Privacy policy

Privacy policy

Last updated: 29.09.2021.

1. General terms and conditions

We, TSC Authorized Service Centre, Latvia (Rēzeknes iela 5a Riga, LV-1073, Latvia), phone +371 67 808 808, info@tsc.lv, www.tsc.lv, with branches in Estonia (Pärnu mnt 139c, Tallinna linn, Harju maakond, 11313), phone +372 6405074, https://www.etsc.ee, and in Lithuania (Šeimyniškių 5a, 09312 Vilnius, Lithuania), phone +370 5 219 59332, info@ltsc.lt, www. https://www.ltsc.lt/) (hereinafter - We) continuously provide our Customers with new Services that meet modern standards. We value not only the convenience and possibilities of the Customers which are provided by the Services we offer, but also the protection of the Customers' Privacy. We invest resources to make our Customers feel safe, and in our daily operations ensure that the Customers' data is protected

The purpose of this Privacy Policy is to provide information about the protection of the Customers’ privacy that We provide, to explain how We protect the Customers’ personal data, and to help the Customers understand how the Customers’ personal data is processed, as well as Our and Customer rights and responsibilities.

When processing personal data, We comply with the laws and regulations in force in the country and the binding instructions and regulations issued by the responsible authorities, as well as the laws and regulations of the European Union, including but not limited to data processing, fair commercial practice and consumer protection, We also follow the development of examples of best practice.

This Privacy Policy applies to the relationship between Us and the Customer, including any existing Customer, buyer, or any other person who uses or has expressed a desire to use any of Our Services, or who addresses Us with any request or claim, submits any type of document, visits Our website or Customer Service Centres and outlets, or Our other facilities or events organized by Us, or contacts Us by means of distance communication, including mail, e-mail or telephone (hereinafter all together referred to as the Customer).

This Privacy Policy does not apply to data processing activities performed by other merchants, including if the Customer visits another merchant's website or uses another merchant's services and accesses such website or service through Our communication channels, including the website. In such cases, We invite you to get acquainted with the security guarantees of personal data processing provided by the respective merchant.

We have formed this Privacy Policy as simple as possible, but if you are not familiar with such terms as ‘anonymized data’, ‘personal data’, etc., please familiarize yourself first with the terms mentioned below which are used in this Privacy Policy:

  • Personal Data – any information relating to an identified or identifiable natural person (data subject), such as name, surname, etc.
  • Anonymized Data – information that is not Personal Data and is no longer applicable to a natural person, as all identifying elements of a person are excluded from the information set.
  • Services – all types of services that We offer in person or remotely.

 

2. How We obtain Personal Data and what are the basis of data processing

We provide Our Customers with a wide range of Services. The information we obtain about a person depends

on the Service that the Customer uses or for which the Customer has applied. We also obtain information that the Customer has provided to Us within the framework of any kind of cooperation. We may receive Personal Data in a variety of ways, including the following:

  • The Customer has provided Us with their Personal Data, i.e. when the Customer or any other person, including the Customer's designated point of contact for the repair business matters communicates or cooperates with Us or Our authorized persons, e.g., uses Our Services or requests any information, or submits an application to a specific question or request for review, visits our Customer service centres or contacts Us via the indicated information channels (for example, to apply for device repairs), or by participating in surveys.
  • Data is generated through Our Service, e.g., when making a call or visiting or using Our website.
  • We may receive data from other sources, e.g., if the Customer contacts Us via other service providers or business partners, e.g., to purchase devices or accessories, delivery consignments, or resolving questions regarding device repairs. In order to meet the requirements of laws and regulations and ensure long-term cooperation opportunities, We may need to request data from publicly available registers within the framework of laws and regulations. We may also receive data from business partners about authorized persons or contact persons acting on a specific task. The Customer has the right to refuse to provide Us with their Personal Data; however, in that case it is possible that We will not be able to provide the Services requested by the Customer, and the provision of the transaction will be refused. We process data only in accordance with a specific basis of data processing, including based on the Customer's request and the provision of the related transaction; framework of consents provided by the Customer; fulfillment of requirements set in regulatory acts; as well as protection of Our and third parties’ legitimate interests which we apply in considering the balance between the Customer rights and interests.

