Who we are and how to contact us
We are BIKUS Ltd of Brīvības gatve 401c, Rīga, LV-1024, and in the case of your direct use of our website or our services, we act as the data controller in accordance with Latvia`s Personal Data Processing Law (“PDPL”). As well as the EU`s General Data Protection Regulation (“GDPR”).
If you have any questions about the processing of your Personal Data by us or about data protection in general, you can reach us at firstname.lastname@example.org.
How do we use your Personal Data?
All Personal Data that we obtain from you via the website will only be processed for the purposes described in more detail below. This is done within the framework of the respective legal regulations mentioned above or only with your consent. In particular, we only process and collect Personal Data if:
- you have given your consent,
- the data is necessary for the fulfillment of a contract / pre-contractual measures,
- the data is necessary for the fulfillment of a legal obligation, or
- the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.
In doing so, we only collect and process the data that is absolutely necessary to maintain and use the website. Personal Data may be collected in two ways, that is directly when you for example volunteer it to us or automatically for example when you install and use our website.
We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
Personal Data you provide to us directly
- Contacting us
If you contact us, we process the data that you share with us for the purpose of processing and handling your request. This may include your first name, last name, e-mail address, and, if applicable, other information such as your business name, phone number, if you have provided it. The legal basis for the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations and/or our overriding legitimate interest in processing your request.
- Comments in our blog
When you leave comments in our blog, your IP addresses, your Name, and e-mail address are stored on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts. In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
Within the blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. It’s your choice whether to include sensitive information on your comment and to make that sensitive information public. Please do not post or add Personal Data to your comment that you would not want to be available.
- When booking a meeting
For booking a meeting in an easy and convenient way, we use Calendly LLC. Your data from the form will be transferred to our appointment account at Calendly after you press the “Book appointment” button. You will then receive a confirmation email with a link to the event. Your data will be kept at Calendly until the purpose for storing the data no longer applies (appointment made) or you request us to delete it. Calendly undertakes not to pass on your data to third parties. The legal basis is your consent as well as our legitimate interest.
- Data processing in the context of providing our services
The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data (for example, your name, address, e-mail address or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfill our contractual obligations to you or to carry out pre-contractual measures.
Personal Data you provide to us automatically
- Access data and log files
We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.
To provide our website, we use the services of Amazon Web Services (AWS), who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing a website.
Third Party Services
- Google Fonts
We use Google Fonts by Google LLC of 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA and Google Ireland Ltd of Gordon House, Barrow Street, Dublin 4, Ireland on our website to display external fonts. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed. The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted. This represents a legitimate interest.
- Google Analytics
We use Google Analytics to evaluate your use of our website, to compile reports on the activities and to provide other services related to the use of our website in order to improve the user experience. When Google Analytics is used, interactions of website visitors are primarily recorded and systematically evaluated with the help of cookies. This represents a legitimate interest but also requires your consent due to the data transfer in the USA and the analytical functionality.
- Google Maps
Our website accesses the map service Google Maps via an API. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. We have no influence on this data transmission. Google Maps is used in the interest of a user-friendly presentation of our online offers, in order to user-friendly presentation of our website. The legal basis is our legitimate interest.
- Google Tag Manager
We use Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal Data is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
- Content Management System (CMS)
We also use the Content Management System (CMS) of WordPress a service provided by Automattic Inc, to publish and maintain the created and edited Content and texts on our website and to provide the forms used. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. This represents a legitimate interest.
Disclosure to third parties
We will not disclose or otherwise distribute your Personal Data to third parties unless this:
- is necessary for the performance of our services,
- you have consented to the disclosure,
- or the disclosure of data is permitted by relevant legal provisions.
However, we are entitled to outsource the processing of your Personal Data in whole or in part to external service providers acting as processors within the framework of the respective legal regulations mentioned above. External service providers support us, for example, in the technical operation and support of the website (see above), data management, the provision and performance of services, marketing, as well as the implementation and fulfillment of reporting obligations.
The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the respective legal regulations mentioned above responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organizational measures, and additional controls by us.
We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or proceedings at home or abroad or to fulfill our legitimate interests.
Automated decision-making including profiling does not take place at BIKUS Ltd.
Special Category Data
Processing of Special Category Data does not take place at BIKUS Ltd.
Data of Children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use, or disclose Personal Data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Do Not Sell
We do not sell Personal Data to third parties.
Technical and organizational measures have been implemented by us to ensure the protection, security and integrity of your Personal Data. Access to Personal Data is restricted to those who have a need to know and who have been trained to comply with confidentiality requirements.
Appropriate mechanisms include, for example, SSL encryption (so that data is unreadable by others) during the collection and transmission of data. Said data is used only for the purpose it was collected for and we assure you that we will do our utmost to ensure that your Personal Data is not altered or corrupted and is not accessed by unauthorized third parties.
Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Your rights under data protection legislation
Under the PDPL and GDPR, you can exercise the following rights:
- Right to information
- Right to rectification
- Right to object to processing
- Right to deletion
- Right to information
- Right to data portability
- Right of objection
- Right to withdraw consent
- Right to complain to a supervisory authority
- Right not to be subject to a decision based solely on automated processing.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us using email@example.com.
Access Request and updating your Personal Data
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same using firstname.lastname@example.org.
We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).
The Supervisory Authority
The competent data protection authority in Latvia is:
Latvian Data State Inspectorate (“DSI”)
Elijas iela 17
Does this policy change?
Who should I contact for more information?