Domina-Shopping Domina Shopping Download our App
  1. Mo
  2. Tu
  3. We
  4. Th
  5. Fr
  6. Sa
  7. Su
  8. 10:00 - 21:00
  1. Mo
  2. Tu
  3. We
  4. Th
  5. Fr
  6. Sa
  7. Su
  8. 08:00 - 22:00
  1. Mo
  2. Tu
  3. We
  4. Th
  5. Fr
  6. Sa
  7. Su
  8. 10:00 - 22:00
Ieriku 3, Riga, LV-1084 (+371) 67 63 1111

Domina Shopping

LOYALTY PROGRAM

Privacy policy

Ltd. "EfTEN Domina", reg.no. 40103990157, (hereinafter - the Manager) and performs data processing in accordance with European Commission Directive No. 1995/46 / EC on the protection of individuals with regard to the processing of personal data and the free movement of such data.In accordance with before mentioned Directive, the Manager issues the rules for the protection of the data processing of the shopping center "DOMINA Shopping" (hereinafter - s/c "DOMINA Shopping") (hereinafter - the Terms):

1. Data processing purpose

The main purpose of the processing of personal data is to investigate the habits of the Manager's customer and for the purpose of s / c  "DOMINA Shopping" internal marketing needs only.  In order to achieve this goal and in order to inform customers about the activities and current offers of s / c "DOMINA Shopping", is carried out and examined the amount of customers, likewise analyzed customers' shopping habits and purchases, and sales and customer flow statistics of the s/c "DOMINA Shopping". Personal data is processed in accordance with the purpose of the data processing and is processed as long as the loyalty card program is implemented.

2. Data subjects and personal data types

The data subject category is  s / c "DOMINA Shopping" customers - physical persons participating in the loyalty card program. The obtained personal data of the customers is considered to be confidential and can not be disclosed to persons whose duties do not include the processing of personal data in the framework of the "DOMINA Shopping" loyalty card program (hereinafter - Third parties).The types of personal data that are processed are the customer's first name, last name, address, year of birth, mobile phone number, email address, preferred language, priority groups of goods / services, and purchase history, accumulated points and information on the benefits of using the loyalty card program. During data processing is processed only those data which data subject is given to the Manager and those data which is obtained under the Loyalty Program. Name, surname is the mandatory data to participate in the loyalty card program. Sensitive personal data is not processed in the process of processing personal data of a client. An application to become a member of the Loyalty Program is deemed to be a declaration of approval for this policy and other terms of the Loyalty Program.   

3. Person in charge

For the information resources are responsible the Manager. For personal data processing operator - limited liability company "Transact Pro", registration number 41503033127, legal adress Gustava Zemgala gatve 76, Riga, Latvia, LV-1039, Republic of Latvia -  is responsible for the registration of the information resources owned or controlled by the limited liability company "Transact Pro" (hereinafter - Operator). The operator has registered the processing of personal data with the Data State Inspectorate.

The Operator and the Manager each within the scope of their competence:

  • ​is responsible for the use of the information resources (system software, applications, data files, etc. of data processing);
  • provides logical protection measures;
  • ​ensures the restoration of the operation of information resources if there is a failure of technical resources or the operation of the information resource has been compromised for other reasons;
  • take decisions on the assignment and cancellation of user accounts and passwords, to conduct accounting;
  • ​conducts security incident investigations;
  • ​​trains employees who are responsible for the processing of personal data, for the protection of personal data and introducing these employees with the Loyalty Card Program and the Rules for the use of Loyalty Cards before commencing work, as well as after working with the system  least than 1 (one) time in 2 (two) years;
  • determines the classification of information resources:
    • general access - available without limit to all employees,
    • restricted access - information that can only be accessed by an authorized worker or supervisory and control authorities within their area of ​​competence.·
  • ​about technical resources are responsible the technical resource holder - the person who owns or is in possession of technical resources that are used for personal data processing and storage (hereinafter - Technical resource holder). Both the Manager and the Operator are the Technical resource holders in accordance with their role and responsibilities within the Loyalty Card Program, and taking into account the technical resources owned and held by them.

