Last updated: 29.09.2021.
1. General terms and conditions
We, TSC Authorized Service Centre, Latvia (Rēzeknes iela 5a Riga, LV-1073, Latvia), phone +371 67 808 808, email@example.com, www.tsc.lv, with branches in Estonia (Pärnu mnt 139c, Tallinna linn, Harju maakond, 11313), phone +372 6405074, https://www.etsc.ee, and in Lithuania (Šeimyniškių 5a, 09312 Vilnius, Lithuania), phone +370 5 219 59332, firstname.lastname@example.org, www. https://www.ltsc.lt/) (hereinafter - We) continuously provide our Customers with new Services that meet modern standards. We value not only the convenience and possibilities of the Customers which are provided by the Services we offer, but also the protection of the Customers' Privacy. We invest resources to make our Customers feel safe, and in our daily operations ensure that the Customers' data is protected
When processing personal data, We comply with the laws and regulations in force in the country and the binding instructions and regulations issued by the responsible authorities, as well as the laws and regulations of the European Union, including but not limited to data processing, fair commercial practice and consumer protection, We also follow the development of examples of best practice.
- Personal Data – any information relating to an identified or identifiable natural person (data subject), such as name, surname, etc.
- Anonymized Data – information that is not Personal Data and is no longer applicable to a natural person, as all identifying elements of a person are excluded from the information set.
- Services – all types of services that We offer in person or remotely.
2. How We obtain Personal Data and what are the basis of data processing
We provide Our Customers with a wide range of Services. The information we obtain about a person depends
on the Service that the Customer uses or for which the Customer has applied. We also obtain information that the Customer has provided to Us within the framework of any kind of cooperation. We may receive Personal Data in a variety of ways, including the following:
- The Customer has provided Us with their Personal Data, i.e. when the Customer or any other person, including the Customer's designated point of contact for the repair business matters communicates or cooperates with Us or Our authorized persons, e.g., uses Our Services or requests any information, or submits an application to a specific question or request for review, visits our Customer service centres or contacts Us via the indicated information channels (for example, to apply for device repairs), or by participating in surveys.
- Data is generated through Our Service, e.g., when making a call or visiting or using Our website.
- We may receive data from other sources, e.g., if the Customer contacts Us via other service providers or business partners, e.g., to purchase devices or accessories, delivery consignments, or resolving questions regarding device repairs. In order to meet the requirements of laws and regulations and ensure long-term cooperation opportunities, We may need to request data from publicly available registers within the framework of laws and regulations. We may also receive data from business partners about authorized persons or contact persons acting on a specific task. The Customer has the right to refuse to provide Us with their Personal Data; however, in that case it is possible that We will not be able to provide the Services requested by the Customer, and the provision of the transaction will be refused. We process data only in accordance with a specific basis of data processing, including based on the Customer's request and the provision of the related transaction; framework of consents provided by the Customer; fulfillment of requirements set in regulatory acts; as well as protection of Our and third parties’ legitimate interests which we apply in considering the balance between the Customer rights and interests.
3. What Personal Data We collect
The types of Personal Data may differ depending on the Service used or type of cooperation. Generally, the types of Personal Data can be divided into the following categories of Personal Data:
- Basic Personal Data. Personal identification data, including contact and communication data; consent data; service and power of attorney data; billing and debt collection data; device data; personal visual data (photo, video, etc.), personal identity document data; etc.
- Data related to the relationship with the Customer, e.g., information about the Service provided to the Customer and data arising from the provision of the Service, e.g., purchase of device or accessories and related documents confirming the transaction; shipment delivery service data; device repair and related device data, incl. Device manufacturer, model, IMEI code, received sales kit/accessories, description of defects, visual assessment of the device, security code, if any; or data within the scope of device data storage service; documents related to payments and their data; Customer's contact data that We receive during face-to face or remote contact with the Customer, such as e-mails addressed to Us, applications, or information provided during a telephone call, and agreements entered into with the Customer; Customer requests or prohibitions on the processing of specific data for the relevant purpose;
We do not knowingly collect or process personally identifiable information from persons below the statutory age limit providing the right to act independently. We respect the rights of such persons and, if necessary, invite the parents or guardians of such persons to contact us.
4. How We use the Personal Data
We process Personal Data to provide the Services, efficient Customer service, cooperation and other activities important to our operations and Customers.