3. What Personal Data We collect

The types of Personal Data may differ depending on the Service used or type of cooperation. Generally, the types of Personal Data can be divided into the following categories of Personal Data:

  • Basic Personal Data. Personal identification data, including contact and communication data; consent data; service and power of attorney data; billing and debt collection data; device data; personal visual data (photo, video, etc.), personal identity document data; etc.
  • Data related to the relationship with the Customer, e.g., information about the Service provided to the Customer and data arising from the provision of the Service, e.g., purchase of device or accessories and related documents confirming the transaction; shipment delivery service data; device repair and related device data, incl. Device manufacturer, model, IMEI code, received sales kit/accessories, description of defects, visual assessment of the device, security code, if any; or data within the scope of device data storage service; documents related to payments and their data; Customer's contact data that We receive during face-to face or remote contact with the Customer, such as e-mails addressed to Us, applications, or information provided during a telephone call, and agreements entered into with the Customer; Customer requests or prohibitions on the processing of specific data for the relevant purpose;
  • Data collected on the basis of the Customer's consent and defined at the moment when this consent is given (for example, for the use of cookies or for making offers). The Customer has the right to withdraw the consent given to Us at any time as easily as it was given, including via Our communication channels. The consent shall be valid until it is executed or, as the case may be, withdrawn, whichever is the earlier. Withdrawal shall not affect the lawfulness of the processing based on the relevant consent before it was withdrawn.

 

We do not knowingly collect or process personally identifiable information from persons below the statutory age limit providing the right to act independently. We respect the rights of such persons and, if necessary, invite the parents or guardians of such persons to contact us.

4. How We use the Personal Data

We process Personal Data to provide the Services, efficient Customer service, cooperation and other activities important to our operations and Customers.

In order to protect the Personal Data of our Customers, We prefer the processing of Anonymized Data, which prevents personal identification. However, We often need to process identifiable Personal Data in accordance with the nature of the Service or cooperation provided, as well as to comply with the requirements of applicable laws and regulations. In this case, We process the data in accordance with the applicable basic principles of data processing, in particular the principle of data processing minimization and other requirements provided by laws and regulations.

We process Personal Data only for specific and necessary purposes on the grounds of certain legal bases, such as:

  • Quality control of Service provision and identification of opinion. The quality of the provided services and the implementation of the Customer's right to receive the Services corresponding to the transaction provided for in laws and regulations are important to Us; therefore, in certain cases Personal Data may be processed for quality control purposes (e.g., survey, service call). For example, by contacting Us via a telephone, the Customer is informed that the call can be recorded for quality assurance purposes. We perform processing on the basis of laws and regulations (law), contract (transaction), and legitimate interests.
  • Resolution of reported issues, including review and resolution of various reported issues or complaints. We perform processing on the basis of laws and regulations (law), contract, and legitimate interests.
  • Provision of Services and ensuring the execution of the transaction. We process data to ensure the performance of the Services and the fulfillment of signed contracts (transactions). For example, We process data in order to perform the requested repair of device or the delivery of the submitted order. We process Personal Data in communication with Customers; for example, we send service notifications related to the Service to inform about the fulfilment of the service, or to provide the Customer with other important information. We may also need to contact the Customer in connection with the provision of the Service to clarify, for example, the information of the submitted order, the description of the submitted repair application, or to find out other additional information that facilitates the execution of the transaction. In order to ensure traceable execution of the transaction, Our agreement and negotiations with the Customer on resolving a specific issue may be recorded. In order to fulfil the accounting conditions within the transactions, We need to perform manage settlements, as well as accounting of the provided Services. In cases when the Customer has not made full payment for the provided Services, We need to implement processes for receiving the remaining payments in accordance with the procedures provided for in laws and regulations. We perform processing on the basis of laws and regulations (law) and the contract (transaction).
  • Signing/amendment of a contract (transaction). The purpose applies to new applications for an existing or new transaction, including Services in any form of application. We perform processing on the basis of laws and regulations (law) and the contract (transaction).
  • Management of offers by a Merchant and third parties (cooperation partners). We respect the right of each Customer to give, revoke or change the possibilities of receiving information. In cases where the Customer has expressed a wish to receive information or provide an opinion on specific products or Services, Personal Data may be processed in order to provide the Customer with the necessary information. In such cases, the Customer's consent is always important. If the Customer's consent relates to receiving information from the cooperation partner, e.g., so that the manufacturer can contact the Customer and find out the Customer's satisfaction with the manufacturer's brand products and assess the quality of device repair, the Customer's data, such as name, contact phone and e- mail in the context of the Customer's consent may be provided to a specific manufacturer. We perform processing on the basis of a legitimate interest and the consent given by the Customer.
  • Providing offers. We respect the right of each Customer to give, revoke or change the possibilities of receiving information. In cases where the Customer has expressed a wish to receive information or provide an opinion on specific products or Services, Personal Data may be processed in order to provide the Customer with the necessary information. In such cases, the Customer's consent is always important. If the Customer's consent relates to receiving information from the cooperation partner, e.g., so that the manufacturer can contact the Customer and find out the Customer's satisfaction with the manufacturer's brand products and assess the quality of equipment repair, the Customer's data, such as name, contact phone and e- mail in the context of the Customer's consent may be provided to a specific manufacturer. We perform processing on the basis of a legitimate interest and the consent given by the Customer.
  • Compliance with binding laws and regulations. We process Personal Data in order to fulfil our obligations under laws and regulations, for example, to ensure the availability of data to competent authorities, including to providing replies to requests by the authorities and courts received within the framework of the laws and regulations, as well as to exercise the rights provided for Customers under the laws and regulations, and the obligations of Us as a merchant, including the areas of accounting, taxes, duties, etc.
  • Accounting/financial and tax management. The purpose applies to accounting, payment of taxes, settlements, etc. We perform processing on the basis of laws and regulations (law) and a contract (transaction).
  • Billing administration. The purpose refers to the activities performed within the framework of settlements with persons. We perform processing on the basis of laws and regulations (law) and a contract (transaction).
  • Fraud prevention and/or credit risk assessment. The purpose concerns the protection of legal interests and the fulfilment of legal and contractual obligations. The purpose includes data processing, including pre-transaction and during transaction processing, which includes information processing activities to prevent fraud and credit risk. We perform processing on the basis of laws and regulations (law), a contract (transaction), legitimate interests, and consent given by the Customer.
  • Debt collection. The purpose applies to activities related to debt collection, including receiving, storing and processing data necessary for debt collection, as well as providing and entering information on debt and persons, including personal data, in registered debtors and credit information (credit history) databases in accordance with laws and regulations, as well as to store and transfer to third parties the information submitted and sent to the merchant, including personal data and information related to the transaction, in order to ensure the execution of the transaction, as well as in cases where the person has not properly fulfilled the terms of the transaction. We perform processing on the basis of laws and regulations (law), a contract (transaction), and legitimate interest.
  • Security of persons and objects. We may process Personal Data to provide security of Our employees, infrastructure, services, information, Customers, including visitors to Our facilities and events organized by Us; prevention of illegal or other threats; to facilitate detection of criminal offences in Our facilities and adjacent territory, including information systems. The purpose covers measures taken by physical and logical means of protection, including video surveillance, pass regime, and other technical and organizational measures to ensure protection against hazards due to physical influence and ensure protection by logical protection means. We perform processing on the basis of laws and regulations (law), a contract (transaction), and legitimate interest.
  • Statistics and analytics of services, processes, information systems for development and improvement purposes. The purpose refers to the processing of Personal Data at our disposal in order to evaluate the results of the provision of the Service in order to develop and improve Our Services, processes, systems, and to determine the goals and development directions of Our company. We may process data for statistical purposes and for the collection of business information and analysis to enable Us to make informed decisions about the improvement and protection of Our operations, as well as to prepare reports on the results of Our business. We perform processing on the basis of a legitimate interest.
  • Processing of Personal Data for internal administrative purposes within Our group. The purpose concerns the processing of Personal Data for the internal administrative purposes of the company within the group, such as the prevention of conflicts of interest and the prevention of illegal transactions. We perform processing on the basis of a legitimate interest.
  • Organizational management (incl. record keeping, registration of processes, services, information systems, persons). The purpose refers to measures for the integrated management of the company, including in accordance with national and internationally recognized principles of corporate governance, ensuring the traceability, control and improvement of internal processes. We perform processing on the basis of laws and regulations (law) and legitimate interest. In all cases, We process Personal Data only to the extent necessary for the purpose, taking into account the Privacy of each person.

