Privacy Policy

4. Legal basis for processing personal data

The company processes the client's personal data on the following legal bases: 4.1. On the basis of a distance contract (purchase contract) between the client and the company: during the conclusion and execution of the contract, and also at the client's request before the conclusion of the contract. 4.2. On the basis of legal acts: to comply with national and international legal acts that are binding on the company. 4.3. On the basis of the client's consent. 4.4. In the legitimate interests of the company.

5. Procedure for processing personal data

5.1. The company processes the client's data using modern technologies, taking into account the existing risks related to the privacy of individuals, and the reasonable technical, organizational and financial resources available to the company. 5.2. In order to ensure the qualitative and operational performance of the obligations under the contract concluded with the client, the company may authorize its partners to perform separate operations, such as delivery of goods, return of goods, etc. In the event that, in carrying out these operations, the company's partners process the client's personal data that is in the company's possession, such partners are considered processors (persons who process client data on behalf of the company), and the company has the right to transfer the client's personal data necessary for the performance of these operations to its partners. 5.3. The company's partners (in the role of processors) ensure compliance with the requirements for processing and protection of personal data in accordance with the company's requirements and legal acts. 5.4. The company's partners will not use personal data for purposes other than the performance of obligations under the contract concluded with the client on behalf of the company.

6. Protection of personal data

6.1. The company protects the client's personal data using modern technologies, taking into account the existing risks related to the privacy of individuals, and the reasonable technical, organizational, and financial resources available to the company, including using the following measures for the security of personal data:

1. Closed premises and denial of access to unauthorized persons;
2. Use of firewall software;
3. Data encryption during transmission (SSL encryption);
4. Use of intrusion protection and detection software;
5. Implementation of other security measures.

7. Recipients of personal data

7.1. Client personal data processed by the company is not disclosed to third parties (including but not limited to information about purchased goods or services received in the online store), except in cases where:

1. such data must be provided to the relevant third party in the context of a contract concluded with the client in order to perform a function necessary for the performance of the contract or delegated by law (for example, to a credit institution for payment purposes or to ensure the performance of services, such as delivery of the company's goods);
2. the client has given clear and unambiguous consent;
3. personal data must be provided to persons provided for in legal acts at their reasonable request, in the manner and scope provided for in legal acts;
4. personal data must be provided to protect the legitimate interests of the company in accordance with legal acts, for example, by turning to legal service providers, debt collection companies, mediators, courts, or other state institutions against a person who has infringed the legitimate interests of the company.

8. Retention period of personal data

8.1. The company retains and processes customer personal data as long as at least one of the following criteria is met:

1. while a contract with the customer is in force;
2. while there is a legal obligation for the company to retain the data;
3. while the company or the customer can exercise their legitimate interests in accordance with the procedures established in regulatory enactments (for example, to submit objections or file or defend a claim in court);
4. while there is valid consent from the customer for the relevant personal data processing, provided that there is no other legal basis for data processing. 8.2. After all the deadlines for customer personal data processing mentioned in Policy 8.1 have expired, the customer's personal data is irretrievably deleted.

9. Access to personal data and other customer rights

9.1. The customer has the right to receive the information specified in regulatory enactments regarding the processing of their personal data. Most of the customer's information is already placed in the customer's private account on the company's online store and the company's online store website, which the customer uses for receiving company services and goods, and where the customer can personally ensure the correctness of their personal data and manage them if necessary, including correcting, deleting, or changing them. 9.2. In accordance with regulatory enactments, the customer also has the right to request access to their personal data from the company, as well as request the company to supplement, correct, or delete them, or to restrict the processing of the customer's data, or to object to the processing, as well as the right to data portability (transfer to other data controllers). These customer rights are exercised to the extent that the processing of personal data does not arise from the company's lawful obligations and is performed in the interests of the company. 9.3. The customer can submit a request for the exercise of their rights:

1. in writing in person at the company's office, presenting a personal identification document (passport or ID card);
2. by email, by sending the request to the company's email address: store@vplab.com. The relevant request must be signed with a secure electronic signature, but such a requirement is not mandatory for the customer if the company has sufficient information to ensure that the received email with the request is from the customer (for example, the email is mentioned as contact information in the customer's online store account, order form). 9.4. Upon receiving the customer's request for the exercise of their rights, the company verifies the customer's identity, evaluates the request, and fulfills it in accordance with regulatory enactments. 9.5. The company sends a response to the customer by mail in a letter addressed to the customer's specified contact address or signed with a secure electronic signature and sends it to the customer's email (taking into account the customer's preferred method of receiving the response). 9.6. The company ensures compliance with the requirements for data processing and protection in accordance with regulatory enactments. If the customer has raised objections against the company, the company takes necessary actions to resolve the customer's objections. However, if it fails, the customer has the right to turn to the relevant supervisory authority (in the Republic of Latvia, it is the Data State Inspectorate).

10. Client's consent for processing of personal data and the right to withdraw it

10.1. The client can give consent for the processing of personal data (for example, but not limited to, receiving individually tailored advertisements and offers) by authorizing it in the online store, on the website of the online store (for example, subscription forms for news), in-person at the company's office, or by sending an email to store@vplab.com. 10.2. The client has the right to withdraw their consent for the processing of personal data at any time in the same manner in which it was given, either in-person at the office, by authorizing it in the online store, or by sending an email to the company's email address: store@vplab.com. When sending a withdrawal of consent to the aforementioned company email address, the withdrawal of consent must be signed with a secure electronic signature, but this requirement is not mandatory for the client if the company has sufficient information to verify that the received email with the withdrawal of consent is from the client (for example, the email is listed as contact information in the client's online store account, order form). 10.3. Upon receiving the client's withdrawal of consent, the company will no longer process the client's personal data for the specific purpose that was based on such consent. 10.4. The withdrawal of consent does not affect the legality of the processing of the client's personal data that was carried out during the period when the consent was in effect. 10.5. To avoid doubt, it should be clarified that withdrawing consent for the processing of personal data does not apply to the processing of the client's personal data that the company carries out based on other legal grounds (for example, based on a concluded distance contract (purchase agreement)).

11. Commercial notifications

11.1. Communication regarding commercial notifications about the company's goods and/or services and other unrelated notifications (such as advertisements, customer surveys) is carried out by the company in accordance with the external regulatory acts or with the client's consent. 11.2. The client can give consent to receive commercial notifications from the company by authorizing it in the online store, on the online store's website (for example, subscription forms for news), or by sending an email to store@vplab.com. 11.3. The client's consent to receive commercial notifications is valid until it is withdrawn (even after the termination of the distance contract (purchase agreement)). The client can withdraw their consent to receive further commercial notifications at any time using one of the methods indicated in clause 10.2. of this Policy. 11.4. The company will stop sending commercial notifications as soon as the client's request is processed. The processing of the request depends on technological capabilities, which may take up to seven business days. 11.5. By expressing their opinion in surveys and leaving their contact information (email, phone), the client agrees that the company can contact them regarding the client's evaluation using the contact information provided by the client.

12. Communication with the Client

12.1. The Company communicates with the Client using the contact information provided by the Client (primarily phone number and email address). 12.2. The Company communicates with the Client regarding the execution of the concluded distance contract (purchase agreement) on the basis of that contract (for example, coordinating the delivery method and time of the Goods, coordinating information about payments, changes in the Order, etc.).

13. Visits to the Online Store and Cookie Processing

13.1. Cookies may be used in the online store. More information about the use of cookies is available in the Cookie Processing Policy.

14. Validity and Changes to the Policy

14.1. This Policy is available at the Company's Office and in the online store at store@vplab.com. Upon the Client's separate request, the Policy can be issued in a separate copy at the Office address or sent to the Client's email address. 14.2. The Company is unilaterally entitled to change this Policy by notifying Clients of the respective changes in the Company's online store, by email, or in any other way at the Company's discretion. 14.3. The Company retains previous versions of the Policy, which are available in the Company's online store. 14.4. This Policy comes into force on May 2, 2019, and replaces the previously approved Privacy Policy.