Privacy policy

PRIVACY POLICY

Effective from: [01/12/2025]
Last updated: [19/12/2025]

This Privacy Policy explains how SIA “BRUNERA” (“we”, “us”, “our”) processes personal data when you visit and use our website www.touchseen.eu, make purchases, create an account, or contact us.

  1. Data Controller and Contact Details

Data Controller: SIA BRUNERA, Reg. No. 40203399392
Registered address: Jūrkalnes iela 48A, Riga, LV-1029, Latvia
Email: info@touchseen.eu

  1. When We Collect Your Data

We may process your personal data when you:

  • visit our website (e.g., IP address, cookies);
  • create a user account;
  • place an order and make a payment;
  • request delivery or receive goods;
  • contact customer support (email, message, phone call);
  • consent to marketing communications (if offered).
  1. Categories of Personal Data We Process

Depending on the services you use, we may process:

  • Identification and contact details: first name, last name, email address, phone number;
  • Account data: username, technical data related to passwords (passwords are not stored in plain text), account settings;
  • Order data: order contents, amount, delivery method, invoice details, correspondence regarding the order;
  • Delivery data: address, recipient, parcel locker/courier details;
  • Payment information: payment status, transaction identifiers (payment card details are generally processed by the payment service provider);
  • Communication data: your messages, requests, support correspondence;
  • Technical data: IP address, device/browser data, cookie identifiers, website usage statistics (if used).
  1. Purposes and Legal Bases for Processing

We process personal data for the following purposes:

4.1. Account Creation and Management

Purpose: to create and administer an account, provide authentication, order history, and profile settings.
Legal basis: performance of a contract or steps prior to entering into a contract (GDPR Art. 6(1)(b)).

4.2. Order Processing, Payment and Delivery

Purpose: to process orders, issue invoices, ensure delivery, communicate about the order, handle returns/warranty (if applicable).
Legal basis: performance of a contract (GDPR Art. 6(1)(b)).

4.3. Accounting and Compliance with Legal Obligations

Purpose: accounting records, meeting tax and bookkeeping requirements, document retention.
Legal basis: compliance with a legal obligation (GDPR Art. 6(1)(c)).

4.4. Customer Support and Communication

Purpose: to respond to questions, resolve issues, and provide service.
Legal basis: performance of a contract (GDPR Art. 6(1)(b)) or legitimate interests in providing customer support (GDPR Art. 6(1)(f)).

4.5. Website Security, Fraud Prevention and System Maintenance

Purpose: to protect the website, prevent malicious activity, maintain IT security, and create backups.
Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

4.6. Marketing Communications (Where Consent Has Been Given)

Purpose: to send news, offers, and informational materials.
Legal basis: consent (GDPR Art. 6(1)(a)) or legitimate interests in certain cases where permitted and justified.
You may withdraw your consent at any time (e.g., by using the unsubscribe link in emails).

  1. Who We May Share Your Data With (Recipients and Processors)

We share personal data only to the extent necessary with the following categories of recipients:

  • Payment service providers: Montonio
  • Delivery service providers / couriers / parcel lockers: Omniva / DPD / Latvijas Pasts / Venipak / or another provider selected at checkout
  • Hosting and IT maintenance providers: FastComet
  • Accounting data: not shared with third parties
  • Email/communication tools: provided via the company’s email system
  • Public authorities: where required to comply with legal obligations

We select partners that provide appropriate data protection safeguards and, where required, enter into data processing agreements.

  1. Transfers Outside the EEA

At present, personal data is not transferred or processed outside the European Economic Area (EEA).

If services outside the EEA are used in the future, this Privacy Policy will be updated accordingly.

  1. Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes and comply with legal requirements:

  • Order and accounting documents (invoices, payment and bookkeeping records): retained for the periods required under the Latvian Accounting Law.
  • Account data: for as long as the account is active; after deletion, only as long as necessary to comply with legal obligations (e.g., accounting) or to defend legal claims.
  • Customer support correspondence: generally for [1–3] years after the issue is resolved, unless a dispute or other need requires longer retention.
  1. Your Rights

You have the right to:

  • access your personal data and receive a copy;
  • rectify inaccurate data;
  • in certain cases, have data erased (“right to be forgotten”);
  • restrict processing;
  • object to processing (especially where based on legitimate interests);
  • receive your data in a structured, commonly used format and transmit it to another controller (data portability);
  • withdraw consent (where processing is based on consent), without affecting the lawfulness of processing prior to withdrawal.

To exercise your rights, please email: info@touchseen.eu.

You also have the right to lodge a complaint with the supervisory authority: Data State Inspectorate of Latvia (DVI).

  1. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access (e.g., access controls, encryption, updates, backups).

  1. Cookies

We use cookies to ensure the core functionality and security of the website and to improve user experience.

10.1. Essential Cookies

Essential cookies enable core website functions such as user sessions, secure login, shopping cart functionality, and protection against malicious activity.
These cookies are stored automatically and do not require user consent because they are necessary for the website to function in accordance with GDPR and ePrivacy requirements.

10.2. Analytics Cookies

We use analytics cookies (Google Analytics) to obtain aggregated information about website usage (e.g., number of visitors, pages visited, devices used) and to improve website performance and content.

Analytics cookies are activated only after you provide consent.
Without consent, Google Analytics data is not collected and the relevant cookies are not loaded.

10.3. Consent and Withdrawal

You can give, change, or withdraw your consent for analytics cookies at any time by opening the cookie settings on the website.

  1. Children’s Data

Our services are not intended for children without the supervision of parents/legal guardians. If you believe that a child has provided us with data without an appropriate legal basis, please contact us.

  1. Changes to This Privacy Policy

We may update this policy from time to time. The current version is always available on our website. In the event of significant changes, we may also notify you separately.

  1. Contact

If you have questions about the processing of personal data, please contact us at: info@touchseen.eu.