not terminate the processing of data carried out at the time when the consent of the Person was effective.

12. Other provisions

  • TE does not carry out automated decision making or profiling with regard to natural persons.
  • TE shall be entitled to supplement or change the Privacy Policy by making it available to the Persons on the homepage of TE or in the office premises in paper format.
  • TE retains its previous versions of the Privacy Policy and those are available on TE homepage or in the office premises in paper format.
Customer service
Worldwide delivery
Quick delivery
Quality