In order to protect the Personal Data of our Customers, We prefer the processing of Anonymized Data, which prevents personal identification. However, We often need to process identifiable Personal Data in accordance with the nature of the Service or cooperation provided, as well as to comply with the requirements of applicable laws and regulations. In this case, We process the data in accordance with the applicable basic principles of data processing, in particular the principle of data processing minimization and other requirements provided by laws and regulations.
We process Personal Data only for specific and necessary purposes on the grounds of certain legal bases, such as:
- Quality control of Service provision and identification of opinion. The quality of the provided services and the implementation of the Customer's right to receive the Services corresponding to the transaction provided for in laws and regulations are important to Us; therefore, in certain cases Personal Data may be processed for quality control purposes (e.g., survey, service call). For example, by contacting Us via a telephone, the Customer is informed that the call can be recorded for quality assurance purposes. We perform processing on the basis of laws and regulations (law), contract (transaction), and legitimate interests.
- Resolution of reported issues, including review and resolution of various reported issues or complaints. We perform processing on the basis of laws and regulations (law), contract, and legitimate interests.
- Provision of Services and ensuring the execution of the transaction. We process data to ensure the performance of the Services and the fulfillment of signed contracts (transactions). For example, We process data in order to perform the requested repair of device or the delivery of the submitted order. We process Personal Data in communication with Customers; for example, we send service notifications related to the Service to inform about the fulfilment of the service, or to provide the Customer with other important information. We may also need to contact the Customer in connection with the provision of the Service to clarify, for example, the information of the submitted order, the description of the submitted repair application, or to find out other additional information that facilitates the execution of the transaction. In order to ensure traceable execution of the transaction, Our agreement and negotiations with the Customer on resolving a specific issue may be recorded. In order to fulfil the accounting conditions within the transactions, We need to perform manage settlements, as well as accounting of the provided Services. In cases when the Customer has not made full payment for the provided Services, We need to implement processes for receiving the remaining payments in accordance with the procedures provided for in laws and regulations. We perform processing on the basis of laws and regulations (law) and the contract (transaction).
- Signing/amendment of a contract (transaction). The purpose applies to new applications for an existing or new transaction, including Services in any form of application. We perform processing on the basis of laws and regulations (law) and the contract (transaction).
- Management of offers by a Merchant and third parties (cooperation partners). We respect the right of each Customer to give, revoke or change the possibilities of receiving information. In cases where the Customer has expressed a wish to receive information or provide an opinion on specific products or Services, Personal Data may be processed in order to provide the Customer with the necessary information. In such cases, the Customer's consent is always important. If the Customer's consent relates to receiving information from the cooperation partner, e.g., so that the manufacturer can contact the Customer and find out the Customer's satisfaction with the manufacturer's brand products and assess the quality of device repair, the Customer's data, such as name, contact phone and e- mail in the context of the Customer's consent may be provided to a specific manufacturer. We perform processing on the basis of a legitimate interest and the consent given by the Customer.
- Providing offers. We respect the right of each Customer to give, revoke or change the possibilities of receiving information. In cases where the Customer has expressed a wish to receive information or provide an opinion on specific products or Services, Personal Data may be processed in order to provide the Customer with the necessary information. In such cases, the Customer's consent is always important. If the Customer's consent relates to receiving information from the cooperation partner, e.g., so that the manufacturer can contact the Customer and find out the Customer's satisfaction with the manufacturer's brand products and assess the quality of equipment repair, the Customer's data, such as name, contact phone and e- mail in the context of the Customer's consent may be provided to a specific manufacturer. We perform processing on the basis of a legitimate interest and the consent given by the Customer.
- Compliance with binding laws and regulations. We process Personal Data in order to fulfil our obligations under laws and regulations, for example, to ensure the availability of data to competent authorities, including to providing replies to requests by the authorities and courts received within the framework of the laws and regulations, as well as to exercise the rights provided for Customers under the laws and regulations, and the obligations of Us as a merchant, including the areas of accounting, taxes, duties, etc.
- Accounting/financial and tax management. The purpose applies to accounting, payment of taxes, settlements, etc. We perform processing on the basis of laws and regulations (law) and a contract (transaction).
- Billing administration. The purpose refers to the activities performed within the framework of settlements with persons. We perform processing on the basis of laws and regulations (law) and a contract (transaction).