5. How We protect Personal Data

We ensure the confidentiality of Personal Data by taking appropriate security measures and complying with the requirements and obligations set out in laws and regulations.

In order to protect the Customer’s interests, we are constantly developing our security processes and measures. Such security measures include the protection of personnel, information and technical resources, IT infrastructure and the building in which we operate. As part of these measures, we ensure an appropriate level of information protection to prevent unauthorized access by third parties.

6. To whom We may provide Personal Data

The exchange of Personal Data may be necessary in certain cases where it has a specific intended purpose, for example, We may need to provide Personal Data to the following categories of data recipients:

  • Companies of Our group for information processing within the framework of laws and regulations, including to ensure the provision of appropriate management of the Group of Companies.
  • Cooperation partners, including cooperation partners for the provision of Services, quality control and development, as well as partners that provide certain delivery services, personal, object and information protection and security services and other Services. For example, We cooperate with manufacturers who process Personal Data in order to provide the Customer with the repair guarantees provided in the terms of use of the device in accordance with laws and regulations. In such cases, the Customer's Personal Data required for the repair transaction (name, surname, contact phone number and e-mail, if any), device data required for repair and copies of device purchase (transaction) documents may be transferred to the Customer's device manufacturer or a person specified by the Customer as a controller for the purpose of processing – securing a repair transaction. If necessary, We cooperate with Our partners, who ensure the delivery of orders to Customers. The basis of such data processing is the Customer's applications: securing the transaction and compliance with laws and regulations. Such partners may use Personal Data only for the purposes agreed between Us and the partner. We exercise due diligence to ensure that such partners act in accordance with this Privacy Policy and the regulatory security requirements for Customers
  • Institutions/companies involved in debt recovery. These include debt collection companies, credit information and credit rating companies, bailiffs, administrators, and other persons involved in the debt collection process.
  • Supervisory authorities. In order to comply with laws and regulations, We may need to provide Personal Data to market supervision authorities, law enforcement agencies, including for the protection of Our legal rights, such as bringing an action in court, as required by laws and regulations.
  • Other persons. The data may be processed in accordance with the consent or request provided by the Customer, including if the Customer has agreed to the further use of the data for a purpose defined by a third party. For example, if the Customer uses device from a particular manufacturer and the Customer has agreed that the manufacturer will contact the Customer to find out the Customer's satisfaction with its brand products and to assess the quality of repair performance. In this case, the Customer's data is received and processed by the specific manufacturer in order to be able to contact the Customer.

In addition to the above, there may be times when We may transfer Personal Data to another person in connection with a business transfer, any merger, acquisition, sale of Our assets or transfer of the provision of Services to another merchant.

We ensure the confidentiality of Personal Data by taking security measures in accordance with the requirements of laws and regulations.

We may also process Anonymized Data. Such data that does not identify the person may be used for other purposes and passed on to others.

