Privacy Policy

1. General Provisions

1.1. This Privacy Policy describes how SIA “DriveDeal”, registration No. 40203598859, registered address: Alekša iela 9–21, Riga, LV-1005, Latvia (hereinafter referred to as the “Data Controller”) collects, processes, and stores personal data that the DriveDeal platform obtains from its clients, partners, and individuals who visit the platform (hereinafter referred to as the “Data Subject” or “You”).

1.2. Personal data is any information relating to an identified or identifiable natural person, i.e., the Data Subject. Processing means any operation performed on personal data, such as collection, recording, modification, use, viewing, deletion, or destruction.

1.3. The Data Controller complies with the data processing principles set out in applicable laws and ensures that personal data is processed in accordance with the applicable legislation of the European Union and the Republic of Latvia.

2. Collection, Processing, and Storage of Personal Data

2.1. Information that identifies individuals is collected, processed, and stored by the Data Controller mainly through the DriveDeal platform, the platform’s website, email, contact forms, and other digital communication channels.

2.2. By visiting and using the services provided on the platform, you agree that any information provided is used and managed in accordance with the purposes specified in this Privacy Policy.

2.3. The Data Subject is responsible for ensuring that the submitted personal data is correct, accurate, and complete. Intentionally providing false information is considered a violation of this Privacy Policy. The Data Subject is obliged to immediately notify the Data Controller of any changes to the submitted personal data.

2.4. The Data Controller is not responsible for damages caused to the Data Subject or third parties if they arise due to the submission of inaccurate personal data.

3. Processing of Users’ Personal Data

3.1. The Data Controller may process the following personal data:
3.1.1. First name and last name
3.1.2. Contact information (email address and/or phone number)
3.1.3. Company information (if the user acts on the platform as a company representative)
3.1.4. Transaction data (service requests, transport orders, delivery addresses, payment information, etc.)
3.1.5. Platform usage data (IP address, browser information, cookies)
3.1.6. Any other information submitted using the platform’s functions or when communicating with us.

3.2. In addition to the above, the Data Controller has the right to verify the accuracy of the submitted data using publicly available registers.

3.3. The legal basis for the processing of personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):

a) the data subject has given consent to the processing of their personal data;
b) processing is necessary for the performance of a contract or for taking steps prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

3.4. The Data Controller stores personal data as long as at least one of the following criteria applies:
3.4.1. personal data is necessary for the purposes for which it was collected;
3.4.2. there is a legal obligation to retain the data (for example, according to accounting regulations);
3.4.3. it is necessary to protect the legitimate interests of the company (for example, in the case of legal claims);
3.4.4. the data subject’s consent remains valid.

After these conditions cease to apply, personal data is deleted or anonymized.

3.5. In order to ensure the operation of the platform, the Data Controller may transfer personal data to cooperation partners or data processors, for example:

• payment service providers
• accounting service providers
• IT service providers
• couriers or logistics partners

Personal data may also be transferred to public authorities if required by law.

3.6. The Data Controller implements organizational and technical security measures to protect personal data against unauthorized access, disclosure, destruction, or alteration.

4. Rights of the Data Subject

In accordance with the GDPR, you have the right to:

4.1.1. access your personal data and receive information about its processing;
4.1.2. request correction of incorrect or incomplete personal data;
4.1.3. request deletion of your personal data (“right to be forgotten”), if it does not conflict with legal requirements;
4.1.4. withdraw consent for data processing;
4.1.5. restrict the processing of data;
4.1.6. submit a complaint to the Data State Inspectorate.

Requests regarding the exercise of your rights can be submitted:

• by post: Alekša iela 9–21, Riga, LV-1005, Latvia
• elektroniski: drivedeal3@gmail.com

5. Final Provisions

5.1. This Privacy Policy has been developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR) and the legal acts of the Republic of Latvia.

5.2. The Data Controller has the right to make changes or additions to this Privacy Policy at any time. The changes take effect after they are published on the platform: https://drivedeal.lv/.