PRIVACY POLICY
SIA “RADEX-EUROPE” Privacy Policy
The purpose of the privacy policy (hereinafter – the Policy) of the Limited Liability Company “RADEX-EUROPE” (hereinafter – RADEX) is to provide you, as the data subject, with information about the legal and factual circumstances of the processing of your personal data – namely, information about the purpose, scope, and protection of personal data processing, as well as other relevant information regarding the processing of your personal data.
Please note that this Policy may be amended, supplemented, or updated. We will inform you of such changes by publishing an updated version on our website.
We respect your privacy; therefore, the security of your personal data is our priority. We use appropriate organizational and technical measures to ensure the continuous security of your personal data and to maintain compliance with the requirements of data protection legislation and our internal rules.
This Policy applies to:
1. natural persons who receive RADEX services;
2. employees of legal persons who receive RADEX services;
3. candidates for employment at RADEX;
4. employees of various outsourced service providers that provide or intend to provide services to RADEX;
5. visitors to the RADEX office, including representatives of state or municipal institutions and non-governmental organizations;
6. natural persons and representatives of legal persons, state or municipal institutions, or non-governmental organizations who contact RADEX by phone, electronically, or in writing regarding a matter of interest;
7. visitors to RADEX-managed websites and social network profiles (collectively hereinafter – Data Subject or You).
I. Controller and Contact Information
1.1. The controller of personal data processing is:
SIA “RADEX-EUROPE”
Registration number: 40003921407
Address: “Lielcirši”, Vētras, Mārupes pagasts, Mārupes novads, LV-2167
Email: [email protected]
Telephone: +371 67969531
Websites:
• https://radex-auto.com/
• https://www.radex-veikals.lv/
• https://b2b.radex-auto.com/
II. Purposes, Scope, and Legal Basis of Personal Data Processing
2.1.
RADEX processes only those personal data, and only to the extent, that is necessary to achieve a previously defined purpose.
Below is the translation of each processing purpose exactly as described in your document.
________________________________________
1. Sale and production of Radex® brand body repair materials in RADEX stores
Categories of personal data processed:
• For contract conclusion:
– Name, surname, position of the authorized representative
– Signature
– Information confirming signing authority
• For contract performance:
– Contact person’s name, surname, position, and contact information (telephone number, email address)
• For recipient of Radex® brand products:
– Name, surname
– Personal identification number (or other identification number)
– Declared or actual place of residence
– Bank account information
– Contact information (telephone, email)
– Contract number
– Contract registration date
– Information about payments: invoice number, date, amount, method of receipt, payment date, outstanding amount
– Information regarding debt recovery/collection
________________________________________
Legal basis for processing:
• Conclusion and performance of a service contract
• Compliance with RADEX’s legal obligations, including:
– Law on the Legal Force of Documents
– Civil Law
– Accounting Law
________________________________________
Retention period:
• Until full performance of contractual obligations, and
• Until the limitation period expires for legitimate interest purposes:
– Commercial disputes: 3 years
– Data protection-related disputes: 5 years
________________________________________
Necessity of processing:
• The Law on the Legal Force of Documents requires specific personal data to ensure documents are legally binding.
• Contact details and contact person information are necessary for contract performance.
• If personal data are not provided, contractual relations cannot and will not be established.
• Failure to provide updated contact information may significantly hinder contract performance.
• The Accounting Law requires the inclusion of personal data in justification documents.
________________________________________
2. Sale of Radex® brand body repair materials in the RADEX online store
(account creation, product purchase, delivery, product returns)
________________________________________
Categories of personal data processed
For creation and management of an online store account:
• Email address
• Confirmation status and date
• Password
• Information about orders placed
These data are required to:
• Create an online store account
• Manage orders associated with the account
________________________________________
For purchasing and paying for Radex® products:
For the purchaser and payment provider:
• Name, surname
• Personal identification number (or other identification number)
• Bank account information
• Contact information (telephone number, email address)
• Data on purchased products (type, quantity)
This information is required to:
• Complete product purchase
• Process payment
• Conclude a distance contract
________________________________________
For delivery of Radex® products:
Recipient data:
• Name, surname
• Delivery address
• Product details (type, quantity)
• Telephone number
• Email address
Used to:
• Arrange delivery
• Confirm order details
• Send delivery notifications
________________________________________
For exercising the right of withdrawal and refund:
• Name, surname
• Address
• Purchase and receipt date of product
• Product name
• Proof of purchase
Required to:
• Process the return
• Issue a refund
________________________________________
Legal basis for processing
• Your consent (for creating an online store account)
• Conclusion and performance of a distance contract
• Compliance with RADEX legal obligations, including:
– Civil Law
– Accounting Law
– Consumer Rights Protection Law
________________________________________
Retention period
• Until contractual obligations are fully fulfilled
• Or until the expiry of the limitation period for legitimate interest purposes:
– Commercial disputes: 3 years
– Data protection disputes: 5 years
________________________________________
Necessity of processing
• Creating an online store account is optional.