- Fraud prevention and/or credit risk assessment. The purpose concerns the protection of legal interests and the fulfilment of legal and contractual obligations. The purpose includes data processing, including pre-transaction and during transaction processing, which includes information processing activities to prevent fraud and credit risk. We perform processing on the basis of laws and regulations (law), a contract (transaction), legitimate interests, and consent given by the Customer.
- Debt collection. The purpose applies to activities related to debt collection, including receiving, storing and processing data necessary for debt collection, as well as providing and entering information on debt and persons, including personal data, in registered debtors and credit information (credit history) databases in accordance with laws and regulations, as well as to store and transfer to third parties the information submitted and sent to the merchant, including personal data and information related to the transaction, in order to ensure the execution of the transaction, as well as in cases where the person has not properly fulfilled the terms of the transaction. We perform processing on the basis of laws and regulations (law), a contract (transaction), and legitimate interest.
- Security of persons and objects. We may process Personal Data to provide security of Our employees, infrastructure, services, information, Customers, including visitors to Our facilities and events organized by Us; prevention of illegal or other threats; to facilitate detection of criminal offences in Our facilities and adjacent territory, including information systems. The purpose covers measures taken by physical and logical means of protection, including video surveillance, pass regime, and other technical and organizational measures to ensure protection against hazards due to physical influence and ensure protection by logical protection means. We perform processing on the basis of laws and regulations (law), a contract (transaction), and legitimate interest.
- Statistics and analytics of services, processes, information systems for development and improvement purposes. The purpose refers to the processing of Personal Data at our disposal in order to evaluate the results of the provision of the Service in order to develop and improve Our Services, processes, systems, and to determine the goals and development directions of Our company. We may process data for statistical purposes and for the collection of business information and analysis to enable Us to make informed decisions about the improvement and protection of Our operations, as well as to prepare reports on the results of Our business. We perform processing on the basis of a legitimate interest.
- Processing of Personal Data for internal administrative purposes within Our group. The purpose concerns the processing of Personal Data for the internal administrative purposes of the company within the group, such as the prevention of conflicts of interest and the prevention of illegal transactions. We perform processing on the basis of a legitimate interest.
- Organizational management (incl. record keeping, registration of processes, services, information systems, persons). The purpose refers to measures for the integrated management of the company, including in accordance with national and internationally recognized principles of corporate governance, ensuring the traceability, control and improvement of internal processes. We perform processing on the basis of laws and regulations (law) and legitimate interest. In all cases, We process Personal Data only to the extent necessary for the purpose, taking into account the Privacy of each person.
5. How We protect Personal Data
We ensure the confidentiality of Personal Data by taking appropriate security measures and complying with the requirements and obligations set out in laws and regulations.
In order to protect the Customer’s interests, we are constantly developing our security processes and measures. Such security measures include the protection of personnel, information and technical resources, IT infrastructure and the building in which we operate. As part of these measures, we ensure an appropriate level of information protection to prevent unauthorized access by third parties.
6. To whom We may provide Personal Data
The exchange of Personal Data may be necessary in certain cases where it has a specific intended purpose, for example, We may need to provide Personal Data to the following categories of data recipients:
- Companies of Our group for information processing within the framework of laws and regulations, including to ensure the provision of appropriate management of the Group of Companies.
- Institutions/companies involved in debt recovery. These include debt collection companies, credit information and credit rating companies, bailiffs, administrators, and other persons involved in the debt collection process.
- Supervisory authorities. In order to comply with laws and regulations, We may need to provide Personal Data to market supervision authorities, law enforcement agencies, including for the protection of Our legal rights, such as bringing an action in court, as required by laws and regulations.
- Other persons. The data may be processed in accordance with the consent or request provided by the Customer, including if the Customer has agreed to the further use of the data for a purpose defined by a third party. For example, if the Customer uses device from a particular manufacturer and the Customer has agreed that the manufacturer will contact the Customer to find out the Customer's satisfaction with its brand products and to assess the quality of repair performance. In this case, the Customer's data is received and processed by the specific manufacturer in order to be able to contact the Customer.
In addition to the above, there may be times when We may transfer Personal Data to another person in connection with a business transfer, any merger, acquisition, sale of Our assets or transfer of the provision of Services to another merchant.
We ensure the confidentiality of Personal Data by taking security measures in accordance with the requirements of laws and regulations.
We may also process Anonymized Data. Such data that does not identify the person may be used for other purposes and passed on to others.