Technical Resource Holder:

  • ​is responsible for the maintenance and use of technical resources (computers, computer network equipment, etc. for the processing of technical equipment);
  • provide physical protection measures;
  • provides technical resources for work;
  • Ensures the restoration or replacement of technical resources if they are damaged
  • The Manager and Operator are responsible for the security of the information system:
    • ensures and is responsible for information availability, integrity and confidentiality;
    • inform each other of any suspicious cases detected in connection with the use of the information system;
    • coordinating with each other, performs system improvement and testing activities. 
  • Person who is responsible for the protection of personal data in The manager's company is a person appointed by the Manager:
    • organizes and controls the compliance of personal data processing with the requirements of the law;
    • at least 1 (one) time in every 2 (two) years evaluates the amount of data to be used in processing and whether data types used for data processing are still necessary for the purpose of data processing. If to achieve data processing any of the types of data is no longer necessary for the protection of personal data, the person who is responsible for it, carry out all activities related in processing of personal data, so it would no longer be used and should be deleted.

4. Manager responsibilities:

The manager's duties include:

  • ​to ensure that personal data of the customer is not distributed and does not reach the Third Person, except in cases provided by normative regulations;
  • ​​comply with normative regulations regarding the protection of personal data  and inform clients about the processing of their personal data.

5. Operator responsibilities:

The Operator's duties include:

  • to maintain a database for the processing of personal data of clients obtained through the Loyalty Card program, providing technical support;
  • ​provide the database with such functions that the Manager or his authorized representatives who have access to customer personal data can unrestricted access and processing of customer personal data within the scope of personal data processing purposes;
  • ​comply with the requirements of normative regulations regarding the data protection of natural persons as well as requirements of regulatory enactments regarding the maintenance and maintenance of information, information systems, hardware, software and other resources.

6. Manager's and Operator's responsibilities

The Manager and Operator are responsible for:

  • to ensure uninterrupted supply of electricity, telecommunications, hardware and other equipment necessary for the processing of customer personal data;
  • not to disclose customers personal data obtained for processing to third parties;
  • ensure that all employees or authorized persons who have access to the Loyalty Program customer database or user accounts in written form confirms that they will comply with their obligation not to disclose customer personal data to the Third Parties;
  • ​​ensure that in the result of customer personal data processing is protected the interests of clients in order to ensure that client personal data is treated fairly and lawfully and that personal data of the client is processed only in accordance with the intended purpose and in required amount;
  • ensure the storage of personal data which allows the customer to be identified during a period not exceeding the period prescribed for the intended purpose of the data processing;
  • ensure the accuracy of personal data and its timely renewal, correction or deletion if personal data are incomplete or inaccurate in accordance with the purpose of processing personal data;
  • ​to ensure that personal data is not disclosed to third parties, except in the cases specified in normative regulations, thus establishing and ensuring that access to personal data is restricted to the Manager, the Legal Representatives and authorized persons of the Operator, the Operator's Legal Representatives and authorized persons. The Manager and the Operator shall ensure that information about the Third Parties to whom the personal data is disclosed is stored and listed and the data subject is able to receive this information on the basis of a written request.

7. The Manager's rights

The Manager has the right to use personal data in accordance with the purpose of processing personal data.                       

8. The Operator's rights

The Operator has the right to process the data mentioned in the normative regulations and in the service agreement with the  Manger in the amount of granted rights.                       

9. Technical resources

The obtaining and processing of personal data is initially carried out by means of paper-based questionnaires as well as by the customer entering their data electronically on the computer at the Information Center at the time of purchase of the Customer's card and later using the card for purchases. Further processing of customer personal data is provided by computer hardware and software, as well as other technical resources specified in the Service Agreement between the Manager and the Operator, if any.

