Baltic’s largest authorised luxury retailer
Dimax

Privacy Policy

1. General Provisions
1.1. This Privacy Policy describes how SIA DIMAXI (hereinafter also referred to as the “Data Controller”) collects, processes, and stores personal data obtained by DIMAX.LV from its clients and individuals visiting the website (hereinafter referred to as the “Data Subject” or “You”).
1.2. Personal data means any information relating to an identified or identifiable natural person, i.e., the Data Subject. Processing means any operation performed on personal data, such as collection, recording, alteration, use, viewing, deletion, or destruction.
1.3. The Data Controller observes the data processing principles established by law and can confirm that personal data are processed in accordance with applicable legislation.

2. Collection, Processing, and Storage of Personal Data
2.1. The Data Controller collects, processes, and stores personally identifiable information primarily through the online store website, email, web-based forms, and other direct communication with you.
2.2. By visiting and using the services provided by the online store, you agree that any information you provide will be used and managed for the purposes specified in this Privacy Policy.
2.3. The Data Subject is responsible for ensuring that the personal data provided are accurate, correct, and complete. Knowingly providing false information constitutes a breach of this Privacy Policy. The Data Subject is obliged to immediately notify the Data Controller of any changes to the submitted personal data.
2.4. The Data Controller shall not be liable for losses incurred by the Data Subject or third parties resulting from the submission of false personal data.

3. Processing of Customer Personal Data
3.1. The Data Controller may process the following personal data:
3.1.1. Name and surname;
3.1.2. Contact information (email address and/or phone number);
3.1.3. Transaction details (purchased goods, delivery address, price, payment information, etc.);
3.1.4. Any other information submitted to us when purchasing goods or services through the website or communicating with us.
3.2. In addition to the above, the Data Controller has the right to verify the accuracy of submitted data using publicly available registers.
3.3. The legal basis for processing personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):
a) the Data Subject has given consent to the processing of their personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the Data Subject is party, or to take steps at the request of the Data Subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the Controller is subject;
f) processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, in particular where the Data Subject is a child.
3.4. The Data Controller stores and processes the Data Subject’s personal data as long as at least one of the following conditions applies:
3.4.1. The personal data are necessary for the purposes for which they were collected;
3.4.2. As long as the Data Controller and/or the Data Subject may pursue their legitimate interests in accordance with applicable laws (e.g., submitting objections, bringing or defending legal claims);
3.4.3. As long as there is a legal obligation to retain data (e.g., under the Accounting Law);
3.4.4. As long as the Data Subject’s consent for the relevant processing remains valid, unless another legal basis for processing exists.
Upon expiry of the above conditions, the storage period for the Data Subject’s personal data ends, and all such personal data are irreversibly deleted from computer systems and electronic and/or paper documents containing such data, or such documents are anonymized.
3.5. To fulfill obligations to you, the Data Controller has the right to transfer your personal data to cooperation partners or data processors who carry out necessary data processing on our behalf (e.g., accountants, courier services). The data processor is the personal data controller. Upon request, we may transfer your personal data to state authorities and law enforcement agencies if necessary to protect our legal interests by preparing, submitting, and defending legal claims.
3.6. In processing and storing personal data, the Data Controller implements organizational and technical measures to ensure protection against accidental or unlawful destruction, alteration, disclosure, or any other unlawful processing.
3.7. A user who uses the website agrees to this Privacy Policy and the rules for the processing of personal data.
3.8. This Privacy Policy confirms the website’s responsibility for the non-disclosure and protection of users’ personal data submitted when creating a user account or purchasing a gift card.
3.9. When making payments by credit card or bank transfer, all operations with card or bank data are carried out through certified service providers, such as VISA and MasterCard. Processing of card and bank data takes place on the respective service provider’s platform, and the final payment confirmation is entered on the bank’s page. The website administration has no access to confidential information entered by the user (card numbers, bank login details). It only receives confirmation of payment.
3.10. During website use, various technical data are automatically collected, including IP address, cookies, browsing history, and others. You may adjust your browser settings to prevent cookies from being stored.
3.11. A user’s personal data may be transferred to authorized institutions of the Republic of Latvia solely in accordance with Latvian law.
3.12. The user agrees that the website administration has the right to transfer the user’s personal data to third parties (e.g., courier services, postal organizations, telecommunications operators) for order fulfillment.
3.13. The user agrees that the website administration has the right to transfer anonymous collected data to third parties to help provide suitable content and advertising, e.g., Google Analytics.
3.14. The website administration reserves the right to amend this Privacy Policy without prior notice to the user.

4. Rights of the Data Subject
4.1. In accordance with the GDPR and Latvian legislation, you have the right to:
4.1.1. Access your personal data, receive information about their processing, and request a copy of your personal data in electronic format, as well as the right to transfer such data to another controller (data portability);
4.1.2. Request the correction of inaccurate, incorrect, or incomplete personal data;
4.1.3. Request the deletion of your personal data (“right to be forgotten”), except where retention is required by law;
4.1.4. Withdraw previously given consent to the processing of personal data;
4.1.5. Restrict the processing of your personal data – the right to request that we temporarily stop processing all of your personal data;
4.1.6. Lodge a complaint with the Data State Inspectorate.
Requests to exercise your rights may be submitted in person at SIA “DIMAXI”, Vaļņu iela 1, Riga, LV-1050, or electronically by email to ask@dimax.lv

5. Final Provisions
5.1. This Privacy Policy has been drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), as well as applicable legislation of the Republic of Latvia and the European Union.
5.2. The Data Controller reserves the right to amend or supplement this Privacy Policy at any time and without prior notice. Amendments shall take effect upon their publication on the website www.dimax.lv.
5.3. The updated Privacy Policy takes effect upon its publication on the website.