Privātuma politika

Privacy Policy

Privacy policy of sh/c Dole

Principal wording of the Policy came into force on:	25 May 2018
Changes made in the Policy came into force on:	1 April 2019
Changes made in the Policy came into force on:	6 September 2023

The purpose of this privacy policy is to provide information to you about what personal data is processed by the companies associated with sh/c DOLE: SIA “Tirdzniecības centrs “Dole”” and “Premier Estates Ltd” (hereinafter referred to as - “the Companies”), processing principles of such personal data, purpose, volume, protection, processing terms, procedure for erasure, as well as the rights available to you in relation to personal data processing performed by us.

This privacy policy shall refer to both, personal data we have obtained right from you, as well as the personal data we have obtained from third parties.

We have the right to use personal data for the purposes described in this privacy policy, as well as other purposes regarding which have informed you at the time of acquisition of personal data.

Who are entitled to process your personal data and to whom your personal data may be transferred?

Any of the Companies, specified in the relevant section of the privacy policy, specifically describing services provided by us or activities performed, may be entitled to process your personal data.

At the same time in certain cases, we are entitled to authorize a third party to process your personal data. Please, consider that we will transfer your personal data to third parties only:

If we have concluded a contract with the receiver of your personal data and have ensured the relevant execution of safety requirements of sending and receipt of personal data;

If we have concluded a contract with the receiver of your personal data and have ensured the relevant execution of safety requirements of sending and receipt of personal data;
If an obligation has been determined for us in legal norms to transfer your personal data to the relevant receiver.

We may transfer your personal data to the following categories of receivers:

personal data processors, who provide certain services to us, described in details in further sections of the privacy policy;
1. the processor shall receive from us only the scope of personal data, necessary for fulfilment of the particular task or provision of certain services;
2. the processor shall process your personal data only on the basis of our instructions and shall not use them for other purposes, as well as shall not transfer your personal data to other persons without our prior consent;

other receivers of personal data, including state and municipal authorities, as well as courts, in order we could ensure the fulfilment of requirements of legal acts binding to use or protect our legal interests.

Personal data are processed only in the territory of EU/EEA and are not transferred outside of the territory of EU/EEA.
Read more details about controllers and processors for our specific services or activities in further sections of the privacy policy.

What we do in order to protect your personal data?
We take care in order to ensure that your personal data are always safe, as well as their processing is performed in accordance with the applicable legal acts and principles.
In order to ensure that only persons authorized for that may have access to personal data, as well as ensure unauthorized disclosure or use of personal data, we use different technologies and procedures providing safety.

When and for what purposes we can process your personal data?
We process your personal data only if we have a legal ground to do so - your consent, our legal interests or personal data are required for conclusion or fulfilment of a contract, or for performance of our duties provided for in legal norms.
If your personal data processing is based on your legal interests, we assess the possible impact on your rights and freedoms and ensure that our legal interests to process your personal data do not adversely affect your rights and freedoms.
Read more details about the legal basis and purposes of your personal data processing in further sections of our privacy policy.

For how long we store your personal data?
We process your personal data only as long as we have a legal basis to do so or as long other provisions binding to us are in force. For example, the period of storage of your personal data may be affected by the following circumstances:

procedure determined by legal acts, according to which we can implement our lawful interests (for example, submit objections or raise a claim to the court);
a legal obligation exists to store personal data for a certain period of time;
as long as your consent for the relevant personal data processing is in force, unless any other legal grounds for processing of your personal data is existing.

When the above-mentioned conditions for your personal data processing cease to exist, your personal are irrevocably erased/destroyed and/or anonymized.

Read more details about the period of storage of your personal data for specific services or activities in further sections of our privacy policy.

What are your rights?

In order to ensure the relevant personal data processing, you have several rights available that you may utilize with regard to your personal data. In order to implement your rights, please, contact with use in the forms specified further on in this privacy policy.

Access to your personal data

You have the right to request information about the personal data processed by us in relation to you.

Right to rectify your personal data

If you consider that the personal data processed by us about you are not correct, complete or relevant, you have the right to request to update or rectify your personal data.

Right to revoke your consent

If we process your personal data on the basis of your consent, you have the right at any time to revoke your consent.