10. Organizational procedure for the obtaining and processing of personal data

  • Customer personal data is obtained by customer filling in a questionnaire (paper form) at the DOMINA Shopping Information Center, as well as by entering the customer data electronically at the Information Center at the moment of purchase of the Customer's card.
  • Personal data of the client, which are obtained from paper format (customer-filled questionnaires), are stored in closed premises of the Manager's premises inaccessible to Third Parties.
  • ​The employee of the DOMINA Shopping information center enters the personal data in the electronic database from the customer's paper-based information.
  • ​The processing of personal data is carried out at the premises of the Domina Shopping Center at Ieriķu Street 3, Riga, at the Operator's legal address, as well as in the electronic environment. The collection and registration of personal data is carried out at the premises of the shopping center DOMINA Shopping in Riga, Ieriku street 3.
  • ​​The processing of personal data in the premises of DOMINA Shopping is carried out during the working hours of s / c DOMINA Shopping, and only persons who have access to customer personal data under these terms and conditions. Processing of personal data at the Operator's address is carried out without time limit. The processing of personal data in the electronic environment is carried out without time and space restrictions. Access to customer personal data in the electronic environment is password protected. The processing of personal data in the electronic environment is carried out by persons who have access to personal data in accordance with these rules and in processing their personal data. 

11. Protection of technical resources

  • In order to ensure the protection of technical resources against intentional damage and unauthorized extraction, the Technical Resources Holder shall ensure that technical resources are not available to third parties, provided that the technical resources are located in enclosed, guarded premises. The technical resources holder shall ensure that the technical resources are located in a separate maintenance room. The technical resources that support the maintenance of the database must be provided with a device that provides uninterrupted power supply (provided with UPS equipment).
  • ​​The technical resource holder shall, as far as possible, ensure the protection of technical resources against exceptional circumstances (including inappropriate climatic conditions, fire, flood, interruptions of electricity supply, intentional damage), installing fire alarm, automatic fire extinguishing system, installing alternative power supply equipment and air cooling equipment.

12. Personal data users, their duties and rights

  • The Manager's and the Operator's authorized representatives who have access to customer personal data are Personal data users. Personal data users are determined by the Manager and the Operator.
  • The personal data user confirms in written form that he will comply with the obligation not to disclose personal data of the customers to third parties. The Operator, in accordance with the information provided by the Manager, establishes and maintains a list of Personal Data Users specified by the Manager.
  • Users of personal data have the right to process and use personal data only in accordance with the purpose of processing personal data and only in cases when it is necessary for the performance of their duties.The personal data user is responsible for the use of personal data for the intended purpose only.
  • The user of personal data has the following duties:o   processing of personal data perform only in accordance with the intended purposes and to the extent necessary to comply with these rules;
    • to ensure the correct entry of personal data on information hardwares and timely updating, correction or deletion of personal data if personal data are incomplete or inaccurate, in accordance with the purpose of processing personal data;
    • keep personal data stored on paper in a secure place in a closet or safe, and not leave them in fax machines, printers or copiers;o   at a time when the user of the personal data is not at his work place , and at the end of each day to collect and deliver personal data to the appropriate safe depository;
    • to ensure the integrity and legitimate processing of personal data;
    • to notify the Manager or the Operator immediately if he suspects that the password or personal data has been accessed by the Third Person or there is an attempt to obtain them;
    • to observe other obligations specified in these regulations. 
  • The personal data user is prohibited to:
    • unreasonably edit personal data;
    • disclose password to third parties;
    • to disclose personal data obtained during processing of personal data to third parties.