7. How long do We store the data

We store Personal Data only for the period of time necessary to achieve the purposes set forth in this Privacy Policy, unless longer retention period is required or permitted by applicable laws and regulations. In order to determine the data retention period, We use criteria that comply with the obligations specified in laws and regulations, including the rights of the Customers, for example, when determining data retention for the period during which claims related to the transaction may be filed, if any. In turn, the terms of Personal Data storage in Estonian and Lithuanian branches may differ, in accordance with the applicable laws and regulations.

If the Customer has applied for the service to save a copy of the device data during repair, We keep such data for additional 2 (two) months from the moment the Customer has received the device from service, so that if necessary the Customer can renew the data if the Customer has any claims and/if it would be necessary to review the issues submitted by the Customer with the provision of this service. However, in accordance with the principle of data minimization, we keep copies of the device data for no longer than 6 (six) months from the moment when the Customer is first informed that the device is ready for receipt. Therefore, if the Customer does not collect the device upon invitation and/or otherwise the device is not removed in time within 6 (six) months from informing the Customer about the possibility of receiving the device, the Customer must take into account that after this period We will not be able to update data and related claims will not be considered. If the Customer has reasonable circumstances regarding the need to keep the data for a longer period of time, the Customer needs to submit to Us in a timely manner a clear and unambiguous request for restriction of the deletion of specific data. We will review such claims in accordance with applicable laws and regulations and this Privacy Policy, and provide an answer.

There are no restrictions on the storage of Anonymized Data, but we also store it only to the extent and for the duration required.

Our goal is to ensure that the information about the Customer is correct and up-to-date. Therefore, We invite the Customer to inform Us about any changes in the information provided by the Customer.

We may also, in accordance with the procedures specified in external laws and regulations, exercise the protection of Our legal interests (including filing objections and complaints or bringing an action in court until the statute of limitations expires) while one of the parties has a legal obligation to retain data (e.g., the Law on Accounting in Latvia, stipulating the obligation to store the service invoices for 5 years), while the Customer’s consent is valid for data processing by the relevant person; and the video surveillance data is usually stored for 90 days. Accordingly, when these circumstances expire (or their term expires), the data is deleted.

8. How TSC uses cookies

Similarly to other websites, TSC website also uses cookie technology.

Cookies allow Us to tailor the website to the needs and convenience of the visitor (including based on statistics collected in an aggregated way without directly identifying the end user of the device). Cookies also allow individual communication with a website visitor if the visitor has given their consent.

More detailed information about cookies is available in the TSC Cookie Terms of Use, which are available on the TSC website https://www.tsc.lv. Unless otherwise provided by laws and regulations, a person has the right to refuse further processing of his/her data at any time, but in that case, especially if the said data is technically relevant, there is a possibility that We will not be able to provide this Service to the same extent.

9. What are the Customer's rights and what do We expect from the Customer

Customer rights:

  • to submit an application and receive information about the data that We obtain and store about the Customer, unless the applicable laws and regulations state otherwise. The Customer can obtain information about themself by contacting Us in writing or by visiting Our Customer Service Centres;
  • request access to, correction or erasure of their data, supplementing or, if necessary, restriction of processing, as well as exercise the right to object to processing, including processing of data carried out within the legitimate interests, insofar as required by laws and regulations, and to exercise the right to data portability. Please be informed that in case of correction, deletion, restriction, interruption or portability of data, it is possible to partially or completely suspend the services irreversibly. When choosing to receive information about oneself remotely, for example, by post, the Customer is responsible for the security of the chosen method of receipt and the actions of the persons acting on behalf of the applicant;
  • at any time withdraw the consents given by the Customer to Us. Giving or withdrawing consents is the Customer's free choice and does not impose any additional obligations. However, if the Customer decides to withdraw any consent, it should be noted that the withdrawal does not affect the processing performed before the withdrawal, and the data processing related to the consent will no longer be provided and the Customer may not have access to the previous options.
  • contact Us and market surveillance authorities on data processing issues. If you need support in obtaining more information about this Privacy Policy, aspects of data processing, or applicable data protection laws, please contact Us so that We can carefully consider the issue and provide an answer. In any case, the Customer always has the right to submit a complaint to the responsible authority regarding data processing supervision issues.
  • to contact Us about all issues relevant to the Customer, including the Privacy Policy and applicable data protection. We will provide an answer as soon as possible, but not later than within one month from the receipt of the application, unless the scope of the question necessitates additional time.