You can order products without an account.
However, to:
– view past orders,
– manage delivery and billing addresses,
– edit password and account information, an account is required, and personal data must be processed.
• The recipient’s and payer’s identification data, delivery address, payment information, and contact details are mandatory for concluding and performing the distance contract.
If such data are not provided, the contract cannot be concluded and the order will not be delivered.
• The Accounting Law requires personal data in supporting documents.
• For refunds, personal data must be provided.
RADEX cannot issue refunds without identifying:
– the person submitting the request, and
– the original purchase.
Without this processing, RADEX cannot meet accounting requirements and cannot issue the refund.
________________________________________
3. Business Planning, Promotion, and Development
Categories of personal data processed
• Client contact information
• Client feedback and complaints regarding RADEX services
• Customer satisfaction survey data and responses
________________________________________
Legal basis
RADEX’s legitimate interests, such as:
• Improving existing services
• Developing new services
________________________________________
Retention period
Personal data are processed until the processing purpose is achieved, for example:
• Statistical data preparation
• Aggregation of survey results
• Analysis of complaints or feedback
________________________________________
Necessity of processing
• The data subject is not required to provide personal data for this purpose.
• RADEX obtains such data independently through:
– satisfaction surveys,
– reviewing complaints,
– analyzing feedback about service quality or employee conduct.
• Without this processing, RADEX could not:
– improve service quality,
– enhance customer experience,
– eliminate deficiencies,
– identify unethical conduct.
________________________________________
4. Recruitment
Categories of personal data processed
For evaluation of CVs, motivation letters, and submitted documents:
• Name, surname
• Contact information (phone number, email address)
• Information about:
– experience
– education
– skills
• Any data included in the CV or attached documents (e.g., diplomas, qualifications)
For organizing and documenting interviews:
• Name, surname
• Content of answers to questions
• Results of knowledge and skills tests
• Other assessment data needed to evaluate suitability
For obtaining references from previous employers:
• Name, surname
• Position held
• Period of employment
• Previous employer’s name
• Reference content
For decision-making and notification upon completing the selection:
• Name, surname
• Contact information
• Date of decision
• Fact and substance of the decision
________________________________________
Legal basis
• Your consent (for obtaining references from previous workplaces)
• RADEX’s legitimate interests (selecting the most suitable candidate for the vacancy)
________________________________________
Retention period
• 6 months from the date a decision is made in the specific recruitment process
________________________________________
Necessity of processing
• Providing personal data is mandatory to participate in the recruitment process.
• Without the necessary personal data, RADEX cannot evaluate a candidate’s suitability and therefore the candidate cannot participate in the selection process.
________________________________________
5. Providing information to state authorities and law-enforcement institutions
Categories of personal data processed
Personal data contained in submitted or requested information, including:
• Name, surname
• Personal identification number
• Contact information
• Substance and purpose of the request
• Any other information included in the request that must be disclosed
________________________________________
Legal basis
• Legal obligation, including obligations under:
– Administrative Offences legislation
– Criminal Procedure Law
– Other laws requiring RADEX to provide personal data to state authorities
• RADEX’s legitimate interests (e.g., reporting criminal acts directed against RADEX)
________________________________________
Retention period
• 5 years from the date of processing
________________________________________
Necessity of processing
• The data subject is not required to provide personal data directly to RADEX for this purpose.
• RADEX obtains and provides such personal data when required by law, including:
– providing information to state administration institutions
– cooperating with law enforcement
– participating in legal processes
• RADEX must comply with legally mandated requests; failure to do so would violate statutory obligations.
