Privacy Policy

1. General provisions

1.1. The purpose of this “Privacy Policy” (hereinafter - Privacy Policy) is to provide a Data Subject with information on purpose, legal basis, scope, terms of processing, protection measures performed by ELKO Group, as well as on the Data Subject's rights in relation to Personal Data processing. Additional information on processing of Personal Data may be included in agreements, confidentiality notices and other documents, as well as on the ELKO Group websites.

1.2. This Privacy Policy applies to ELKO and ELKO Group Companies.

1.3. ELKO Group takes care of the privacy of Data Subjects and protection of Personal Data, observing the Data Subjects' right to the lawfulness of Personal Data Processing in accordance with the General Data Protection Regulation and applicable national and other regulatory enactments in the field of privacy and Personal Data Processing.

1.4. ELKO Group has implemented appropriate technical and organizational measures to protect Personal Data from unauthorized access, unlawful disclosure, accidental loss, alteration, destruction or any other unlawful processing.

1.5. Personal Data is obtained directly from the Data Subject and from services used by Data Subject (e.g. in the Electronic Commerce System), as well as from external sources (e.g. public registers or databases) or other persons (e.g. legal entity represented by the Data Subject, or whose employee, official, beneficial owner he/she is). ELKO Group may record telephone conversations, video and / or audio, save e-mail communication or otherwise document the Data Subject's interaction and communication with ELKO Group.

2. Terms and abbreviations used in the Privacy Policy:

2.1. Processing - is any action or set of operations performed with or without automated means on Personal Data or on sets of Personal Data, such as collection, registration, organization, structuring, storage, adaptation or modification, recovery, viewing, use, disclosure by dispatching, distributing or otherwise making available, coordination, combination, restriction, erasure or destruction.

2.2. Data Processor - is a natural or legal person, public authority, agency or another body that processes Personal Data on behalf of the Data Controller.

2.3. Data Controller - ELKO Group Company that processes Personal Data of the Data Subject in accordance with the specified purposes and means of Personal Data Processing;

2.4. Data Subject - ELKO Group potential, current, former client - natural person, employment candidate, visitor, websites (incl. Electronic Commerce System) visitor and user, participant of events organized by ELKO Group, employee of legal entities (for example, ELKO Group customers, business partners, tenants, etc.), official, contact person, authorized person, beneficial owner and any other identified or identifiable natural person, whose Personal Data is Processed by ELKO Group;

2.5. Electronic Commerce System - ELKO Group Electronic commerce system used by respective ELKO Group Company ( or other);

2.6. ELKO - Joint Stock Company “ELKO Grupa”, reg. No.40003129564, legal address: Toma Street 4, Riga, LV - 1003, Latvia;

2.7. ELKO Group - ELKO and its dependent companies doing business in the territories of the European Union and the European Economic Area;

2.8. ELKO Group Company - a company belonging to ELKO Group;

2.9. Personal Data - any information relating to an identified or identifiable natural person (Data Subject).

2.10. General Data Protection Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data and repealing Directive 95/46 / EC.

3. Information about Data Controller

3.1. Each ELKO Group Company may be a Data Controller, Data Processor or Joint Controller when processing Personal Data of the Data Subject.

3.2. Data Controller is such ELKO Group Company that has at its disposal obtained Personal Data of the Data Subject, for example, on the basis of a contractual relationship or before establishment of a contractual relationship, by submitting an application to the Data Subject or visiting ELKO Group Company premises or otherwise.

3.3. The list of ELKO Group Companies and their contact information, as well as website address of a specific company, is available at:

4. Purposes of Personal Data Processing

4.1. ELKO Group processes Personal Data mainly for the following purposes:
4.1.1. compliance with legal requirements;
4.1.2. conclusion and execution of contracts;
4.1.3. for registration of a client in the Electronic Commerce System, for ensuring operation of the Electronic Commerce System and for improvement of operation;
4.1.4. for placing orders, delivery of goods, fulfillment of product warranty obligations;
4.1.5. for preparation of invoices, settlements;
4.1.6. for identification of client / Data Subject;
4.1.7. to ensure communication;
4.1.8. for ELKO Group activities, incl. to ensure administrative, accounting and archival functions;
4.1.9. to ensure the course of ELKO Group personnel selection process and to ensure legal interests of ELKO Group insofar as they are related to the personnel selection;
4.1.10. for implementation of rights of ELKO Group;
4.1.11. for ELKO Group marketing activities (e.g. submission of information and offers, organization of events for business partners / employees and their family members and their coverage in the media and social networks, promotion of recognition of ELKO Group image);
4.1.12. for video surveillance in the respective ELKO Group Company's premises, warehouses and territories;
4.1.13. for prevention and detection of criminal offenses;
4.1.14. for obtaining and preservation of evidence in civil disputes;
4.1.15. for reviewing applications / complaints and other documents;
4.1.16. for other purposes in legally justified cases.

