v1
2020-06-19
Download

Event privacy policy

We care about your privacy

Your trust is important to us. Our aim is that you feel safe when you share your personal data with us. Personal data is any information that can be used to identify an individual.

We take appropriate measures to ensure that your personal data always is safe with us and that the processing of your personal data is compliant with present data protection laws, our internal policies, guidelines and routines. We have also assigned a Data protection officer whose task is to monitor that we follow these laws, guidelines and routines.

It is important for us to be transparent with how we handle your personal data. In this information text, we therefore describe how and where we process personal data in the context of our event management and representation of events in various channels.

Processing data of minors

  • Only legal guardians or other persons who have obtained the permission of minor’s legal guardian may enter the minor to participate in our events.
  • Please note that if you attend our events with a minor, you understand that the child’s data and image may also be reflected in the event materials
  • If you are a minor and visit our public events independently, you are obliged to inform about it your legal guardians.
Which categories of personal data do we collect and why
Management of events

We process your personal data in order to ensure proper management of events organized by us or our engaged service providers. For this purpose we only process minimum personal data that is necessary for each specific event. The type and nature of the event dictates the type of data we collect. For example, events, that require registration in advance, may dictate our need to collect identity information, contact details or other personal data.

Please be aware that in the scope of event management we may use your provided contact information to communicate with you regarding the event, including, in order to get feedback, to send link where you can find event photos.

It is your free choice to decide whether you want to participate in our events or not.

Categories of personal data

Legal basis

Retention period
  • Identity information, e.g., name, surname, customer ID etc.
  • Contact details, e.g., email, phone number etc.
  • Feedback data
  • Other data necessary to manage specific event.
Our legitimate interest to ensure management of events Up to 1 year after the event occurred
(see “For how long are my personal data stored”)
Reflecting the event in internal and external communication channels

We process your personal data in order to reflect our organized events or events where we participated on our internal communication channels (e.g. intranet, internal periodicals, bulletin boards, etc.) as well as external communication channels (e.g. social networks, our website, news portals, TV reports, etc.) by creating different articles, materials to promote “Rimi” brand.

Please be aware that during events photography and /or filming takes place and this material may be included in internal and external communication materials.

Categories of personal data

Legal basis

Retention period
  • Identity information, e.g., name, surname, customer ID etc.
  • Audio-visual material, e.g., photo, video, audio file etc.
  • Editorial content, e.g., interviews, articles etc.
  • Feedback data
  • Other data necessary to reflect specific event.
Our legitimate interest to promote our brand recognition and reflect events that have taken place (or that we took part in)

Up to 3 years after the event occurred (see “For how long are my personal data stored”)

Retention of culture-bearing materials with historical value

We may to continue to process your data after the main purposes are achieved in order to retain information that may be contained in material produced within the framework of our company’s operations and which is deemed to be of interest for documentation of our company’s history, e.g. key moments from opening of our first store in particular city, joining particular business association etc.

Categories of personal data

Legal basis

Retention period
  • Identity information, e.g., name, surname, customer ID etc.
  • Audio-visual material, e.g., photo, video, audio file etc.
  • Editorial content, e.g., interviews, articles etc.
  • Other data necessary for the purpose.
Our legitimate interest to retain materials of our company’s history

Unlimited

From which sources do we collect personal data?
Yourself

We collect personal data that you have provided to us directly or indirectly, for example, when you register for an event, agree to participate in event or actually participate in event.

Publicly available sources

If we would like to invite you to an event, we may contact you by using contact details you have made public (e.g. through social networks).

Other sources

Occasionally we obtain your personal data from our cooperation partners, if the event is organized within the frameworks of the cooperation with our business partner.
We might obtain your data by participating in the same event, organized by a third party.

Sharing of personal data
Service providers

We might share your personal data with companies that provide services to us, such as:

  • event organization services;
  • photography / video services;
  • data hosting services;
  • information system development and maintenance services;
  • marketing and public relations services.

These companies can only process your personal data according to our instructions and not use them for other purposes. They are also required by law and our cooperation agreement to protect your personal data.