________________________________________
6. Record-keeping (processing correspondence and providing responses)
Categories of personal data processed
• Name, surname
• Personal identification number
• Address
• Email address
• Any information included in the received document or RADEX’s reply
________________________________________
Legal basis
• Legal obligation, including obligations under:
– General Data Protection Regulation (GDPR) regarding the handling of data subject requests
– Laws governing official correspondence and document validity
• RADEX’s legitimate interests, such as:
– Preserving evidence
– Demonstrating lawfulness of actions
– Verifying fulfilment of statutory responsibilities
________________________________________
Retention period
• 5 years from the date a response is provided
________________________________________
Necessity of processing
• Legislation (e.g., the Law on the Legal Force of Documents) requires specific personal data to be included in submissions and responses.
• If required data are not provided, RADEX cannot review or respond to the request on its merits.
• Failure to comply with document requirements (e.g., signature, justification, identifying information) results in RADEX being unable to process the inquiry.
________________________________________
7. Use of outsourced services necessary for RADEX business operations
Categories of personal data processed
• Identifying information of the service provider’s authorized representative
• Identifying and contact information of contract contact persons
• Personal data contained in financial and payment documents
________________________________________
Legal basis
• Conclusion and performance of a contract
• RADEX’s legitimate interests, such as:
– Receiving services in accordance with the contract
– Ensuring convenient and efficient service provision for clients
________________________________________
Retention period
• Until contractual obligations are fully performed, and/or
• Until the limitation period expires for legitimate interests purposes:
– Commercial disputes: 3 years
– Data protection disputes: 5 years
________________________________________
Necessity of processing
• The Law on the Legal Force of Documents requires specific personal data to be included for the document to be legally binding.
• Contact and contact person data are required for contract performance.
• If personal data are not provided, contractual relations cannot be established.
• Failing to provide updated contact information may hinder proper contract performance.
________________________________________
8. RADEX representation and protection of interests in legal proceedings, enforcement of court decisions
Categories of personal data processed
For claimant or defendant:
• Name, surname
• Personal identification number
• Address
• Email address
• Telephone number
• Description of the dispute
• Factual and legal circumstances
• Evidence of damage or loss (existence, type, amount)
• Information on out-of-court negotiations
• Contents of documents justifying the dispute
• Court case information, judgments, appeals
• Final court ruling and outcome
• Enforcement details
For representatives of the opposing party:
• Name, surname
• Personal identification number
• Address
• Email address
• Telephone number
• Representation authorisation documents and scope
________________________________________
Legal basis
• Legal obligation, including requirements of:
– Civil Procedure Law
– Criminal Procedure Law
– Administrative Procedure Law
– Administrative Liability Law
– Law on the Legal Force of Documents
– Other relevant legislation
• RADEX’s legitimate interests, such as:
– Demonstrating lawful performance of contractual obligations
– Defending RADEX’s rights
– Seeking compensation for damages caused to RADEX
________________________________________
Retention period
• 10 years from the date the court decision becomes legally binding or from the date of its enforcement in the respective dispute
________________________________________
Necessity of processing
• The data subject is not required to provide personal data directly to RADEX for this purpose.
• RADEX obtains and submits such data as required by law during legal proceedings.
• Legal regulations dictate which personal data must be included in legal documents to ensure due process.
________________________________________
9. Prevention and detection of criminal offences related to property protection
(Video surveillance)
Categories of personal data processed
• Image of the person
• Appearance
• Visually captured behaviour
• Date and time of video recording
• Location of recording
________________________________________
Legal basis
RADEX’s legitimate interests, specifically:
• Protecting RADEX property
• Obtaining compensation for property damage
________________________________________
Retention period
• 72 hours for recordings made in the RADEX store territory
• 14 days for recordings made in warehouses, store premises, and sales areas
________________________________________
Necessity of processing
• The data subject is not required to provide personal data.
• RADEX obtains personal data via its video surveillance system to achieve legitimate interest objectives.