4.2. In any of cases referred to in Clause 4.1 of the Privacy Policy, ELKO Group Processes Personal Data to the extent permitted by the specific purpose of Personal Data Processing and in accordance with the procedures required and permitted by applicable laws and regulations.

5. Legal basis for Personal Data processing

5.1. ELKO Group processes Personal Data on the basis of the following legal grounds:
5.1.1. For conclusion and execution of an agreement - Personal Data Processing is performed to ensure conclusion of an agreement, provision of services / sale of goods, settlement process or resolution of issues arising from the concluded agreement, as well as for taking measures before conclusion of an agreement;
5.1.2. In order to fulfill legal obligation - Personal Data Processing is necessary for ELKO Group to fulfill obligation specified in regulatory enactments, for example, in relation to administrative, accounting, archival requirements, anti-money laundering and terrorist financing prevention regulations and compliance with international sanctions, as also in order to fulfill the requests of law enforcement, supervisory and other institutions in the amount and in accordance with the procedures provided for in regulatory enactments;
5.1.3. In order to implement or defend legitimate interests - on this basis Personal Data is processed, for example, for prevention and detection of criminal offenses related to the protection of property, as well as for obtaining and preserving evidence in civil disputes (video surveillance), debt collection, prevention of loss, for protection of ELKO Group rights and interests of ELKO Group clients, business partners, promotion of ELKO Group image recognition. Based on the legitimate interests of ELKO Group, Personal Data is also processed within the ELKO Group personnel selection process. In such cases, it is assessed that the Privacy of a Data Subject will not be harmed within the Processing.
5.1.4. Consent - in some cases ELKO Group requires consent to the Processing of Personal Data. In such cases, Data Subject will be informed separately about specific purpose of the Processing. Data Subject may withdraw the consent at any time.
5.1.5. Public interests - in certain cases Processing of Personal Data of Data Subjects may be performed on the basis of general public interest. In most cases, these may be exceptional cases when Processing of Personal Data needs to be carried out in connection with unforeseen threats to the public or a specific Data Subject, for example, in connection with the spread of COVID-19.

6. Categories of personal data and their types

6.1. The amount and categories of Personal Data to be processed depend on the purpose of the Processing, which may differ in different situations. ELKO Group mainly processes the following categories and types of Personal Data:
6.1.1. Identification data, such as personal identification code, date of birth, data of identity documents, incl. photo;
6.1.2. Contact information, such as address, phone number, email address;
6.1.3. Data on the use of Electronic Commerce System, for example, data on accesses and usernames and passwords assigned in the Electronic Commerce System, purchased goods, activities performed in the environment of the Electronic Commerce System, usage habits;
6.1.4. Financial data, for example, information on execution of customer payments in connection with the goods sold by ELKO Group;
6.1.5. Account details, such as bank account number;
6.1.6. Reliability and research data, such as data on counterparty payment discipline, data enabling ELKO Group to conduct customer research activities related to prevention of money laundering and terrorist financing and to verify compliance with international sanctions, including the purpose of cooperation and whether a business partner, its representative, real beneficiary is a politically significant person;
6.1.7. Data obtained and / or created in the course of performing duties provided for in regulatory enactments, for example, data that ELKO Group is obliged to provide to such institutions as tax authorities, courts, law enforcement authorities;
6.1.8. Communication and device data, such as data contained in messages, e-mails, videos, photographs and / or audio recordings, as well as other types of communication and interaction data collected when the Data Subject visits ELKO Group premises (incl. using a pass issued by ELKO Group) and organized events or contacted a Data Subject, and data related to the Data Subject's ELKO Group website (incl. visits to Electronic Commerce Systems).
6.1.9. Professional data, such as data on education or professional career;
6.1.10. Special category Personal Data, such as data on suitability of a job vacancy candidate for the position to be held.

7. Personal Data Protection Measures

7.1. For the protection of Personal Data, ELKO Group uses various technical and organizational security measures to protect Personal Data from unauthorized disclosure, access, loss, erasure, destruction (e.g. data encryption, anti-burglary equipment, firewalls, security passwords, etc.).

7.2. Personal Data is available to a limited number of employees of ELKO Group and involved Data Processors, who need it for performance of the respective official functions / tasks, and who have binding confidentiality requirements.

