Last updated: 2026-03-16
Privacy Policy
1. Introduction
This Privacy Policy explains how Riga Business Chamber ("we," "us," or "our") collects, uses, and protects your personal information when you visit our website, use our services, or communicate with us. We are committed to transparency and your data privacy rights under GDPR and applicable laws.
By accessing our services, you acknowledge that you have read and understood this Privacy Policy.
2. Personal Data We Collect
We collect the following categories of personal data:
| Data Category | How We Collect It | Mandatory/Optional |
|---|---|---|
| Contact info (name, email, phone) | Forms, account registration | Required for service |
| Account info (username, preferences) | Account creation, user settings | Required for account |
| Payment info (billing address, tokenized card) | Checkout / payment processing | Required for purchases |
| Device & usage data (IP, browser, pages visited) | Automatically via cookies and analytics | Automatic |
| Support communications | Support forms, emails, chat | Optional |
3. Purposes & Legal Basis
We process your personal data for the following purposes under GDPR Article 6 lawful bases:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Membership services | Contact, account info | Contract (Article 6(1)(b)) |
| Event registration | Contact, payment info | Contract (Article 6(1)(b)) |
| Website analytics | Usage data, device info | Legitimate interest (Article 6(1)(f)) |
| Marketing communications | Email, preferences | Consent (Article 6(1)(a)) |
Important: We will not process your data for purposes other than those listed above without your explicit consent.
4. Data Sharing
We share personal data only as necessary with:
- Service providers under data processing agreements: payment processors (Stripe), analytics (Google Analytics), email service providers, hosting providers
- Legal authorities if required by law, court order, or legal process
- Business continuity if we merge or are acquired (with proper notice)
We do not sell your personal data to third parties.
5. Cookies & Tracking
We use cookies and similar technologies:
- Essential Cookies (no consent required) -- Session cookies, security cookies, language preferences
- Analytics Cookies (require consent) -- Google Analytics for understanding user behavior (stored ~26 months)
- Functional Cookies (require consent) -- Remember preferences, theme settings (stored up to 2 years)
How to manage cookies:
- Accept/reject via our cookie banner
- Change preferences in browser settings
- Delete cookies at any time
6. Your Rights
Under GDPR, you have the right to:
- Access -- Request a copy of your personal data
- Correction -- Correct inaccurate or incomplete data
- Erasure -- Request deletion ("Right to be Forgotten")
- Portability -- Receive data in portable format
How to exercise your rights: Email us at privacy@RigaBusiness.eu with your name, email, and specific request. We will respond within 30 days.
7. Data Retention
We retain personal data only as long as necessary:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data | Active account + 30 days after deletion | Service delivery |
| Payment records | 7 years | Tax & financial requirements |
| Analytics data | 26 months | Service improvement |
| Server logs | 30-90 days | Security, fraud prevention |
8. Data Security
We implement industry-standard security measures:
- Encryption: HTTPS/TLS for data in transit; encryption for sensitive data at rest
- Access controls: Restricted employee access; role-based permissions
- Authentication: Strong passwords; multi-factor authentication available
- Monitoring: Regular security audits and vulnerability testing
Limitations: No system is 100% secure. While we use best practices, we cannot guarantee absolute security.
9. International Transfers
We may transfer personal data outside the EU/EEA for service delivery (e.g., cloud hosting, analytics).
Safeguards:
- We use Standard Contractual Clauses (SCCs) for EU-to-US transfers
- Third-party processors comply with GDPR requirements
- We implement appropriate technical safeguards
10. Policy Changes
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.
- We will notify registered users via email of significant changes
- Changes will be posted on our website with updated "Last Updated" date
- Continued use of services constitutes acceptance of updated policy
11. Contact Us
For questions, concerns, or to exercise your privacy rights:
General Contact
- Legal Entity: Biedriba "Rigas Biznesa kamera"
- Registration: 40008268592
- Email: Gatis.Silakaktins@RigaBusiness.eu
- Phone: +371 26165783
- Address: Hamburgas iela 8, Ziemelu rajons, Riga, LV-1014, Latvia
- Response time: 30 days
Data Protection Officer
- Privacy Email: privacy@RigaBusiness.eu
- DPO Email: dpo@RigaBusiness.eu
To complain to your data protection authority: Latvia: Data State Inspectorate -- www.dvi.gov.lv