________________________________________
10. Website maintenance and improvement
Categories of personal data processed
• User’s IP address
• Time of visit
• Pages visited and time spent on each page
• Browser type
• Operating system
• URLs from which the user accessed the RADEX website
________________________________________
Legal basis
• Your consent (for analytical cookies)
• RADEX’s legitimate interests (for essential cookies needed for website functionality and security)
________________________________________
Retention period
According to the retention terms specified in the Privacy Policy section dedicated to cookie use.
Each cookie has an individual duration.
________________________________________
Necessity of processing
• Users are required to provide personal data only if they want:
– Personalized explanations,
– Case-specific guidance based on their situation.
• Otherwise, only essential cookies operate without need for consent.
________________________________________
11. Procurement (price inquiry) process organization and administration
Categories of personal data processed
• Name, surname
• Personal identification number
• Contact information (email, telephone number)
• Information about the technical and professional abilities of the bidder’s personnel or invited specialists, including:
– Experience
– Education
– Knowledge
– Qualifications
– Position
• Documents confirming the above abilities
• Information regarding exclusion grounds and the factual circumstances behind them
• Any other information submitted by the data subject as required by the procurement (price inquiry) documentation
• RADEX processes personal data only to the extent specified in the procurement documentation and in compliance with the requirements of the International and National Sanctions Law
________________________________________
Legal basis
• Performance of necessary actions to conclude a service contract
________________________________________
Retention period
• All bids and other procurement documents are retained for 10 years after the procurement contract is concluded
________________________________________
Necessity of processing
• Procurement documentation specifies which personal data RADEX is allowed and required to process
• Participants are obligated to provide these data
• Failure to provide the required data prevents participation in the procurement procedure
________________________________________
12. Sanctions list screening
Categories of personal data processed
• Name, surname
• Date of birth
• Personal identification number
• Citizenship
• Association with a legal entity
• Information about imposed sanctions:
– Fact of sanction
– Type
– Basis
– Period
– Country or organization imposing the sanction
________________________________________
Legal basis
• Legal obligation applicable to the controller
– International and National Sanctions Law, Section 13.1
________________________________________
Retention period
• 10 years from the date of data processing
________________________________________
Necessity of processing
• The data subject is not required to provide data directly
• RADEX obtains and processes personal data independently as required by law
• Screening is mandatory to determine whether RADEX can enter into contractual relations with a person
• If processing is not performed, RADEX:
– Cannot fulfil legal obligations
– Is not allowed to enter into contracts with sanctioned persons or entities whose beneficial owners are on sanctions lists
________________________________________
13. Sending commercial communications
Categories of personal data processed
• Name, surname
• Email address
• Content of the commercial communication
________________________________________
Legal basis
• Data subject’s consent
• RADEX’s legitimate interest — applicable when:
– Messages concern similar RADEX goods or services, and
– The data subject has not previously objected to the use of their email address for this purpose
________________________________________
Retention period
• Consent for receiving commercial communications is stored for 5 years from the date the last commercial message was sent
________________________________________
Necessity of processing
• Personal data must be provided if the data subject wishes to receive commercial messages from RADEX but has previously objected to their use for such purposes
• If personal data are not provided, RADEX cannot send commercial communications
________________________________________
14. Administration and maintenance of social network profiles
Categories of personal data processed
• User’s name
• User’s feedback and comments on published posts
• Content of received and sent messages
________________________________________
Legal basis
RADEX’s legitimate interests, such as:
• Informing the public about RADEX activities, events, and services
• Providing information about Radex® brand materials
• Sharing updates about RADEX’s cultural and sports activities
• Advertising job vacancies and attracting new employees
________________________________________
Retention period
• Information obtained through direct communication is processed until the reply is provided
• User comments and feedback remain publicly visible until the user deletes their profile on the respective social network
________________________________________
Necessity of processing
• The obligation to provide personal data arises only if the data subject wishes to receive a personalized answer or consultation
• Otherwise, browsing or interacting with RADEX’s content does not require providing additional personal data
________________________________________
15. Evaluation of IT security incidents and personal data protection breaches; reporting to supervisory authorities and data subjects
Categories of personal data processed
• Name, surname
• Any personal data affected by the IT security incident or data breach
• Nature of the incident or breach
• Factual circumstances and causes
• Workstation monitoring data (if relevant)
• Date and time of the incident
• Number of affected data subjects and categories of data
• Potential consequences for the data subject’s rights and freedoms
• Risk assessment results
• RADEX’s decision whether to notify the supervisory authority and/or affected data subjects
• Content, date, and time of the notification (if applicable)
• Contact information of affected data subjects (email address, postal address)
________________________________________
Legal basis
• Legal obligation, according to:
– GDPR Articles 33 and 34
– Information Technology Security Law, Section 6
• RADEX’s legitimate interests, such as:
– Identifying incident causes
– Taking measures to eliminate the breach
– Reducing adverse consequences
– Demonstrating compliance with data protection requirements
________________________________________
Retention period
• 5 years from the date the incident or personal data breach is detected or occurs
________________________________________
Necessity of processing
• The data subject is generally not required to provide personal data directly to RADEX for this purpose
• Exceptions apply only if:
– The data subject wishes to report an incident involving RADEX
• In all other cases, RADEX receives information from third parties or internal monitoring
• GDPR requires controllers to investigate, assess, and potentially notify data subjects when a breach poses a high risk
• Without processing such data, RADEX cannot meet its legal obligations or respond appropriately to incidents
2.2. Additional note on purposes
The purposes listed in this Policy are indicative.