If you wish to revoke your consent with regard to receipt of electronic data about our news, you may perform the activities specified in the received e-mail or contact us.

Right to object or limit processing of personal data

If we process your personal data, on the basis of our legal interests, you have the right to object to the personal data processing performed by us.

When receiving your objections against the personal data processing performed by us, on the basis of our legal interests, we will not process your personal data anymore or will limit their processing, unless we can substantiate your personal data processing with relevant legal interests of ours or our right to protect our legal requirements.

If you consider that we process inaccurate your personal data or the personal data processing performed by us is not legal, you may request to limit the personal data processing performed by us.

Please, take into account that if processing of your personal data is restricted, there is a possibility that we cannot provide all activities available to you, including, you may not receive all benefits we offer.

Right to request to delete your personal data

If you consider that we do not need your personal data anymore for the purposes they were obtained, or you have revoked your consent and in other circumstances you may request to delete your personal data.

Please, take into account that we will be able to delete your personal data only in the events, when we do not have a binding obligation to save your personal data for certain purposes provided by legal acts, as well as if no other legal basis exists to process your personal data.

Right request to transmit your personal data

You have the right to receive your personal data that you have provided and that are processed on the basis of the consent and fulfilment of the contract in the written form or any other most often used electronic formats. If it is technically possible, on the basis of your request, we can transfer your personal data to any other service provider.

Right to submit complaints about the personal data processing performed by us

If you consider that the personal data processing performed by us violates your rights, you may submit a complaint to us at any time. We will review your complaint without delay and provide a reply within the time periods provided for in legal acts.

You have the right to submit a complaint also to the State Data Inspectorate:

by sending your complaint to the following e-mail: [email protected]

or turning in person to the State Data Inspectorate, at Blaumaņa iela 11/13, Riga.

Contact information

If you have any questions about the personal data processing performed by us or you wish to implement your rights, please, contact us in the following forms which regards to activities performed by us:

attiecībā uz mūsu veiktām darbībām:

via e-mail: e-mail: [email protected],
via mail: Maskavas Street 357, Riga, LV-1063.

Validity and availability of the Privacy Policy

This privacy policy is available to you on our website – www.dole.lv

In order to ensure our obligations with regards to personal data processing, we regularly monitor our activities in the area of personal data processing. Therefore, we have the right to unilaterally amend this privacy policy at any time.

Personal data processing for marketing purposes of the sh/c Dole

We perform your personal data processing, in order to perform different marketing activities of our shopping centres, to administer your participation and awarding of prizes for various lotteries and contests organized by us.

Personal data controllers and processors

The following companies, considered as your personal data controllers, perform your personal data processing within the framework of our marketing activities:

Our marketing activities

Contact information of the controller

Marketing activities

Subscription to news of the sh/c

Participation in lotteries

Participation in contests

SIA “Tirdzniecības centrs “Dole””, reg. No.: 40003434873 (sh/c “Dole”)

Contact information:

- Legal address: Maskavas Street 357-2, Riga, LV-1063, Latvia;

- e-mail: e-mail: [email protected]

We may transfer your personal data also to other companies - personal data processors, in order to ensure fulfilment of different services (organization, video recording of our marketing activities, sending of invitations etc.).

We use only trusted partners - personal data processors, with the help of whom the services required for successful organization and course of our activities are provided.

Your personal data may be transferred to the processors of such categories of data:

Event organization agencies;

Photographs or photograph agencies;
Public relations and digital service agencies;
Mailing service providers;
Mobile and e-mail marketing service providers;
Authorities (such as law enforcement authorities, tax administration, supervisory authority and extra-judicial dispute settlement authorities);
Auditors, financial and legal advisers;
Other personal data processors approved by us.

Types of personal data, legal basis and purpose of processing

We always process your personal data only if have a legal basis to do so and only for the certain purpose.

