PRIVACY POLICY


1. General provisions

1.1. This Privacy Policy regulates the principles of collection, processing, and storage of personal data. Personal data is processed and stored by SIA "Montessori Solution", which is the controller of the personal data (hereinafter the "controller") in accordance with the laws of the Republic of Latvia.

1.2. For the purposes of this Privacy Policy, a data subject means the customer or any other natural person whose personal data is processed by the controller.

1.3. For the purposes of this Privacy Policy, a customer means anyone who purchases goods or services on the controller’s website.

1.4. The controller observes the principles relating to personal data processing provided by legislation and, among other things, processes personal data in a lawful, fair, and secure manner. The controller declares that personal data is processed in accordance with applicable legislation.

2. Collection, processing, and storage of personal data

2.1. The personal data collected, processed, and stored by the controller is collected electronically, mainly via the website and e-mail.

2.2. By sharing their personal data, the data subject grants the controller the right to collect, arrange, use, and administer, for the purposes defined in this Privacy Policy, the personal data that the data subject shares with the controller either directly or indirectly when purchasing goods or services on the website.

2.3. The data subject is liable for the accuracy and integrity of the data submitted. Submission of knowingly false data is regarded as a breach of this Privacy Policy. The data subject must immediately notify the controller of any changes in the data provided.

2.4. The controller is not liable for any damage or loss caused to the data subject or a third party as a result of submission of false data by the data subject.

3. Processing of personal data of customers

3.1. The controller may process the following personal data of the data subject:
3.1.1. Given name and surname;
3.1.2. Personal identification number (only if required for invoicing or accounting purposes);
3.1.3. Telephone number and e-mail address;
3.1.4. Delivery address;
3.1.5. Purchase and payment information (including order history and invoice data);
3.1.6. Payment details processed via third-party payment service providers (no payment card details are stored by the controller);
3.1.7. Records of communication with the customer;
3.1.8. Marketing preferences and consent.

NB: The controller does not collect or process any categories of personal data beyond those listed above unless such processing is strictly necessary for the performance of legal obligations, execution of a contract, or based on the explicit consent of the data subject.

3.2. In addition to the foregoing, the controller has the right to collect data about the customer that are available in public registers.

3.3. The legal basis for processing personal data is outlined in points (a), (b), (c), and (f) of Article 6(1) of the General Data Protection Regulation:
(a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, particularly where the data subject is a child.

3.4. Processing of personal data and it's maximum period of storage according to the purpose of processing:

3.4.1. For security and safety – for the period specified by applicable laws and regulations (e.g., video surveillance records are retained up to 30 days, unless longer storage is required for investigation of incidents);
3.4.2. For processing of orders – for the duration of the contract and warranty period, and up to 3 years thereafter to handle potential claims;
3.4.3. For ensuring the functioning of online store services (technical logs, cookies, and similar data) – up to 1 year, or a shorter period if defined in the Cookies Policy;
3.4.4. For customer management (customer account, correspondence, and support) – up to 3 years after the last activity of the customer;
3.4.5. For financial activities and accounting – for the period specified by law (generally 5 to 10 years in accordance with the Accounting Law of the Republic of Latvia);
3.4.6. For marketing purposes – until the withdrawal of consent by the data subject, but not longer than 2 years after the last interaction with the customer.


3.5. The controller may share personal data of customers with third parties such as processors, accountants, transport and courier companies, or companies providing transfer services. The controller is responsible for the processing of personal data. The controller transmits the personal data necessary for making payments to the processor, Maksekeskus AS.

3.6. The controller processes and stores personal data implementing organizational and technical measures to ensure that personal data is protected against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.

3.7. The controller stores the personal data of data subjects for periods determined by the specific purposes of processing, as set out in Section 3.4 of this Privacy Policy. Data are not retained longer than necessary for the fulfilment of those purposes, and in any case no longer than required by applicable laws and regulations.

4. Rights of the data subject

4.1. The data subject has the right to access and examine their personal data.
4.2. The data subject has the right to obtain information on the processing of their personal data.
4.3. The data subject has the right to modify or rectify inaccurate data.
4.4. If the controller processes personal data based on consent, the data subject has the right to withdraw their consent at any time.
4.5. To exercise their rights, the data subject can contact customer support at: [email protected].
4.6. T To protect their rights, the data subject can file a complaint with the Data State Inspectorate of Latvia. .

5. Final provisions

5.1. 5.1. These data protection terms and conditions have been prepared in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation), the Personal Data Protection Act of the Republic of Latvia, and other applicable legislation of the Republic of Latvia and the European Union.

5.2. T The controller has the right to amend the data protection terms and conditions in part or in full, notifying the data subjects of the amendments via the website: https://montessorisolution.eu.  Changes take effect from the moment of publication on the website.