Personal data may also be processed for other purposes that:
• are closely related to those specified, and
• are necessary for compliance with legal requirements.
2.3. Data scope considerations
The specific scope of personal data processed depends on:
• the nature of the service provided
• the purpose of processing
• requirements set by applicable legal acts governing the service
III. Use of Cookies
3.1.
Cookies are small text files that are created and stored on your device (computer, tablet, mobile phone, etc.) when you visit the RADEX website.
Each subsequent time you visit the site, the cookies are sent back to the originating website or another website that recognizes the cookie.
Cookies “remember” the basic information about your visit to the website, thereby improving the usability and functionality of the website.
Additional information about cookies, as well as how to manage or delete them, can be found at: www.aboutcookies.org.
3.2. RADEX uses cookies to:
• ensure efficient and secure operation of the website and improve it;
• enhance website functionality and accessibility of information;
• obtain statistical information about website visits within specific time periods;
• understand visitor interests related to RADEX services and Radex® brand body repair materials, etc.
3.3. Use of cookies that require consent
All cookies other than essential (technically necessary) ones may be used only with your prior consent.
However, currently the RADEX website uses only essential cookies.
Therefore, RADEX does not obtain consent for cookie usage at this time.
Essential cookies are required for the use of the website and do not require user permission.
3.4. Third parties do not have access to the cookies used on the website.
3.5. Types of cookies used
| Obligātās sīkdatnes (2) – ļauj lietot tīmekļvietnē pieejamos pakalpojumus, piemēram, sīkdatnes autentifikācija, kas ir nepieciešama pakalpojumu autentifikācijai tīmekļvietnes ietvaros. | |||
| Nosaukums | Avots | Termiņš | Mērķis |
| _consent_given | radex-auto.com/ radex-veikals.lv/ b2b.radex-auto.com/ | 7 dienas | Sīkdatne nodrošina sīkdatņu moduļa darbību |
| _consent_types | radex-auto.com/ radex-veikals.lv/ b2b.radex-auto.com/ | 7 dienas | Sīkdatne nodrošina sīkdatņu moduļa darbību Sīkdatne nodrošina sīkdatņu moduļa darbību |
| _consent_yt | radex-auto.com/ radex-veikals.lv/ b2b.radex-auto.com/ | 7 dienas | Sīkdatne nodrošina sīkdatņu moduļa darbību |
| cookiewp_hide | radex-auto.com/ radex-veikals.lv/ b2b.radex-auto.com/ | 7 dienas | Sīkdatne nodrošina sīkdatņu moduļa darbību |
| PHPSESSID | radex-auto.com/ radex-veikals.lv/ b2b.radex-auto.com/ | Sesija | Sesijas identifikators, ko ģenerē PHP serveris, lai izsekotu lietotāja sesiju tīmekļa vietnē |
IV. Categories of Personal Data Recipients
4.1.
To provide services adapted to your needs, ensure RADEX’s business operations, protect the rights of RADEX, employees, and third parties, and to achieve the purposes of personal data processing, your personal data may be disclosed to the following third parties:
• State administration institutions
(e.g., Data State Inspectorate, Consumer Rights Protection Centre)
— when a complaint is received regarding RADEX’s actions or possible violations of legal requirements.