The following legal basis exist for the needs of our marketing activities:

our legal interests - we are interested to provide as much as possible broad and adjusted range of services and experience to you. In certain cases, we have the right to also protect our interests, for example, if you have submitted a complaint against our activities. In such cases we process only such personal data of you, which are directly necessary for provision of such our legal interests;

our obligation provided under legal acts (legal obligation) - in some cases legal acts provide certain obligations to us, for example, to identify a person, to send a report to tax administration authorities etc. In such cases we process only such personal data of you, directly required for fulfilment of these our obligations. Marketing activities organized by us are public events, which may be photographed and/or video recorded.
mūsu tiesību normās paredzētais pienākums (likumīgais pienākums) – dažos gadījumos tiesību normas paredz mums noteiktus pienākumus, piemēram, identificēt personu, nosūtīt atskaiti nodokļus administrējošām iestādēm u.c. Šādos gadījumos mēs apstrādājam tikai tādus Jūsu personas datus, kas tieši nepieciešami šādu mūsu pienākumu izpildei.

You have to aware of that you may be visible if you participate in these events.

If you have attended the marketing activity organized by us together with a child (that is, a person under the age of 18), you have to be aware of the fact that also your child may be photographed and/or video recorded within the framework of marketing activities organized by us.
We have the right to your the personal data of you and your child for different purposes, including, but not limited to, publishing, posting and distribution on social networks, internet sites, advertising clips, on television, in printed media and other publicity materials. Lotteries and/or contests organized by us are public events.

We have the right to use your personal data for different purposes, including, but not limited to, publishing, posting and distribution in social networks, internet sites.

Please, take into account that neither your personal identity number, nor phone number or e-mail address will be published within the framework of lotteries and/or contests organized by us.

Further on you may become acquainted with the legal basis and purpose of your personal data processing:

Our marketing activities
Personal data	Legal basis	Purpose of processing
Personal data included in photographs or filming materials - your appearance, appearance of your child etc.	Lawful interests	Popularization of the shopping centre and products offered by it.
News of shopping center
Personal data	Legal basis	Purpose of processing
Name, contact information (e-mail)	Your consent	To send our shopping center news, current affairs and the offer of stores located in the shopping center.
Lotteries and/or contests organized by us
Personal data	Legal basis	Purpose of processing
Given name, surname	Lawful interests	Identification In order we would be able to identify you as a participant of the lottery or contest.
Given name, surname	Lawful obligation	Identification In order we would be able to identify you as a participant of the lottery or contest. In order we would be able to fulfil our obligations towards tax administration authorities and supervisory authorities of lotteries.
Personal identity number	Lawful interests	Identification In order we would be able to identify you as a participant of the lottery or contest.
Personal identity number	Lawful obligation	Identification In order we would be able to identify you as a participant of the lottery or contest. In order we would be able to fulfil our obligations towards tax administration authorities and supervisory authorities of lotteries.
Contact information (telephone, e-mail)	Lawful interests	In order we could contact we in case of receipt of a prize.

Personal data processing terms
In order to provide marketing activities organized by us, we process your personal data within the following time periods:

Our activity	Type of submission or storage of personal data	Term (for erasure/ destruction)
Marketing activity	Electronic data, Paper format	3 years after the course of event
Jaunumu saņemšana	Electronic data	Tiek glabāti, līdz Jūs atsaucat savu piekrišanu
Jaunumu saņemšana	Paper format	1 gadu pēc iesniegšanas brīža
Lotteries or contests	Electronic data	3 years after the course of the lottery or contest
	Paper format	8 years after the course of the lottery or contest

Personal data processing for security purposes of the shopping centre
CCTV Policy SIA "Tirdzniecības centrs "DOLE""

1. Policy Statement

Here at SIA "Tirdzniecības centrs "DOLE"", a company registered in the Republic of Latvia with registration number 40003434873, we believe that CCTV and other surveillance systems have a legitimate role to play in helping to maintain a safe and secure environment for all our staff and visitors. However, we recognise that this may raise concerns about the effect on individuals and their privacy. This policy is intended to address such concerns. Images recorded by surveillance systems are personal data which must be processed in accordance with data protection laws. We are committed to complying with our legal obligations and ensuring that the legal rights of staff, relating to their personal data, are recognised and respected.
This policy is intended to assist staff in complying with their own legal obligations when working with personal data. In certain circumstances, misuse of information generated by CCTV or other surveillance systems could constitute a criminal offence.
The Data Controller – the entity responsible for determining the means and purposes for processing - is SIA "Tirdzniecības centrs "DOLE"", a company registered in the Republic of Latvia with registration number 40003434873.
Any queries regarding this policy or the processing of personal data as described herein should be addressed to the controller’s Data Protection Representative, who may be reached at [email protected].

