Client’s Personal Data Processing Policy
1. Goal and Scope
- This Client’s Personal Data Processing Policy (“Policy”) describes the general procedure of how Sneakypeer processes the personal data of natural persons.
- Personal data are understood to include any information on an identified or identifiable natural person. More detailed information on the personal data, which are processed by Sneakypeer, is given in Section 3 of the Policy.
- This Policy is applicable to ensure the protection of personal data of the natural persons (the “Clients”) listed below:
- Sneakypeer’s clients, who use, have used or expressed a desire to use the services provided by Sneakypeer, and/or have received or expressed a desire to receive the services from Sneakypeer, or are related to the services provided by Sneakypeer otherwise, inter alia, in relationships with the Clients, which were established prior to the acceptance of this Policy.
- Natural persons, who visit the website of Sneakypeer https://sneakypeer.com/.
- Sneakypeer has developed and pursues this Policy to ensure privacy and personal data protection for the Clients, processing personal data on a legal basis. The Policy has been developed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Personal Data Protection Law of the Republic of Latvia and other regulatory enactments pertaining to personal data processing.
- This Policy applies to data processing regardless of the manner how the Client provides personal data (at the website of Sneakypeer, in paper format or by phone) and in what systems of Sneakypeer or in paper format the aforesaid personal data are processed.
2. Personal Data Processing Manager and Contact Details
- The personal data processing manager is LLC Sneakypeer, registration No. 40203255876, registered office: 207 Kalnciema Street, Riga, LV-1046, (hereinafter referred to as “Sneakypeer”).
- On matters related to personal data processing it is possible to contact Sneakypeer by sending an e-mail to firstname.lastname@example.org or visiting the office of Sneakypeer at 207 Kalnciema Street, Riga, LV-1046 (“Office”) (the Office is open every working day from 800 to 1700).
3. Personal Data Collection and Categories
- Personal data may be acquired from the Client and/or if necessary also from other sources, e.g. pubic information or third parties. Personal data categories, which Sneakypeer may collect and process, are listed in this Policy.
- To avoid doubts, we explain that only such personal data about the Client are collected and processed as are required to reach the targets listed in Section 4 of the Policy.
- Sneakypeer may process the following personal data of the Clients:
- Data category Data types
- Identification data Name, surname, e-mail, telephone number.
- Contact details of the Client e-mail address, telephone number.
- Contact information in emergency situations Client’s name, surname, e-mail address, telephone number.
- Settlement-related data Client’s bank account number, bank name, amount and time of mutual settlements.
- Information transmitted with consent Data transmitted in accordance with the Consent given by the Client additionally or included in the contract.
- Consent-related information Consent expressed by the Client according to the themes; date, time and source of Consent, Consent revocation date.
4. Purpose of Personal Data Processing
Sneakypeer processes personal data for the following purposes:
- To provide services and to sell goods: for Sneakypeer to be able to identify the Clients; to prepare, enter into and fulfill the signed contract or as requested by the Client to take necessary measures prior to entering into the contract; to ensure the provision of services; to ensure applicability of the services; to ensure updating and correctness of data, checking and, if necessary, supplementing, correcting, deleting personal data; to serve the Client; to examine and process responses, complaints or other documents submitted by the Client; to administer settlements, to recover and collect debts; to retain the Client.
- To protect Sneakypeer’s and/ or Client’s interests: to protect the Client’s and/or Sneakypeer’s interests; to provide evidence for business transactions or other business communication (storage of e-mails, storage of submitted documents, etc.); on the basis of the fulfillment of a contract: in the legitimate interests of Sneakypeer to avoid, limit and investigate unfair or illegal use of or intentional damage to Sneakypeer’s brand, services, goods; to conduct internal training or to ensure the quality of services; to ensure the safety of Sneakypeer and/or the Client, to protect the life and health of the Client and/or his representatives, and other rights of Sneakypeer and the Client (visual records), in accordance with the legitimate interests of Sneakypeer, to protect the Client, Sneakypeer’s employees, and visitors.
- To establish, exercise and protect the right of claim: to establish, exercise, protect and cede the right of claim, fulfilling a contract, or as requested by the Client to take measures prior to entering into a contract or to perform a legal duty, or in the legitimate interests of Sneakypeer to exercise the right of claim.
- To perform legal duties: to follow the applicable laws and international agreements, as well as to check identity in fulfilling a contract, or as requested by the Client to take measures prior to entering into a contract or to perform a legal duty, or in the legitimate interests of Sneakypeer to protect the legal interests of Sneaky Peer, to ensure reasonable risk management and company management.
