Pirts/Spa

Rooms

Bike rental

Gift cards

Privacy Policy

We value and respect your privacy. The purpose of this privacy policy is to inform customers and other stakeholders about the procedure we have in place for processing their personal data in accordance with The General Data Protection Regulation (EU) 2016/679 (GDPR) of the European Parliament and of the Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Data controller and their contact information:

Controller: SIA "Ziedleju stāsti"

Registration number: 50103836151

Legal adress : Sigulda District, Ziedlejas-Gaujmaļi, LV-2150

Website: www.ziedlejas.lv

E- mail address: info@ziedlejas.lv

Classification of personal data and the purpose of processing

Personal data means any information relating to an identified or identifiable natural person (further referred to as the data subject), by which they can be identified:

  • Personal identification data (name, surname, date of birth, personal code/individual identifier),      
  • Contact information (phone number, email address, contact address),      
  • Professional experience and education data (occupation, professional competence),      
  • Personal communication and behavioral data (retrieved during a telephone, electronic and personal communication, feedback during recruitment process),      
  • Information about received and planned services,      
  • Payment information (bank account details),      
  • Physical, physiological, genetic, psychological as well as economic, cultural and social identity (citizenship, etc.) characteristics of the data subject,      
  • Other information related to an individual (biometric data: face, image, marital status, car registration number, etc.) provided by the subject at their own discretion in the process of communication.      

A data subject can be a customer (former, present or potential), a service recipient, a guest, a visitor of a website, a cooperation partner, an employee or a job applicant.

We process personal data of subjects for the following legitimate purposes:

  • Provision of services (customer identification, preparation of contracts, provision of services, advertising, distribution services, development of new services, review and processing of claims),      
  • Business planning and analytics (statistics, market research, customer satisfaction assessments),      
  • Prevention or detection of criminal acts in order to protect property and vital interests, i.e., life and health,      
  • Provision of information to government institutions in the cases and within the scope established by external regulations,      
  • During the selection process of potential employees and in order to establish employment relations,      
  • Archiving of documents in cases and within the scope established by external regulations,      
  • For other specific purposes, which are communicated to the client at the time of request for the relevant personal data.      

Legal basis for the processing of personal data

The legal interests of SIA “Ziedleju stāsti” are: to conduct business, to verify the identity of the client before concluding a contract, to ensure the fulfillment of contractual obligations, to eliminate unreasonable risks to the business, to analyze the quality of services and make improvements, to take measures to retain customers and expand the client base, to prevent fraud, to administer payments, to ensure efficient business management processes, to turn to government and public service institutions for the protection of their legal interests, to inform the public about their activities.

Access to personal data

Access to personal data is granted to the following: employees of the controller - to the extent required for the performance of their duties; processors of personal data - external service providers - to the extent required to fulfill the contract or to perform the functions delegated by law (for example, banking settlement procedure); government agencies and local government institutions - upon having submitted a substantiated request; law enforcement agencies - in cases stipulated by legislation.

Rights of the subject

According to the legislation, the subject has the right to access their personal data that is stored in the information systems of the controller, to ensure it is correct, to edit and update their personal data, to demand deletion or termination of processing of their personal data if it is incomplete, outdated or processed illegally, as well as the right to transfer their personal data elsewhere.

The subject has the following options to exercise their rights:

  • They can submit a written request in person at the following address: Sigulda district, Ziedlejas - Gaujmaļi. A proof of identity is required.       
  • They can submit a request electronically by sending a request signed with a secure e-signature to the e-mail address info@ziedlejas.lv 

The subject’s request is then assessed in line with the legislation and response is sent to the contact address specified by the client in accordance with the procedure and within the time frame established by the legislation.

If the subject has reason to believe that the controller has acted unlawfully, they have the right to lodge a complaint with the State Data Inspectorate at the address: Blaumaņa 11/13, Riga, LV – 1011.

Providing us with the information we request is not compulsory, but it is a pre-requisite for our services.

We do not use personal data for automated decision making or profiling.

The personal data of SIA “Ziedleju stāsti” clients is not transferred outside of the European Union or the European Economic Area.

Retention of personal data

Personal data is retained from the time of receipt until at least one of the following criteria applies:

  • Personal data retention regulation (the “Accounting” (‘Par Grāmatvedību’) Law, the “On archives” (‘Arhīvu’) Law, etc.) is in force,      
  • There is a legal obligation to store data,      
  • The consent of the subject to the relevant processing of personal data is valid,
  • he order in which the controller or subject can pursue their legitimate interests (for example, to submit a claim or take it to court) is set by external legislation and is in force.

When all above mentioned criteria ceases to apply, the personal data of subjects is deleted or made inaccessible or unidentifiable.

Data security

The controller ensures that data processing complies with the following principles:

  • Lawful and diligent processing of personal data,      
  • Data minimization, i.e., collecting only the minimum amount of data required to deliver the service,      
  • Data accuracy,      
  • Data retention only for the duration needed for processing,      
  • Data security and confidentiality.      

We constantly review and improve security measures to protect personal data from unauthorized access, accidental loss, disclosure or destruction. To do this, we use the necessary technical and organizational measures, including antivirus software and firewalls. However, we strongly recommend that our customers comply with the general data security rules as well as requirements for storing personal data when using electronic devices and the internet.

CCTV

The controller carries out video surveillance, in this way processing personal data during the subject’s visits to common areas where services are provided. Video surveillance is carried out in real time and is required to protect vital interests, including the life and health of the controller's employees, customers and other subjects. Video cameras are located to provide exclusively security functions and to avoid acquiring personal data, processing of which is not necessary to achieve legitimate goals. The controller ensures complete deletion of personal data, processing of which is not necessary, unless a legitimate request for personal data has been made or in cases where it is required for detection of criminal actions or security violations.

Communication with the subject

Email address and/or contact number provided by the subject is used to communicate with the subject.

Cookies

Cookies are small text files that are created and stored on user’s device (computer, tablet, mobile phone, etc.) during a visit to a website. Cookies help users remember user names and settings such as language, font size, etc., so they would not need to specify these each time they visit the website, in this way easing the use of the website.

Analytical cookies (such as Google Analytics) collect information about habits of website visitors, for example, which sections are visited most often. This information helps us to develop and improve our website, making it more user-friendly. Analytical cookies are stored on a user's device for no more than two years.

Technical or mandatory cookies (Google Chrome, Internet Explorer, etc.) help to remember the user's requests and which cookies the user has agreed to use. These cookies are stored on user's device until the browser is closed and for no longer than two years.

Targeted advertising cookies (such as  Google Adwords) provide user-specific advertising. These cookies are stored on user's device permanently.

In addition, the site can use services such as Youtube, to link video content to the website or links to other websites, such as Facebook, Instagram, TripAdvisor, to share additional content. All these services use  cookies to gather statistics and identify the most popular search trends. These third-party cookies are outwith our control.

By visiting our website, the user is informed that we use cookies via a notification. By closing the notification, the user confirms that he has read the information and agrees with the terms. If you do not want cookies to be used on your device, you can disable the use of cookies in your browser settings. However, it should be noted, that in this case some services and website features may not work as expected and it is not possible to opt out of the use of mandatory and functional cookies, as without them it is not possible to make full use of the website.

The information associated with cookies is not used to personally identify the user.

Changes to the privacy policy

The privacy policy of SIA “Ziedleju stāsti” can be changed or supplemented in accordance with the requirements of applicable laws and regulations. Our clients have the ability to review changes to this privacy policy by regularly visiting our website.

 

Booking