8. Transfer / Disclosure of Personal Data

8.1. ELKO Group may transfer Personal Data to persons to whom ELKO Group has the right to disclose them (for example, Data Processors, legal service providers, etc.) or has an obligation in accordance with regulatory enactments or concluded agreements, or if the Data Subject's consent has been obtained.

8.2. ELKO Group Company may transfer Personal Data mainly to the following recipients:
8.2.1. to another ELKO Group Company, if relevant processes related to the Processing of Personal Data within ELKO Group are provided by the relevant company or in other cases when it is permitted by regulatory enactments;
8.2.2. institutions and officials, such as supervisory authorities, tax authorities, law enforcement authorities, sworn bailiffs, sworn notaries, courts, out-of-court dispute resolution institutions;
8.2.3. credit and financial institutions, insurance service providers, third parties involved in the execution of transactions, settlements and reporting;
8.2.4. financial and legal consultants, auditors;
8.2.5. providers of information systems and databases;
8.2.6. debt collection service providers, assignees, insolvency administrators;
8.2.7. other persons and suppliers related to the provision of services to ELKO Group, incl. video surveillance, IT, telecommunications, archiving, postal service providers, etc.

8.3. ELKO Group does not regularly or systematically transfer Personal Data to third countries (countries outside the European Union and the European Economic Area), however, Personal Data may be processed by Data Processors located in third countries (for example, technical solution developers or service providers). In this case, when transferring Personal Data, ELKO Group ensures the procedures provided for in regulatory enactments to ensure a level of Personal Data Processing and protection equivalent to the General Data Protection Regulation.

9. Duration of storage of Personal Data

9.1. ELKO Group does not store Personal Data for longer than it is necessary for the respective purpose of Personal Data Processing, or longer than specified in the binding regulatory enactments.

9.2. The period of storage of Personal Data depends on the purpose for which Personal Data has been obtained and whether the period of storage is provided for in regulatory enactments.

9.3. ELKO Group shall determine the term of Personal Data Processing taking into account, inter alia, the end date of the business relationship, withdrawal of the Data Subject's consent to Personal Data Processing and the statutory period during which ELKO Group or the Data Subject may exercise its legitimate interests (e.g. submit objections and complaints or bring an action).

10. Profiling and automated decision making

10.1. ELKO Group does not perform profiling and automated decision-making in relation to the Data Subject.

11. Cookies

11.1. ELKO Group Companies use cookies on their websites. The cookies used and information about them are available in the ELKO Group Cookie Policy, which is available on the website of the respective ELKO Group Company.

12. Video surveillance

12.1. If the respective ELKO Group Company performs video surveillance, then as the Controller of the Personal Data obtained as a result of video surveillance, information signs on video surveillance are indicated, which are located at the entrances to the relevant premises / territory where video surveillance is performed. Information signs also indicate specific purpose of video surveillance.

12.2. ELKO Group video surveillance can be performed mainly for the following purposes:
12.2.1. prevention and detection of criminal offenses relating to the protection of property;
12.2.2. for obtaining and preservation of evidence in civil disputes.

12.3. Video surveillance is performed without audio recording. In certain cases, the ELKO Group Company may perform video surveillance with audio recording, indicating this in the information signs.

12.4. The following conditions are met to achieve the purpose of video surveillance:
12.4.1. video surveillance shall be performed in such a perimeter that no larger part of the territory is observed than is necessary to achieve the purpose of video surveillance;
12.4.2. video surveillance is not performed in places with increased privacy (facilities, shower rooms, dressing room, kitchen);
12.4.3. Personal Data obtained during video surveillance are obtained from the Data Subjects located in the video surveillance area.

12.5. Personal Data processed in connection with video surveillance (video recordings) performed by ELKO Group will be stored for no longer than necessary, setting a maximum retention period of 90 (ninety) days from the moment of recording, unless another purpose of Processing arises (e.g. in connection with a criminal investigation). Usually, the storage time of video recordings is much shorter than the above.

12.6. Categories of Personal Data to be processed during video surveillance - visual (video) data - video recordings, photo fixation, date, place, time of their recording.

12.7. Personal Data obtained during video surveillance may be transferred to the following recipients:
12.7.1. law enforcement / supervisory authorities, in cases provided for in regulatory enactments upon receipt of a reasoned request;
12.7.2. ELKO Group Companies and their authorized persons involved in ensuring administration of video surveillance system or achieving the respective Processing purpose, external service providers performing video surveillance system, security service providers providing security services, insurance service providers for investigating insurance cases, ELKO Group business partners ( for example, producers of goods, suppliers, buyers) - as evidence in an event of a dispute over the proper packaging, receipt, transfer, etc. of the goods, as well as other persons, upon an appropriate legal basis;
12.7.3. For the Data Subject - on the basis of a motivated written application.