- To provide information to public institutions: to provide information to the state authorities and emergency response institutions in the cases and to the extent stipulated in the regulatory enactments.
- For other specific purposes, whereof the Client will be informed at the time of provision of the relevant data to Sneakypeer.
5. Personal Data Processing Basis
Sneakypeer processes the personal data of the Clients on a legal bases as follows:
- on the basis of a contract, which parties are the Client and Sneakypeer: in the process of entering into, fulfilling of a contract or as requested by the Client also prior to entering into a contract;
- on the basis of regulatory enactments: to follow national and international regulatory enactments binding upon Sneakypeer;
- on the basis of the Client’s consent;
- in the legitimate interests of Sneakypeer: to ensure the observance of and compliance with the legitimate interests of Sneakypeer arising from the mutual obligations of Sneakypeer and the Client or a contract between Sneakypeer and the Client or a contract signed between Sneakypeer and a third party or law. The legitimate interests of Sneakypeer are (including but not limited to) the following:
- to provide these services in accordance with the terms and conditions of a contract listed at the website of Sneakypeer www.sneakypeer.com;
- to perform the business activity;
- to check the Client’s identity prior to entering into a contract and to maintain updated/correct personal data of the Client;
- to ensure the fulfillment of the obligations of Sneakypeer and the Clients;
- to avoid unreasoned financial risks to their business activity;
- to retain the Clients’ applications and requests for the provision of services, other applications, and requests, notes thereon;
- to perform the activities to retain the Clients;
- to elaborate and develop goods and services;
- to inform of changes in the procedures and prices of the provision of services;
- to ensure maintenance and operation of Sneakypeer infrastructure facilities;
- to avoid committing of a criminal offense;
- to apply to the state administration and emergency response institutions and courts to protect their legal interests;
- to ensure corporate management, financial and business accounting, and analytics;
- to ensure efficient company management processes;
- to ensure efficient provision of services;
- to ensure and improve quality of services, to improve the scope of provided services;
- to administer payments;
- to administer payments not made;
- to inform the society of their activities.
6. Personal Data Processing Procedure
- Sneakypeer processes the Clients’ data, using modern technologies, taking into account the existing risks in respect of the privacy of natural persons, and technical, organizational, and financial resources available with Sneakypeer.
- To ensure qualitative and timely fulfillment of the obligations set out in the contract signed with the Client, Sneakypeer may authorize its cooperation partners to perform specific activities related to the provision of services. If in performing these activities the cooperation partners of Sneakypeer process the Client’s personal data available with Sneakypeer, then the relevant cooperation partners of Sneakypeer are deemed to be the processors (persons who process the Client’s data on behalf of Sneakypeer) and Sneakypeer has the right to transmit to its cooperation partners the Client’s personal data to the extent as required to perform such activities.
- The cooperation partners of Sneakypeer (in the status of a processor) will ensure the fulfillment of the personal data processing and protection requirements in accordance with the requirements of Sneakypeer and the regulatory enactments.
- The cooperation partners of Sneakypeer will not use personal data for purposes other than to fulfill the obligations set out in the contract signed with the Client as instructed by Sneakypeer.
7. Personal Data Protection
Sneakypeer protects personal data of the Clients, using modern technologies, taking into account the existing risks in respect of the privacy of natural persons, and technical, organizational, and financial resources reasonably available with Sneakypeer, including personal data protection measures as follows:
- closed premises and prohibited access for unauthorized persons;
- use of firewall programs;
- use of burglary prevention and detection programs;
- implementation of other protective measures.
8. Personal Data Recipients
Personal data of the Clients, which are processed by Sneakypeer, are not disclosed to any third parties, except where:
- data shall be transmitted to the relevant third party within the framework of the signed contract or to perform any functions required to fulfill the contract or delegated by law (e.g., to a credit institution within the framework of settlements or to ensure the provision of services);
- the Client has expressly given consent;
- personal data shall be transmitted to the persons stipulated in the regulatory enactments upon their reasonable request in accordance with the procedure and to the extent as determined in the regulatory enactments;
- personal data shall be transmitted in the cases set out in the regulatory enactments to protect the lawful interests of Sneakypeer, for example, applying to the providers of legal services, debt collection companies, mediators, courts, or other state authorities against the person who has violated the lawful interests of Sneaky Peer.
9. Personal Data Storage Period
- Sneakypeer stores and processes personal data of the Client while at least one of the below criteria exist:
- while the contract signed with the Client is valid;
- while Sneakypeer is legally bound to retain data;
- while in accordance with the procedure set out in the regulatory enactments Sneakypeer or the Client may exercise their legitimate interests (e.g. raise objections or bring or conduct an action in court);
- while the Client’s consent to the relevant processing of data is valid unless there are other lawful grounds for data processing.