We review Customer applications related to aforementioned rights free of charge. The review of an application may be refused or a reasonable fee may be applied for it if it has been submitted without an obvious reason or excessively, as well as in other cases provided for in laws and regulations. The application may be submitted at any of Our device collection locations or remotely, providing an opportunity to identify oneself as a specific personal data subject and to ascertain the nature and justification of the submitted request.

 

10 Customer responsibility:

  • to inform Us on changes in the information and data provided. It is important to Us that We have true and up-to-date information about the Customer;
  • to provide the necessary information so that in connection with the Customer’s request We can identify the Customer and be sure that the communication or cooperation is directly with the particular Customer. This is necessary for the protection of the Customer's and other persons’ data, so that We can be sure that the Customer is the subject of Personal Data and that the information about the Customer disclosed in the communication and/or cooperation is provided only to the Customer without infringing other persons' rights. For example, in case the Customer wants to find out information about themself by sending Us a request. In this case, it is important for Us to make sure that it is the Customer who has submitted and signed this request. Accordingly, We may request additional identifying information. However, if the Customer has not provided additional information and/or We have doubts about the information requester, for the protection of the Customer's data (so that the data is not disclosed to third parties) We may refuse to disclose data until we are sure that the Customer has requested the information.
  • Before cooperating with Us, familiarize yourself with this Privacy Policy, as well as introduce it to any person related to the Customer and whose interests may thus be affected in the Customer's data processing processes.

This Privacy Policy is an integral part of the Services We provide. We expect that the Customer uses the data provided to Us in good faith and does not affect the legal interests of other persons. In cases when, in accordance with the relevant conditions, the Customer has the opportunity to give access or allow another person to share their Services and/or devices, the Customer is responsible for informing these persons about the data processing performed within the specific processes and the resulting obligations. In cases when the data directly relates to another person (in case of change of data subjects), the Customer is responsible to inform Us without delay. Until full identification of persons, the data is attributed to the Customer as a data subject.

11. How can I find out about changes to this Privacy Policy?

We are constantly improving and enhancing our operations by amending and supplementing this Privacy Policy from time to time. Therefore, we invite Customers to regularly familiarize themselves with the current version of the Privacy Policy on Our website and other communication channels. When we make changes to this Privacy Policy, We will notify you in a notice on Our website. How to contact us

In the event of any questions or concerns regarding this Privacy Policy or the processing of Personal Data, please contact Us using the contact information below or by contacting our Data Protection Officer.

In Latvia:
Ropažu iela 6, Rīga
T. +371 67808808

In Estonia:
Pärnu mnt 139C/2, Tallinn, Harju maakond, 11313
T. +372 6405074

In Lithuania:
Šeimyniškių st. 5a, 09312 Vilnius, Lithuania
T. +370 5 219 59332 12.

12. How to contact the State Data Inspectorate

We ensure that data processing and protection requirements are met in accordance with the highest standards of laws and regulations and in the event of any objection, We will take all reasonable steps to find a solution. However, if in the opinion of the data subject it fails, the data subject has the right to apply to the Data State Inspectorate, Elizabetes iela 17, Rīga, LV-1050.. More information available at: website: www.dvi.gov.lv.

Data Protection Authority in Estonia:
Estonian Data Protection Inspectorate
39 Tatari St., 10134 Tallinn
+372 627 4135
e-mail: info@aki.ee

Data Protection Authority in Lithuania:
Lithuanian Data Protection Inspectorate
L. Sapiegos str. 17, LT-10312, Vilnius
+370 271 2804/ 279 1445, Fax +370 5 261 9494,
e-mail: ada@ada.lt.