The purpose of the Privacy Policy is to provide information to the individual – data subject about the purpose, legal grounds, scope of processing of personal data, protection of personal data and duration of processing during the collection of data and when processing the personal data of the data subject.

Personal data controller

The Controller of personal data is SIA Konceptveikals MA:LA (hereinafter – the Company), Reg. No.: 42103083282, 58-1 Fr.Brīvzemnieka Street, Liepāja, LV-3401, phone: 20039947, e-mail:

The company contact information for issues related to the processing of personal data is: or

General terms and conditions

1. This Privacy Policy describes in general, how the Company implements the processing and protection of personal data.

2. Within the framework of the applicable laws and regulations, the Company ensures the confidentiality of personal data and has implemented appropriate technical and organisational measures to protect personal data from unauthorised access, unlawful processing or disclosure, accidental loss, alteration, or destruction.

3. The Company may use personal data processors for personal data processing. In such cases the Company shall take the necessary steps to ensure that such data processors process personal data in accordance with the Company guidelines and in accordance with the applicable regulatory enactments, and shall require the implementation of appropriate security measures.

4. Company website uses cookies:

4.1. to remember whether you have already agreed to the use of cookies on this website;
4.2. to analyse visitor activities on the website (connection time, duration, most viewed sections).

The information associated with cookies is not used to personally identify you. The Company website uses cookies solely for the purpose provided in Section 4 of this Privacy Policy.

Categories of personal data

5. Personal data is collected from both the data subject and external sources, such as databases and registers available to the Company. The categories of Personal Data that the Company mainly, but not exclusively, collects and processes are:

5.1. identification data, for example, name, last name, personal identity number, date of birth;
5.2. contact information, for example, address, phone number, e-mail;
5.3. billing information – bank account number, PayPal account address;
5.4. data on satisfaction – satisfaction of the data subject;

The purpose and legal basis for the processing of personal data

6. The Company implements the processing of personal data:

6.1. to prepare invoices for customers for the purchases made;
6.2. to establish and to maintain contractual relationship;
6.3. to identify the customers of the Company, including to inform the customers about news, conduct customer satisfaction surveys, etc.;
6.4. For the maintenance and improvement of the company website.

7. Legal grounds for personal data processing:

7.1. to sign and execute the agreement – to sign the agreement upon the client’s application and to ensure its execution;
7.2. in accordance with the consent of the data subject;
7.3. in the lawful (legitimate) interests – in order to fulfil the legitimate interests of the Company arising from the obligations existing between the Company and the data subject or the concluded agreement or the law.

8. The legitimate interests of the Company are:

8.1. to ensure the fulfilment of contractual obligations;
8.2. to store the customer applications and submissions, notes on them, incl. that have been made orally, by phone and on the website;
8.3. to conduct customer survey on the Company operations;
8.4. to provide and to improve the quality of services;
8.5. to address the law enforcement authorities regarding the protection of legal interests.

Personal data protection

9. The Company protects the personal data using modern technologies, taking into account the existing privacy risks and the reasonably available organisational, financial and technical resources of the Company, including, the performance of the following security measures that involve the following security solutions:

9.1. data encryption for data transmission (SSL encryption);
9.2. firewall;
9.3. intrusion protection and detection programs;
9.4. other protection measures in accordance with the current possibilities of technical development.

Recipients of personal data

10. Personal data is transferred to other recipients, for example:

10.1. law enforcement authorities;
10.2. auditors, legal advisers or other processors of the personal data processed by the Company;

Geographical area of processing personal data

11. Personal data is processed in the European Union, the European Economic Area (EU/EEA).

12. Personal data are processed at the registered office of the Company: 58-1 Fr.Brīvzemnieka Street, Liepāja, LV-3401 and in two additional locations:

12.1. At the concept store MA:LA, the ground floor of Shopping Centre “Kurzeme”, at 13 Lielā Street, Liepāja, LV-3401;
12.2. At the accounting office at 5 Kuģinieku Street, Liepāja, LV-3401.

Storage period

13. Personal data is processed for as long as they are required for the purpose of processing personal data. The storage period is based on an agreement with the customer, the legitimate interests of the Company, the applicable laws and regulations or as long as the Company customer’s consent to the processing of the relevant personal data is valid, if there is no other legal basis for the processing of personal data.

14. After the circumstances referred to in Clause 13 of this Privacy Policy cease to exist, the personal data shall be deleted.

Rights of the data subject

15. To receive the information specified in the regulatory enactments regarding the processing of personal data in the Company.

16. In accordance with the regulatory enactments, to request the Company to access, supplement, correct, delete or restrict the processing of its personal data, the right to object to the processing of its personal data, including objecting to the processing of personal data by the Company based on the legitimate interests of the Company , as well as the right to transfer one’s personal data and to withdraw ones consent to the processing of personal data.

17. To submit complaints regarding the processing of personal data to the Data State Inspectorate (, if it is considered that the processing of personal data violates its rights and interests in accordance with the regulatory enactments.

The Company reserves the right to make changes or additions to this Privacy Policy by publishing the current version of the Privacy Policy in section "Privacy Policy" of the Company website.