• Law-enforcement institutions
— in cases specified by law, e.g., for investigation and detection of criminal offences or administrative violations.
• Providers of legal services
— for the provision of legal assistance.
• Courts
— if it is necessary to file a claim or if legal proceedings have been initiated, and you are one of the parties involved.
• Debt recovery service providers & sworn bailiffs
— in cases where debt exists.
• RADEX outsourced service providers and data processors
— who provide services necessary for RADEX’s commercial activity or who process personal data on behalf of RADEX to achieve processing purposes.
4.2. The above list is indicative.
Personal data may also be provided to other recipients if necessary for compliance with legal obligations.
• RADEX may obtain personal data from other sources when legally required.
4.3. Data processors engaged by RADEX:
– act only on RADEX’s instructions,
– may not use data for other purposes,
– may not disclose data to third parties without RADEX’s permission.
Data processors may include:
• database software providers;
• database administration service providers;
• website, data center, and cloud service providers;
• similar technical service providers.
VI. Data Minimization
RADEX provides only the minimum amount of data needed for each specific task.
Obligation of Processors
Processors must ensure:
• confidentiality,
• proper security measures,
• irreversible deletion of personal data after completing RADEX’s tasks or when cooperation ends.
V. Transfer of Personal Data to Third Countries or International Organisations
5.1. Transfer to third countries
RADEX transfers personal data only in relation to cookies used by third parties (Google) on the RADEX website.
Personal data may be transferred to the United States, based on the:
• European Commission Standard Contractual Clauses (SCCs) adopted on 4 June 2021.
5.2. Automated decision-making
RADEX does NOT perform automated decision-making.
VI. Data Subject Rights
6.1.
RADEX is transparent in its personal data processing practices and aims to promote understanding of all processing-related aspects.
Therefore, RADEX ensures the exercise of your data subject rights and provides a reasonable and user-friendly approach for doing so.
The scope and procedures for exercising your rights depend on the specific processing activity and the personal data involved.
________________________________________
1. Right of Access
(Access to your personal data and obtaining a copy)
You may request confirmation from RADEX regarding:
• whether your personal data are being processed;
• which data are processed;
• for what purpose;
• information about recipients, storage periods, and other relevant processing details.
You may also request a copy of your personal data.
How to submit a request:
You must send your request:
1. By email:
— Signed with a secure electronic signature and sent to: [email protected]
2. By mail:
— With your handwritten signature, complying with the requirements of document legal force, sent to:
“Lielcirši”, Vētras, Mārupes pagasts, Mārupes novads, LV-2167
3. In person:
— At RADEX’s office (address above).
— You will be asked to present an identity document.
If requesting video surveillance footage:
Your request must include:
• date
• time
• your appearance description
• a photo (if needed for identification)
You must also specify how you wish to receive the video recording.
________________________________________
2. Right to Rectification
If your personal data processed by RADEX are inaccurate or have changed, you may request rectification.
How to rectify:
• For email address or phone number:
Send a request to: [email protected]
• For name, surname, personal ID number, address (when processed for contract performance):
Submit a request following the same procedure as for the Right of Access.
________________________________________
3. Right to Erasure (“Right to be Forgotten”)
You may request deletion of your personal data if:
• Data are processed unlawfully
• You withdraw consent, and there is no other legal basis
• You object to participating in loyalty programs, contests, or recruitment
• Data are no longer necessary for the purpose
• Laws require deletion
Exceptions — when RADEX cannot delete your data:
RADEX cannot delete your data if:
• Data processing is required by law
• Data are necessary for RADEX’s legitimate interests in state institutions or courts
• Other legal grounds prevent deletion
Requests must follow the same procedure as for the Right of Access.
________________________________________
4. Right to Restrict Processing
You can request RADEX to restrict your personal data processing (only storage will continue) if:
• Data are processed unlawfully
• You contest accuracy
• You object to processing based on RADEX’s legitimate interests
• Data should be deleted, but you need them to establish, exercise, or defend legal claims
While processing is restricted:
• RADEX may process data only with your consent or legitimate interest if needed for claims or defence
• RADEX cannot provide full services
• Contractual obligations may be limited
Before lifting the restriction, RADEX will notify you.