- After all the reasons for the processing of personal data of the Client listed in Clause 9.1. of the Policy end, the Client’s personal data are irretrievably deleted.
10. Access to Personal Data and Other Rights of the Client
- The Client has the right to receive the information set out in the regulatory enactments relating to the processing of his personal data.
- The Client has also the right set out in the regulatory enactments to request from Sneakypeer access to his personal data, and to request Sneakypeer to supplement, correct or delete them or to limit their processing in respect of the Client, or the right to object against processing, and the right of carrying data (transfer to other data processing managers). These rights of the Client may be exercised insofar as personal data processing does not arise from the lawful duties of Sneakypeer, and if they are in the interests of the society.
- The Client may submit a request regarding the exercise of his rights:
- in written form in-person in the Office of Sneakypeer, showing his identity document (passport or ID card);
- sending by e-mail to the e-mail address of Sneakypeer: email@example.com. The relevant request shall be signed with a secure electronic signature, but this requirement is not mandatory for the Client, if Sneakypeer possesses adequate information to make sure that the received e-mail, containing a request, is from the Client (e.g., e-mail is mentioned as contact information in the contract with the Client).
- Receiving the Client’s request regarding the exercise of rights, Sneakypeer verifies the Client’s identity, examines the request, and fulfills it in accordance with the regulatory enactments.
- Sneakypeer sends a reply to the Client’s request by registered mail to the mail address indicated by the Client or signs with a secure electronic signature and sends to the Client’s e-mail (taking as a basis the method of receiving a reply indicated by the Client).
- Sneakypeer ensures the fulfillment of data processing and protection requirements in accordance with the regulatory enactments. If the Client made objections against Sneakypeer, then Sneakypeer performs the activities as required to settle the Client’s objections. Nonetheless, if Sneakypeer fails to settle the objections.
- The client has the right to apply to the relevant supervisory institution (in the Republic of Latvia it is the Data State Inspectorate).
11. Client’s Data Processing Consent and the Right to Revoke It
- The Client may give consent to personal data processing (e.g., consent to process the Client’s personal data for the needs of the organization of the Client’s events) in-person in the Office of Sneakypeer or by sending it to the e-mail address of Sneakypeer firstname.lastname@example.org. Sending consent to the aforesaid e-mail address of Sneaky Peer, the consent shall be signed with a secure electronic signature, but this requirement is not mandatory for the Client, if Sneakypeer possesses adequate information to make sure that the received e-mail, containing the Client’s consent, is from the Client (e.g., e-mail is mentioned as contact information in the contract with the Client).
- The Client has the right to revoke his consent to personal data processing at any time in the same manner as it was given, in-person in the Office of Sneakypeer or by sending it to the e-mail address of Sneakypeer email@example.com. Sending revocation of consent to the aforesaid e-mail address of Sneakypeer, revocation of consent shall be signed with a secure electronic signature, but this requirement is not mandatory for the Client, if Sneakypeer possesses adequate information to make sure that the received e-mail, containing revocation of consent, is from the Client (e.g., e-mail is mentioned as contact information in the contract with the Client).
- Receiving revocation of the Client’s consent as mentioned above, Sneakypeer no longer processes personal data of the Client, which is based on the relevant consent, for a specific purpose.
- Revocation of consent does not affect the lawfulness of processing of the Client’s personal data, which was performed within the time period before the Client has submitted the relevant revocation of consent (within the period of validity of consent).
- To avoid doubts, we explain that if the Client revokes his personal data processing consent, the processing of personal data of the Client, which is performed by Sneakypeer on other legal bases (e.g. on the basis of the signed contract), may not be terminated.
12. Communication with the Client
- Sneakypeer contacts the Client, using the contact details provided by the Client (mainly – name, surname, telephone number, e-mail).
- The Sneakypeer communicates regarding the fulfillment of the signed contract on the basis of the contract.
13. Validity of and Amendments to the Policy
- This Policy is available in the Office of Sneakypeer and at the website of Sneakypeer https://sneakypeer.com/. As requested by the Client, the Policy may be presented in the form of an additional original copy in the Office of Sneakypeer or sent to the e-mail address of the Client.
- Sneakypeer has the right to amend this Policy unilaterally at any time, informing the Client of the relevant changes at the website of Sneakypeer, by mail, e-mail or otherwise as Sneakypeer may deem appropriate. Sneakypeer informs of the relevant changes within 2 (two) weeks at the latest prior to the effective date of the relevant amendments.