2. Definitions

For the purposes of this policy, the following terms have the following meanings:

CCTV: means fixed and domed cameras designed to capture and record images of individuals and property.

Data: is information which is stored electronically, or in certain paper-based filing systems. In respect of CCTV, this generally means video images. It may also include static pictures such as printed screen shots.

Data subjects: means all living individuals about whom we hold personal information as a result of the operation of our CCTV (or other surveillance systems).

Personal data: means data relating to a living individual who can be identified from that data (or other data in our possession). This will include video images of identifiable individuals.

Data controllers: are the people who, or organisations which, determine the manner in which any personal data is processed. They are responsible for establishing practices and policies to ensure compliance with the law. We are the data controller of all personal data used in our business for our own commercial purposes.

Data users: are those of our employees whose work involves processing personal data. This will include those whose duties are to operate CCTV cameras and other surveillance systems to record, monitor, store, retrieve and delete images. Data users must protect the data they handle in accordance with this policy and our Data Protection Policy.

Data processors: are any person or organisation that is not a data user (or other employee of a data controller) that processes data on our behalf and in accordance with our instructions (for example, a supplier which handles data on our behalf).

Processing: is any activity which involves the use of data. It includes obtaining, recording or holding data, or carrying out any operation on the data including organising, amending, retrieving, using, disclosing or destroying it. Processing also includes transferring personal data to third parties.

Surveillance systems: means any devices or systems designed to monitor or record images of individuals or information relating to individuals. The term includes CCTV systems as well as any technology that may be introduced in the future such as automatic number plate recognition (ANPR), body worn cameras, unmanned aerial systems and any other systems that capture information of identifiable individuals or information relating to identifiable individuals.

3. About this Policy

At SIA "Tirdzniecības centrs "DOLE"" (the Controller), we currently use CCTV cameras to view and record individuals on and around our premises. This policy outlines why we use CCTV, how we will use CCTV and how we will process data recorded by CCTV cameras to ensure that we are compliant with data protection law and best practice. This policy also explains how to make a subject access request in respect of personal data created by CCTV .
We recognise that information that we hold about individuals is subject to data protection legislation. The images of individuals recorded by CCTV cameras in the workplace are personal data and therefore subject to the legislation. We are committed to complying with all our legal obligations and seek to comply with best practice suggestions from Datu Valsts inspekcija (DVI), as the data protection supervisory authority in Latvia.
This policy covers all employees, directors, officers, consultants, contractors, freelancers, volunteers, attendees, interns, casual workers, zero hours workers and agency workers and also visiting members of the public.
This policy will be regularly reviewed to ensure that it meets legal requirements, relevant guidance published by the DVI and industry standards.

4. Personnel Responsible

The Data Protection Officer has overall responsibility for ensuring compliance with the relevant legislation and the effective operation of this policy. Day-to-day management responsibility for deciding what information is recorded, how it will be used and to whom it may be disclosed has been delegated to Legal Counsel. Day-to-day operational responsibility for CCTV cameras and the storage of the data recorded is the responsibility of Property Manager.
Responsibility for keeping this policy up to date has been delegated to the Data Protection Officer.

5. Reasons for the Use of CCTV

We currently use CCTV around our sites as outlined below. We believe that such use is necessary for legitimate business purposes, including:

to prevent crime and protect buildings and assets from damage, disruption, vandalism and other crime;
for the personal safety of staff, visitors and other members of the public and to act as a deterrent against crime;
to support law enforcement bodies in the prevention, detection and prosecution of crime;
to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings; and
to assist in the defence of any civil litigation, including employment tribunal proceedings.

This list is not exhaustive and other purposes may be or become relevant.

