Privacy policy

1. Introduction

This privacy policy (hereinafter referred to as the Policy) explains how the Association “Maize” (Reg. No. 40008064052, address: Riga, Liepājas iela 2-4, LV-1002, hereinafter referred to as the Controller) processes personal data obtained through the Slow Latvia digital platform (hereinafter referred to as the Platform).

We process personal data in accordance with:
• General Data Protection Regulation (EU) 2016/679 (GDPR),
• Personal Data Processing Law of the Republic of Latvia,
• other applicable regulatory enactments.

2. Definitions

2.1. Controller – determines the purposes and means of personal data processing.
2.2. Processor – ensures the development and technical maintenance of the Platform, including access to the administration panel.
2.3. Data subject – a natural person whose personal data is processed by the Controller (e.g., a merchant or home producer who creates a profile).
2.4. Personal data – any information that allows the data subject to be identified directly or indirectly.
2.5. Third parties – service providers (AWS, MakeCommerce), government agencies, if required by law.
2.6. Publicly visible information in the profile – only what the user publishes themselves (advertisements, descriptions, pictures).

3. What data is collected

3.1. We process the following personal data:
3.1.1 Identification and contact information: first name, last name, email address, phone number (for administrative communication, not published).
3.1.2 Profile data: merchant profile information, ad content, posted images and descriptions.

3.1.3 Authentication data: login details if you use Google or Facebook login.
3.1.4 Payment data: transaction data processed through the MakeCommerce system.
3.1.5 Technical data: IP address, browser type, device information.

4. Purposes and legal basis

We process personal data for the following purposes:
4.1. Performance of a contract (GDPR 6(1)(b)): creation of user profiles, publication of advertisements, provision of payments.
4.2. Compliance with legal obligations (GDPR 6(1)(c)): accounting, tax and financial records.
4.3. Legitimate interests (GDPR 6(1)(f)): Platform security, fraud prevention, service improvement.
4.4. Consent (GDPR 6(1)(a)): use of cookies, Google/Facebook login, if the user agrees to it.

5. Data recipients

Personal data may be transferred to:
5.1. Association “Maize” – as technical maintainer.
5.2. MakeCommerce – for payment processing.
5.3. AWS (Amazon Web Services) – for data storage and hosting.
5.4. State institutions, if required by regulatory enactments.

6. International data transfer

Personal data may be transferred outside the European Union/EEA using AWS services. In such cases, the European Commission’s Standard Contractual Clauses (SCC) are applied to ensure data protection.

7. Data storage

7.1. Profile data – until the user deletes their profile.
7.2. Payment data – 10 years (in accordance with accounting requirements).
7.3. Communication data – 2 years after the end of communication.

8. Data security

We implement technical and organizational measures:
8.1. TLS encryption for data transmission,
8.2. AWS security solutions,
8.3. access rights control in the administration panel,
8.4. regular IT security checks.

9. Publicly available information

9.1. Only data that entrepreneurs themselves place in their advertisements or profiles is publicly visible.
9.2. Contact information (e-mail, phone number) is not publicly available unless the user publishes it themselves.

10. Rights of the data subject

Users have the right to:
10.1. Request confirmation of data processing and access their data.
10.2. Request correction or supplementation of data.
10.3. Request the deletion of data (“right to be forgotten”).
10.4. Restrict data processing in certain cases.
10.5. Object to data processing based on legitimate interests.
10.6. Receive their data in a portable format.
10.7. Lodge a complaint with the Data State Inspectorate (www.dvi.gov.lv).

11. Contact

If you have any questions about data processing or wish to exercise your rights, please contact us:
• Email: maize@kalnciemakvartals.lv
• Postal address: Riga, Liepājas iela 2-4, LV-1002
If you believe that the processing of your data violates the requirements of the GDPR, you have the right to submit a complaint to the Data State Inspectorate.