13. Usage instructions for information technology

  • The Manager and the Operator shall ensure that is used specifically designed software to distract from the virus, restoring it in accordance with the internal and normative regulations of the Manager and the Operator.
  • The Manager and the Operator, in accordance with the internal normative regulations, regularly carry out an antivirus program monitoring to ensure that its working and the latest virus definition files are present and that the software used is licensed.
  • ​The user of a personal data is obliged when leaving the computer unattended in the context of his or her job duties using a screen saver with a password, a special locking function or other method that allows you to continue working with the computer only if user authentication has been performed.
  • ​Remote access to the system is possible by using cryptographic means (such as virtual private networks (VPNs)) and secure (at least two factors) user authentication.
  • ​​It is prohibited to take information from systems equipment that does not meet an adequate level of security.
  • ​​It is prohibited to store personal data in a portable device in an unencrypted manner.
  • Portable data files must be stored in a safe way, and it is prohibited to leave it in an unsafe, publicly accessible places.
  • ​​The protection of the information system in the electronic environment is provided with a password. The operator must ensure that each Personal Data User is assigned with an individual user name and password and that it is possible to determine who has accessed the customer's personal data at a particular time and place. The Manager is obliged to ensure that the technical resources owned or possessed meet the Operator's justified requirements, including - does not prevent the Operator from fulfilling the obligation referred to this paragraph.
  • ​It is not permitted to disclose the password to third parties and it is not permissible for third parties to access personal data using the Personal Data User Account.
  • ​It is not acceptable that several Personal Data Users use the same user account and password to access specific systems.
  • ​The minimum of password characters is 8 long.
  • The password must be combined  using a combination of letters and numbers.
  • ​The password should not use the person's identifying data (such as names or surnames, words associated with or frequently used in the workplace).
  • The password needs to be changed once in a quarter, but if it has become known to a third party, the current password must be immediately deleted and the password must be replaced.
  • Upon termination of employment or other legal relations with the Personal Data User (employee), the password and identifiers that provided access to the information system are immediately canceled.
  • The necessity to grant or cancel the access rights shall be notified to the Operator, which shall immediately grant or cancel it without delay, but not later than within 24 (twenty four) hours.

14. Data backup creation

  • The Operator regularly performs backup (back-up) of the most common shared information resources and software.
  • The most important shared information resources and software backups are stored from data processing in geographically separate locations (in different buildings) that have the same protection as the data center on which the resource is located.
  • The opportunity to recover lost data is provided for at least 30 (thirty) days.

15. Action in case of incident

  • Any personal data processing incident - the employee who has detected it must immediately notify it to the Manager by calling +371 29498323 or by sending an e-mail to iveta.zvaigzne-alere@eften-domina.lv or to the Operator by calling 67 222 555 or by sending an e-mail to info@transactpro.lv:
    • if established any kind of hazard to technical resources (breakdown of power supply, penetration of liquids or foreign matter, damage due to physical shock, fire or flood, etc.);
    • if established any kind of threat to information resources (third party have been discovered access to the passwords, unauthorized access has been detected, activity breaks detected, etc.).
  • ​If the Personal Data User finds that someone else has discovered his password. The Personal Data User must immediately change it.
  • In the case of incidents, the User of Personal Data is obliged, within the limits of his powers, to ensure the security for technical and information resources until the arrival of the respective holder of data.

16. Procedure for storing and destroying data carrier and information

  • Movable data carriers are destroyed after their dilapidation or after the end of the Loyalty Card program, so that the destroyed information cannot be updated or available.
  • Before removing movable carrier, it is necessary to make sure that the personal data contained therein is deleted.
  • The Customer's personal data that is considered outdated, the Operator will delete from the loyalty card system, likewise the customer's completed questionnaire, acts on exchanging loyalty points for gift cards, as well as other documents relating to this client's participation in the Loyalty Card program, will be destroyed also by the Manager. Personal data are out-of-date if personal data is about a client whose Loyalty Card in accordance with the Terms of Use of Loyalty Cards is invalid because there are no transactions in the specified time period and the client has not expressed the desire to restore the card.
  • Personal data is not considered outdated and is not deleted, as well as the client's completed questionnaire and other documents related to this client's participation in the loyalty card program are not destroyed if it is necessary for the protection of the Manager's legitimate interests, for example, in the course of legal proceedings.
  • Personal data that are not legally outdated is stored electronically as long as the Loyalty Card program is implemented. After the end of the loyalty card program, the data from the data server is deleted so that the information will not be updated and available.
  • Customer-filled questionnaires, Loyalty Card program acts about gifts cards and other customer loyalty card program documents that contain outdated personal data are kept for as long as the Loyalty Card program is implemented.
  • Documents containing outdated personal data, as well as meant documents in the point 16.5. at the end of their shelf life shall be destroyed by a paper shredder. Document destruction is provided by the Manager. Destruction takes place in the appropriate premises, at the same time ensuring that third parties are not able to access and to lose documents.

17. The enactment of the rules

The rules come into force on the day when they are signed and are valid throughout the entire process of processing, unless they are canceled or replaced by other terms.