7. How long do We store the data
There are no restrictions on the storage of Anonymized Data, but we also store it only to the extent and for the duration required.
Our goal is to ensure that the information about the Customer is correct and up-to-date. Therefore, We invite the Customer to inform Us about any changes in the information provided by the Customer.
We may also, in accordance with the procedures specified in external laws and regulations, exercise the protection of Our legal interests (including filing objections and complaints or bringing an action in court until the statute of limitations expires) while one of the parties has a legal obligation to retain data (e.g., the Law on Accounting in Latvia, stipulating the obligation to store the service invoices for 5 years), while the Customer’s consent is valid for data processing by the relevant person; and the video surveillance data is usually stored for 90 days. Accordingly, when these circumstances expire (or their term expires), the data is deleted.
Similarly to other websites, TSC website also uses cookie technology.
Cookies allow Us to tailor the website to the needs and convenience of the visitor (including based on statistics collected in an aggregated way without directly identifying the end user of the device). Cookies also allow individual communication with a website visitor if the visitor has given their consent.
9. What are the Customer's rights and what do We expect from the Customer
- to submit an application and receive information about the data that We obtain and store about the Customer, unless the applicable laws and regulations state otherwise. The Customer can obtain information about themself by contacting Us in writing or by visiting Our Customer Service Centres;
- request access to, correction or erasure of their data, supplementing or, if necessary, restriction of processing, as well as exercise the right to object to processing, including processing of data carried out within the legitimate interests, insofar as required by laws and regulations, and to exercise the right to data portability. Please be informed that in case of correction, deletion, restriction, interruption or portability of data, it is possible to partially or completely suspend the services irreversibly. When choosing to receive information about oneself remotely, for example, by post, the Customer is responsible for the security of the chosen method of receipt and the actions of the persons acting on behalf of the applicant;
- at any time withdraw the consents given by the Customer to Us. Giving or withdrawing consents is the Customer's free choice and does not impose any additional obligations. However, if the Customer decides to withdraw any consent, it should be noted that the withdrawal does not affect the processing performed before the withdrawal, and the data processing related to the consent will no longer be provided and the Customer may not have access to the previous options.
We review Customer applications related to aforementioned rights free of charge. The review of an application may be refused or a reasonable fee may be applied for it if it has been submitted without an obvious reason or excessively, as well as in other cases provided for in laws and regulations. The application may be submitted at any of Our device collection locations or remotely, providing an opportunity to identify oneself as a specific personal data subject and to ascertain the nature and justification of the submitted request.
10 Customer responsibility:
- to inform Us on changes in the information and data provided. It is important to Us that We have true and up-to-date information about the Customer;
- to provide the necessary information so that in connection with the Customer’s request We can identify the Customer and be sure that the communication or cooperation is directly with the particular Customer. This is necessary for the protection of the Customer's and other persons’ data, so that We can be sure that the Customer is the subject of Personal Data and that the information about the Customer disclosed in the communication and/or cooperation is provided only to the Customer without infringing other persons' rights. For example, in case the Customer wants to find out information about themself by sending Us a request. In this case, it is important for Us to make sure that it is the Customer who has submitted and signed this request. Accordingly, We may request additional identifying information. However, if the Customer has not provided additional information and/or We have doubts about the information requester, for the protection of the Customer's data (so that the data is not disclosed to third parties) We may refuse to disclose data until we are sure that the Customer has requested the information.
Ropažu iela 6, Rīga
T. +371 67808808
Pärnu mnt 139C/2, Tallinn, Harju maakond, 11313
T. +372 6405074
Šeimyniškių st. 5a, 09312 Vilnius, Lithuania
T. +370 5 219 59332 12.
12. How to contact the State Data Inspectorate
We ensure that data processing and protection requirements are met in accordance with the highest standards of laws and regulations and in the event of any objection, We will take all reasonable steps to find a solution. However, if in the opinion of the data subject it fails, the data subject has the right to apply to the Data State Inspectorate, Elizabetes iela 17, Rīga, LV-1050.. More information available at: website: www.dvi.gov.lv.
Data Protection Authority in Estonia:
Estonian Data Protection Inspectorate
39 Tatari St., 10134 Tallinn
+372 627 4135
Data Protection Authority in Lithuania:
Lithuanian Data Protection Inspectorate
L. Sapiegos str. 17, LT-10312, Vilnius
+370 271 2804/ 279 1445, Fax +370 5 261 9494,