1 General provisions

1.1 This Policy defines the policy of RB Premiere Capital Holding SIA (hereinafter referred to as the Company), as the operator of personal data processing, with regard to the processing and protection of personal data of natural persons (personal data subjects) in accordance with the laws of the Republic of Latvia.
1.2 This Policy applies to data received both before and after the adoption of this Policy.

1.3 This Policy has been prepared to comply with the requirements of the legislation of the Republic of Latvia in the field of processing of personal data, which aims to protect the rights and freedoms of the individual and the citizen when processing personal data, including the protection of the rights to privacy, personal and family secrets, in particular, in order to prevent unauthorised access to, and unauthorised distribution of, the personal data received by the Company.

1.4 This Policy applies to information that the Company obtains about a personal data subject.

1.5 This Policy may be amended if there are changes in the applicable laws of the Republic of Latvia.

1.6 This Policy is an internal document of the Company and is publicly available and published on the website www.yoler.shop.

2. Categories of personal data subjects.

Concept and composition of personal data

2.1 For the purposes of this Policy, personal data shall mean any information relating to a natural person directly or indirectly identified or identifiable as a subject of personal data (hereinafter referred to as the "subject").

2.2 Depending on the personal data subject, the Company may process personal data of the following categories of subjects in order to carry out its activities and obligations
- Personal data of an employee of the Company - information required by the Company in connection with the employment relationship and relating to a specific employee,

- personal data of a person related to the Company or a manager, participant (shareholder) or employee of a legal entity related to the Company - information which the Company needs to be reflected in the Company's performance reporting in accordance with the requirements of applicable law

- personal data of the manager / participant (shareholder) / employee of a legal entity that is a partner, contractor or manager of a legal entity that is a partner, contractor or employee of the Company - the information necessary for the Company to fulfil its obligations under its contractual relationships with its contractors/partners.

-Customer's personal data - information necessary for the Company to fulfill its obligations under contractual relations with the Customer and to comply with the requirements of the legislation of the Russian Federation.

-Customer's personal data provided during registration on the website www.rinkodara.eu, including in cases when the Customer makes orders, as well as provided during the acceptance of orders placed on the said website.

2.3 The subject's consent to the processing of his/her personal data may be given in writing or in an explicit form (implied consent) when the Customer takes actions expressing his/her will to enter into a legal relationship with the Company.

Implied consent is given when subjects fill in questionnaires and/or register on the website www.rinkodara.eu, pay for orders by credit card, make non-cash payments and send requests to the Company.

2.4 The personal data collected and processed by the Company include: personal data (surname, first name, patronymic, date, month, year of birth, etc.); passport data; registration address; residential address; delivery address; information on the subject's means of payment; e-mail address; contact telephone number.

2.5 The Company does not process biometric (information describing the physiological and biological characteristics of an individual by which he or she can be identified) personal data, information on race, ethnicity, political opinions, religious or philosophical beliefs.

3. Basis and purpose of processing personal data

3.1 The Company processes personal data in order to carry out its activities and pursue its legitimate interests and claims. The purposes for which personal data are processed are determined by necessity:

-performing the functions assigned to the Company by the legislation of the Republic of Latvia pursuant to the Law "On Personal Data" and the Law "On Combating Money Laundering and Financing of Terrorism".

-To enter into, execute and terminate civil contracts with natural persons, legal entities, individual entrepreneurs and other parties, to provide services, to execute agreements and contracts, and to fulfil obligations to clients

-to ensure the safety of the Company's employees and customers;

-Implement the laws of the Republic of Latvia on the procedure for handling citizens' complaints

-organise the Company's personnel records, manage the movement of personnel documents, assist with career development, training, employment, various benefits, tax, pension and other legislation;

3.2 The Company may use the Client's personal data for the following purposes

- To comply with the requirements of applicable law;

- to identify the Customer;

- to arrange communication with the Customer;

- to implement security policies;

- to improve the quality of the services provided by the Company.