6. Monitoring

CCTV monitors “DOLE” property, located on Riga, Maskavas Street 357, LV-1063 and owned by SIA "Tirdzniecības centrs "DOLE"". The goods loading area, common use areas, such as halls and corridors available to the general public, as well as the immediate vicinity of the said property are being monitored for the purpose of preventing crime. Tenants of the said property may have their own CCTV systems inside their shops, and in such case the tenants are considered the data controller and are solely responsible for processing any personal data collected by the use of their own CCTV systems
Camera locations are chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring. As far as practically possible, CCTV cameras will not focus on toilets, changing rooms, or other areas where there is a reasonable expectation of privacy.
Surveillance systems will not be used to record sound.
Images are monitored only by authorised personnel.
Staff using surveillance systems will be given appropriate training to ensure they understand and observe the legal requirements related to the processing of relevant data.

7. How we will operate any CCTV

Where CCTV cameras are placed, we will ensure that signs are displayed at the entrance of the surveillance zone to alert individuals that their image may be recorded. Such signs will contain details of the organisation operating the system, the purpose for using the surveillance system and an outline of data subject rights, where to find the CCTV policy and who to contact for further information.
Live feeds from CCTV cameras will only be monitored where this is reasonably necessary, for example to protect health and safety.
We will ensure that live feeds from cameras and recorded images are only viewed by approved members of staff whose role requires them to have access to such data. Recorded images will only be viewed in designated, secure offices.

8. Use of Data Gathered by CCTV

In order to ensure that the rights of individuals recorded by the CCTV system are protected, we will ensure that data gathered from CCTV cameras is stored in a way that maintains its integrity and security. This may include encrypting the data, where it is possible to do so.
SIA "Tirdzniecības centrs "DOLE"" has engaged a security service company Akciju sabiedrība "G4S Latvia", registration number 40103058465, as a data processor to process CCTV data on our behalf, as well as to service and maintain our CCTV We will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.

9. Retention and Erasure of Data gathered by CCTV

Data recorded by the CCTV system will be stored digitally. Data from CCTV cameras will not be retained indefinitely but will be permanently deleted once there is no reason to retain the recorded information. Generally, recorded images will be kept for no longer than twenty one (21) days. We will maintain a comprehensive log of when data is deleted.
9.2 At the end of their useful life, all images stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs will be disposed of as confidential waste. Any still photographs and hard copy prints will be disposed of as confidential waste.

10. Use of Additional Surveillance Systems

Prior to introducing any new surveillance system, including placing a new CCTV camera in any workplace location, we will carefully consider if they are appropriate by carrying out a privacy impact assessment (PIA).
No surveillance cameras will be placed in areas where there is an expectation of privacy unless, in very exceptional circumstances, it is judged by us to be necessary to deal with very serious concerns.

11. Ongoing Review of CCTV Use

We will ensure that ongoing use of existing CCTV cameras on our premises is reviewed periodically to ensure that their sue remains necessary and appropriate, and that any surveillance system is continuing to address the needs that justified its introduction.

12. Requests for Disclosure

We may share data with other group companies and other associated companies or organisations, for example shared services partners, where we consider that this is reasonably necessary for any of the legitimate purposes set out above in paragraph 5.1.
No images from our CCTV cameras will be disclosed to any other third party, without express permission being given by an authorized person of the company. Data will not normally be released unless satisfactory evidence that it is required for legal proceedings or under a court order has been produced.
In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of a crime.
12.4 We will maintain a record of all disclosures of CCTV footage.
No images from CCTV will ever be posted online or disclosed to the media.

13. Subject Access Requests

Data subjects may make a request for disclosure of their personal data and this may include CCTV images (data subject access request).. A data subject access request is subject to the statutory conditions from time to time in place and should be made in writing.
In addition to the data subjects’ right of access to the footage, data subjects may also make a request for erasure, or object to the processing of their personal data.
In order for us to locate the relevant footage, any requests for copies of recorded CCTV images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.
We reserve the right to obscure images of third parties when disclosing CCTV data as part of a subject access request, where we consider it necessary to do so.

14. Complaints

If any member of staff has questions about this policy or any concerns about our use of CCTV, then they should contact the Data Protection Representative: [email protected] in the first instance. Data subjects also have the right to lodge a complaint with the DVI, as the data protection supervisory authority in Latvia, should they deem it necessary to do so.

Privacy Policy

Personal data processing for security purposes of the shopping centre CCTV Policy SIA "Tirdzniecības centrs "DOLE""

Opening Hours

Personal data processing for security purposes of the shopping centre
CCTV Policy SIA "Tirdzniecības centrs "DOLE""