12.8. When issuing video recordings, ELKO Group ensures that no more data is issued than is necessary to achieve the respective purpose of Personal Data processing.

13. Rights of the Data Subject

13.1. In accordance with the General Data Protection Regulation, the Data Subject has the following rights with regard to the processing of his / her Personal Data:
13.1.1. To receive confirmation whether the respective ELKO Group Company processes Personal Data of the Data Subject and, if it processes, also to access them.

13.2. To request correction of the Data Subject's Personal Data if they are inappropriate, incomplete or incorrect (Data Subject has no right to request correction or supplementation of video recordings, as this would be considered as falsification or distortion of information);
13.2.1. To request deletion of Personal Data of the Data Subject;
13.2.2. To restrict Processing of Personal Data of the Data Subject;
13.2.3. To object to the Processing of Personal Data of the Data Subject, if Processing takes place on the basis of legitimate interests of ELKO Group Company;
13.2.4. to receive Personal Data submitted by a Data Subject to the relevant ELKO Group Company and processed on the basis of consent or performance of the contract in a structured form in one of the most frequently used electronic formats and, if possible, transfer such Personal Data to another service provider (rights to data portability);
13.2.5. To revoke consent of the Data Subject to Processing of Personal Data.

13.3. The rights of the Data Subject referred to in Clause 13.1 of the Privacy Policy shall be exercised insofar as the Processing of Personal Data does not arise from obligations of ELKO Group imposed on it by regulatory enactments.

13.4. In order to prevent unjustified disclosure of a Data Subject's Personal Data to third parties, ELKO Group exercises rights of a Data Subject on the basis of a written application, having previously identified the Data Subject.

13.5. Application can be submitted in one of the following ways (contact information of the respective ELKO Group is available on its website):
13.5.1. by signing with a qualified secure electronic signature and sending it to the e-mail address of the respective ELKO Group Company;
13.5.2. upon personal arrival at the office of the respective ELKO Group Company during its working hours and after verification of identity of the Data Subject performed by an employee of the ELKO Group Company, to submit the relevant application;
13.5.3. by sending a written application to the legal address of the relevant ELKO Group Company, indicating in the application postal address to which a reply must be provided. The answer to such application will be provided only by registered mail, to the postal address indicated in application.

13.6. Response to the Data Subject's request will be prepared no later than within one month after receipt of application; if necessary, for objective reasons, this period may be extended by further two months.

13.7. In certain cases provided for in regulatory enactments, ELKO Group may not have the right to provide information to the Data Subject about processing of Personal Data.

13.8. ELKO Group is entitled to refuse to comply with the requirements specified in the Data Subject's application if the Data Subject unreasonably refuses to provide his / her identifying information.

13.9. ELKO Group reserves the right not to issue Personal Data, incl. Personal Data obtained during video surveillance in cases where such issuance:
13.9.1. affect other Data Subjects and there would be no technical possibilities to issue Personal Data without infringing the rights of other Data Subjects;
13.9.2. Due to their size or complexity, they require excessive time, staff or financial resources.

13.10. Data Subject may submit a complaint regarding Personal Data Processing performed by the respective ELKO Group Company to the Personal Data Protection Supervisory Authority of the country where the respective ELKO Group Company is registered, if the Data Subject considers that the Data Subject's Personal Data Processing violates the Data Subject's rights and interests in accordance with Personal Data Protection Acts.

13.11. Contact information of Personal Data Protection supervisory authorities is available on their websites: Latvia -, Lithuania -, Estonia -, Poland -, Czech Republic -, Romania -, in Slovakia -, in Slovenia -, in Sweden -

14. Contact information

14.1. In case of doubt or for additional information regarding processing of Personal Data by ELKO Group, please contact ELKO Group by sending an e-mail to:

15. Privacy Policy Availability and Amendments

15.1. ELKO Group is entitled to unilaterally make changes and additions to the Privacy Policy at any time by publishing the current version of the Privacy Policy on the ELKO Group website

15.2. Privacy Policy is prepared in Latvian and may be translated into other languages in accordance with the languages of the countries in which the ELKO Group Companies do business. In case of linguistic or interpretation disputes, disagreements or claims, the Latvian text of the Privacy Policy is legally binding.
This document is valid as of 1st November 2020.
  1. Privacy Policy