Group companies

We may share your personal data with relevant Rimi Baltic group companies if a specific event is organized jointly or we would like that you participate in the event organized by other Rimi Baltic group company. We may also share your personal data via our internal communication channels (such as meetings, intranet, or internal publications) to reflect events that have occurred.

Law enforcement authorities, state and local government institutions

To fulfill our legal obligation we may transfer your personal data to law enforcement authorities, state and local government institutions upon their request. We may also transfer your personal data to law enforcement authorities, state and local government institutions in order to meet our legitimate interest in establishing, claiming and defending legal claims.

Public

We might publish information about carried out event (or event where we took part), including about your participation in event, photo of event etc., in internal and external communication channels. In most of the cases it will be only photos or video material from the event where you also can be seen.

Where do we process your personal data?

We always aim to process your personal data within EU/EEA. In certain cases, your personal data may be disclosed or processed in a country outside the EU / EEA. Uploading information to social networks (in particular, Facebook, Instagram, LinkedIn or Youtube) will result (either directly or indirectly) in transferring your personal data to third countries, primarily the USA. All the recipients of the personal data, that are corporations established in the USA, are certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and ensure an adequate level of protection.

For how long are my personal data stored?

Data collected for the purpose of event management (e.g., registration data, event attendance data) will be stored for up to 1 year from the date event occurred. After this time, the data will be destroyed or anonymized in such a way that it cannot be linked to you.

Data used for reflecting the event in internal and external communication channels (e.g., event photos, videos, articles) will be retained for up to 3 years after the event occurred. After which data will be deleted, except culture bearing materials with historical value that will be retained for unlimited time period.

Publications in internal and external communication channels will be public for up to 2 (two) years from their publication.

Your rights

Data protection laws grant you a number of rights with regards to the processing of your personal data. If you want to use the rights indicated below, you should provide as accurate information as possible about the event that you participated in (e.g. name of the event, date, etc.) as well as provide self-identifying information so that we can identify you and recognize it in the event materials.

Access to personal data

You are entitled to request a confirmation from us if we process personal data relating to you and/or a person under your legal guardianship, and in such cases request access to the personal data we are processing about you and/or a person under your legal guardianship. To carry out the mentioned right, please, provide a written request to us or our Data protection officer.

Rectification of personal data

Furthermore, if you believe that information about you and/or a person under your legal guardianship is incorrect or incomplete, you have the right to ask us to correct it. To carry out the mentioned right, please, provide a written request to us or our Data protection officer.

Objection to processing based on legitimate interests

You are entitled to object to the processing of your personal data based on our legitimate interests. However, we will continue to process your personal data and/or personal data of a person under your legal guardianship even if you have objected to it, if we have compelling motivated reasons for continuing to process the data. To carry out the mentioned right, please, address the representative of event organizer at the event venue, or provide a written request to us or our Data protection officer.

Erasure

Under certain circumstances, you have the right to ask us to delete your personal data and/or personal data of a person under your legal guardianship. However, this does not apply if we are required by law to keep the data. To carry out the mentioned right, please, provide a written request to us or our Data protection officer.

Restriction of processing

Under certain circumstances, you are also entitled to restrict the processing of your personal data and/or personal data of a person under your legal guardianship. To carry out the mentioned right, please, provide a written request to us or our Data protection officer.

Who do i contact if i have any questions?

If you have any questions about the processing of your personal data, please feel free to contact us.

If you are not satisfied with the response you received, you are entitled to file a complaint with the Data Inspectorate.

Contact details of the company in charge of handling your personal data

SIA Rimi Baltic, reg. No. 40003592957,
Legal address: 161 A. Deglava iela, Riga, Latvia, LV 1021

Phone number: +371 67045409
Email: info.lv@rimibaltic.com

Contact details of customer service

Phone number: + 371 80000180
Email: info.lv@rimibaltic.com

Contact details of the Data protection officer

Email: RimiDPO@rimibaltic.com
You can also contact our Data protection officer by sending a letter to us at the above mentioned address and addressing it to the Data protection officer.