4. Rights of the personal data subject

4.1 The personal data subject has the right to obtain information relating to the processing of his or her personal data, including: confirmation that the Company processes personal data, the legal bases and purposes of the processing of the personal data, the personal data processing measures applied by the Company, the Company's name and registered office, and the information about the persons (other than the Company's employees) who have access to the personal data, or to whom the personal data may be disclosed on the basis of a contract with the Company or

4.2 The information provided to the Subject about the processing of personal data shall not contain personal data relating to other personal data subjects.

4.3 In accordance with the Personal Data Act, information relating to the processing of the subject's personal data may be provided by the Company to the subject or to the subject's legal representative at the request of the subject or his or her legal representative. The request shall contain the number of the main document certifying the personal data subject or his representative, information on the date of issue of the said document and the authority which issued it, information confirming the personal data subject's participation in a contractual relationship with the Company (number of the contract, date of conclusion of the contract, contractual verbal sign and/or other information), or information confirming in any other way the processing of personal data by the operator, and the signature of the personal data subject or his representative. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Republic of Latvia.

4.4 The personal data subject shall have the right to request the Company to correct his/her personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, unlawfully obtained or not necessary for the stated purpose of the processing of the personal data, as well as to take the measures provided for in the legislation to protect the rights.
5. Conditions for processing personal data

5.1 The term of storage of personal data shall be determined taking into account the purposes of data processing in the Company's information systems, in accordance with the term of validity of the contract and other documents, as established by the laws of the Republic of Latvia and the legislation in force in the Company.

6. Circle of persons allowed to process personal data

6.1 In order to implement the purposes of this Policy, the processing of personal data shall only be permitted to employees of the Company who have been entrusted with such a duty by virtue of their official (work) duties. Other employees may be granted access only in cases provided for by law.

6.2 Employees of the Company who violate the provisions of this Policy shall be liable in accordance with the applicable laws of the Republic of Latvia.

7. Methods of processing personal data

7.1 The personal data of the user shall be treated as confidential, unless the user voluntarily provides information about himself/herself for general access by an unlimited number of persons. In this case, the user consents to the public availability of certain parts of his/her personal information.

7.2 The Company uses automated processing of personal data by means of computer equipment and non-automated processing of personal data by means of paper-based document flow in the course of the provision of its services, internal business activities and in other specified cases. The automated system shall provide protection against unauthorised access and shall allow for the identification, recording and storage of data for a specified period of time during the processing of personal data.

7.3 The Company guarantees legal, organisational and technical measures to protect personal data against unauthorised or accidental access, destruction, alteration, blocking, copying, dissemination, as well as against any other unauthorised actions of third parties. The exchange of personal data in the course of their processing in the Company's automated system shall be carried out through communication channels protected by technical information security measures.

7.4 The security of personal data during their processing in the information systems of the Organisation shall be ensured by the information security system, which includes: organisational measures, such as restriction of physical access to the premises, application of software and technical security measures, measures for prevention of unauthorised access, and the application of software and technical effects on the technical means of processing personal data.

7.5 Information on the personal data protection requirements implemented by the Company:

- Local regulations and other documents adopted,

- Security regime in place for the processing and handling of personal data, as well as the security regime for the premises where personal data media are processed and stored

- Designation of persons responsible for the organisation and security of the processing of personal data

- The range of persons authorised to process personal data has been defined, and instructions have been drawn up for users on the protection of personal data, anti-virus protection, and handling of crisis situations

- the requirements for staff and the degree of responsibility of staff for ensuring the security of personal data,

- Employees involved in the processing of personal data have been familiarised with the provisions of the legislation of the Republic of Latvia on personal data security and the requirements for the protection of personal data, the documents setting out the Company's policy on personal data processing, and local legislation on personal data processing

- necessary and sufficient technical measures have been taken to protect personal data against accidental or unauthorised access, destruction, alteration, blocking of access and other unauthorised acts

- An access limitation system is in place,

- Protection against unauthorised access to automated workstations, information networks and personal databases

- Protection against malware and mathematical interference,

- Regular backups of information and databases.

8. Feedback. Questions and suggestions

8.1 Any questions about breaches of this Policy by the Company should be directed to

- Matīsa iela 61A - 20, Riga, LV-1009, Latvia;

- E-mail: pardavimai@rinkodara.eu