Skip to main content

Privacy Policy

Last updated: 30 April 2026

1. Data Controller

The data controller for personal data collected through this website is:

Finestra Solution Liepājas speciālās ekonomiskās zonas, SIA Registration No.: 42103077214 VAT No.: LV94ZZZ42103077214 Registered address: Baznīcas iela 18-12, Liepāja, LV-3401, Latvia Operational address: Kapsēdes iela 8A, Liepāja, LV-3414, Latvia

For any questions regarding this Privacy Policy or your personal data, please contact us:

2. Personal Data We Collect

We collect personal data only when you actively provide it through our contact form or by contacting us directly. Specifically:

  • Identification data: Name (first and last name)
  • Contact data: Email address, phone number (if provided)
  • Communication content: The message and any project details you include in your inquiry
  • Technical data: IP address, browser type, device type, pages visited, and approximate geographic location (collected automatically through our hosting and analytics services for security, performance, and analytical purposes)

We do not collect special categories of personal data (health, religion, political views, etc.) and do not use this website to process payments.

3. Purposes of Processing

We process your personal data for the following purposes:

  • Responding to your inquiry: When you submit a contact form, we use your contact details to reply to your business inquiry, send quotations, schedule consultations, or discuss potential projects.
  • Lead management: We retain your inquiry data to follow up on potential business relationships, including future quotations or technical discussions.
  • Website operation and security: Technical data is used to operate the website, prevent abuse, debug errors, and improve performance.
  • Analytics and improvement: Aggregated analytics data helps us understand how visitors use the website and improve content and user experience.
  • Legal compliance: Where required by law (accounting records, tax obligations).

4. Legal Basis (GDPR Article 6)

We process your personal data on the following legal grounds:

  • Consent (Art. 6(1)(a)): When you submit the contact form and tick the consent checkbox, you consent to the processing of your data for the purpose of responding to your inquiry. Consent is also the basis for non-essential cookies and analytics tracking, which are activated only after you accept them via our cookie banner.
  • Legitimate interest (Art. 6(1)(f)): Operating, securing, and improving our website; maintaining records of business inquiries for follow-up.
  • Legal obligation (Art. 6(1)(c)): Where retention of communications is required by Latvian or EU law (e.g. accounting, tax records).

5. Data Retention

  • Contact form inquiries: Retained for 2 years from the date of last contact, after which they are deleted unless an active business relationship has been established.
  • Active business relationships: If a project is initiated, contact data is retained for the duration of the relationship plus the legally required retention period for accounting documents (currently 5 years under Latvian law).
  • Technical and analytics data: Retained for up to 14 months in line with Google Analytics 4 default settings.
  • Backup copies: May be retained for up to 30 days after deletion of the primary data, after which they are permanently destroyed.

6. Recipients and Sub-Processors

Your personal data may be processed by the following third-party service providers acting as our data processors:

  • Vercel Inc. (United States) — website hosting, performance monitoring, and privacy-first analytics. Vercel is certified under the EU-U.S. Data Privacy Framework.
  • DigitalOcean LLC (Frankfurt, Germany) — database and file storage. Data is stored within the European Union.
  • Resend Inc. (United States) — transactional email delivery for contact form submissions. Operates under Standard Contractual Clauses for data transfers.
  • Google LLC / Google Ireland Limited (United States and Ireland) — website analytics through Google Analytics 4, activated only with your cookie consent. Google is certified under the EU-U.S. Data Privacy Framework.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

7. International Data Transfers

Some of our service providers (Vercel, Resend, Google) are located outside the European Economic Area (EEA), specifically in the United States. Such transfers are protected by:

  • The EU-U.S. Data Privacy Framework (where applicable),
  • Standard Contractual Clauses approved by the European Commission, or
  • Other appropriate safeguards under GDPR Chapter V.

You may request more information about the specific safeguards in place by contacting us at info@finestrasolution.com.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
  • Right to restriction (Art. 18): Restrict our processing of your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)): Withdraw your consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@finestrasolution.com. We will respond within 30 days.

9. Right to Lodge a Complaint

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with the supervisory authority:

Data State Inspectorate of Latvia (Datu valsts inspekcija) Address: Elijas iela 17, Riga, LV-1050, Latvia Website: www.dvi.gov.lv Email: pasts@dvi.gov.lv

You may also lodge a complaint with the supervisory authority in your country of residence.

10. Cookies and Tracking Technologies

This website uses cookies and similar tracking technologies in the following categories:

Essential cookies (always active, no consent required):

  • Session and authentication cookies for the admin panel
  • Language preference cookies
  • Security cookies (e.g. CSRF protection)

These are strictly necessary for the website to function and do not track you across other sites.

Analytics cookies (require your consent):

  • Vercel Analytics and Vercel Speed Insights — privacy-first, cookieless analytics that do not collect personally identifiable information.
  • Google Analytics 4 — provides aggregated statistics about website usage. May use cookies (_ga, _gid, _gat) and process IP addresses (anonymized where possible). Activated only after you accept analytics cookies via our cookie banner.

You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in the website footer or by clearing your cookies in your browser.

We do not use Meta Pixel, advertising trackers, or other third-party marketing tools.

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted database connections
  • Access controls limiting data access to authorized personnel only
  • Regular security updates and monitoring
  • Secure password hashing for administrative accounts

In the event of a data breach affecting your rights, we will notify you and the supervisory authority within 72 hours, in accordance with GDPR Articles 33-34.

12. Children's Data

Our services are directed at businesses (B2B) and not at children. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us for immediate deletion.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised. Significant changes will be communicated via a notice on this website.

14. Governing Law

This Privacy Policy is governed by the laws of the Republic of Latvia and the General Data Protection Regulation (EU) 2016/679.