We use cookies 🍪
We use cookies to ensure the website works properly and, with your consent, to analyse traffic and show personalised ads (Google Analytics / Meta Pixel). Read more in our Privacy Policy.
All
Cart0 item(s) - 0.00€ 0

  • Your shopping cart is empty!

PRIVACY POLICY

 

Last updated: 12.01.2026

1. General provisions

1.1. This Privacy Policy describes how SIA Mr.Hansen, registration No. 40203180247, legal address: Riga, Vecā Buļļu iela 10 - 43, LV-1055, Latvia (hereinafter also – the “Data Controller”) obtains, processes and stores personal data that the website mrhansenworkshop.lv obtains from its customers and persons visiting the website (hereinafter – the “Data Subject” or “You”).

1.2. Personal data is any information relating to an identified or identifiable natural person, i.e., the Data Subject. Processing is any operation performed on personal data, such as obtaining, recording, modifying, using, viewing, deleting or destroying.

1.3. The Data Controller complies with the data processing principles provided by law and is able to confirm that personal data is processed in accordance with applicable legislation.

2. Obtaining, processing and storage of personal data

2.1. The Data Controller obtains, processes and stores personally identifiable information primarily through the website mrhansenworkshop.lv, email, and communication by phone/WhatsApp.

2.2. By visiting and using the services provided on the website, you agree that any information provided is used and managed in accordance with the purposes set out in this Privacy Policy.

2.3. The Data Subject is responsible for ensuring that the personal data submitted is correct, accurate and complete. Providing knowingly false information is considered a violation of this Privacy Policy. The Data Subject must immediately notify the Data Controller of any changes to the personal data submitted.

2.4. The Data Controller is not liable for any losses incurred by the Data Subject or third parties if such losses arise due to false personal data submitted.

3. Processing of customers’ personal data

3.1. The Data Controller may process the following personal data:

  • 3.1.1. Name and surname (or name only if surname is not provided).
  • 3.1.2. Contact details (email address and/or phone number).
  • 3.1.3. Transaction data (selected service, amount, order status, payment information/identifiers).
  • 3.1.4. Invoice data (if required for issuing an invoice – e.g., name/surname or company details, address, etc.).
  • 3.1.5. Communication data (message content, communication history with the customer, incl. WhatsApp and email).
  • 3.1.6. Technical data (IP address, browser/device data, cookie identifiers, website usage actions – for analytics and marketing where permitted by consent).

3.2. In addition to the above, the Data Controller may have the right to verify the accuracy of the submitted data using publicly available registers, where necessary for legitimate interests or compliance with legal obligations.

3.3. The legal basis for processing personal data is Article 6(1) of the General Data Protection Regulation (GDPR), points a), b), c) and f):

  • a) the Data Subject has given consent to the processing of personal data for one or more specific purposes (e.g., analytics/marketing cookies);
  • b) processing is necessary for the performance of a contract to which the Data Subject is party, or in order to take steps at the request of the Data Subject prior to entering into a contract (e.g., order processing);
  • c) processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., accounting);
  • f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (e.g., website security, dispute resolution, fraud prevention), except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.

3.4. The Data Controller stores and processes the personal data of the Data Subject as long as at least one of the following criteria applies:

  • 3.4.1. the personal data is necessary for the purposes for which it was collected;
  • 3.4.2. as long as the Data Controller and/or the Data Subject can exercise their legitimate interests in accordance with applicable law (e.g., to submit objections or bring/defend legal claims);
  • 3.4.3. as long as there is a legal obligation to retain the data (e.g., under accounting regulations);
  • 3.4.4. as long as the Data Subject’s consent is valid for the relevant processing, if no other lawful basis applies.

Upon expiry of the circumstances referred to in this section, the retention period ends and the relevant personal data is deleted or anonymised.

3.5. In order to fulfil our obligations towards you, the Data Controller is entitled to transfer your personal data to cooperation partners and data processors who perform the necessary data processing on our behalf, for example, accounting service providers, IT maintenance/hosting providers, etc.

Payment processing is ensured by the payment platform makecommerce.lv; therefore, our company transfers the personal data necessary for executing payments to the owner of the platform, Maksekeskus AS.

Upon request, we may provide your personal data to state authorities and law enforcement agencies in order to protect our legal interests where necessary.

3.6. When processing and storing personal data, the Data Controller implements organisational and technical measures to protect personal data against accidental or unlawful destruction, alteration, disclosure and any other unlawful processing.

4. Rights of the Data Subject

4.1. In accordance with the GDPR and Latvian law, you have the right to:

  • 4.1.1. access your personal data, receive information about its processing, request a copy of your personal data in electronic form, and request data portability;
  • 4.1.2. request correction of incorrect, inaccurate or incomplete personal data;
  • 4.1.3. delete your personal data (“right to be forgotten”), except where the law requires retention;
  • 4.1.4. withdraw your previously given consent to personal data processing;
  • 4.1.5. restrict processing of your data in certain cases;
  • 4.1.6. submit a complaint to the Latvian Data State Inspectorate.

You may submit a request to exercise your rights in person at Senču iela 2a, Vidzemes priekšpilsēta, Riga, LV-1012, Latvia, or electronically by emailing info@mrhansenworkshop.lv.

5. Final provisions

5.1. This Privacy Policy is drafted in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) and the applicable laws of the Republic of Latvia and the European Union.

5.2. The Data Controller has the right to make changes or additions to this Privacy Policy at any time without prior notice. Amendments take effect upon publication on the website mrhansenworkshop.lv.