Requests must follow the same procedure as the Right of Access.
________________________________________
5. Right to Data Portability
If you applied electronically for a recruitment process, you may request your submitted personal data within 6 months after the process ends.
Request procedure is the same as for the Right of Access.
________________________________________
6. Right to Object
You may object to processing based on RADEX’s legitimate interests.
Examples:
• Recruitment purposes:
You may:
• not send your application, or
• withdraw it by notifying RADEX at [email protected].
In such cases, RADEX cannot and will not evaluate your candidacy.
• Video surveillance:
You may avoid visiting RADEX premises and instead use:
• email,
• phone,
• postal services
to resolve your queries.
________________________________________
7. Right to Withdraw Consent
If your data are processed based on consent, you may withdraw it at any time.
Examples:
• To withdraw consent for reference checks:
Email: [email protected]
• To withdraw consent for cookies:
Delete cookies in your browser.
Information: www.aboutcookies.org
RADEX may store proof of consent longer if needed to defend against claims.
________________________________________
8. Right to Lodge a Complaint
If you believe RADEX processes your data unlawfully:
1. RADEX encourages you to first contact RADEX directly to resolve the issue.
2. If the matter is not resolved, you may submit a complaint to the Data State Inspectorate:
Datu valsts inspekcija
Elijas iela 17, LV-1050 Rīga, Latvia
Email: [email protected]
6.2. Limitations of Access Requests
RADEX may limit free copies of personal data if:
• the request is unfounded, or
• repeated requests are made for the same data.
Access may also be restricted to protect the rights and freedoms of others.
6.3. Identity Verification
To prevent unlawful disclosure, RADEX must verify your identity.
You may be asked to show:
• an identity document,
• or authorization if acting on behalf of another person.
If you cannot verify identity or representation, RADEX will refuse the request.
6.4. Response Time
RADEX will respond:
• without delay, and
• no later than one month after receiving your request and completing identity verification.
6.5. Form of Response
If your request was submitted electronically, RADEX will usually respond electronically, unless:
• impracticable due to large volume, or
• you request a different method.
6.6. Refusal of a Request
If RADEX must refuse your request due to legal grounds, RADEX will provide a written explanation.
VII. Personal Data Security
7.1.
RADEX uses various security-enhancing technologies and procedures to protect your personal data from:
• unlawful access,
• unlawful use,
• unlawful disclosure.
Personal data are accessible only to those persons who need such access to perform their job duties and only to the extent necessary.
All persons who have access to personal data:
• have signed confidentiality agreements,
• have been informed of data protection rules,
• receive regular training.
7.2. RADEX service providers
RADEX carefully selects service providers and requires them to use appropriate measures to ensure:
• confidentiality of your data,
• protection of your personal information.
However, data transmission over the internet or mobile networks can never be fully guaranteed as secure.
Therefore, before sending any information to RADEX electronically, you must assess the risks related to confidentiality and accept them if you choose to communicate in those ways.
VIII. Personal Data Storage
8.1. General rule
RADEX stores personal data no longer than necessary for achieving the purpose for which the data are processed, in accordance with RADEX’s official file retention schedule.
8.2. Criteria for determining storage periods
When determining storage periods, RADEX considers whether:
1. A legal obligation specifies or implies a storage duration under Latvian or EU law.
2. The data must be retained for a period that ensures
RADEX’s or third parties’ legitimate interests, including protection of legal claims.
3. Consent has been withdrawn and no other legal basis exists;
however, data may still be retained to
demonstrate lawful conduct or fulfil RADEX’s obligations.
4. The purpose of data processing has been achieved.
8.3. Special regulations
When selling or producing Radex® brand and other car body repair materials, RADEX complies with sector-specific regulations requiring certain data to be stored for defined periods.
If detailed information is needed, RADEX can be contacted using the details provided in Section I of this Policy.
8.4. Deletion of data
After the storage period expires, personal data will be irreversibly deleted, unless a legal obligation requires continued storage.
8.5. Extended storage
Personal data may be stored for a longer period only if:
1. It is necessary for RADEX to protect its rights related to claims, complaints, or demands.
2. There are reasonable suspicions of unlawful actions requiring investigation.
3. Data are needed to properly review a dispute or complaint.